Share
## https://sploitus.com/exploit?id=9790154B-5F28-5BD4-8541-6EAA8D3E2B36
# Log4j-CVE-2021-44228 detector scanner playbook
[](https://github.com/lucab85/log4j-cve-2021-44228/actions/workflows/ci.yml)
Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).
[Red Hat version 1.3 detector 2022-01-10](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).
The result is saved in a txt file under `detector_dir` (default: `/opt/cve-2021-44228/`).
## Ansible Galaxy role
Code also available as Ansible Galaxy role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell)
```bash
ansible-galaxy install lucab85.ansible_role_log4shell
```
## How to run the Ansible Playbook
Default variables scan all the `/var/` path for affected files.
You could customize the `vars.yml` file for more options.
```bash
ansible-playbook log4j-cve-2021-44228.yml
```
## Dependencies
None.
## Requirements
ansible 2.9+
## Variables vars.yml
default values:
```yaml
rh_bullettin: >-
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
intro: |
Ansible Playbook tested with detector version 1.3 released 2022-01-10.
If a 404 error occur please adjust the URL with the latest version available
for detector URL.
Please refer to the Red Hat Security Bullettin for up-to-date information and
adjust the playbook variables accordingly.
{{ rh_bullettin }}.
vulnerable: |
System MIGHT be vulnerable to log4j (CVE-2021-44228)
not_vulnerable: |
System IS NOT vulnerable to log4j (CVE-2021-44228)
report_txt: "/report/vuln_log4j2_path_*.txt"
sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: "cve-2021-44228--2022-01-10-1242.sh.asc"
detector_baseurl: "https://access.redhat.com/sites/default/files/"
force_download: false
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: "tmp"
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: "7514F77D8366B0D9"
gpg_server: "pgp.mit.edu"
gpg_public_key: 'gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: true
```
- `rh_bullettin`: link of the RHSB (default: [https://access.redhat.com/security/vulnerabilities/RHSB-2021-009](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009))
- `intro`: introduction text
- `vulnerable`: vulnerable text (visible only on debug level 2 execution `-vv`)
- `not_vulnerable`: NOT vulnerable text (visible only on debug level 2 execution `-vv`)
- `report_txt`: report path to print (default: `/report/vuln_log4j2_path_*.txt`)
- `sh_detector`: the filename of the detector bash script file
- `sh_signature`: the filename of the detector GPG signature file
- `detector_baseurl`: the base URL to download the previous files
- `force_download`: force to download every run the code (default: `false`)
- `detector_path`: the path to inspect (default `/var/`)
- `detector_dir`: the download path of the detector (default `/opt/cve-2021-44228/`)
- `detector_run_dir`: the subdirectory to create before the run (default `tmp`)
- `detector_options`: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
- `gpg_keyid`: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
- `gpg_server`: the GPG key server (default: `pgp.mit.edu`)
- `gpg_public_key`: command for gpg verification (default: `gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}`)
- `clean_run_before`: remove the run directory and recreate before the execution - detector requires an empty directory (default `true`)
- `delete_after`: remove the _detector_dir_ after the execution (default `false`)
- `verify_gpg`: perform the GPG signature download and verification (default: `true`)
## Demo execution
The full output of the execution of the playbook against the RHEL8 demo target host:
```bash
$ ansible-playbook -i test/inventory log4j-cve-2021-44228.yml -vv
ansible-playbook [core 2.12.1]
config file = None
configured module search path = ['/Users/lberton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/lberton/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.10.1 (main, Dec 6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
jinja version = 3.0.3
libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: log4j-cve-2021-44228.yml *********************************************************************************************************************************************************
2 plays in log4j-cve-2021-44228.yml
PLAY [download detector for Apache Log4j (CVE-2021-44228)] *********************************************************************************************************************************
META: ran handlers
TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:29
ok: [localhost] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}
TASK [print information] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:31
ok: [localhost] => {
"msg": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009.\n"
}
TASK [download detector] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:35
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 67710, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh"}
TASK [download detector signature] *********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:42
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh.asc", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 811, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh.asc"}
META: ran handlers
META: ran handlers
PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************************************************************************************************************************
META: ran handlers
TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:54
ok: [demo.example.com] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}
TASK [dependency present] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:56
ok: [demo.example.com] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "Nothing to do", "rc": 0, "results": []}
TASK [create detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:67
ok: [demo.example.com] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 193, "state": "directory", "uid": 0}
TASK [copy detector file] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:73
ok: [demo.example.com] => {"changed": false, "checksum": "4fa53e1f03dc8d4228479dd9a3a288a83146aa96", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "secontext": "system_u:object_r:usr_t:s0", "size": 67710, "state": "file", "uid": 0}
TASK [copy detector signature] *************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:82
ok: [demo.example.com] => {"changed": false, "checksum": "ecd1150a9826112acfa3f6dd9af0d536f51eb02f", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "secontext": "system_u:object_r:usr_t:s0", "size": 811, "state": "file", "uid": 0}
TASK [gpg public key] **********************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:92
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--keyserver", "pgp.mit.edu", "--recv", "7514F77D8366B0D9"], "delta": "0:00:07.831962", "end": "2022-01-10 17:09:05.217573", "msg": "", "rc": 0, "start": "2022-01-10 17:08:57.385611", "stderr": "gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" not changed\ngpg: Total number processed: 1\ngpg: unchanged: 1", "stderr_lines": ["gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" not changed", "gpg: Total number processed: 1", "gpg: unchanged: 1"], "stdout": "", "stdout_lines": []}
TASK [gpg verify detector] *****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:97
