# Ansible role - log4shell
[![Ansible version](](
[![Ansible Galaxy](](

> :star: Star us on GitHub โ€” it motivates us a lot!

Find Log4Shell CVE-2021-44228 on your system

This role tries to find JAR and WAR from filesystem and from opened files (lsof)

:warning: Your system may runs slowly during the scan due to a `find` on `/` and the unarchive process to lookup inside the JARs/WARs

This role populates the variable `log4shell_analyze_versions` with a dictionary like this one:
    "/tmp/rundeck.war": {
        "version": "2.13.2",
        "type": "war",
        "jndilookup": false
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": true
    "/tmp/apache-log4j-2.12.1-bin/log4j-core-2.12.1-tests.jar": {
        "version": "2.12.1",
        "type": "jar",
        "jndilookup": false

The key is the path where the role has found the log4j library.

The value is a dictionary containing the log4j version in `version`, the file type in `type` (war/jar) and and the key `jndilookup` which tells you if the file `org/apache/logging/log4j/core/lookup/JndiLookup.class` is present in a jar

A JAR without JndiLookup.class is not vulnerable according to [](

## :warning: Requirements

Ansible >= 4

## :zap: Installation

ansible-galaxy install claranet.log4shell

## :gear: Role variables

Variable                | Default value | Description
log4shell_scan_path     | /             | Filesystem path to scan

## :arrows_counterclockwise: Dependencies


## :pencil2: Example Playbook

- hosts: all
    - role: claranet.log4shell
      log4shell_scan_path: /opt

## :closed_lock_with_key: [Hardening](

## :heart_eyes_cat: [Contributing](

## :copyright: [License](LICENSE)

[Mozilla Public License Version 2.0](