cve-2021-44228-log4j

This module leverages yahoo/check-log4j to scan for files potentially vulnerable to CVE-2021-44228, which allows arbitrary code execution.

Maintainer

Nick Anderson

Module stats

Total Downloads: 240
Updated: Dec 23, 2021

Installation version

Version
Released on Dec 23, 2021

Tags

Installation

                    
cfbs add cve-2021-44228-log4j
Description
Dependencies
Comments

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution.

https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/Log4Shell_logo.png
Log4Shell Logo (Source: Wikipedia)

This module leverages a script provided by yahoo/check-log4j to scan the host and provide an inventory of potentially vulnerable files that should be further investigated.

Recommendation: Use this module to help identify and review potentially vulnerable files. Review and remediate if necessary and track sha512 sums for potentially vulnerable files that are known to be OK.

Inventory

Log4Shell Potentially Vulnerable

List of files that are potentially vulnerable. https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/inventory-Log4Shell_Potentially_Vulnerable.png

Configuration

Variables

northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.scan_paths

List of paths which should be scanned. (default /opt, /usr) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-scan_paths.png

northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.rescan_frequency_min

How often the scanner should be re-run. (default 1440) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-rescan_frequency_min.png

northerntech_security_hardening:cve_2021_44228_log4j_inventory_log4shell.files_sha512_ok

A list of sha512 hashes that prevent a potentially vulnerable file from being inventoried. (default empty) https://raw.githubusercontent.com/nickanderson/cfengine-security-hardening/master/cves/cve-2021-44228-log4j/configure-files_sha512_ok.png

Dependencies

This module has no dependencies

comments powered by Disqus