GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lucab85 → log4j-cve-2021-44228

lucab85 / log4j-cve-2021-44228

Licence: MIT License
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

Labels

securityansiblelog4jdevsecopscve-2021-44228log4shell

Projects that are alternatives of or similar to log4j-cve-2021-44228

log4j-detector
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Stars: ✭ 622 (+972.41%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4jshield
Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
Stars: ✭ 13 (-77.59%)
Mutual labels:  log4j, cve-2021-44228, log4shell
HackLog4j
《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库!Tribute to the most invincible Java logging library in the universe!
Stars: ✭ 161 (+177.59%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-62.07%)
Mutual labels:  log4j, cve-2021-44228, log4shell
Log4j-RCE-Scanner
Remote command execution vulnerability scanner for Log4j.
Stars: ✭ 200 (+244.83%)
Mutual labels:  log4j, cve-2021-44228, log4shell
Log4jPatcher
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
Stars: ✭ 43 (-25.86%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4jpwn
log4j rce test environment and poc
Stars: ✭ 306 (+427.59%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4jscanwin
Log4j Vulnerability Scanner for Windows
Stars: ✭ 142 (+144.83%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
Stars: ✭ 40 (-31.03%)
Mutual labels:  log4j, cve-2021-44228, log4shell
nmap-log4shell
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Stars: ✭ 54 (-6.9%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
Stars: ✭ 55 (-5.17%)
Mutual labels:  log4j, cve-2021-44228, log4shell
log4j-shell-poc
A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
Stars: ✭ 1,536 (+2548.28%)
Mutual labels:  log4j, cve-2021-44228
log4j-log4shell-affected
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
Stars: ✭ 49 (-15.52%)
Mutual labels:  log4j, cve-2021-44228
logmap
Log4j jndi injection fuzz tool
Stars: ✭ 60 (+3.45%)
Mutual labels:  cve-2021-44228, log4shell
Vm4J
A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Manager
Stars: ✭ 126 (+117.24%)
Mutual labels:  cve-2021-44228, log4shell
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+2074.14%)
Mutual labels:  devsecops, log4shell
LogMePwn
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
Stars: ✭ 362 (+524.14%)
Mutual labels:  log4j, cve-2021-44228
safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Stars: ✭ 38 (-34.48%)
Mutual labels:  log4j, log4shell
log4j-scanner
log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
Stars: ✭ 1,212 (+1989.66%)
Mutual labels:  log4j, cve-2021-44228
python-log4rce
An All-In-One Pure Python PoC for CVE-2021-44228
Stars: ✭ 179 (+208.62%)
Mutual labels:  log4j, cve-2021-44228
View All Similar Projects ➔

Log4j-CVE-2021-44228 detector scanner playbook

CI

Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).

Red Hat version 1.3 detector 2022-01-10.

The result is saved in a txt file under detector_dir (default: /opt/cve-2021-44228/).

Ansible Galaxy role

Code also available as Ansible Galaxy role lucab85.ansible_role_log4shell

ansible-galaxy install lucab85.ansible_role_log4shell

How to run the Ansible Playbook

Default variables scan all the /var/ path for affected files. You could customize the vars.yml file for more options.

ansible-playbook log4j-cve-2021-44228.yml

Dependencies

None.

Requirements

ansible 2.9+

Variables vars.yml

default values:

