cve-2021-44228-log4j

Leverages yahoo/check-log4j to scan for files potentially vulnerable to CVE-2021-44228, which allows arbitrary code execution.
Repository Report issue

Maintainer

Nick Anderson

Module stats

Total Downloads: 403
Updated: Sep 9, 2022

Installation version

Version
0.2.0
0.0.1
0.0.2
0.2.0
Released on Sep 9, 2022

Tags

Installation

                    
cfbs add cve-2021-44228-log4j
Description
Dependencies
Discussion

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution.

https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/Log4Shell_logo.png
Log4Shell Logo (Source: Wikipedia)

This module leverages a script provided by yahoo/check-log4j to scan the host and provide an inventory of potentially vulnerable files that should be further investigated.

Recommendation: Use this module to help identify and review potentially vulnerable files. Review and remediate if necessary and track sha512 sums for potentially vulnerable files that are known to be OK.

Inventory

Log4Shell Potentially Vulnerable
List of files that are potentially vulnerable. https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/inventory-Log4Shell_Potentially_Vulnerable.png
Log4Shell Potentially Vulnerable Last Scan
Date/time of last scan in ISO-8601 format. https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/pinned-inventory-potentially-vulnerable-and-last-scan-time.png

Configuration

Variables

northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.scan_paths
List of paths which should be scanned. (default /opt, /usr) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-scan_paths.png
northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.rescan_frequency_min
How often the scanner should be re-run. (default 1440) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-rescan_frequency_min.png
northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.files_sha512_ok
A list of sha512 hashes that prevent a potentially vulnerable file from being inventoried. (default empty) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-files_sha512_ok.png

Dependencies

This module has no dependencies

Find related thread in GitHub discussions or Start a new discussion