diff --git a/agent_based/cve_2021_44228_log4j.py b/agent_based/cve_2021_44228_log4j.py
index 56e355ae7a7228622b3c18781ee7416249afefe5..b076ff8341c5dc026a6ec2e028ba8c9054c8fbd2 100644
--- a/agent_based/cve_2021_44228_log4j.py
+++ b/agent_based/cve_2021_44228_log4j.py
@@ -17,6 +17,9 @@
# 2022-01-07: changed output of values to make it "sortable"
# added warn on missing agent output
# fixed run_time missing on service info (THX to doc[at]snowheaven[dot]de)
+# 2022-01-11: added inventory report section
+# 2022-01-12: modified logpresso report time format to ISO861
+# 2022-01-14: added params to inventory sections
#
# sample agent output
@@ -44,12 +47,14 @@
#
#
-from typing import Optional
+import json
+from typing import Optional, Dict
from dataclasses import dataclass
from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
DiscoveryResult,
StringTable,
CheckResult,
+ InventoryResult,
)
from cmk.base.plugins.agent_based.agent_based_api.v1 import (
@@ -59,6 +64,7 @@ from cmk.base.plugins.agent_based.agent_based_api.v1 import (
check_levels,
render,
Result,
+ TableRow,
)
@@ -272,19 +278,12 @@ register.check_plugin(
#
# #########################################################################################################
-from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
- InventoryResult,
-)
-
-from cmk.base.plugins.agent_based.agent_based_api.v1 import (
- register,
- TableRow,
-)
-
-def inventory_inv_cve_2021_44228_log4j(section: CVE_2021_44228_log4j) -> InventoryResult:
+def inventory_inv_cve_2021_44228_log4j(params, section: CVE_2021_44228_log4j) -> InventoryResult:
+ if params.get('do_not_inv_summary'):
+ return
- path = ['software', 'cve_2021_44228_log4j']
+ path = ['software', 'cve_2021_44228_log4j', 'summary']
key_columns = {'index': '1'}
inventory_columns = {}
@@ -313,6 +312,10 @@ def inventory_inv_cve_2021_44228_log4j(section: CVE_2021_44228_log4j) -> Invento
if value is not None:
status_columns.update({key: value})
+ if not params.get('do_status_data'):
+ inventory_columns.update(status_columns)
+ status_columns = {}
+
yield TableRow(
path=path,
key_columns=key_columns,
@@ -325,4 +328,95 @@ register.inventory_plugin(
name='inv_cve_2021_44228_log4j',
sections=['cve_2021_44228_log4j'],
inventory_function=inventory_inv_cve_2021_44228_log4j,
-)
\ No newline at end of file
+ inventory_ruleset_name='inventory_cve_2021_44228_log4j',
+ inventory_default_parameters={
+ 'do_status_data': False,
+ 'do_not_inv_summary': False
+ },
+)
+
+
+# #########################################################################################################
+#
+# Inventory for CVE scanner for log4j (CVE-2021-44228-log4j)
+#
+# #########################################################################################################
+
+
+def parse_inv_cve_2021_44228_log4j_report(string_table: StringTable):
+ try:
+ section = json.loads(string_table[0][0])
+ except (json.decoder.JSONDecodeError, IndexError):
+ section = None
+
+ return section
+
+
+register.agent_section(
+ name="cve_2021_44228_log4j_report",
+ parse_function=parse_inv_cve_2021_44228_log4j_report,
+)
+
+
+def inv_cve_2021_44228_log4j_report(params, section: Dict) -> InventoryResult:
+ path = ['software', 'cve_2021_44228_log4j', 'report']
