This agent plugin intergrates the CVE-2021-44228-Scanner from logpresso with checkmk the system monitoring from tribe29.
Included in this package is the scanner for Linux and Windows. You will find the release notes/latest version for the logpresso scanner here logpresso CVE-2021-44228-Scanner Releases.
The scanner (and so the plugin) can discover the following log4j issues
- log4j 1.x
- CVE-2017-5645
- CVE-2019-17571
- CVE-2020-9488
- CVE-2021-4104
- CVE-2022-23302
- CVE-2022-23305
- CVE-2022-23307
- log4j 2.x
- CVE-2021-44228
- CVE-2021-45046
- CVE-2021-45105
- CVE-2021-44832
- logback
- CVE-2021-42550
You will find more information on the Apache Log4j 2 Security Vulnerabilities page (Log4j 1 is no longer supportet, you can find information about Log4j 1 Security Vulnerabilities here on the logging.apache.org web page).
You can find the latest version of this plugin and a lot more checkmk plugins here
Note: The package for CMK1.6 will not be always on the same level as the version for CMK 2.0.
Note: before you update read the CHANGELOG please, and have a look at the Releases, there might be unexpected changes.
- in the checkmk Entrprise/Free edition you can install the plugin via
Setup > Maintenance > Extension packages - in the checkmk RAW/Community edition you need to copy the package to your checkmk server (via SCP for example), and then - as site user - install the package with
mkp install cve_2021_44228_log4.mkpon the cli.
To use this plugin you need to deploy the scanner and the plugin for your destination platform. You can do this via the agent bakery (Setup > Agents> Windows, Linux, Solaris, AIX > Agent rules > CVE-2021-44228-log4j). Here you can also configure some options for the scanner (see WATO bakery). If you have created (baked) a new agent package you need to redeploy the agent (automatic update/software deployment)
To use this plugin with the checkmk RAW/Community edition or have a platform that is not supported by the bakery have a look at the how to information. There you will also find more information around this plugin.
Note: only Linux and Windows is implemented for this bakery plugin. If you need this for AIX/Solaris have a look at the contribution guidelines
Nice ;-) Have a look at the contribution guidelines
Sample output
Note: in the service details you will find the raw output from the scanner
Sample output details
Sample syslog events in CMK event console
Sample inventory summary
Sample inventory report
WATO options
WATO check plugin
WATO bakery Linux
WATO bakery Windows
WATO inventory
