From 26530b348cb7f516131adaaeb37704056c0132c1 Mon Sep 17 00:00:00 2001
From: LucaMH <luca.hollaender@googlemail.com>
Date: Sun, 29 Sep 2024 20:26:45 +0200
Subject: [PATCH] Initial commit

---
 .github/workflows/anisble-lint.yaml | 21 +++++++++++++
 CUPS_remove.yaml                    | 47 +++++++++++++++++++++++++++++
 README.md                           | 23 ++++++++++++++
 requirements.yaml                   |  3 ++
 4 files changed, 94 insertions(+)
 create mode 100644 .github/workflows/anisble-lint.yaml
 create mode 100644 CUPS_remove.yaml
 create mode 100644 README.md
 create mode 100644 requirements.yaml

diff --git a/.github/workflows/anisble-lint.yaml b/.github/workflows/anisble-lint.yaml
new file mode 100644
index 0000000..5e5381a
--- /dev/null
+++ b/.github/workflows/anisble-lint.yaml
@@ -0,0 +1,21 @@
+name: ansible-lint
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+jobs:
+  linting:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Sources
+        uses: actions/checkout@v4
+
+      - name: Add Ansible
+        run: sudo apt-get install -y ansible
+
+      - name: Linting
+        uses: ansible/ansible-lint@main
+        with:
+          requirements_file: "requirements.yaml"
diff --git a/CUPS_remove.yaml b/CUPS_remove.yaml
new file mode 100644
index 0000000..b54ca2f
--- /dev/null
+++ b/CUPS_remove.yaml
@@ -0,0 +1,47 @@
+---
+- name: Playbook to remove CUPS related folders and packages
+  hosts: all
+  gather_facts: true
+  become: true
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+  tasks:
+
+    - name: GENERAL | remove packages
+      ansible.builtin.package:
+        name:
+          - cups
+          - cups-bsd
+          - cups-client
+          - cups-common
+          - cups-core-drivers
+          - cups-daemon
+          - cups-filters
+          - cups-filters-core-drivers
+          - cups-ppdc
+          - cups-server-common
+          - cups-browsed
+        state: absent
+
+    - name: SNAP | remove packages
+      community.general.snap:
+        name:
+          - cups-proxyd
+          - cups-browsed
+          - cups
+        state: absent
+      failed_when: false
+      when:
+        - "'snap' in ansible_env.PATH"
+
+    - name: GENERAL | Remove multiple directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - /etc/cups
+        - /var/spool/cups
+        - /var/cache/cups
+        - /var/log/cups
+        - /var/lib/cups
+        - /var/snap/cups
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ed6570c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,23 @@
+[![ansible-lint](https://github.com/LucaMH/CUPS_removal-private/actions/workflows/anisble-lint.yaml/badge.svg)](https://github.com/LucaMH/CUPS_removal-private/actions/workflows/anisble-lint.yaml)
+
+# Playbook to remove CUPS completly from systems due to recent CUPS vulnerabilities
+
+## run removal playbook:
+```bash
+ansible-playbook -l <limit> CUPS_remove.yaml
+```
+
+## more info about the issues
+
+from the reporter: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
+
+
+## found issues with this playbook?
+just send a issue or pull request :)
+
+
+
+
+## DISCLAIMER
+If this damages your system or causes issues in your environment its your fault.
+I am not responsible for you running stuff you didn't verify before running.
diff --git a/requirements.yaml b/requirements.yaml
new file mode 100644
index 0000000..afc836d
--- /dev/null
+++ b/requirements.yaml
@@ -0,0 +1,3 @@
+---
+collections:
+  - name: community.general