rh_bullettin: >-
  https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
intro: |
  Ansible Playbook tested with detector version 1.3 released 2022-01-10.
  If a 404 error occur please adjust the URL with the latest version available
  for detector URL.
  Please refer to the Red Hat Security Bullettin for up-to-date information and
  adjust the playbook variables accordingly.
  {{ rh_bullettin }}.
vulnerable: |
  System MIGHT be vulnerable to log4j (CVE-2021-44228)
not_vulnerable: |
  System IS NOT vulnerable to log4j (CVE-2021-44228)
report_txt: "/report/vuln_log4j2_path_*.txt"
sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: "cve-2021-44228--2022-01-10-1242.sh.asc"
detector_baseurl: "https://access.redhat.com/sites/default/files/"
force_download: false
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: "tmp"
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: "7514F77D8366B0D9"
gpg_server: "pgp.mit.edu"
gpg_public_key: 'gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: true
  • rh_bullettin: link of the RHSB (default: https://access.redhat.com/security/vulnerabilities/RHSB-2021-009)
  • intro: introduction text
  • vulnerable: vulnerable text (visible only on debug level 2 execution -vv)
  • not_vulnerable: NOT vulnerable text (visible only on debug level 2 execution -vv)
  • report_txt: report path to print (default: /report/vuln_log4j2_path_*.txt)
  • sh_detector: the filename of the detector bash script file
  • sh_signature: the filename of the detector GPG signature file
  • detector_baseurl: the base URL to download the previous files
  • force_download: force to download every run the code (default: false)
  • detector_path: the path to inspect (default /var/)
  • detector_dir: the download path of the detector (default /opt/cve-2021-44228/)
  • detector_run_dir: the subdirectory to create before the run (default tmp)
  • detector_options: the command lines options for detector script (default -n -d --no-progress --scan {{ detector_path }})
  • gpg_keyid: the GPG public key to download for the verification (default Red Hat Product Security 7514F77D8366B0D9)
  • gpg_server: the GPG key server (default: pgp.mit.edu)
  • gpg_public_key: command for gpg verification (default: gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }})
  • clean_run_before: remove the run directory and recreate before the execution - detector requires an empty directory (default true)
  • delete_after: remove the detector_dir after the execution (default false)
  • verify_gpg: perform the GPG signature download and verification (default: true)

Demo execution

The full output of the execution of the playbook against the RHEL8 demo target host:

$ ansible-playbook -i test/inventory log4j-cve-2021-44228.yml -vv
ansible-playbook [core 2.12.1]
  config file = None
  configured module search path = ['/Users/lberton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/lberton/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.10.1 (main, Dec  6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: log4j-cve-2021-44228.yml *********************************************************************************************************************************************************
2 plays in log4j-cve-2021-44228.yml

PLAY [download detector for Apache Log4j (CVE-2021-44228)] *********************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:29
ok: [localhost] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [print information] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:31
ok: [localhost] => {
    "msg": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009.\n"
}

TASK [download detector] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:35
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 67710, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh"}

TASK [download detector signature] *********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:42
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh.asc", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 811, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh.asc"}
META: ran handlers
META: ran handlers

PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:54
ok: [demo.example.com] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [dependency present] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:56
ok: [demo.example.com] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [create detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:67
ok: [demo.example.com] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 193, "state": "directory", "uid": 0}

TASK [copy detector file] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:73
ok: [demo.example.com] => {"changed": false, "checksum": "4fa53e1f03dc8d4228479dd9a3a288a83146aa96", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "secontext": "system_u:object_r:usr_t:s0", "size": 67710, "state": "file", "uid": 0}

TASK [copy detector signature] *************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:82
ok: [demo.example.com] => {"changed": false, "checksum": "ecd1150a9826112acfa3f6dd9af0d536f51eb02f", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "secontext": "system_u:object_r:usr_t:s0", "size": 811, "state": "file", "uid": 0}

TASK [gpg public key] **********************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:92
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--keyserver", "pgp.mit.edu", "--recv", "7514F77D8366B0D9"], "delta": "0:00:07.831962", "end": "2022-01-10 17:09:05.217573", "msg": "", "rc": 0, "start": "2022-01-10 17:08:57.385611", "stderr": "gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed\ngpg: Total number processed: 1\ngpg:              unchanged: 1", "stderr_lines": ["gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed", "gpg: Total number processed: 1", "gpg:              unchanged: 1"], "stdout": "", "stdout_lines": []}

TASK [gpg verify detector] *****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:97
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--verify", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh"], "delta": "0:00:00.006127", "end": "2022-01-10 17:09:05.649893", "msg": "", "rc": 0, "start": "2022-01-10 17:09:05.643766", "stderr": "gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC\ngpg:                using RSA key 7514F77D8366B0D9\ngpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg:          There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9", "stderr_lines": ["gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC", "gpg:                using RSA key 7514F77D8366B0D9", "gpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]", "gpg: WARNING: This key is not certified with a trusted signature!", "gpg:          There is no indication that the signature belongs to the owner.", "Primary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9"], "stdout": "", "stdout_lines": []}

TASK [remove any detector run directory] ***************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:103
changed: [demo.example.com] => {"changed": true, "path": "/opt/cve-2021-44228/tmp", "state": "absent"}

TASK [create detector run directory] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:110
changed: [demo.example.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/tmp", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 0}