+ index = 1
+
+ for file in section.get('files', []):
+ for report in file['reports']:
+ key_columns = {'index': index}
+ inventory_columns = {'path': file['path']}
+ status_columns = report
+
+ timestamp = status_columns['detected_at'] # 2022-01-11 20:06:41+0100, convert to ISO8601
+ status_columns['time'] = f'{timestamp[:10]}T{timestamp[11:22]}:{timestamp[22:]}' # 2022-01-11T20:06:41+01:00
+ status_columns.pop('detected_at')
+ status_columns['fixed'] = str(status_columns['fixed'])
+
+ if not params.get('do_status_data'):
+ inventory_columns.update(status_columns)
+ status_columns = {}
+
+ yield TableRow(
+ path=path,
+ key_columns=key_columns,
+ inventory_columns=inventory_columns,
+ status_columns=status_columns
+ )
+ index += 1
+
+ if not params.get('do_not_inv_errors'):
+ for error in section.get('errors', []):
+ key_columns = {'index': index}
+ inventory_columns = {'path': error['path']}
+
+ status_columns = error
+ status_columns.pop('path')
+
+ timestamp = status_columns['created_at'] # 2022-01-11 20:06:41+0100, convert to ISO8601
+ status_columns['time'] = f'{timestamp[:10]}T{timestamp[11:22]}:{timestamp[22:]}' # 2022-01-11T20:06:41+01:00
+ status_columns.pop('created_at')
+ status_columns['status'] = 'ERROR'
+
+ if not params.get('do_status_data'):
+ inventory_columns.update(status_columns)
+ status_columns = {}
+
+ yield TableRow(
+ path=path,
+ key_columns=key_columns,
+ inventory_columns=inventory_columns,
+ status_columns=status_columns
+ )
+ index += 1
+
+
+register.inventory_plugin(
+ name='cve_2021_44228_log4j_report',
+ inventory_function=inv_cve_2021_44228_log4j_report,
+ inventory_ruleset_name='inventory_cve_2021_44228_log4j',
+ inventory_default_parameters={
+ 'do_not_inv_errors': False,
+ 'do_status_data': False,
+ },
+)
diff --git a/agents/bakery/cve_2021_44228_log4j.py b/agents/bakery/cve_2021_44228_log4j.py
index 265e3c098274850f81874fa8e3415badfcabf27b..9d39ff17c4a9bd4e59ff7c3ee64e88ff53af2097 100755
--- a/agents/bakery/cve_2021_44228_log4j.py
+++ b/agents/bakery/cve_2021_44228_log4j.py
@@ -17,15 +17,17 @@
# 2022-01-04: added BAKERY_VERSION to the config file (for debugging)
# added PLUGIN_TIMEOUT to the linux config (fix scanner got not killed on timeout by the agent)
# 2022-01-05: added PLUGIN_TIMEOUT to the windows config (to match the linux variant)
+# 2022-01-11: added option to add json report to inventory
+# 2022-01-14: reorganised append to log (--csv-log-path/--json-log-path) and
+# add report to inventory options (-report-path)
#
-
from pathlib import Path
from typing import List
from cmk.base.cee.plugins.bakery.bakery_api.v1 import FileGenerator, OS, Plugin, PluginConfig, register
-bakery_version = '20220105.v0.0.8'
+bakery_version = '20220114.v0.0.9'
def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
@@ -38,6 +40,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
include_paths = None
exclude_paths = None
exclude_files = None
+ attach_report_to_output = None
config_path = ''
search_path = ''
path_separator = ''
@@ -97,20 +100,36 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
options.pop('syslog')
if options.get('reporting'):
- report_dir = options['reporting']['report_dir'].strip(' ').strip("'").strip('"')
- if options['reporting'].get('log_path'):
