diff --git a/CHANGELOG b/CHANGELOG
index 5b0f285fa0a9c2ef916b8605c9583d6531c57679..015fc4299b023803b9aefd950a51e0b9a6c241cd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -23,3 +23,7 @@
windows agent plugin: execute scanner as cmd job to pass path/file names with spaces (THX to andreas-doehler@forum.checkmk)
windows agent plugin: init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
2021-12-24: linux agent plugin: changed to pass the options as arry to the scanner
+2021-12-27: changed scanner to version 2.6.3
+ added files_skipped and errors, files/directories scanned lower levels
+2021-12-29: changed scanner to version 2.6.5 (detects also CVE-2021-44832 RCE vulnerability for log4j 2.17.0, 2.12.3, 2.3.1)
+ added step by step walk through for the enterprise/free edition of CMK to the HOWTO
diff --git a/HOWTO.md b/HOWTO.md
index fc2c14e9a5ec539785e14ad43e90fdda19d0c565..32fe6b4f99386a117c73fcb643bda1455061a6d4 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -130,7 +130,7 @@ The important lines (for the check plugin to work) are:
- `echo "SCAN OPTIONS: $OPTIONS"` the options the scanner runs with, the check plugin expects this to start with `SCAN OPTIONS: `
- `echo "SCRIPT VERSION: $SCRIPTVERSION"` the version of the script, the check plugin expects this to start with `SCRIPT VERSION: `
- `$EXECUTABLE $OPTIONS` finaly this runs the scanner
-- `exit 0` reset the exit code from the scanner to 0, without this check_mk_agent my not accept the script output
+- `exit 0` reset the exit code from the scanner to 0, without this check_mk_agent might not accept the script output
**Note**: the format of the date output has to be in the form of _**2021-12-19T22:08:52+01:00**_
@@ -229,3 +229,69 @@ Wehre to loock:
</details>
+<details><summary>Use with the enterprise/free edition of CMK</summary>
+
+This is a step by step walk through on how to use this package. I assume you have already configured the automatic update for the CMK agent and have done the initial rollout/registering of the agent on your client systems.
+
+1. configure the agent plugin Rule CVE-2021-44228-log4j
+2. bake the agent
+3. update tha agent
+4. rediscover the services of your systems
+5. configure the rule CVE-2021-44228-log4j for the check plugin (optional)
+<details><summary>Agent plugin Rule CVE-2021-44228-log4j</summary>
+
+First configure the agent plugin Rule **CVE-2021-44228-log4j**. Go to `Setup > Agents > Windows, Linux, Solaris, AIX > Agent rules > CVE-2021-44228-log4j`.
+
+**Note**: Attach the rule to your client systems. For example by a host tag.
+
+**Note**: in the Rule title you will find the version of the WATO plugin for this rule.
+
+
+
+</details>
+
+<details><summary>Bake the agent</summary>
+
+If you have configured and activated the agent plugin rule, you ned to _bake_ the agent. Go to `Setup > Agents > Windows, Linux, Solaris, AIX` klick `Bake and sign agents`, **provide your signing key**, klick `Bake and sign`.
+
+
+
+After successfully finishing the agent bakery you should find an entry corresponding to your agent rule like this.
+
+
+
+</details>
+<details><summary>Update the agent on the client systems</summary>
+
+Wait for the automatic agent update to finish (in the default settings the agent will check one a hour for an update).
+**Note**: you can speed this up by issuing the cli command `sudo cmk-update-agent -v` or on Windows in a Adminshell with `& "C:\Program Files (x86)\checkmk\service\check_mk_agent.exe" updater`
+
+You can check the update sataus under `Monitor > System > Agent update status`. after a succesfull update it should look like this.
+
+
+
+</details>
+
+<details><summary>Rediscover the services</summary>
+
+Now you can rediscover the services on your client system (or wait for the automatic service discovery if you have a rule for that). If everything is working as expected, you should get a new service like this.
+
+
+
+Now you can activate the changes and you are done.
