diff --git a/CHANGELOG b/CHANGELOG
index 209a2cb9fb18f9e7af1290b6421adadd33c46b69..0e894534b9e0f83200c6a4fc122d1d2115712360 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,8 +11,10 @@
updated "If it doesn't work" section
fixed windows powershell script missing $MK_CONFDIR variable (THX to Rene@frorum.checkmk)
fixed windows powershell script missing OPTION handling (THX to Rene@frorum.checkmk)
-2021-12-22: added sample decriptive config files for Linux/Windows to the package
+2021-12-22: added sample desriptive config files for Linux/Windows to the package
fixed unexpected values (None, ) for files_vulnerable
added bakery options for file reporting, backup on fix files and debug
added multiple search paths to Windows agent
- changed search path on Linux to multiple serach paths --> reconfigure bakery rules
+ changed search path on Linux to multiple serach paths --> incompatible you need to reconfigure bakery rules
+2021-12-23: fixed exit code other than 0 in the linux/powershell scriptss (THX to cmasopust[at]greentube[dot]com)
+ changed scanner to version 2.6.1 (fixes: Can not use --report-dir together with --report-json issue #203)
diff --git a/HOWTO.md b/HOWTO.md
index 5d829f2f22ad25e8f92aae79b0c687bc4931b6ce..1faa0f6a2fb0d57711e0ae9365139d539357eecb 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -48,7 +48,7 @@ Included with this package are the scanner files for Linux and Windows in versio
| Windows | `log4j2-scan.exe` | `log4j2-scan.windows` |
| Linux | `log4j2-scan` | `log4j2-scan.linux` |
-At the time of writing this, I am testing with version 2.5.3 and 2.6.0 is already available.
+At the time of writing this, I am testing with version 2.5.3 and 2.6.1 is already available.
</details>
@@ -109,6 +109,7 @@ if [ -f $EXECUTABLE ]; then
echo "SCAN OPTIONS: $OPTIONS"
echo "SCRIPT VERSION: $SCRIPTVERSION"
$EXECUTABLE $OPTIONS
+ exit 0
fi
```
@@ -119,6 +120,7 @@ The important lines (for the check plugin to work) are:
- `echo "SCAN OPTIONS: $OPTIONS"` the options the scanner runs with, the check plugin expects this to start with `SCAN OPTIONS: `
- `echo "SCRIPT VERSION: $SCRIPTVERSION"` the version of the script, the check plugin expects this to start with `SCRIPT VERSION: `
- `$EXECUTABLE $OPTIONS` finaly this runs the scanner
+- `exit 0` reset the exit code from the scanner to 0, without this check_mk_agent my not accept the script output
**Note**: the format of the date output has to be in the form of _**2021-12-19T22:08:52+01:00**_
diff --git a/README.md b/README.md
index d160e46399c6bb5dae23dd1f459f7785b9a3f782..672cd4465fc35dbee0048a3a16996c0bec6f0c52 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,58 @@
-# CVE-2021-44228-log4j
+# CVE-2021-44228-log4j discovery [(Download the MKP package)](/../../../-/raw/master/cve_2021_44228_log4j.mkp "Download MKP package")
+### This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this files it uses the [CVE-2021-44228-Scanner from logpresso](https://github.com/logpresso/CVE-2021-44228-Scanner)
+
+The scanner (and so the plugin) can discover the following log4j issues
+
+- CVE-2021-44228
+- [CVE-2021-4104](https://github.com/advisories/GHSA-fp5r-v3w9-4333)
+- [CVE-2021-42550](https://github.com/advisories/GHSA-668q-qrv7-99fm)
+- [CVE-2021-45105](https://github.com/advisories/GHSA-p6xc-xr62-6r2g)
+- [CVE-2021-45046](https://github.com/advisories/GHSA-7rjr-3q55-vv33)
+
+**Note**: Included in this package is the scanner for Linux and Windows in version 2.6.1 (2021-12-22)
+
+You will find the release notes/latest version for the logpresso scanner here [logpresso CVE-2021-44228-Scanner Releases](https://github.com/logpresso/CVE-2021-44228-Scanner/releases)
+
+To use this check you need to deploy the scanner and the plugin for your destination platform. You can do this via the agent bakery (_`Setup > Agents> Windows, Linux, Solaris, AIX > Agent rules > CVE-2021-44228-log4j`_). Here you can also configure some options for the scanner [(see WATO bakery)](/../../../-/raw/master/doc/wato-bakery.png "WATO bakery").
+
+**Note**: only Linux and Windows is implemented for this bakery plugin. If you need this for AIX/Solaris have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")
+
+**Note**: If you have created (baked) a new agent package you need to redeploy the agent (automatic update/software deployment)
+
+If you have any issues or using use the RAW edition of CMK or have a platform that is not supported by the bakery have a look at the [how to information](HOWTO.md "how to"). Thre you will also find some information whats going on under the hood.
