lucab85.ansible_role_log4shell

Panoramica Versioni Approfondimenti

lucab85.ansible_role_log4shell

CI
Release

This is an Ansible role designed to scan Linux hosts for the Log4Shell vulnerability using the official Red Hat Log4j detector script (RHSB-2021-009).

It has been tested with the Red Hat detector version 1.3 from January 10, 2022.

Ansible Playbook

You can also find the code in an Ansible Playbook format at lucab85/log4j-cve-2021-44228.

Requirements

  • Ansible 2.9 or higher

Role Variables

Here are the default variable values found in defaults/main.yml:

sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: 'cve-2021-44228--2022-01-10-1242.sh.asc'
detector_baseurl: 'https://access.redhat.com/sites/default/files/'
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: 'tmp'
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: '7514F77D8366B0D9'
gpg_server: "pgp.mit.edu"
clean_run_before: true
delete_after: true
verify_gpg: false

Variable Descriptions

  • sh_detector: The name of the detector script file.
  • sh_signature: The name of the signature file for the detector.
  • detector_baseurl: The base URL to download the necessary files.
  • detector_path: The directory to scan (default is /var/).
  • detector_dir: Where the detector will be downloaded (default is /opt/cve-2021-44228/).
  • detector_run_dir: Temporary directory created for the run (default is tmp).
  • detector_options: Command-line options for the detector script.
  • gpg_keyid: GPG key used for verification (default is from Red Hat).
  • gpg_server: Server to download the GPG public key.
  • clean_run_before: Whether to clean the run directory before execution (default is true).
  • delete_after: Whether to remove the detector directory after execution (default is false).
  • verify_gpg: If true, performs GPG signature verification (default is false).

Dependencies

There are no dependencies.

Downloading

To get the latest version of the Ansible role, use Ansible Galaxy:

ansible-galaxy install lucab85.ansible_role_log4shell

Example Playbook

Here’s a simple example of how to use the lucab85.ansible_role_log4shell role:

---
- name: run detector
  hosts: all
  become: true
  roles:
    - role: lucab85.ansible_role_log4shell
      detector_path: "/var/www"

License

MIT / BSD

Author Information

This role was created by Luca Berton in 2021, who is also the author of Ansible Pilot.

Ansible Pilot

For more details, visit:

Support

If you wish to support me, you can:

Informazioni sul progetto

Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 version 1.2 2021-12-20 for Log4Shell (CVE-2021-44228).

role cve202144228 debian detector fedora log4j log4shell opensuse redhat scanner security system ubuntu
Installa
ansible-galaxy install lucab85.ansible_role_log4shell
GitHub repository
4 stelle
4 fork
0 problemi aperti
Licenza
mit
Download
289
Proprietario
Luca Berton
Ansible Automation Engineer with Open Source passion: (Ansible, Progressive Web Applications, Cloud Computing, IoT, GNU/Linux)