Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).
Red Hat version 1.3 detector 2022-01-10.
The result is saved in a txt file under detector_dir (default: /opt/cve-2021-44228/).
Code also available as Ansible Galaxy role lucab85.ansible_role_log4shell
ansible-galaxy install lucab85.ansible_role_log4shellDefault variables scan all the /var/ path for affected files.
You could customize the vars.yml file for more options.
ansible-playbook log4j-cve-2021-44228.ymlNone.
ansible 2.9+
default values:
rh_bullettin: >-
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
intro: |
Ansible Playbook tested with detector version 1.3 released 2022-01-10.
If a 404 error occur please adjust the URL with the latest version available
for detector URL.
Please refer to the Red Hat Security Bullettin for up-to-date information and
adjust the playbook variables accordingly.
{{ rh_bullettin }}.
vulnerable: |
System MIGHT be vulnerable to log4j (CVE-2021-44228)
not_vulnerable: |
System IS NOT vulnerable to log4j (CVE-2021-44228)
report_txt: "/report/vuln_log4j2_path_*.txt"
sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: "cve-2021-44228--2022-01-10-1242.sh.asc"
detector_baseurl: "https://access.redhat.com/sites/default/files/"
force_download: false
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: "tmp"
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: "7514F77D8366B0D9"
gpg_server: "pgp.mit.edu"
gpg_public_key: 'gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: truerh_bullettin: link of the RHSB (default: https://access.redhat.com/security/vulnerabilities/RHSB-2021-009)intro: introduction textvulnerable: vulnerable text (visible only on debug level 2 execution-vv)not_vulnerable: NOT vulnerable text (visible only on debug level 2 execution-vv)report_txt: report path to print (default:/report/vuln_log4j2_path_*.txt)sh_detector: the filename of the detector bash script filesh_signature: the filename of the detector GPG signature filedetector_baseurl: the base URL to download the previous filesforce_download: force to download every run the code (default:false)detector_path: the path to inspect (default/var/)detector_dir: the download path of the detector (default/opt/cve-2021-44228/)detector_run_dir: the subdirectory to create before the run (defaulttmp)detector_options: the command lines options for detector script (default-n -d --no-progress --scan {{ detector_path }})gpg_keyid: the GPG public key to download for the verification (default Red Hat Product Security7514F77D8366B0D9)gpg_server: the GPG key server (default:pgp.mit.edu)gpg_public_key: command for gpg verification (default:gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }})clean_run_before: remove the run directory and recreate before the execution - detector requires an empty directory (defaulttrue)delete_after: remove the detector_dir after the execution (defaultfalse)verify_gpg: perform the GPG signature download and verification (default:true)
The full output of the execution of the playbook against the RHEL8 demo target host:
$ ansible-playbook -i test/inventory log4j-cve-2021-44228.yml -vv
ansible-playbook [core 2.12.1]
config file = None
configured module search path = ['/Users/lberton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
ansible collection location = /Users/lberton/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.10.1 (main, Dec 6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
jinja version = 3.0.3
libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: log4j-cve-2021-44228.yml *********************************************************************************************************************************************************
2 plays in log4j-cve-2021-44228.yml
PLAY [download detector for Apache Log4j (CVE-2021-44228)] *********************************************************************************************************************************
META: ran handlers
TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:29
ok: [localhost] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}
TASK [print information] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:31
ok: [localhost] => {
"msg": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009.\n"
}
TASK [download detector] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:35
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 67710, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh"}
TASK [download detector signature] *********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:42
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh.asc", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 811, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh.asc"}
META: ran handlers
META: ran handlers
PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************************************************************************************************************************
META: ran handlers
TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:54
ok: [demo.example.com] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}
TASK [dependency present] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:56
ok: [demo.example.com] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "Nothing to do", "rc": 0, "results": []}
TASK [create detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:67
ok: [demo.example.com] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 193, "state": "directory", "uid": 0}
TASK [copy detector file] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:73
ok: [demo.example.com] => {"changed": false, "checksum": "4fa53e1f03dc8d4228479dd9a3a288a83146aa96", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "secontext": "system_u:object_r:usr_t:s0", "size": 67710, "state": "file", "uid": 0}
TASK [copy detector signature] *************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:82
ok: [demo.example.com] => {"changed": false, "checksum": "ecd1150a9826112acfa3f6dd9af0d536f51eb02f", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "secontext": "system_u:object_r:usr_t:s0", "size": 811, "state": "file", "uid": 0}
TASK [gpg public key] **********************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:92
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--keyserver", "pgp.mit.edu", "--recv", "7514F77D8366B0D9"], "delta": "0:00:07.831962", "end": "2022-01-10 17:09:05.217573", "msg": "", "rc": 0, "start": "2022-01-10 17:08:57.385611", "stderr": "gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed\ngpg: Total number processed: 1\ngpg: unchanged: 1", "stderr_lines": ["gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <[email protected]>\" not changed", "gpg: Total number processed: 1", "gpg: unchanged: 1"], "stdout": "", "stdout_lines": []}
TASK [gpg verify detector] *****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:97
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--verify", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh"], "delta": "0:00:00.006127", "end": "2022-01-10 17:09:05.649893", "msg": "", "rc": 0, "start": "2022-01-10 17:09:05.643766", "stderr": "gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC\ngpg: using RSA key 7514F77D8366B0D9\ngpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg: There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9", "stderr_lines": ["gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC", "gpg: using RSA key 7514F77D8366B0D9", "gpg: Good signature from \"Red Hat, Inc. (tools key) <[email protected]>\" [unknown]", "gpg: WARNING: This key is not certified with a trusted signature!", "gpg: There is no indication that the signature belongs to the owner.", "Primary key fingerprint: 8B12 20FC 564E 9583 2002 05FF 7514 F77D 8366 B0D9"], "stdout": "", "stdout_lines": []}
