Log4j Cve 2021 44228 Save

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

Project README

Log4j-CVE-2021-44228 detector scanner playbook

Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).

Red Hat version 1.3 detector 2022-01-10.

The result is saved in a txt file under detector_dir (default: /opt/cve-2021-44228/).

Ansible Galaxy role

Code also available as Ansible Galaxy role lucab85.ansible_role_log4shell

ansible-galaxy install lucab85.ansible_role_log4shell

How to run the Ansible Playbook

Default variables scan all the /var/ path for affected files. You could customize the vars.yml file for more options.

ansible-playbook log4j-cve-2021-44228.yml

Dependencies

None.

Requirements

ansible 2.9+

Variables vars.yml

default values:

rh_bullettin: >-
  https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
intro: |
  Ansible Playbook tested with detector version 1.3 released 2022-01-10.
  If a 404 error occur please adjust the URL with the latest version available
  for detector URL.
  Please refer to the Red Hat Security Bullettin for up-to-date information and
  adjust the playbook variables accordingly.
  {{ rh_bullettin }}.
vulnerable: |
  System MIGHT be vulnerable to log4j (CVE-2021-44228)
not_vulnerable: |
  System IS NOT vulnerable to log4j (CVE-2021-44228)
report_txt: "/report/vuln_log4j2_path_*.txt"
sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: "cve-2021-44228--2022-01-10-1242.sh.asc"
detector_baseurl: "https://access.redhat.com/sites/default/files/"
force_download: false
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: "tmp"
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: "7514F77D8366B0D9"
gpg_server: "pgp.mit.edu"
gpg_public_key: 'gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: true

rh_bullettin: link of the RHSB (default: https://access.redhat.com/security/vulnerabilities/RHSB-2021-009)
intro: introduction text
vulnerable: vulnerable text (visible only on debug level 2 execution -vv)
not_vulnerable: NOT vulnerable text (visible only on debug level 2 execution -vv)
report_txt: report path to print (default: /report/vuln_log4j2_path_*.txt)
sh_detector: the filename of the detector bash script file
sh_signature: the filename of the detector GPG signature file
detector_baseurl: the base URL to download the previous files
force_download: force to download every run the code (default: false)
detector_path: the path to inspect (default /var/)
detector_dir: the download path of the detector (default /opt/cve-2021-44228/)
detector_run_dir: the subdirectory to create before the run (default tmp)
detector_options: the command lines options for detector script (default -n -d --no-progress --scan {{ detector_path }})
gpg_keyid: the GPG public key to download for the verification (default Red Hat Product Security 7514F77D8366B0D9)
gpg_server: the GPG key server (default: pgp.mit.edu)
gpg_public_key: command for gpg verification (default: gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }})
clean_run_before: remove the run directory and recreate before the execution - detector requires an empty directory (default true)
delete_after: remove the detector_dir after the execution (default false)
verify_gpg: perform the GPG signature download and verification (default: true)

Demo execution

The full output of the execution of the playbook against the RHEL8 demo target host:

$ ansible-playbook -i test/inventory log4j-cve-2021-44228.yml -vv
ansible-playbook [core 2.12.1]
  config file = None
  configured module search path = ['/Users/lberton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/lberton/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.10.1 (main, Dec  6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: log4j-cve-2021-44228.yml *********************************************************************************************************************************************************
2 plays in log4j-cve-2021-44228.yml

PLAY [download detector for Apache Log4j (CVE-2021-44228)] *********************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:29
ok: [localhost] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [print information] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:31
ok: [localhost] => {
    "msg": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009.\n"
}

TASK [download detector] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:35
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 67710, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh"}

TASK [download detector signature] *********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:42
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh.asc", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 811, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh.asc"}
META: ran handlers
META: ran handlers

PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:54
ok: [demo.example.com] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [dependency present] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:56
ok: [demo.example.com] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [create detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:67
ok: [demo.example.com] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 193, "state": "directory", "uid": 0}

TASK [copy detector file] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:73
ok: [demo.example.com] => {"changed": false, "checksum": "4fa53e1f03dc8d4228479dd9a3a288a83146aa96", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "secontext": "system_u:object_r:usr_t:s0", "size": 67710, "state": "file", "uid": 0}

TASK [copy detector signature] *************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:82
ok: [demo.example.com] => {"changed": false, "checksum": "ecd1150a9826112acfa3f6dd9af0d536f51eb02f", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "secontext": "system_u:object_r:usr_t:s0", "size": 811, "state": "file", "uid": 0}

TASK [gpg public key] **********************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:92
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--keyserver", "pgp.mit.edu", "--recv", "7514F77D8366B0D9"], "delta": "0:00:07.831962", "end": "2022-01-10 17:09:05.217573", "msg": "", "rc": 0, "start": "2022-01-10 17:08:57.385611", "stderr": "gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed\ngpg: Total number processed: 1\ngpg:              unchanged: 1", "stderr_lines": ["gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed", "gpg: Total number processed: 1", "gpg:              unchanged: 1"], "stdout": "", "stdout_lines": []}

TASK [gpg verify detector] *****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:97
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--verify", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh"], "delta": "0:00:00.006127", "end": "2022-01-10 17:09:05.649893", "msg": "", "rc": 0, "start": "2022-01-10 17:09:05.643766", "stderr": "gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC\ngpg:                using RSA key 7514F77D8366B0D9\ngpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg:          There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9", "stderr_lines": ["gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC", "gpg:                using RSA key 7514F77D8366B0D9", "gpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]", "gpg: WARNING: This key is not certified with a trusted signature!", "gpg:          There is no indication that the signature belongs to the owner.", "Primary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9"], "stdout": "", "stdout_lines": []}