+
+</details>
+
+<details><summary>Configure the rule CVE-2021-44228-log4j for the check plugin (optional)</summary>
+
+If you like you can configure most of the levels for the check plugin and the items on the short service output. By default there will be only _**Files vulnerable**_ and _**Files potentially vulnerable**_ show up, also all items that raise a warning or critical will show up on the short output. To do so go to `Setup > Services > Service monitoring rules > CVE-2021-44228_log4j` (under `Operating System Resources`) and configure the check plugin to your likings. For example to show the Last run and the version of the scanner
+
+
+
+Then you get this output
+
+
+
+</details>
+
+</details>
diff --git a/README.md b/README.md
index 5d0e115754208726446ce0a77aecb3318e609ac1..69600e2c098a9e071c0a8ce864fe677a808294db 100644
--- a/README.md
+++ b/README.md
@@ -9,11 +9,15 @@ The scanner (and so the plugin) can discover the following log4j issues
- [CVE-2021-42550](https://github.com/advisories/GHSA-668q-qrv7-99fm)
- [CVE-2021-45105](https://github.com/advisories/GHSA-p6xc-xr62-6r2g)
- [CVE-2021-45046](https://github.com/advisories/GHSA-7rjr-3q55-vv33)
+- [CVE-2021-44832 RCE](https://logging.apache.org/log4j/2.x/security.html)
-**Note**: Included in this package is the scanner for Linux and Windows in version 2.6.1 (2021-12-22)
+**Note**: Included in this package is the scanner for Linux and Windows in version 2.6.3 (2021-12-27)
You will find the release notes/latest version for the logpresso scanner here [logpresso CVE-2021-44228-Scanner Releases](https://github.com/logpresso/CVE-2021-44228-Scanner/releases)
+
+ **Note**: here you can [Download the MKP package for CMK 1.6](/../../../-/raw/master/cve_2021_44228_log4j_cmk16.mkp "Download MKP package for CMK 1.6"), this might not be always on the same level as the version for CMK 2.0.
+
To use this check you need to deploy the scanner and the plugin for your destination platform. You can do this via the agent bakery (_`Setup > Agents> Windows, Linux, Solaris, AIX > Agent rules > CVE-2021-44228-log4j`_). Here you can also configure some options for the scanner [(see WATO bakery)](/../../../-/raw/master/doc/wato-bakery.png "WATO bakery").
**Note**: only Linux and Windows is implemented for this bakery plugin. If you need this for AIX/Solaris have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")
@@ -27,7 +31,14 @@ Check Info:
* *service*: creates the service **CVE-2021-44228-log4j**
---
-* *state*: **critical**: if a (potentially) vulnerable file is found and **warning** if a file state is mitigated
+* *state*:\
+ **critical**
+ - if a (potentially) vulnerable file is found
+ - if an error is found (from the agent plugin or the scanner)
+
+ **warning**
+ - if a file state is mitigated is found
+ - if a file is skipped by the scanner
---
* *wato*: [(see WATO options)](/../../../-/raw/master/doc/wato.png "see sample screenshot")
---
@@ -35,9 +46,11 @@ Check Info:
* Vulnerable files
* Potentially vulnerable files
* Mitigated files
+ * Files sskipped
* Files scanned
* Directories scanned
* Run time
+ * Errors (agent plugin or scanner)
---
#### Want to contribute?
diff --git a/agent_based/cve_2021_44228_log4j.py b/agent_based/cve_2021_44228_log4j.py
index 4a3514a72ab10e6911ad610d45a3a76c76758a50..992e0f5f68e5f67452849e32822381bd2057ff7e 100644
--- a/agent_based/cve_2021_44228_log4j.py
+++ b/agent_based/cve_2021_44228_log4j.py
@@ -10,9 +10,10 @@
# Plugin for the CVE-2021-44228-log4j scanner from logpresso
# https://github.com/logpresso/CVE-2021-44228-Scanner
#
-#
# 2021-12-20: made the plugin more stable on missing scanner output
# 2021-12-22: fixed unexpected value for check_levels
+# 2021-12-27: added files_skipped and errors and lower levels to files/directories
+#
# sample agent output
# <<<cve_2021_44228_log4j:sep(0);cached(1639746030,600)>>>
@@ -63,8 +64,10 @@ class CVE_2021_44228_log4j:
