Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).
Red Hat version 1.2 detector 2021-12-20.
The result is saved in a txt file under detector_dir
(default: /tmp/cve-2021-44228/
).
Available in Ansible Galaxy role as lucab85.ansible_role_log4shell:
ansible-galaxy install lucab85.ansible_role_log4shell
Default variables scan all the /var/
path for affected files.
Customize the vars.yml
file for more options.
ansible-playbook log4j-cve-2021-44228.yml
None.
ansible 2.9+
default values:
sh_detector: "cve-2021-44228--2021-12-20-1836.sh"
sh_signature: 'cve-2021-44228--2021-12-20-1836.sh.asc'
detector_baseurl: 'https://access.redhat.com/sites/default/files/'
detector_path: "/var/"
detector_dir: "/tmp/cve-2021-44228/"
detector_run_dir: 'tmp'
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: '7514F77D8366B0D9'
gpg_public_key: 'gpg --keyserver pgp.mit.edu --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: true
PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************
TASK [Gathering Facts] *********************************************************
ok: [demo]
TASK [include_vars] ************************************************************
ok: [demo]
TASK [dependency present] ******************************************************
ok: [demo]
TASK [create detector directory] ***********************************************
ok: [demo]
TASK [download detector file(s)] ***********************************************
ok: [demo] => (item=cve-2021-44228--2021-12-20-1836.sh)
ok: [demo] => (item=cve-2021-44228--2021-12-20-1836.sh.asc)
TASK [gpg public key] **********************************************************
changed: [demo]
TASK [gpg verify detector] *****************************************************
changed: [demo]
TASK [remove any detector run directory] ***************************************
changed: [demo]
TASK [create detector run directory] *******************************************
changed: [demo]
TASK [run detector/scanner] ****************************************************
changed: [demo]
TASK [files in detector run directory] ************
ok: [demo]
TASK [print vulnerable path(s) found] ******************************************
ok: [demo] => {
"vulnerable": {
"changed": false,
"examined": 1,
"failed": false,
"files": [],
"matched": 0,
"msg": "All paths examined",
"skipped_paths": {}
}
}
TASK [remove detector directory] ***********************************************
skipping: [demo]
PLAY RECAP *********************************************************************
demo : ok=12 changed=5 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
MIT / BSD
This role was created in 2021 by Luca Berton, author of Ansible Pilot.
More information
Thank you for supporting me