TASK [remove any detector run directory] ***************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:103
changed: [demo.example.com] => {"changed": true, "path": "/opt/cve-2021-44228/tmp", "state": "absent"}

TASK [create detector run directory] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:110
changed: [demo.example.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/tmp", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 0}

TASK [run detector/scanner] ****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:116
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "-n", "-d", "--no-progress", "--scan", "/var/", "--tmp", "/opt/cve-2021-44228/tmp"], "delta": "0:00:38.292411", "end": "2022-01-10 17:09:45.263799", "msg": "non-zero return code", "rc": 2, "start": "2022-01-10 17:09:06.971388", "stderr": "", "stderr_lines": [], "stdout": "\nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*", "stdout_lines": ["", "This script (v1.3) is primarily designed to detect CVE-2021-44228 on supported", "Red Hat Enterprise Linux 6-8 systems.", "Result may be inaccurate for other systems.", "Result may be inaccurate for affected log4j-core jar files other than those found", "in the two listed maven repositories as of 2021-12-13 and between versions", "2.0(.*) inclusive and 2.14.* inclusive:", "* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/", "* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/", "Symbolic links are not followed. Only local filesystem paths are supported.", "", "Finished scanning of the specified directory", "/var", "", "The specified directory contains vulnerable log4j-core jar files.", "* 3 files were identified.", "* Paths of the identified files can be found in .txt files in the directory", "  /opt/cve-2021-44228/tmp/report", "* To print all these paths, you can run the following command in the 'report' directory:", "  cat vuln_log4j2_path_*.txt", "* The paths may show paths inside zip/jar archive files, signified by a double slash //.", "", "Please note that vulnerability is determined based on the version only.", "This script doesn't detect any mitigations.", "", "Follow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.", "", "running_kernel = *4.18.0-348.el8.x86_64*", "vulnerable = *3*", "result = *2*", "scan_path = */var*", "tmp_path = */opt/cve-2021-44228/tmp*", "num_before = *5*", "num_after = *5*", "queue_position = *5*", "queue_length = *5*", "queue_length_check = *5*"]}
...ignoring

TASK [print NOT vulnerable message] ********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:123
skipping: [demo.example.com] => {}

TASK [print vulnerable message] ************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:129
ok: [demo.example.com] => {
    "msg": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n \nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*"
}

TASK [files in detector run directory] *****************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:135
ok: [demo.example.com] => {"changed": false, "examined": 4, "files": [{"atime": 1641834585.1820261, "ctime": 1641834585.1820261, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566206, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.1820261, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 66, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2100265, "ctime": 1641834585.2100265, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566207, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2100265, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 60, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2410266, "ctime": 1641834585.2410266, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 84002242, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2410266, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 68, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 3, "msg": "All paths examined", "skipped_paths": {}}

TASK [print debug] *************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:144
ok: [demo.example.com] => {
    "msg": {
        "changed": false,
        "examined": 4,
        "failed": false,
        "files": [
            {
                "atime": 1641834585.1820261,
                "ctime": 1641834585.1820261,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566206,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.1820261,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 66,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2100265,
                "ctime": 1641834585.2100265,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566207,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2100265,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 60,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2410266,
                "ctime": 1641834585.2410266,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 84002242,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2410266,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 68,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            }
        ],
        "matched": 3,
        "msg": "All paths examined",
        "skipped_paths": {}
    }
}

TASK [read vulnerable path(s) found] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:150
changed: [demo.example.com] => {"changed": true, "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt", "delta": "0:00:00.004155", "end": "2022-01-10 17:09:46.451923", "msg": "", "rc": 0, "start": "2022-01-10 17:09:46.447768", "stderr": "", "stderr_lines": [], "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar", "stdout_lines": ["/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"]}

TASK [print vulnerable path(s) found] ******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:156
ok: [demo.example.com] => {
    "msg": {
        "changed": true,
        "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt",
        "delta": "0:00:00.004155",
        "end": "2022-01-10 17:09:46.451923",
        "failed": false,
        "msg": "",
        "rc": 0,
        "start": "2022-01-10 17:09:46.447768",
        "stderr": "",
        "stderr_lines": [],
        "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar",
        "stdout_lines": [
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"
        ]
    }
}

TASK [remove detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:161
skipping: [demo.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************************************************************************************************************************
demo.example.com           : ok=15   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=1   
localhost                  : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

License

MIT / BSD

Author Information

This role was created in 2021 by Luca Berton, author of Ansible Pilot.

Ansible Pilot

More information

Donate

Thank you for supporting me

Open Source Agenda is not affiliated with "Log4j Cve 2021 44228" Project. README Source: lucab85/log4j-cve-2021-44228

Stars

Open Issues

Last Commit

2 years ago

Repository

lucab85/log4j-cve-2021-44228

License

MIT

Homepage

https://www.ansiblepilot.com/articles/vulnerability-scanner-detector-log4shell-remote-code-execution-log4j-cve-2021-44228-ansible-log4j-cve-2021-44228/

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/log4j-cve-2021-44228"><img src="https://www.opensourceagenda.com/projects/log4j-cve-2021-44228/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022