Ansible Role - Log4Shell

:star: Give us a star on GitHub — it really encourages us!

This role helps you find Log4Shell (CVE-2021-44228) on your system.

It looks for JAR and WAR files on your filesystem and in open files (using lsof).

:warning: Your system might run slow during the scan because it searches through the entire / directory and unzips files to look inside the JARs and WARs.

This role puts information into the variable log4shell_analyze_versions, which looks like this:

{
    "/tmp/rundeck.war": {
        "version": "2.13.2",
        "type": "war",
        "jndilookup": false
    },
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": true
    },
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1-tests.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": false
    }
}

• The key is the path where the role found the log4j library.
• The value is a dictionary with:
  • version: the log4j version,
  • type: the file type (war/jar),
  • jndilookup: whether the file org/apache/logging/log4j/core/lookup/JndiLookup.class is present in the JAR.

A JAR file without JndiLookup.class is considered not vulnerable according to CERT.

:warning: Requirements

• Ansible version 4 or higher

:zap: Installation

To install the role, run:

ansible-galaxy install claranet.log4shell

:gear: Role Variables

:arrows_counterclockwise: Dependencies

• None

:pencil2: Example Playbook

Here's an example of how to use the role in a playbook:

---
- hosts: all
  roles:
    - role: claranet.log4shell
      log4shell_scan_path: /opt

:closed_lock_with_key: Hardening

:heart_eyes_cat: Contributing

:copyright: License

This role is licensed under the Mozilla Public License Version 2.0.