files_potential_vulnerable: Optional[int]
files_mitigated: Optional[int]
files_scanned: Optional[int]
+ files_skipped: Optional[int]
directories_scanned: Optional[int]
run_time: Optional[float]
+ errors: Optional[int]
last_run: str
scan_options: str
script_verion: str
@@ -77,6 +80,8 @@ def parse_cve_2021_44228_log4j(string_table: StringTable) -> CVE_2021_44228_log4
vulnerable_files = []
mitigated_files = []
+ skipped_files = []
+ error_lines = []
scanner = 'N/A',
files_vulnerable = None,
@@ -84,6 +89,8 @@ def parse_cve_2021_44228_log4j(string_table: StringTable) -> CVE_2021_44228_log4
files_mitigated = None,
files_scanned = None,
directories_scanned = None,
+ files_skipped = None
+ errors = None
run_time = 'N/A',
scan_options = 'N/A'
script_version = 'N/A'
@@ -118,6 +125,13 @@ def parse_cve_2021_44228_log4j(string_table: StringTable) -> CVE_2021_44228_log4
elif line.startswith('Completed in '):
line = line.split(' ')
run_time = float(line[2])
+ elif line.startswith('Skipping '):
+ skipped_files.append(line)
+ elif line.lower().startswith('error: '):
+ error_lines.append(line)
+
+ files_skipped = len(skipped_files)
+ errors = len(error_lines)
return CVE_2021_44228_log4j(
scanner=scanner,
@@ -125,8 +139,10 @@ def parse_cve_2021_44228_log4j(string_table: StringTable) -> CVE_2021_44228_log4
files_potential_vulnerable=files_potential_vulnerable,
files_mitigated=files_mitigated,
files_scanned=files_scanned,
+ files_skipped=files_skipped,
directories_scanned=directories_scanned,
run_time=run_time,
+ errors=errors,
last_run=last_run,
scan_options=scan_options,
script_verion=script_version,
@@ -158,13 +174,12 @@ def discovery_cve_2021_44228_log4j(section: CVE_2021_44228_log4j) -> DiscoveryRe
def check_cve_2021_44228_log4j(params, section: CVE_2021_44228_log4j) -> CheckResult:
-
items_on_info = params['items_on_info']
for label, value, metric in [
('Last run', section.last_run, 'last_run'),
- ('Scanner Version', section.scanner, 'scanner_version'),
('Scan options', section.scan_options, 'scan_options'),
+ ('Scanner Version', section.scanner, 'scanner_version'),
('Script Version', section.script_verion, 'script_version'),
]:
if metric in items_on_info:
@@ -172,12 +187,14 @@ def check_cve_2021_44228_log4j(params, section: CVE_2021_44228_log4j) -> CheckRe
else:
yield Result(state=State.OK, notice=f'{label}: {value}')
- for value, levels_upper, label, metric, notice_only in [
- (section.files_vulnerable, params['files_vulnerable'], 'Files vulnerable', 'files_vulnerable', False),
- (section.files_potential_vulnerable, params['files_potential_vulnerable'], 'Files potential vulnerable', 'files_potential_vulnerable', False),
- (section.files_mitigated, params['files_mitigated'], 'Files mitigated', 'files_mitigated', True),
- (section.files_scanned, params['files_scanned'], 'Files scanned', 'files_scanned', True),
- (section.directories_scanned, params['directories_scanned'], 'Directories scanned', 'directories_scanned', True),
+ for value, levels_upper, levels_lower, label, metric, notice_only in [
+ (section.files_vulnerable, params['files_vulnerable'], None, 'Files vulnerable', 'files_vulnerable', False),
+ (section.files_potential_vulnerable, params['files_potential_vulnerable'], None, 'Files potentially vulnerable', 'files_potential_vulnerable', False),
+ (section.files_mitigated, params['files_mitigated'], None, 'Files mitigated', 'files_mitigated', True),
+ (section.files_skipped, params['files_skipped'], None, 'Files skipped', 'files_skipped', True),
+ (section.files_scanned, params['files_scanned'].get('upper'), params['files_scanned'].get('lower'), 'Files scanned', 'files_scanned', True),
+ (section.directories_scanned, params['directories_scanned'].get('upper'), params['directories_scanned'].get('lower'), 'Directories scanned', 'directories_scanned', True),