- log_path = options['reporting']['log_path']
- if options['reporting'].get('report_format') == '--report-json':
- options_array.append(f'--json-log-path "{report_dir}{path_separator}{log_path}"')
- else:
- options_array.append(f'--csv-log-path "{report_dir}{path_separator}{log_path}"')
- else:
+ if 'report_to_file' in options['reporting']:
+ label, report_cfg = options['reporting']
+ report_dir = report_cfg['report_dir'].strip(' ').strip("'").strip('"')
+ # if report_cfg.get('log_path'):
+ # log_path = report_cfg['log_path']
+ # if report_cfg.get('report_format') == '--report-json':
+ # options_array.append(f'--json-log-path "{report_dir}{path_separator}{log_path}"')
+ # else:
+ # options_array.append(f'--csv-log-path "{report_dir}{path_separator}{log_path}"')
+ # else:
options_array.append(f'--report-dir "{report_dir}"')
- options_array.append(options['reporting'].get('report_format', '--report-csv'))
- if options['reporting'].get('no_empty_report'):
- options_array.append('--no-empty-report')
+ options_array.append(report_cfg.get('report_format', '--report-csv'))
+ if report_cfg.get('no_empty_report'):
+ options_array.append('--no-empty-report')
+ elif 'attach_report_to_output' in options['reporting']:
+ if conf[0] == 'linux':
+ attach_report_to_output = '/var/log/log4j_report.json'
+ elif conf[0] == 'windows':
+ attach_report_to_output = 'c:\\windows\\temp\\log4j_report.json'
+ options_array.append(f'--report-path {attach_report_to_output}')
+ options_array.append('--report-json')
+ # options_array.append(f'--no-empty-report') # will not report on errors/skipped only findings (no files section)
options.pop('reporting')
+ if options.get('append_to_log'):
+ log_file = options['append_to_log']['log_path_file']
+ log_format = options['append_to_log'].get('report_format', '--csv-log-path')
+ options_array.append(f'{log_format} {log_file}')
+ options.pop('append_to_log')
+
if options.get('fix_files'):
backup_dir = options["fix_files"]["backup_dir"].strip(' ').strip("'").strip('"')
options_array.append(f'--backup-path "{backup_dir}"')
@@ -163,6 +182,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
f'BAKERY_VERSION={bakery_version}',
f'OPTIONS=({options});',
f'PLUGIN_TIMEOUT={timeout}',
+ f'ATTACH_REPORT={attach_report_to_output}',
],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
@@ -212,6 +232,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
f'BAKERY_VERSION={bakery_version}',
f'OPTIONS={options}',
f'PLUGIN_TIMEOUT={timeout}',
+ f'ATTACH_REPORT={attach_report_to_output}',
],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
diff --git a/agents/plugins/cve_2021_44228_log4j.linux b/agents/plugins/cve_2021_44228_log4j.linux
index fb6f72dfc6de7c8297b47243982cb43c49c5c91a..10faeba19802caccedf997debc2f082ba921fcde 100755
--- a/agents/plugins/cve_2021_44228_log4j.linux
+++ b/agents/plugins/cve_2021_44228_log4j.linux
@@ -12,21 +12,29 @@
# 2021-12-24: fixed spaces in file names (https://stackoverflow.com/questions/19122448/bash-escaping-spaces-in-filename-in-variable)
# 2022-01-04: fixed scanner got not killed on timeout by the agent
# added unset plugin variables
-# 2022-01-11: fixed missing newline on plugin section header output
+# 2022-01-10: added output of json report as separate section