TASK [run detector/scanner] ****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:116
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "-n", "-d", "--no-progress", "--scan", "/var/", "--tmp", "/opt/cve-2021-44228/tmp"], "delta": "0:00:38.292411", "end": "2022-01-10 17:09:45.263799", "msg": "non-zero return code", "rc": 2, "start": "2022-01-10 17:09:06.971388", "stderr": "", "stderr_lines": [], "stdout": "\nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*", "stdout_lines": ["", "This script (v1.3) is primarily designed to detect CVE-2021-44228 on supported", "Red Hat Enterprise Linux 6-8 systems.", "Result may be inaccurate for other systems.", "Result may be inaccurate for affected log4j-core jar files other than those found", "in the two listed maven repositories as of 2021-12-13 and between versions", "2.0(.*) inclusive and 2.14.* inclusive:", "* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/", "* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/", "Symbolic links are not followed. Only local filesystem paths are supported.", "", "Finished scanning of the specified directory", "/var", "", "The specified directory contains vulnerable log4j-core jar files.", "* 3 files were identified.", "* Paths of the identified files can be found in .txt files in the directory", "  /opt/cve-2021-44228/tmp/report", "* To print all these paths, you can run the following command in the 'report' directory:", "  cat vuln_log4j2_path_*.txt", "* The paths may show paths inside zip/jar archive files, signified by a double slash //.", "", "Please note that vulnerability is determined based on the version only.", "This script doesn't detect any mitigations.", "", "Follow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.", "", "running_kernel = *4.18.0-348.el8.x86_64*", "vulnerable = *3*", "result = *2*", "scan_path = */var*", "tmp_path = */opt/cve-2021-44228/tmp*", "num_before = *5*", "num_after = *5*", "queue_position = *5*", "queue_length = *5*", "queue_length_check = *5*"]}
...ignoring

TASK [print NOT vulnerable message] ********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:123
skipping: [demo.example.com] => {}

TASK [print vulnerable message] ************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:129
ok: [demo.example.com] => {
    "msg": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n \nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*"
}

TASK [files in detector run directory] *****************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:135
ok: [demo.example.com] => {"changed": false, "examined": 4, "files": [{"atime": 1641834585.1820261, "ctime": 1641834585.1820261, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566206, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.1820261, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 66, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2100265, "ctime": 1641834585.2100265, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566207, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2100265, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 60, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2410266, "ctime": 1641834585.2410266, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 84002242, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2410266, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 68, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 3, "msg": "All paths examined", "skipped_paths": {}}

TASK [print debug] *************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:144
ok: [demo.example.com] => {
    "msg": {
        "changed": false,
        "examined": 4,
        "failed": false,
        "files": [
            {
                "atime": 1641834585.1820261,
                "ctime": 1641834585.1820261,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566206,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.1820261,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 66,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2100265,
                "ctime": 1641834585.2100265,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566207,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2100265,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 60,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2410266,
                "ctime": 1641834585.2410266,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 84002242,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2410266,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 68,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            }
        ],
        "matched": 3,
        "msg": "All paths examined",
        "skipped_paths": {}
    }
}

TASK [read vulnerable path(s) found] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:150
changed: [demo.example.com] => {"changed": true, "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt", "delta": "0:00:00.004155", "end": "2022-01-10 17:09:46.451923", "msg": "", "rc": 0, "start": "2022-01-10 17:09:46.447768", "stderr": "", "stderr_lines": [], "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar", "stdout_lines": ["/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"]}

TASK [print vulnerable path(s) found] ******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:156
ok: [demo.example.com] => {
    "msg": {
        "changed": true,
        "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt",
        "delta": "0:00:00.004155",
        "end": "2022-01-10 17:09:46.451923",
        "failed": false,
        "msg": "",
        "rc": 0,
        "start": "2022-01-10 17:09:46.447768",
        "stderr": "",
        "stderr_lines": [],
        "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar",
        "stdout_lines": [
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"
        ]
    }
}

TASK [remove detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:161
skipping: [demo.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************************************************************************************************************************
demo.example.com           : ok=15   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=1   
localhost                  : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

License

MIT / BSD

Author Information

This role was created in 2021 by Luca Berton, author of Ansible Pilot.

Ansible Pilot

More information

Donate

Thank you for supporting me

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].