+ (section.errors, params['errors'], None, 'Errors', 'errors', True),
]:
if str(value).isdigit():
yield from check_levels(
@@ -186,6 +203,7 @@ def check_cve_2021_44228_log4j(params, section: CVE_2021_44228_log4j) -> CheckRe
render_func=lambda v: str(v),
label=label,
levels_upper=levels_upper,
+ levels_lower=levels_lower,
notice_only=False if metric in items_on_info else True,
)
@@ -217,8 +235,18 @@ register.check_plugin(
'files_vulnerable': (1, 1),
'files_potential_vulnerable': (1, 1),
'files_mitigated': (1, None),
- 'files_scanned': (None, None),
- 'directories_scanned': (None, None),
+ 'files_scanned': {
+ 'lower': (None, None),
+ 'upper': (None, None),
+ },
+ 'files_scanned_lower': (None, None),
+ 'files_skipped': (1, None),
+ 'errors': (None, 1),
+ 'directories_scanned': {
+ 'lower': (None, None),
+ 'upper': (None, None),
+ },
+ 'directories_scanned_lower': (None, None),
'run_time': (None, None),
'items_on_info': [
'files_vulnerable',
diff --git a/agents/bakery/cve_2021_44228_log4j.py b/agents/bakery/cve_2021_44228_log4j.py
index be89fe7def7c45a6c8db1e8996d348d061df1e8a..9bff269369c22231ee7ad99d790d215e3d01b4ab 100755
--- a/agents/bakery/cve_2021_44228_log4j.py
+++ b/agents/bakery/cve_2021_44228_log4j.py
@@ -33,7 +33,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
for path in options['search_linux']:
path = path.strip(' ').strip("'").strip('"')
search_path_array.append(f'"{path}"')
- search_path = ' '.join(search_path_array)
+ search_path = separator.join(search_path_array)
elif conf[0] == 'windows':
if options['search_windows'] == 'all_drives':
options_array.append('--all-drives')
@@ -43,7 +43,10 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
options_array.append(drives_to_scan)
elif 'search_paths' in options['search_windows']:
label, search_path = options['search_windows']
- search_path = f'{" ".join(search_path)}'
+ for path in search_path:
+ path = path.strip(' ').strip("'").strip('"')
+ search_path_array.append(f'"{path}"')
+ search_path = separator.join(search_path)
for path in options.get('exclude_paths', []):
path = path.strip(' ').strip("'").strip('"')
@@ -74,7 +77,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
backup_dir = options["fix_files"]["backup_dir"].strip(' ').strip("'").strip('"')
options_array.append(f'--backup-path "{backup_dir}"')
if options['fix_files'].get('not_exclude_backup') is None:
- options_array.append(f'--exclude {backup_dir}')
+ options_array.append(f'--exclude "{backup_dir}"')
if options['fix_files'].get('force_fix'):
options_array.append(f'--force-fix')
@@ -98,6 +101,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
options_array.append(value)
options = separator.join(options_array)
+ options = f'{options}{separator}{search_path}'
if conf[0] == 'linux':
yield Plugin(
@@ -116,7 +120,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
yield PluginConfig(
base_os=OS.LINUX,
- lines=[f'OPTIONS=({options}{separator}{search_path});'],
+ lines=[f'OPTIONS=({options});'],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
)
@@ -137,7 +141,7 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
)
yield PluginConfig(
base_os=OS.WINDOWS,
- lines=[f'OPTIONS={options}{separator}{search_path}'],
+ lines=[f'OPTIONS={options}'],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
)
diff --git a/agents/plugins/log4j2-scan.linux b/agents/plugins/log4j2-scan.linux
index 8d1cec05ccc9de5eccc986e71d4c0473fef51a96..d1294f10cdaaf8ecdc93fe17af96d753cc2416e4 100755
Binary files a/agents/plugins/log4j2-scan.linux and b/agents/plugins/log4j2-scan.linux differ
diff --git a/agents/plugins/log4j2-scan.windows b/agents/plugins/log4j2-scan.windows
index d5a80f0be03aaae4360816a72050a562fb12d86c..fc5a1905b1c2c21fa92ddc5bbce82557a6287bf7 100755
Binary files a/agents/plugins/log4j2-scan.windows and b/agents/plugins/log4j2-scan.windows differ