+# 2022-01-14: join output of json report to one line
+#
-SCRIPT_VERSION="20220111.v0.0.3"
+SCRIPT_VERSION="20220114.v0.0.4"
BAKERY_VERSION="N/A"
OPTIONS="/"
PLUGIN_TIMEOUT=300
PLUGIN_CONF_DIR="/etc/check_mk"
EXECUTABLE=/usr/lib/check_mk_agent/bin/log4j2-scan
+ATTACH_REPORT="None"
-if [ -f $MK_CONFDIR/cve_2021_44228_log4j.cfg ]; then
- . $MK_CONFDIR/cve_2021_44228_log4j.cfg 2>/dev/null
+if [ -f "$MK_CONFDIR/cve_2021_44228_log4j.cfg" ]; then
+ . "$MK_CONFDIR/cve_2021_44228_log4j.cfg" 2>/dev/null
elif [ -f $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg ]; then
. $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg 2>/dev/null
fi
+# check if report exist and delete it before scanning
+if [ -f $ATTACH_REPORT ]; then
+ rm $ATTACH_REPORT
+fi
+
PLUGIN_TIMEOUT=$PLUGIN_TIMEOUT"s"
printf "<<<cve_2021_44228_log4j:sep(0)>>>\n"
@@ -47,12 +55,21 @@ else
printf "ERROR: Executable not found: %s\n" "$EXECUTABLE"
fi
-unset PLUGIN_TIMEOUT
-unset PLUGIN_CONF_DIR
-unset OPTIONS
+
+if [ -f $ATTACH_REPORT ]; then
+ printf "<<<cve_2021_44228_log4j_report:sep(0)>>>\n"
+ cat $ATTACH_REPORT | tr "\n" " "
+ printf "\n"
+ rm $ATTACH_REPORT
+fi
+
+unset ATTACH_REPORT
+unset BAKERY_VERSION
+unset EXEC_STATUS
unset EXECUTABLE
+unset OPTIONS
+unset PLUGIN_CONF_DIR
+unset PLUGIN_TIMEOUT
unset SCRIPT_VERSION
-unset EXEC_STATUS
-unset BAKERY_VERSION
exit 0
diff --git a/agents/plugins/cve_2021_44228_log4j.windows b/agents/plugins/cve_2021_44228_log4j.windows
index 3f7b6485838e073606139edcc23560b23fff8ad2..fab74a18f3980236f6b335c3c1627bdb5f186551 100755
--- a/agents/plugins/cve_2021_44228_log4j.windows
+++ b/agents/plugins/cve_2021_44228_log4j.windows
@@ -14,6 +14,9 @@
init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
2022-01-05: changed reading variables from file
added timeout handling to match linux script version
+ 2021-01-10: added output of json report as separate section
+ 2022-01-14: join output of json report to one line
+
#>
###
@@ -34,11 +37,13 @@ $pswindow.windowsize = $newsize # Set the new Window Size as active.
###
-$SCRIPT_VERSION="20220105.v0.0.3"
+$SCRIPT_VERSION="20220114.v0.0.4"
$BAKERY_VERSION="N/A"
$OPTIONS="--all-drives"
$EXECUTABLE="C:\ProgramData\checkmk\agent\bin\log4j2-scan.exe"
$PLUGIN_TIMEOUT=300
+$ATTACH_REPORT="None"
+
# config file directory
$MK_CONFDIR = $env:MK_CONFDIR
@@ -55,6 +60,12 @@ if (Test-Path -Path $MK_CONFDIR\cve_2021_44228_log4j.cfg -PathType Leaf) {
}
}
+if (Test-Path -Path $ATTACH_REPORT -PathType Leaf) {
+ Remove-Item $ATTACH_REPORT
+}
+
+
+
Write-Output "<<<cve_2021_44228_log4j:sep(0)>>>"
# 2021-12-19T22:08:52+01:00
Get-Date -Format "yyyy-MM-ddTHH:mm:ssK"
@@ -90,4 +101,11 @@ if ($JOB_LOG4J.state -eq "completed") {
Remove-Job -Force $JOB_LOG4J
+if (Test-Path -Path $ATTACH_REPORT -PathType Leaf) {
+ Write-Output "<<<cve_2021_44228_log4j_report:sep(0)>>>"
+ (get-content $ATTACH_REPORT) -join " "
+ Write-Output ""
+ Remove-Item $ATTACH_REPORT
+}
+
exit 0
diff --git a/agents/plugins/log4j2-scan.linux b/agents/plugins/log4j2-scan.linux
index 28cb8a40f7bf98cd6d79a9c99aa7859f5df7e59e..3e91d9632d8f13725004194a1192a421aaa07137 100755
Binary files a/agents/plugins/log4j2-scan.linux and b/agents/plugins/log4j2-scan.linux differ
diff --git a/agents/plugins/log4j2-scan.windows b/agents/plugins/log4j2-scan.windows
