Ansible playbooks fail to run on v10 CR3 and latest CentOS updates
search cancel

Ansible playbooks fail to run on v10 CR3 and latest CentOS updates

book

Article ID: 218666

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Post  Gateway v10 CR3 and centos updates of 05/21 - all ansible playbooks have stopped working.

This was working before Centos 05/21 patch.

Environment

Release : 10.0

Component : API GATEWAY

Resolution

Due to the following vulnerability with SSH some changes where implemented in sh_force_command.sh. which is updated by the platform patch .

The ssh_force_command.sh is hardened  to prevent /bash * and /sh * , python * to run.

See also : https://support.broadcom.com/external/content/critical-alert/Layer7-API-Gateway---Critical-Security-Alert/18134

These settings in sh_force_command.sh where added to address a potential vulnerability with SSH  where a unprivileged user can get restricted shell access.. 

This setting may interfere with Ansible scripts . if you remove the additional settings the GW is vulnerable again for this  restricted shell access.