diff --git a/cve_2021_44228_log4j.mkp b/cve_2021_44228_log4j.mkp
index 8445d83dc29b94aa9f5157d8c57d6bb5ce7879d4..a17006e6d7942a3f7fe566c798cdda0c409b95f0 100644
Binary files a/cve_2021_44228_log4j.mkp and b/cve_2021_44228_log4j.mkp differ
diff --git a/cve_2021_44228_log4j_cmk16.mkp b/cve_2021_44228_log4j_cmk16.mkp
new file mode 100644
index 0000000000000000000000000000000000000000..80abd9a7ad8171b20f4964b2a5d001a5dd49cfe1
Binary files /dev/null and b/cve_2021_44228_log4j_cmk16.mkp differ
diff --git a/doc/agent-backery-success.png b/doc/agent-backery-success.png
new file mode 100644
index 0000000000000000000000000000000000000000..c76be27bc16cfb75efae53b5c1a66b0a4bd25c81
Binary files /dev/null and b/doc/agent-backery-success.png differ
diff --git a/doc/agent-bake-and-sign-sample.png b/doc/agent-bake-and-sign-sample.png
new file mode 100644
index 0000000000000000000000000000000000000000..ef765fc3570697a559e72a913e2dbc4b7def3191
Binary files /dev/null and b/doc/agent-bake-and-sign-sample.png differ
diff --git a/doc/agent-rule-sample.png b/doc/agent-rule-sample.png
new file mode 100644
index 0000000000000000000000000000000000000000..8805bb2199ba96f205d6cf8c8153e6cc12166ef4
Binary files /dev/null and b/doc/agent-rule-sample.png differ
diff --git a/doc/agent-update-ok.png b/doc/agent-update-ok.png
new file mode 100644
index 0000000000000000000000000000000000000000..a3ba0e322ab0336ad5f440e8bf83057a3f0fd3f0
Binary files /dev/null and b/doc/agent-update-ok.png differ
diff --git a/doc/check-rule-sample.png b/doc/check-rule-sample.png
new file mode 100644
index 0000000000000000000000000000000000000000..058b436c843b61188631726dfbb2b97a4bcc6410
Binary files /dev/null and b/doc/check-rule-sample.png differ
diff --git a/doc/service-discovery.png b/doc/service-discovery.png
new file mode 100644
index 0000000000000000000000000000000000000000..32ce9cfee79f467f65fdf0e18020598b7ad7ff6b
Binary files /dev/null and b/doc/service-discovery.png differ
diff --git a/doc/service-sample.png b/doc/service-sample.png
new file mode 100644
index 0000000000000000000000000000000000000000..43ed47646a320d3e62799266f6d631937ec0dbae
Binary files /dev/null and b/doc/service-sample.png differ
diff --git a/doc/wato.png b/doc/wato.png
index 7e0a4bb0b64baa6efe4baadf02f12bcd566ac72b..34ef15558c29dbae0eb9009edcc39a970522da55 100644
Binary files a/doc/wato.png and b/doc/wato.png differ
diff --git a/packages/cve_2021_44228_log4j b/packages/cve_2021_44228_log4j
index 3a8205cb278bd9b62295bcf7bf83a7aa1702ff52..5413d0f90c5e2bb7d70d7ab8bab242b659eaf645 100644
--- a/packages/cve_2021_44228_log4j
+++ b/packages/cve_2021_44228_log4j
@@ -8,7 +8,7 @@
'https://github.com/logpresso/CVE-2021-44228-Scanner\n'
'\n'
'Note: Included in this package is the scanner for Linux and '
- 'Windows (in version 2.5.3 (2021-12-22)\n'
+ 'Windows (in version 2.6.5 (2021-12-29)\n'
'\n'
'Note: you will find the release notes/latest version for the '
'logpresso scanner here:\n'
@@ -32,7 +32,7 @@
'name': 'cve_2021_44228_log4j',
'num_files': 10,
'title': 'CVE-2021-44228-log4j scanner plugin',
- 'version': '20211224.v0.0.4g',
+ 'version': '20211229.v0.0.6',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/cve_2021_44228_log4j.py b/web/plugins/metrics/cve_2021_44228_log4j.py
index 355968d52d7c05fcab68c3ae7a9c4d080e195e8c..21b44e33e9adb58e619c76d3af1e8916a0dafdae 100644
--- a/web/plugins/metrics/cve_2021_44228_log4j.py
+++ b/web/plugins/metrics/cve_2021_44228_log4j.py
@@ -17,7 +17,8 @@ from cmk.gui.i18n import _
from cmk.gui.plugins.metrics import (
metric_info,
graph_info,
- perfometer_info
+ perfometer_info,
+ check_metrics,
)
metric_info['files_vulnerable'] = {
@@ -36,6 +37,12 @@ metric_info['files_mitigated'] = {
'color': '31/a',
}
+metric_info['files_skipped'] = {
+ 'title': _('Skipped'),
+ 'unit': 'count',
+ 'color': '41/a',
+}
+
metric_info['files_scanned'] = {
'title': _('Files'),