+
+---
+Check Info:
+
+* *service*: creates the service **CVE-2021-44228-log4j**
+---
+* *state*: **critical**: if a (potentially) vulnerable file is found and **warning** if a file state is mitigated
+---
+* *wato*: [(see WATO options)](/../../../-/raw/master/doc/wato.png "see sample screenshot")
+---
+* *perfdata (if avilable)*:
+ * Vulnerable files
+ * Potentially vulnerable files
+ * Mitigated files
+ * Files scanned
+ * Directories scanned
+ * Run time
+---
+
+#### Want to contribute?
+Nice ;-) Have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")
+---
+Sample output [(sample details)](/../../../-/raw/master/doc/sample-details.png "see sample details") and [(sample syslog events in CMK event console)](/../../../-/raw/master/doc/sample-syslog.png "sample syslog events in CMK event console")
+
+**Note**: in the service details you will find the raw output from the scanner
+
+
+
+WATO
+
+
+
+WATO bakery
+
+
diff --git a/agents/plugins/cve_2021_44228_log4j.linux b/agents/plugins/cve_2021_44228_log4j.linux
index a523e5fb518b81ec858d0d5a07ecc4f0adb52b1d..0b8c05b463e5bcc371c3ef6b3f89554dd7f35df3 100755
--- a/agents/plugins/cve_2021_44228_log4j.linux
+++ b/agents/plugins/cve_2021_44228_log4j.linux
@@ -8,8 +8,10 @@
#
# plugin for the check_mk linux agent
#
+# 2021-12-21: fixed exit code other than 0 (THX to cmasopust[at]greentube[dot]com)
+#
-SCRIPTVERSION="2021-12-18-0.0.1b"
+SCRIPTVERSION="2021-12-18-0.0.1c"
OPTIONS="/"
EXECUTABLE=/usr/lib/check_mk_agent/bin/log4j2-scan
PLUGIN_CONF_DIR="/etc/check_mk/"
@@ -29,4 +31,5 @@ if [ -f $EXECUTABLE ]; then
echo "SCRIPT VERSION: $SCRIPTVERSION"
echo "----------------------------------------------------"
$EXECUTABLE $OPTIONS
+ exit 0
fi
diff --git a/agents/plugins/cve_2021_44228_log4j.windows b/agents/plugins/cve_2021_44228_log4j.windows
index 9e7818739a6b8b5e4776af489bc8e84614d1e0ff..c8cdf083c01985c6bc723c08847092e340a22226 100755
--- a/agents/plugins/cve_2021_44228_log4j.windows
+++ b/agents/plugins/cve_2021_44228_log4j.windows
@@ -9,9 +9,10 @@
2021-12-21: fixed missing $MK_CONFDIR variable (THX to Rene@frorum.checkmk)
2021-12-21: fixed OPTION handling (THX to Rene@frorum.checkmk)
+ 2021.12.23: fixed exi code other than 0 (THX to cmasopust[at]greentube[dot]com)
#>
-$SCRIPTVERSION="2021-12-21-0.0.2b"
+$SCRIPTVERSION="2021-12-21-0.0.2c"
$OPTIONS="--all-drives"
$EXECUTABLE="C:\ProgramData\checkmk\agent\bin\log4j2-scan.exe"
$PLUGIN_CONF_DIR="C:\ProgramData\checkmk\agent\config"
@@ -32,4 +33,5 @@ if (Test-Path -Path $EXECUTABLE -PathType Leaf) {
echo "SCRIPT VERSION: $SCRIPTVERSION"
echo "----------------------------------------------------"
& $EXECUTABLE $OPTIONS
+ exit 0
}
diff --git a/agents/plugins/log4j2-scan.linux b/agents/plugins/log4j2-scan.linux
index 7909f9d4e00ca648e55aaf813db6c55f6cda1d92..8d1cec05ccc9de5eccc986e71d4c0473fef51a96 100755
Binary files a/agents/plugins/log4j2-scan.linux and b/agents/plugins/log4j2-scan.linux differ
diff --git a/agents/plugins/log4j2-scan.windows b/agents/plugins/log4j2-scan.windows
index 42f4f47a3d62873dbc1f21589a420236fe6cf1db..d5a80f0be03aaae4360816a72050a562fb12d86c 100755
Binary files a/agents/plugins/log4j2-scan.windows and b/agents/plugins/log4j2-scan.windows differ
diff --git a/cve_2021_44228_log4j.mkp b/cve_2021_44228_log4j.mkp
index b9955d871d216aba064f668bc9b3cb2280bc77f9..0cb7a59b9c51f27bea08a25a7476e972e47d6aef 100644
Binary files a/cve_2021_44228_log4j.mkp and b/cve_2021_44228_log4j.mkp differ
diff --git a/packages/cve_2021_44228_log4j b/packages/cve_2021_44228_log4j
index a5d7decec73477abc08f5c3f22eeab49045ce689..265225c4c2e71c53a00a4fc6a470249715278d67 100644
--- a/packages/cve_2021_44228_log4j
+++ b/packages/cve_2021_44228_log4j
@@ -32,7 +32,7 @@
'name': 'cve_2021_44228_log4j',
'num_files': 10,
'title': 'CVE-2021-44228-log4j scanner plugin',
- 'version': '20211222.v0.0.4e',
+ 'version': '20211222.v0.0.4f',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file