Newer
Older
2021-12-17: initial release
2021-12-18: intgrated with cmk bakery
2021-12-19: added WATO options scan_logback, log4j_1, no_symlink, scan_zip
2021-12-20: added "HOW TO" section, changed file names to match destionation the operating system
made the plugin more stable on missing scanner output
added bakery options exclude_path and exclude_fs
added run time to the perfometer
2021-12-21: changed scanner to version 2.5.3
added wato bakery option for syslog-udp and syslog-level
added wato check plugin option for items to show on info line
updated "If it doesn't work" section
fixed windows powershell script missing $MK_CONFDIR variable (THX to Rene@forum.checkmk)
fixed windows powershell script missing OPTION handling (THX to Rene@forum.checkmk)
2021-12-22: added sample desriptive config files for Linux/Windows to the package
fixed unexpected values (None, ) for files_vulnerable
added bakery options for file reporting, backup on fix files and debug
added multiple search paths to Windows agent
changed search path on Linux to multiple serach paths --> incompatible you need to reconfigure bakery rules
2021-12-23: fixed exit code other than 0 in the linux/powershell scripts (THX to cmasopust[at]greentube[dot]com)
changed scanner to version 2.6.1 (fixes: Can not use --report-dir together with --report-json issue #203)
reworked options handling in bakery plugin
reworked structure for windows all-drives/drives/search path in wato plugin --> --> incompatible you need to reconfigure bakery rules
windows agent plugin: execute scanner as cmd job to pass path/file names with spaces (THX to andreas-doehler@forum.checkmk)
windows agent plugin: init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
2021-12-24: linux agent plugin: changed to pass the options as arry to the scanner
2021-12-27: changed scanner to version 2.6.3
added files_skipped and errors, files/directories scanned lower levels
2021-12-29: changed scanner to version 2.6.5 (detects also CVE-2021-44832 RCE vulnerability for log4j 2.17.0, 2.12.3, 2.3.1)
added step by step walk through for the enterprise/free edition of CMK to the HOWTO
2021-12-30: added bulk config for search path end exclude path
2022-01-02: changed scanner to version 2.7.1
added options for syslog facility, rfc5424 syslog message format, append reporting to file
added option exclude files (bulk)
NOTE: reconfiguration of backery rules necessary after updating the plugin
2022-01-03: CHECK made parse function more robust (files_potential_vulnerable = int(line[1]) if line[1].isdigit() else None)
2022-01-04: BAKERY added BAKERY_VERSION to the config file (for debugging)
BAKERY added PLUGIN_TIMEOUT to the linux config (fix scanner got not killed on timeout by the agent)
LINUX fixed scanner got not killed on timeout by the agent
2022-01-05: BAKERY added PLUGIN_TIMEOUT to the windows config (to match the linux variant)
WINDOWS changed reading variables from file
WINDOWS added timeout handling to match linux script version
WATO changed display names to "CVE scanner for log4j (CVE-2021-44228-log4j)"
2022-01-06: WATO made "Silent output" enabled by default
2022-01-07: CHECK changed output of values to make it "sortable"
CHECK added warn on missing agent output (see WATO)
CHECK fixed run_time missing on service info (THX to doc[at]snowheaven[dot]de)
INVENTOR added inventory plugin and view for reporting/sorting/filering etc.
2022-01-11: fixed missing newline on plugin section header output in Linux script
added option to add json report to inventory
2022-01-12: CHECK: modified logpresso report time format to ISO861
2022-01-14: INVENTORY: added params to inventory sections
BACKERY: reorganised append to log (--csv-log-path/--json-log-path) and add report to inventory options (-report-path)
WATO: moved append to log outside of enable reporting
WATO: removed reporting to file
AGENT: join output of json report into one line for json.loads
CHECK: added params to inventory sections
WATO: added options for per CVE check
WATO: changed display name (again) from 'CVE scanner for log4j (CVE-2021-44228-log4j)' to 'log4j CVE scanner (CVE-2021-44228-log4j)'
WATO: enabled 'attach_report_to_output' in "reporting" by default for new rules
2022-01-17: CHECK: added check plugin with CVE id as item
2022-01-18: extended inventory report for additional log4j CVEs
removed status_data inventory
2022-01-21: reworked report inventory plugin and per cve check
2022-01-22: Inventory view: added entry's for 'CVE-2021-42550' and 'CVE-2021-4104'
2022-01-25: BAKERY: added option --exclude-pattern
WATO: added option --exclude-pattern
METRICS: added metrics/graph/perfometer for files_affected
2022-01-30: SCANNER: changed to version 2.9.1
BAKERY: added option --throttle
AGENT: added additional CVEs for Log4j 1
added WAR/CRIT based on CVSS score (0.1, 5.5)
added CVE Description/Comment to service details
changed defaults for WARN/CRIT of affected files form (1, 1) to (None, None)
WATO: added CVSS score and state_not_found option to per CVE check
changed defaults for files_affected to 10/30 (from 1/1)
enabled scan_logback and log4j_1 enabled by default for new agent plugin rules
INVENTORY: added entry's for 'CVE-2022-23307', 'CVE-2022-23305', 'CVE-2022-23302' and 'CVE-2019-17571'
2022-02-05: BAKERY: added option -xmx
removed options --force-fix, --backup-path
AGENT: fixed missing comment in CVE data (THX to doc[at]snowheaven[dot]de)
WATO: added option -Xmx
removed options --force-fix and --backup-path
2022-02-07: added state_not_fixed option for per cve plugin
changed CVSS score from Integer to Float
2022-02-13: added option "Use logpresse log watch" (--api-key/--http-proxy")
2022-02-14: added option "Report safe files" (--report-patch)
2022-02-24: removed deployment of the logpresso executable -> separate package log4j_executable.mkp
Note: As there was an issue with large ( >20MB) agent plugins and the cmk agent installer for Windows,
you need to update your CMK system to CMK 2.0.0p21 or newer to use this plugin.
IMPORTANT: If you update from a previous version, you need first to uninstall the cve_2021_44228_log4j package.
Then install the new cve_2021_44228_log4j package and the log4j_executables-2020305.v3.0.1.mkp package.
2022-05-06: BAKERY: fixed not enough values to unpack in exclude_paths_bulk (THX to Rene Calmer[at]forum.checkmk.com)