'unit': 'count',
@@ -52,10 +59,15 @@ metric_info['run_time'] = {
'color': '33/b',
}
+check_metrics['cve_2021_44228_log4j'] = {
+ 'errors': {'auto_graph': False},
+}
+
graph_info['cve_2021_44228_log4j_found'] = {
'title': _('Files found'),
'metrics': [
('files_mitigated', '-stack'),
+ ('files_skipped', '-stack'),
('files_potential_vulnerable', 'stack'),
('files_vulnerable', 'stack'),
],
@@ -63,6 +75,7 @@ graph_info['cve_2021_44228_log4j_found'] = {
('files_vulnerable:crit', _('crit')),
('files_vulnerable:warn', _('warn')),
],
+ 'optional_metrics': ['files_skipped'],
}
graph_info['cve_2021_44228_log4j_scanned'] = {
@@ -87,6 +100,7 @@ perfometer_info.append(('stacked', [
'files_vulnerable',
'files_potential_vulnerable',
'files_mitigated',
+ 'files_skipped',
],
'total': 10,
},
@@ -95,6 +109,6 @@ perfometer_info.append(('stacked', [
'segments': [
'run_time',
],
- 'total': 300,
+ 'total': 1800,
},
]))
diff --git a/web/plugins/wato/cve_2021_44228_log4j.py b/web/plugins/wato/cve_2021_44228_log4j.py
index e5f0272fee81a5e49007f7ba696f83a905b9e865..2a67d23c93802f3c7babcf91d67cf6b1c950ae3e 100644
--- a/web/plugins/wato/cve_2021_44228_log4j.py
+++ b/web/plugins/wato/cve_2021_44228_log4j.py
@@ -11,6 +11,8 @@
#
# 2021-12.19: added WATO options scan_logback, log4j_1, no_symlink, scan_zip, silent
# 2021-12-23: reworked structure for windows all-drives/drives/search path
+# 2021-12-27: added files_skipped and errors, files/directories scanned lower levels
+#
from cmk.gui.i18n import _
from cmk.gui.valuespec import (
@@ -18,15 +20,27 @@ from cmk.gui.valuespec import (
Integer,
Tuple,
Float,
+ CascadingDropdown,
+ FixedValue,
+ TextInput,
+ TextUnicode,
+ ListOfStrings,
+ ListChoice,
+ DropdownChoice,
)
from cmk.gui.plugins.wato import (
rulespec_registry,
RulespecGroupCheckParametersOperatingSystem,
CheckParameterRulespecWithItem,
+ HostRulespec,
+)
+
+from cmk.gui.cee.plugins.wato.agent_bakery.rulespecs.utils import (
+ RulespecGroupMonitoringAgentsAgentPlugins,
)
-bakery_plugin_version = '2021-12-23-0.0.1c'
+bakery_plugin_version = '2021-12-23-0.0.1d'
##############################################################
#
@@ -35,12 +49,14 @@ bakery_plugin_version = '2021-12-23-0.0.1c'
##############################################################
_items_on_info = [
('files_vulnerable', 'Files vulnerable'),
- ('files_potential_vulnerable', 'Files potential vulnerable'),
+ ('files_potential_vulnerable', 'Files potentially vulnerable'),
('files_mitigated', 'Files mitigated'),
('files_scanned', 'Files scanned'),
+ ('files_skipped', 'Files skipped'),
('directories_scanned', 'Directories scanned'),
('run_time', 'Run time'),
('last_run', 'Last run'),
+ ('errors', 'Errors'),
('scanner_version', 'logresso scanner version'),
('scan_options', 'Scan options'),
('script_version', 'Script version'),
@@ -53,6 +69,7 @@ def _valuespec_cve_2021_44228_log4j():
('files_vulnerable',
Tuple(
title=_('Files vulnerable'),
+ help=_('Upper levels for # of vulnerable files found.'),
elements=[
Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), default_value=1),
Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), default_value=1),
@@ -60,6 +77,7 @@ def _valuespec_cve_2021_44228_log4j():
('files_potential_vulnerable',
Tuple(
title=_('Files potentially vulnerable'),
+ help=_('Upper levels for # of potentially vulnerable files found.'),
elements=[
Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), default_value=1),
Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), default_value=1),
@@ -67,36 +85,84 @@ def _valuespec_cve_2021_44228_log4j():
('files_mitigated',
Tuple(
title=_('Files mitigated'),
+ help=_('Upper levels for # of mitigated files found.'),
elements=[
Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), default_value=1),
Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), ),
])),
('files_scanned',
- Tuple(
+ Dictionary(