TASK [remove any detector run directory] ***************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:103
changed: [demo.example.com] => {"changed": true, "path": "/opt/cve-2021-44228/tmp", "state": "absent"}
TASK [create detector run directory] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:110
changed: [demo.example.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/tmp", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 0}
TASK [run detector/scanner] ****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:116
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "-n", "-d", "--no-progress", "--scan", "/var/", "--tmp", "/opt/cve-2021-44228/tmp"], "delta": "0:00:38.292411", "end": "2022-01-10 17:09:45.263799", "msg": "non-zero return code", "rc": 2, "start": "2022-01-10 17:09:06.971388", "stderr": "", "stderr_lines": [], "stdout": "\nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*", "stdout_lines": ["", "This script (v1.3) is primarily designed to detect CVE-2021-44228 on supported", "Red Hat Enterprise Linux 6-8 systems.", "Result may be inaccurate for other systems.", "Result may be inaccurate for affected log4j-core jar files other than those found", "in the two listed maven repositories as of 2021-12-13 and between versions", "2.0(.*) inclusive and 2.14.* inclusive:", "* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/", "* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/", "Symbolic links are not followed. Only local filesystem paths are supported.", "", "Finished scanning of the specified directory", "/var", "", "The specified directory contains vulnerable log4j-core jar files.", "* 3 files were identified.", "* Paths of the identified files can be found in .txt files in the directory", " /opt/cve-2021-44228/tmp/report", "* To print all these paths, you can run the following command in the 'report' directory:", " cat vuln_log4j2_path_*.txt", "* The paths may show paths inside zip/jar archive files, signified by a double slash //.", "", "Please note that vulnerability is determined based on the version only.", "This script doesn't detect any mitigations.", "", "Follow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.", "", "running_kernel = *4.18.0-348.el8.x86_64*", "vulnerable = *3*", "result = *2*", "scan_path = */var*", "tmp_path = */opt/cve-2021-44228/tmp*", "num_before = *5*", "num_after = *5*", "queue_position = *5*", "queue_length = *5*", "queue_length_check = *5*"]}
...ignoring
TASK [print NOT vulnerable message] ********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:123
skipping: [demo.example.com] => {}
TASK [print vulnerable message] ************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:129
ok: [demo.example.com] => {
"msg": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n \nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*"
}
TASK [files in detector run directory] *****************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:135
ok: [demo.example.com] => {"changed": false, "examined": 4, "files": [{"atime": 1641834585.1820261, "ctime": 1641834585.1820261, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566206, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.1820261, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 66, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2100265, "ctime": 1641834585.2100265, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566207, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2100265, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 60, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2410266, "ctime": 1641834585.2410266, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 84002242, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2410266, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 68, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 3, "msg": "All paths examined", "skipped_paths": {}}
TASK [print debug] *************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:144
ok: [demo.example.com] => {
"msg": {
"changed": false,
"examined": 4,
"failed": false,
"files": [
{
"atime": 1641834585.1820261,
"ctime": 1641834585.1820261,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 67566206,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.1820261,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 66,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
},
{
"atime": 1641834585.2100265,
"ctime": 1641834585.2100265,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 67566207,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.2100265,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 60,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
},
{
"atime": 1641834585.2410266,
"ctime": 1641834585.2410266,
"dev": 64768,
"gid": 0,
"gr_name": "root",
"inode": 84002242,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mode": "0644",
"mtime": 1641834585.2410266,
"nlink": 1,
"path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt",
"pw_name": "root",
"rgrp": true,
"roth": true,
"rusr": true,
"size": 68,
"uid": 0,
"wgrp": false,
"woth": false,
"wusr": true,
"xgrp": false,
"xoth": false,
"xusr": false
}
],
"matched": 3,
"msg": "All paths examined",
"skipped_paths": {}
}
}
TASK [read vulnerable path(s) found] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:150
changed: [demo.example.com] => {"changed": true, "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt", "delta": "0:00:00.004155", "end": "2022-01-10 17:09:46.451923", "msg": "", "rc": 0, "start": "2022-01-10 17:09:46.447768", "stderr": "", "stderr_lines": [], "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar", "stdout_lines": ["/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"]}
TASK [print vulnerable path(s) found] ******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:156
ok: [demo.example.com] => {
"msg": {
"changed": true,
"cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt",
"delta": "0:00:00.004155",
"end": "2022-01-10 17:09:46.451923",
"failed": false,
"msg": "",
"rc": 0,
"start": "2022-01-10 17:09:46.447768",
"stderr": "",
"stderr_lines": [],
"stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar",
"stdout_lines": [
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar",
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar",
"/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"
]
}
}
TASK [remove detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:161
skipping: [demo.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************************************************************************************************************************
demo.example.com : ok=15 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=1
localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
MIT / BSD
This role was created in 2021 by Luca Berton, author of Ansible Pilot.
More information
Thank you for supporting me