index 09a97bf4a5ba1bcdea3a070a72848bf7dfa5a7c2..eac513c4542318b52a7b87d05f1911b2acdc1ce9 100755
Binary files a/agents/plugins/log4j2-scan.windows and b/agents/plugins/log4j2-scan.windows differ
diff --git a/cve_2021_44228_log4j.mkp b/cve_2021_44228_log4j.mkp
index 257a56033686a16c336460ecdd4fedccfa988b8e..d2a9295b1b459166b40ef6b475ceccd59a6546e4 100644
Binary files a/cve_2021_44228_log4j.mkp and b/cve_2021_44228_log4j.mkp differ
diff --git a/packages/cve_2021_44228_log4j b/packages/cve_2021_44228_log4j
index b967861656cc8702326e751f1009bc304d5ca886..9cde1d445727fc2176de01c47610b4cbda44c950 100644
--- a/packages/cve_2021_44228_log4j
+++ b/packages/cve_2021_44228_log4j
@@ -33,7 +33,7 @@
'name': 'cve_2021_44228_log4j',
'num_files': 11,
'title': 'CVE-2021-44228-log4j scanner plugin',
- 'version': '20220111.v0.0.8a',
+ 'version': '20220115.v0.0.9',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/views/inv_cve_2021_22448_log4j.py b/web/plugins/views/inv_cve_2021_22448_log4j.py
index dccc18e145947a91933f6eb2df3a021966bb7f38..aaee02c3e8b38967bb95787ccd6ec6bbbea56f91 100644
--- a/web/plugins/views/inv_cve_2021_22448_log4j.py
+++ b/web/plugins/views/inv_cve_2021_22448_log4j.py
@@ -19,9 +19,13 @@ from cmk.gui.plugins.views import (
from cmk.gui.plugins.views.inventory import declare_invtable_view
inventory_displayhints.update({
- '.software.cve_2021_44228_log4j:': {
+ '.software.cve_2021_44228_log4j': {
'title': _('CVE Scanner for log4j (CVE-2021-44228-log4j)'),
+ },
+ '.software.cve_2021_44228_log4j.summary:': {
+ 'title': _('Summary'),
'keyorder': [
+ 'index',
'files_vulnerable',
'files_potential_vulnerable',
'files_mitigated',
@@ -36,26 +40,63 @@ inventory_displayhints.update({
'bakery_version',
'scan_options',
],
- 'view': 'invcve202144228log4j_of_host',
+ 'view': 'invcve202144228log4jsummary_of_host',
},
- '.software.cve_2021_44228_log4j:*.files_vulnerable': {'title': _('Files vulnerable'), 'short': _('Vulnerable'), },
- '.software.cve_2021_44228_log4j:*.files_potential_vulnerable': {'title': _('Files potentially vulnerable'), 'short': _('Potentially'), },
- '.software.cve_2021_44228_log4j:*.files_mitigated': {'title': _('Files mitigated'), 'short': _('Mitigated'), },
- '.software.cve_2021_44228_log4j:*.files_scanned': {'title': _('Files scanned'), 'short': _('Files'), },
- '.software.cve_2021_44228_log4j:*.files_skipped': {'title': _('Files skipped'), 'short': _('Skipped'), },
- '.software.cve_2021_44228_log4j:*.directories_scanned': {'title': _('Directories scanned'), 'short': _('Directories'), },
- '.software.cve_2021_44228_log4j:*.run_time': {'title': _('Run time'), },
- '.software.cve_2021_44228_log4j:*.last_run': {'title': _('Last run'), },
- '.software.cve_2021_44228_log4j:*.errors': {'title': _('Errors'), },
- '.software.cve_2021_44228_log4j:*.scanner_version': {'title': _('logresso scanner version'), 'short': _('Scanner version'), },
- '.software.cve_2021_44228_log4j:*.scan_options': {'title': _('Scan options'), },
- '.software.cve_2021_44228_log4j:*.script_version': {'title': _('Script version'), },
- '.software.cve_2021_44228_log4j:*.bakery_version': {'title': _('Bakery version'), },
+ '.software.cve_2021_44228_log4j.summary:*.index': {'title': _('Index'), },