title=_('Files scanned'),
elements=[
- Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), ),
- Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), ),
+ ('upper',
+ Tuple(
+ title=_('Upper limits'),
+ help=_('Upper levels for # of files scanned'),
+ elements=[
+ Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), ),
+ Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), ),
+ ])),
+
+ ('lower',
+ Tuple(
+ title=_('Lower limits'),
+ help=_('Lower levels for # of files scanned.'),
+ elements=[
+ Integer(title=_('Warning below'), minvalue=0, unit=_('Files'), ),
+ Integer(title=_('Critical below'), minvalue=0, unit=_('Files'), ),
+ ])),
+
])),
('directories_scanned',
- Tuple(
+ Dictionary(
title=_('Directories scanned'),
elements=[
- Integer(title=_('Warning at'), minvalue=0, unit=_('Directories'), ),
- Integer(title=_('Critical at'), minvalue=0, unit=_('Directories'), ),
+ ('upper',
+ Tuple(
+ title=_('Upper limits'),
+ help=_('Upper levels for # of directories scanned.'),
+ elements=[
+ Integer(title=_('Warning at'), minvalue=0, unit=_('Directories'), ),
+ Integer(title=_('Critical at'), minvalue=0, unit=_('Directories'), ),
+ ])),
+ ('lower',
+ Tuple(
+ title=_('Lower limits'),
+ help=_('Lower levels for # of directories scanned.'),
+ elements=[
+ Integer(title=_('Warning below'), minvalue=0, unit=_('Directories'), ),
+ Integer(title=_('Critical below'), minvalue=0, unit=_('Directories'), ),
+ ])),
])),
('run_time',
Tuple(
title=_('Run time'),
+ help=_('Upper levels for time needed to run the scanner.'),
elements=[
Float(title=_('Warning at'), minvalue=0, unit=_('s'), ),
Float(title=_('Critical at'), minvalue=0, unit=_('s'), ),
])),
+ ('files_skipped',
+ Tuple(
+ title=_('Files skipped'),
+ help=_('Upper levels for # of files skipped (not scanned).'),
+ elements=[
+ Integer(title=_('Warning at'), minvalue=0, unit=_('Files'), default_value=1),
+ Integer(title=_('Critical at'), minvalue=0, unit=_('Files'), ),
+ ])),
+ ('errors',
+ Tuple(
+ title=_('Errors'),
+ help=_('Upper levels for # of errors from the scanner or the agent plugin.'),
+ elements=[
+ Integer(title=_('Warning at'), minvalue=0, unit=_('Errors'), ),
+ Integer(title=_('Critical at'), minvalue=0, unit=_('Errors'), default_value=1),
+ ])),
('items_on_info',
ListChoice(
title=_('Items to show up in the check info'),
help=_('Selected items will show up in the service info. '
- 'Default is "Files vulnerable" and "Files potential vulnerable"'),
+ 'Default is "Files vulnerable" and "Files potentially vulnerable"'),
choices=_items_on_info,
default_value=['files_vulnerable', 'files_potential_vulnerable'],
)),
@@ -118,21 +184,6 @@ rulespec_registry.register(
#
##############################################################
-
-from cmk.gui.cee.plugins.wato.agent_bakery.rulespecs.utils import (
- RulespecGroupMonitoringAgentsAgentPlugins,
-)
-from cmk.gui.plugins.wato import HostRulespec
-from cmk.gui.valuespec import (
- CascadingDropdown,
- FixedValue,
- TextInput,
- TextUnicode,
- ListOfStrings,
- ListChoice,
- DropdownChoice,
-)
-
_base_options_config_fix_files = (
'fix_files',
Dictionary(
@@ -427,24 +478,6 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
)),
],
)),
-
- # ('search_path',
- # ListOfStrings(
- # title=_('Search paths'),
- # orientation='horizontal',
- # allow_empty=False,
- # valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
- # help=_('Paths where the scanner searches for vulnerable files'),
- # )),
- # ('drives_to_scan',
- # ListOfStrings(
- # title=_('Drives to scan'),
- # orientation='horizontal',
- # allow_empty=False,
- # valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
- # help=_('This drives will be scanned, default is "--all-drives"'),
- # default_value=['C'],
- # )),
_base_options_config_scan_logback,
_base_options_config_log4j_1,
# _base_options_config_no_symlink, # sym links on windows?