robertdebock.cve_2021_44228
Ansible Role: cve_2021_44228
THIS ROLE HAS BEEN ARCHIVED AS OF DEC 2023.
This role checks for and reports on CVE-2021-44228 (log4shell) on your system.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
This example comes from molecule/default/converge.yml and is tested for each update.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.cve_2021_44228
Before you run this, make sure the machine is ready. In CI, this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: yes
gather_facts: no
roles:
- role: robertdebock.bootstrap
# This role installs necessary software and removes it afterwards.
vars_files:
- ../../vars/main.yml
post_tasks:
- name: Install required software
ansible.builtin.package:
name: ["{{ cve_2021_44228_ps_package }}", unzip]
For more details, see a full explanation and example.
Role Variables
Default values for the variables are found in defaults/main.yml:
---
# Default settings for cve_2021_44228
# Enable or disable certain checks with these variables.
# Check for suspicious processes.
cve_2021_44228_check_processes: yes
# Check for suspicious packages.
cve_2021_44228_check_packages: yes
# This check may use a lot of disk space.
# Check for suspicious files.
cve_2021_44228_check_files: yes
# This check may also use a lot of disk space.
# Check for suspicious JAR files.
cve_2021_44228_check_archives: yes
# You can add more paths to search. More paths mean more disk usage,
# but not enough paths can risk missing vulnerable files.
# Paths to check for files and JARs.
cve_2021_44228_paths_to_check:
- /var
- /etc
- /usr
- /opt
- /lib64
# Types of archives to scan.
cve_2021_44228_archive_patterns:
- "*.jar"
- "*.war"
- "*.ear"
- "*.aar"
Requirements
- Install pip packages listed in requirements.txt.
Used Roles
The roles below are used to prepare a system, but you can prepare it in different ways.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
Context
This role is part of many compatible roles. Check out the documentation of these roles for more information.
Here’s a summary of related roles:
Compatibility
This role has been tested on these container images:
| Container | Tags |
|---|---|
| Alpine | all |
| Amazon | all |
| Debian | all |
| EL | all |
| Fedora | all |
| OpenSUSE | all |
| Ubuntu | focal, bionic |
Ansible version 2.12 is the minimum required, and tests have been conducted on:
- The previous version.
- The current version.
- The development version.
If you encounter any issues, please report them on GitHub.
License
Author Information
Feel free to consider sponsoring me.
Check and report for cve_2021_44228 (log4shell) on your system.
ansible-galaxy install robertdebock.cve_2021_44228