+ '.software.cve_2021_44228_log4j.summary:*.files_vulnerable': {'title': _('Files vulnerable'), 'short': _('Vulnerable'), },
+ '.software.cve_2021_44228_log4j.summary:*.files_potential_vulnerable': {'title': _('Files potentially vulnerable'), 'short': _('Potentially'), },
+ '.software.cve_2021_44228_log4j.summary:*.files_mitigated': {'title': _('Files mitigated'), 'short': _('Mitigated'), },
+ '.software.cve_2021_44228_log4j.summary:*.files_scanned': {'title': _('Files scanned'), 'short': _('Files'), },
+ '.software.cve_2021_44228_log4j.summary:*.files_skipped': {'title': _('Files skipped'), 'short': _('Skipped'), },
+ '.software.cve_2021_44228_log4j.summary:*.directories_scanned': {'title': _('Directories scanned'), 'short': _('Directories'), },
+ '.software.cve_2021_44228_log4j.summary:*.run_time': {'title': _('Run time'), },
+ '.software.cve_2021_44228_log4j.summary:*.last_run': {'title': _('Last run'), },
+ '.software.cve_2021_44228_log4j.summary:*.errors': {'title': _('Errors'), },
+ '.software.cve_2021_44228_log4j.summary:*.scanner_version': {'title': _('logresso scanner version'), 'short': _('Scanner version'), },
+ '.software.cve_2021_44228_log4j.summary:*.scan_options': {'title': _('Scan options'), },
+ '.software.cve_2021_44228_log4j.summary:*.script_version': {'title': _('Script version'), },
+ '.software.cve_2021_44228_log4j.summary:*.bakery_version': {'title': _('Bakery version'), },
+
+ '.software.cve_2021_44228_log4j.report:': {
+ 'title': _('Report'),
+ 'keyorder': [
+ 'index',
+ 'time',
+ 'cve',
+ 'status',
+ 'fixed',
+ 'product',
+ 'version',
+ # 'hostname',
+ 'path',
+ 'error',
+ 'entry',
+ ],
+ 'view': 'invcve202144228log4jreport_of_host',
+ },
+ '.software.cve_2021_44228_log4j.report:*.index': {'title': _('Index'), },
+ '.software.cve_2021_44228_log4j.report:*.time': {'title': _('Time'), },
+ '.software.cve_2021_44228_log4j.report:*.cve': {'title': _('CVE'), },
+ '.software.cve_2021_44228_log4j.report:*.status': {'title': _('Status'), },
+ '.software.cve_2021_44228_log4j.report:*.fixed': {'title': _('Fixed'), },
+ '.software.cve_2021_44228_log4j.report:*.product': {'title': _('Product'), },
+ '.software.cve_2021_44228_log4j.report:*.version': {'title': _('Version'), },
+ # '.software.cve_2021_44228_log4j.report:*.hostname': {'title': _('Hostname'), },
+ '.software.cve_2021_44228_log4j.report:*.path': {'title': _('Path'), },
+ '.software.cve_2021_44228_log4j.report:*.entry': {'title': _('Entry'), },
+ '.software.cve_2021_44228_log4j.report:*.error': {'title': _('Error'), },
})
declare_invtable_view(
- 'invcve202144228log4j',
- '.software.cve_2021_44228_log4j:',
- _('CVE Scanner for log4j'),
- _('CVE Scanner for log4j'),
+ 'invcve202144228log4jsummary',
+ '.software.cve_2021_44228_log4j.summary:',
+ _('CVE Scanner for log4j summary'),
+ _('CVE Scanner for log4j summary'),
)
+
+declare_invtable_view(
+ 'invcve202144228log4jreport',
+ '.software.cve_2021_44228_log4j.report:',
+ _('CVE Scanner for log4j report'),
+ _('CVE Scanner for log4j report'),
+)
\ No newline at end of file
diff --git a/web/plugins/wato/cve_2021_44228_log4j.py b/web/plugins/wato/cve_2021_44228_log4j.py
index 85d2a659b9cf9cc74626047eba58ebad1a3c1f81..ac37be08901e507aac4d6deafe47b03caa086ddf 100644
