Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
CHANGELOG 7.02 KiB
Newer Older
thl-cmk's avatar
thl-cmk committed
2021-12-17: initial release
2021-12-18: intgrated with cmk bakery
2021-12-19: added WATO options scan_logback, log4j_1, no_symlink, scan_zip
2021-12-20: added "HOW TO" section, changed file names to match destionation the operating system
            made the plugin more stable on missing scanner output
            added bakery options exclude_path and exclude_fs
            added run time to the perfometer
2021-12-21: changed scanner to version 2.5.3
            added wato bakery option for syslog-udp and syslog-level
            added wato check plugin option for items to show on info line
            updated "If it doesn't work" section
thl-cmk's avatar
thl-cmk committed
            fixed windows powershell script missing $MK_CONFDIR variable (THX to Rene@forum.checkmk)
            fixed windows powershell script missing OPTION handling (THX to Rene@forum.checkmk)
thl-cmk's avatar
thl-cmk committed
2021-12-22: added sample desriptive config files for Linux/Windows to the package
thl-cmk's avatar
thl-cmk committed
            fixed unexpected values (None, ) for files_vulnerable
            added bakery options for file reporting, backup on fix files and debug
            added multiple search paths to Windows agent
thl-cmk's avatar
thl-cmk committed
            changed search path on Linux to multiple serach paths --> incompatible you need to reconfigure bakery rules
thl-cmk's avatar
thl-cmk committed
2021-12-23: fixed exit code other than 0 in the linux/powershell scripts (THX to cmasopust[at]greentube[dot]com)
thl-cmk's avatar
thl-cmk committed
            changed scanner to version 2.6.1 (fixes: Can not use --report-dir together with --report-json issue #203)
thl-cmk's avatar
thl-cmk committed
            reworked options handling in bakery plugin
            reworked structure for windows all-drives/drives/search path in wato plugin --> --> incompatible you need to reconfigure bakery rules
            windows agent plugin: execute scanner as cmd job to pass path/file names with spaces (THX to andreas-doehler@forum.checkmk)
            windows agent plugin: init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
2021-12-24: linux agent plugin: changed to pass the options as arry to the scanner
thl-cmk's avatar
thl-cmk committed
2021-12-27: changed scanner to version 2.6.3
            added files_skipped and errors, files/directories scanned lower levels
2021-12-29: changed scanner to version 2.6.5 (detects also CVE-2021-44832 RCE vulnerability for log4j 2.17.0, 2.12.3, 2.3.1)
            added step by step walk through for the enterprise/free edition of CMK to the HOWTO
thl-cmk's avatar
thl-cmk committed
2021-12-30: added bulk config for search path end exclude path
2022-01-02: changed scanner to version 2.7.1
            added options for syslog facility, rfc5424 syslog message format, append reporting to file
thl-cmk's avatar
thl-cmk committed
            added option exclude files (bulk)
            
            NOTE: reconfiguration of backery rules necessary after updating the plugin

2022-01-03: CHECK made parse function more robust (files_potential_vulnerable = int(line[1]) if line[1].isdigit() else None)            
2022-01-04: BAKERY added BAKERY_VERSION to the config file (for debugging)
            BAKERY added PLUGIN_TIMEOUT to the linux config  (fix scanner got not killed on timeout by the agent)
            LINUX  fixed scanner got not killed on timeout by the agent
2022-01-05: BAKERY added PLUGIN_TIMEOUT to the windows config (to match the linux variant) 
            WINDOWS changed reading variables from file
            WINDOWS added timeout handling to match linux script version
            WATO changed display names to "CVE scanner for log4j (CVE-2021-44228-log4j)"         
2022-01-06: WATO made "Silent output" enabled by default  
2022-01-07: CHECK changed output of values to make it "sortable"
            CHECK added warn on missing agent output (see WATO)
            CHECK fixed run_time missing on service info (THX to doc[at]snowheaven[dot]de)
            INVENTOR added inventory plugin and view for reporting/sorting/filering etc.
2022-01-11: fixed missing newline on plugin section header output in Linux script
thl-cmk's avatar
thl-cmk committed
            added option to add json report to inventory
2022-01-12: CHECK: modified logpresso report time format to ISO861
2022-01-14: INVENTORY: added params to inventory sections
            BACKERY: reorganised append to log (--csv-log-path/--json-log-path) and add report to inventory options (-report-path)
            WATO: moved append to log outside of enable reporting
            WATO: removed reporting to file
            AGENT: join output of json report into one line for json.loads
            CHECK: added params to inventory sections
            WATO: added options for per CVE check
            WATO: changed display name (again) from 'CVE scanner for log4j (CVE-2021-44228-log4j)' to 'log4j CVE scanner (CVE-2021-44228-log4j)'
            WATO: enabled 'attach_report_to_output' in "reporting" by default for new rules
2022-01-17: CHECK: added check plugin with CVE id as item            
2022-01-18: extended inventory report for additional log4j CVEs
            removed status_data inventory
2022-01-21: reworked report inventory plugin and per cve check
2022-01-22: Inventory view: added entry's for 'CVE-2021-42550' and 'CVE-2021-4104'            
2022-01-25: BAKERY: added option --exclude-pattern
            WATO: added option --exclude-pattern
            METRICS: added metrics/graph/perfometer for files_affected
thl-cmk's avatar
thl-cmk committed
2022-01-30: SCANNER: changed to version 2.9.1
            BAKERY: added option --throttle
            AGENT: added additional CVEs for Log4j 1
                   added WAR/CRIT based on CVSS score (0.1, 5.5)
                   added CVE Description/Comment to service details
                   changed defaults for WARN/CRIT of affected files form (1, 1) to (None, None)
            WATO: added CVSS score and state_not_found option to per CVE check
                  changed defaults for files_affected to 10/30 (from 1/1)
                  enabled scan_logback and log4j_1 enabled by default for new agent plugin rules
            INVENTORY: added entry's for 'CVE-2022-23307', 'CVE-2022-23305', 'CVE-2022-23302' and 'CVE-2019-17571'
2022-02-05: BAKERY: added option -xmx
                    removed options --force-fix, --backup-path
            AGENT: fixed missing comment in CVE data (THX to doc[at]snowheaven[dot]de)
            WATO: added option -Xmx
                  removed options --force-fix and --backup-path
thl-cmk's avatar
thl-cmk committed
2022-02-07: added state_not_fixed option for per cve plugin
            changed CVSS score from Integer to Float
2022-02-13: added option "Use logpresse log watch" (--api-key/--http-proxy")                   
2022-02-14: added option "Report safe files" (--report-patch)
2022-02-24: removed deployment of the logpresso executable -> separate package log4j_executable.mkp

thl-cmk's avatar
thl-cmk committed
Note: As there was an issue with large ( >20MB) agent plugins and the cmk agent installer for Windows, 
      you need to update your CMK system to CMK 2.0.0p21 or newer to use this plugin.

thl-cmk's avatar
thl-cmk committed
IMPORTANT: If you update from a previous version, you need first to uninstall the cve_2021_44228_log4j package. 
           Then install the new cve_2021_44228_log4j package and the log4j_executables-2020305.v3.0.1.mkp package. 

thl-cmk's avatar
thl-cmk committed
2022-05-06: BAKERY: fixed not enough values to unpack in exclude_paths_bulk (THX to Rene Calmer[at]forum.checkmk.com)