log4shell

Ansible role - log4shell

Maintainer License Release Status Ansible version Ansible Galaxy

:star: Star us on GitHub — it motivates us a lot!

Find Log4Shell CVE-2021-44228 on your system

This role tries to find JAR and WAR from filesystem and from opened files (lsof)

:warning: Your system may runs slowly during the scan due to a find on / and the unarchive process to lookup inside the JARs/WARs

This role populates the variable log4shell_analyze_versions with a dictionary like this one:

{
    "/tmp/rundeck.war": {
        "version": "2.13.2",
        "type": "war",
        "jndilookup": false
    },
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": true
    },
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1-tests.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": false
    }
}

The key is the path where the role has found the log4j library.

The value is a dictionary containing the log4j version in version, the file type in type (war/jar) and and the key jndilookup which tells you if the file org/apache/logging/log4j/core/lookup/JndiLookup.class is present in a jar

A JAR without JndiLookup.class is not vulnerable according to https://www.kb.cert.org/vuls/id/930724

:warning: Requirements

Ansible >= 4

:zap: Installation

ansible-galaxy install claranet.log4shell

:gear: Role variables

Variable Default value Description
log4shell_scan_path / Filesystem path to scan

:arrows_counterclockwise: Dependencies

N/A

:pencil2: Example Playbook

---
- hosts: all
  roles:
    - role: claranet.log4shell
      log4shell_scan_path: /opt

:closed_lock_with_key: Hardening

:heart_eyes_cat: Contributing

Mozilla Public License Version 2.0

About

Finding Log4Shell CVE-2021-44228 on your system

Install
ansible-galaxy install claranet/ansible-role-log4shell
GitHub repository
License
mpl-2.0
Downloads
326
Owner
Open source projects from and contributed to by Claranet.