--- a/web/plugins/wato/cve_2021_44228_log4j.py
+++ b/web/plugins/wato/cve_2021_44228_log4j.py
@@ -18,6 +18,9 @@
# 2022-01-05: changed display names to "CVE scanner for log4j (CVE-2021-44228-log4j)"
# 2022-01-06: made "Silent output" enabled by default
# 2022-01-07: changed "Cache time" into "Scan interval!"
+# 2022-01-11: added option to add json report to inventory
+# 2022-01-14: moved append to log outside of enable reporting
+# removed reporting to file
#
from cmk.gui.i18n import _
@@ -42,11 +45,15 @@ from cmk.gui.valuespec import (
from cmk.gui.plugins.wato import (
rulespec_registry,
RulespecGroupCheckParametersOperatingSystem,
- RulespecGroupCheckParametersDiscovery,
+ # RulespecGroupCheckParametersDiscovery,
CheckParameterRulespecWithItem,
HostRulespec,
)
+from cmk.gui.plugins.wato.inventory import (
+ RulespecGroupInventory,
+)
+
from cmk.gui.mkeventd import (
syslog_facilities,
)
@@ -55,7 +62,7 @@ from cmk.gui.cee.plugins.wato.agent_bakery.rulespecs.utils import (
RulespecGroupMonitoringAgentsAgentPlugins,
)
-bakery_plugin_version = '20220102.v0.0.4'
+bakery_plugin_version = '20220115.v0.0.5'
# #########################################################################################################
#
@@ -220,37 +227,53 @@ rulespec_registry.register(
# #########################################################################################################
#
-# Discovery rule set for the check plugin cve_2021_44228_log4j.py
+# Inventory rule set for the check plugin cve_2021_44228_log4j.py
#
# #########################################################################################################
+def _valuespec_inventory_cve_2021_44228_log4j():
+ return Dictionary(
+ title=_('CVE scanner for log4j (CVE-2021-44228-log4j)'),
+ elements=[
-# def _valuespec_discovery_cve_2021_44228_log4j():
-# return Dictionary(
-# title=_('CVE scanner for log4j (CVE-2021-44228-log4j)'),
-# elements=[
-# ('service_name',
-# TextUnicode(
-# title=_('Service name'),
-# help=_('Name for the discovered service. Must be unique.'),
-# allow_empty=False,
-# default_value='CVE-2021-44228-log4j',
-# )),
-# ],
-# )
-#
-#
-# rulespec_registry.register(
-# HostRulespec(
-# group=RulespecGroupCheckParametersDiscovery,
-# match_type='dict',
-# name='discovery_cve_2021_44228_log4j',
-# valuespec=_valuespec_discovery_cve_2021_44228_log4j,
-# ))
+ ('do_not_inv_summary',
+ FixedValue(
+ True,
+ title=_('Don\'t include summary'),
+ totext=_('Summary will be not added to teh inventory'),
+ help=_('If enabled there will be no summary added to the inventory'),
+ )),
+ ('do_not_inv_errors',
+ FixedValue(
+ True,
+ title=_('Don\'t include errors'),
+ totext=_('errors (skipped files) will not be added to the inventory'),
+ help=_('This will not add errors (skipped files) to the inventory if enabled.'),
+ )),
+ # ('do_status_data',
+ # FixedValue(
+ # True,
+ # title=_('use Status data inventory'),
+ # totext=_('use of Status data inventory enabled'),
+ # help=_(
+ # 'This uses Status data inventory if enabled. Status data inventory needs to be enabled by a '
+ # 'matching "Do hardware/software inventory" rule. This might lead to a increased resource usage'
+ # ),
+ # )),
+ ],
+ )
-# #########################################################################################################
+rulespec_registry.register(
+ HostRulespec(
+ group=RulespecGroupInventory,
+ match_type='dict',
+ name='inv_parameters:inventory_cve_2021_44228_log4j',
+ valuespec=_valuespec_inventory_cve_2021_44228_log4j,
+ ))
+
+# #########################################################################################################
#
# Config for agent plugin cve_2021_44228_log4j.(sh|ps1)
#
@@ -471,49 +494,99 @@ _base_option_config_syslog = (
_base_option_config_report = (
'reporting',
+ CascadingDropdown(
+ title=_('Enable reporting'),
+ default_value='report_to_file',
+ sorted=False,
+ choices=[
+ ('report_to_file',
+ _('Enable file reporting'),
+ Dictionary(
+ elements=[
+ ('report_dir',
+ TextUnicode(
+ title=_('Report output directory (must exist)'),
+ help=_(
+ 'Specify report output directory. If report file is not configured, the scanner will '
+ 'create on each run a new file in the format "log4j2_scan_report_yyyyMMdd_HHmmss" with '
+ 'the extension "csv" or "json". Remember the scanner must be able to write there!'