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--verify", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh"], "delta": "0:00:00.006127", "end": "2022-01-10 17:09:05.649893", "msg": "", "rc": 0, "start": "2022-01-10 17:09:05.643766", "stderr": "gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC\ngpg: using RSA key 7514F77D8366B0D9\ngpg: Good signature from \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg: There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9", "stderr_lines": ["gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC", "gpg: using RSA key 7514F77D8366B0D9", "gpg: Good signature from \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" [unknown]", "gpg: WARNING: This key is not certified with a trusted signature!", "gpg: There is no indication that the signature belongs to the owner.", "Primary key fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9"], "stdout": "", "stdout_lines": []}
TASK [remove any detector run directory] ***************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:103
changed: [demo.example.com] => {"changed": true, "path": "/opt/cve-2021-44228/tmp", "state": "absent"}
TASK [create detector run directory] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:110
changed: [demo.example.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/tmp", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 0}
TASK [run detector/scanner] ****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:116
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "-n", "-d", "--no-progress", "--scan", "/var/", "--tmp", "/opt/cve-2021-44228/tmp"], "delta": "0:00:38.292411", "end": "2022-01-10 17:09:45.263799", "msg": "non-zero return code", "rc": 2, "start": "2022-01-10 17:09:06.971388", "stderr": "", "stderr_lines": [], "stdout": "\nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*", "stdout_lines": ["", "This script (v1.3) is primarily designed to detect CVE-2021-44228 on supported", "Red Hat Enterprise Linux 6-8 systems.", "Result may be inaccurate for other systems.", "Result may be inaccurate for affected log4j-core jar files other than those found", "in the two listed maven repositories as of 2021-12-13 and between versions", "2.0(.*) inclusive and 2.14.* inclusive:", "* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/", "* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/", "Symbolic links are not followed. Only local filesystem paths are supported.", "", "Finished scanning of the specified directory", "/var", "", "The specified directory contains vulnerable log4j-core jar files.", "* 3 files were identified.", "* Paths of the identified files can be found in .txt files in the directory", " /opt/cve-2021-44228/tmp/report", "* To print all these paths, you can run the following command in the 'report' directory:", " cat vuln_log4j2_path_*.txt", "* The paths may show paths inside zip/jar archive files, signified by a double slash //.", "", "Please note that vulnerability is determined based on the version only.", "This script doesn't detect any mitigations.", "", "Follow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.", "", "running_kernel = *4.18.0-348.el8.x86_64*", "vulnerable = *3*", "result = *2*", "scan_path = */var*", "tmp_path = */opt/cve-2021-44228/tmp*", "num_before = *5*", "num_after = *5*", "queue_position = *5*", "queue_length = *5*", "queue_length_check = *5*"]}
...ignoring
TASK [print NOT vulnerable message] ********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:123
skipping: [demo.example.com] => {}
TASK [print vulnerable message] ************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:129
ok: [demo.example.com] => {
"msg": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n \nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*"
}
TASK [files in detector run directory] *****************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:135
ok: [demo.example.com] => {"changed": false, "examined": 4, "files": [{"atime": 1641834585.1820261, "ctime": 1641834585.1820261, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566206, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.1820261, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 66, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2100265, "ctime": 1641834585.2100265, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566207, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2100265, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 60, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2410266, "ctime": 1641834585.2410266, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 84002242, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2410266, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 68, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 3, "msg": "All paths examined", "skipped_paths": {}}
TASK [print debug] *************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:144
ok: [demo.example.com] => {
"msg": {
"changed": false,
"examined": 4,
"failed": false,
"files": [
{
"atime": 1641834585.1820261,
"ctime": 1641834585.1820261,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 67566206,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.1820261,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 66,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
},
{
"atime": 1641834585.2100265,
"ctime": 1641834585.2100265,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 67566207,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.2100265,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 60,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
},
{
"atime": 1641834585.2410266,
"ctime": 1641834585.2410266,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 84002242,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.2410266,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 68,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
],
"matched": 3,
"msg": "All paths examined",
"skipped_paths": {}
}
}
TASK [read vulnerable path(s) found] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:150
changed: [demo.example.com] => {"changed": true, "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt", "delta": "0:00:00.004155", "end": "2022-01-10 17:09:46.451923", "msg": "", "rc": 0, "start": "2022-01-10 17:09:46.447768", "stderr": "", "stderr_lines": [], "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar", "stdout_lines": ["/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"]}
TASK [print vulnerable path(s) found] ******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:156
ok: [demo.example.com] => {
"msg": {
"changed": true,
"cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt",
"delta": "0:00:00.004155",
"end": "2022-01-10 17:09:46.451923",
"failed": false,
"msg": "",
"rc": 0,
"start": "2022-01-10 17:09:46.447768",
"stderr": "",
"stderr_lines": [],
"stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar",
"stdout_lines": [
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar",
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar",
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"
]
}
}
TASK [remove detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:161
skipping: [demo.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************************************************************************************************************************
demo.example.com : ok=15 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=1
localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
## License
MIT / BSD
## Author Information
This role was created in 2021 by [Luca Berton](https://www.lucaberton.it/), author of [Ansible Pilot](https://www.ansiblepilot.com/).
## Ansible Pilot
More information
- [Website](https://www.ansiblepilot.com/)
- [Ansible Pilot YouTube channel](https://www.youtube.com/channel/UC5MNbTYRHSCu9vAki3z9SmA)
- [Medium](https://ansiblepilot.medium.com/)
- [Twitter](https://twitter.com/ansiblepilot)
## Donate
Thank you for supporting me
- [Patreon](https://patreon.com/lucaberton)
- [Buy me a pizza](https://www.buymeacoffee.com/lucab)
- [GitHub sponsor](https://github.com/sponsors/lucab85)