+ ),
+ allow_empty=False,
+ )),
+ # ('log_path',
+ # TextUnicode(
+ # title=_('Name of the file to report to (deprecated)'),
+ # help=_(
+ # 'This option is has moved to "Append results to log file". '
+ # 'Please reconfigure your rule accordingly.'
+ # ),
+ # allow_empty=False,
+ # )),
+ ('report_format',
+ DropdownChoice(
+ title=_('Report format'),
+ help=_(
+ 'Generate log4j2_scan_report_yyyyMMdd_HHmmss.csv or '
+ 'log4j2_scan_report_yyyyMMdd_HHmmss.json in the report directory.'),
+ choices=[
+ ('--report-csv', _('CSV')),
+ ('--report-json', _('JSON')),
+ ],
+ default_value='--report-csv',
+ )),
+ ('no_empty_report',
+ FixedValue(
+ '--no-empty-report',
+ title=_('Don\'t create empty reports'),
+ totext=_('Don\'t create empty reports'),
+ help=_('Do not generate empty report.'),
+ )),
+ ],
+ required_keys=['report_dir']
+ )),
+ ('attach_report_to_output',
+ _('Add report to checkmk inventory'),
+ FixedValue(
+ True,
+ totext=_('Add report to inventory enabled (See inline help please!!)'),
+ help=_(
+ 'This option will write the report to log4j_report.json (Linux in /var/log, '
+ 'Windows in C:\\Windows\\temp. This report will than integrated in the checkmk inventory. '
+ 'The report file will be deleted before scanning and after output of the contents for checkmk.'
+ ),
+ )),
+ ],
+ ),
+)
+
+
+_base_option_append_to_log = (
+ 'append_to_log',
Dictionary(
- title=_('Enable file reporting'),
+ title=_('Append results to log file'),
elements=[
- ('report_dir',
- TextUnicode(
- title=_('Report output directory (must exist)'),
- help=_('Specify report output directory. If report file is not configured, the scanner will create on '
- 'each run a new file in the format "log4j2_scan_report_yyyyMMdd_HHmmss" with the extension '
- '"csv" or "json". Remember the scanner must be able to write there!'),
- allow_empty=False,
- )),
- ('log_path',
+ ('log_path_file',
TextUnicode(
- title=_('Name of the file to report to'),
- help=_('Specify json log file. If report file exists, log will be appended. The report file will '
- 'be created in the "Report output directory" (see above). Remember the scanner must be able '
- 'to write there!'),
+ title=_('File to log to'),
+ help=_('Specify the complete path/log file name. Note: the path needs to exists.'),
allow_empty=False,
)),
('report_format',
DropdownChoice(
- title=_('Report format'),
- help=_(
- 'Generate log4j2_scan_report_yyyyMMdd_HHmmss.csv or '
- 'log4j2_scan_report_yyyyMMdd_HHmmss.json in the report directory.'),
+ title=_('Log file format'),
+ help=_('Format of the log file. Default is CSV'),
choices=[
- ('--report-csv', _('CSV')),
- ('--report-json', _('JSON')),
+ ('--csv-log-path', _('CSV')),
+ ('--json-log-path', _('JSON')),
],
- default_value='--report-csv',
- )),
- ('no_empty_report',
- FixedValue(
- '--no-empty-report',
- title=_('Don\'t create empty reports'),
- totext=_('Don\'t create empty reports'),
- help=_('Do not generate empty report.'),
+ default_value='--csv-log-path',
)),
],
- required_keys=['report_dir']
- ),
+ required_keys=['log_path_file']
+ )
)
+
_base_options_config_debug = (
'debug',
FixedValue(
@@ -634,6 +707,7 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
_base_options_config_no_symlink,
_base_option_config_syslog,
_base_option_config_report,
+ _base_option_append_to_log,
_base_options_config_silent,
_base_options_config_interval,
_base_options_config_timeout,
@@ -696,6 +770,7 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
# _base_options_config_no_symlink, # sym links on windows?
_base_option_config_syslog,
_base_option_config_report,
+ _base_option_append_to_log,
_base_options_config_silent,
_base_options_config_interval,
_base_options_config_timeout,