diff --git a/CHANGELOG b/CHANGELOG
index 015fc4299b023803b9aefd950a51e0b9a6c241cd..bc4090894705a0227ac5bff2d42ad19fd358a1d9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -27,3 +27,6 @@
added files_skipped and errors, files/directories scanned lower levels
2021-12-29: changed scanner to version 2.6.5 (detects also CVE-2021-44832 RCE vulnerability for log4j 2.17.0, 2.12.3, 2.3.1)
added step by step walk through for the enterprise/free edition of CMK to the HOWTO
+2021-12-30: added bulk config for search path end exclude path
+2022-01-02: changed scanner to version 2.7.1
+ added options for syslog facility, rfc5424 syslog message format, append reporting to file
diff --git a/HOWTO.md b/HOWTO.md
index 32fe6b4f99386a117c73fcb643bda1455061a6d4..cae6e966de8f567af8a0b5f62c0aaad9a5ef7d2c 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -171,14 +171,14 @@ OPTIONS=--all-drives --syslog-level debug --syslog-udp checkmk --report-dir "D:\
- under *NIX check if the files are executable
- look for leftovers from older versions and remove them (see next toppic)
- run the scaner manually
+- run the plugin manually
- run the agent manually, (look for the plugin output starting with `<<<cve_2021_44228_log4j:sep(0)>>>`)
-- try the plugin manually
- clear the cache `sudo rm /var/lib/check_mk_agent/cache/*cve*`
-- use only "Search Path"/"Drives to scan", try to exclude large volumes so the scan time comes down, if you are succesfull try aditional options step by step
-- try to increase the "Scanner timeout" setting
-- if there are only `*.new` files in the chache directory for the cve_2021_44228_log4j plugin, then the scanner has not finished to scan the system.
+- use only _Search Path_ / _Drives to scan_, try to exclude large volumes so the scan time comes down, if you are succesfull try aditional options step by step
+- look at the `Completed in xx.xx seconds` and adjust the _Scanner timeout_ setting (the scanner needs much more time in the background, so double the time)
+- if there are only `*.new` files in the chache directory for the cve_2021_44228_log4j plugin, then the scanner has not finished to scan the system, maybe the timeout is still to low.
-Windows cmd
+Manual run of the Windows version of the pluguin (use a admin shell)
```
Microsoft Windows [Version 10.0.19042.1083]
(c) Microsoft Corporation. All rights reserved.
@@ -199,7 +199,7 @@ Completed in 36.59 seconds
C:\>
```
-Linux shell
+Manual run of the Linux version of the plugin
```
thl-cmk@checkmk:~$sudo /usr/lib/check_mk_agent/plugins/86400/cve_2021_44228_log4j.sh
<<<cve_2021_44228_log4j:sep(0)>>>
diff --git a/README.md b/README.md
index 69600e2c098a9e071c0a8ce864fe677a808294db..6618dffb9e34cae60e72f9ef41f67a27ea2d564b 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ The scanner (and so the plugin) can discover the following log4j issues
- [CVE-2021-45046](https://github.com/advisories/GHSA-7rjr-3q55-vv33)
- [CVE-2021-44832 RCE](https://logging.apache.org/log4j/2.x/security.html)
-**Note**: Included in this package is the scanner for Linux and Windows in version 2.6.3 (2021-12-27)
+**Note**: Included in this package is the scanner for Linux and Windows in version 2.6.5 (2021-12-29)
You will find the release notes/latest version for the logpresso scanner here [logpresso CVE-2021-44228-Scanner Releases](https://github.com/logpresso/CVE-2021-44228-Scanner/releases)
@@ -24,7 +24,7 @@ To use this check you need to deploy the scanner and the plugin for your destina
**Note**: If you have created (baked) a new agent package you need to redeploy the agent (automatic update/software deployment)
-If you have any issues or using use the RAW edition of CMK or have a platform that is not supported by the bakery have a look at the [how to information](HOWTO.md "how to"). Thre you will also find some information whats going on under the hood.
+If you have any issues or using the RAW edition of CMK or have a platform that is not supported by the bakery have a look at the [how to information](HOWTO.md "how to"). There you will also find some information whats going on under the hood.
---
Check Info:
diff --git a/agents/bakery/cve_2021_44228_log4j.py b/agents/bakery/cve_2021_44228_log4j.py
index 9bff269369c22231ee7ad99d790d215e3d01b4ab..507abe0126696f505c0590e48e4ca1d7ddf67a8d 100755
--- a/agents/bakery/cve_2021_44228_log4j.py
+++ b/agents/bakery/cve_2021_44228_log4j.py
@@ -10,7 +10,9 @@
# bakery plugin for check_mk
#
# 2021-12-23: reworked options handling
-#
+# 2021-12-30: changed handling for search paths and excluded paths
+# 2022-01-01: streamlined search path
+# 2022-01-02: added options for syslog facility, rfc5424 syslog message format, append reporting to file
from pathlib import Path
from typing import List
@@ -19,42 +21,56 @@ from cmk.base.cee.plugins.bakery.bakery_api.v1 import FileGenerator, OS, Plugin,
def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
+ options = conf[1].copy()
+
options_array: List = []
search_path_array: List = []
separator: str = ' ' # needs matching separator in the shell scripts
- options = conf[1].copy()
+ exclude_paths = None
+ include_paths = None
+ config_path = ''
+ search_path = ''
+ path_separator = ''
+ interval = 86400
+ timeout = 300
- interval = options.get('interval', 86400)
- timeout = options.get('timeout', 300)
+ if options.get('interval'):
+ interval = options['interval']
+ options.pop('interval')
+
+ if options.get('timeout'):
+ timeout = options['timeout']
+ options.pop('timeout')
- search_path = ''
if conf[0] == 'linux':
- for path in options['search_linux']:
+ config_path = '/etc/check_mk/'
+ path_separator = '/'
+ elif conf[0] == 'windows':
+ config_path = 'C:\\ProgramData\\checkmk\\agent\\config\\'
+ path_separator = '\\'
+
+ if options['search_in'] == 'all_drives':
+ options_array.append('--all-drives')
+ elif 'drives_to_scan' in options['search_in']:
+ label, drives_to_scan = options['search_in']
+ drives_to_scan = f'--drives {",".join(drives_to_scan)}'
+ options_array.append(drives_to_scan)
+ elif 'search_paths' in options['search_in']:
+ label, search_path = options['search_in']
+ for path in search_path:
path = path.strip(' ').strip("'").strip('"')
search_path_array.append(f'"{path}"')
- search_path = separator.join(search_path_array)
- elif conf[0] == 'windows':
- if options['search_windows'] == 'all_drives':
- options_array.append('--all-drives')
- elif 'drives_to_scan' in options['search_windows']:
- label, drives_to_scan = options['search_windows']
- drives_to_scan = f'--drives {",".join(drives_to_scan)}'
- options_array.append(drives_to_scan)
- elif 'search_paths' in options['search_windows']:
- label, search_path = options['search_windows']
- for path in search_path:
- path = path.strip(' ').strip("'").strip('"')
- search_path_array.append(f'"{path}"')
- search_path = separator.join(search_path)
-
- for path in options.get('exclude_paths', []):
- path = path.strip(' ').strip("'").strip('"')
- options_array.append(f'--exclude "{path}"')
+ search_path = separator.join(search_path)
+ elif 'include_paths_file' in options['search_in']:
+ label, include_paths = options['search_in']
+ options_array.append(f'-f {config_path}cve_2021_44228_log4j_search.cfg')
+ options.pop('search_in')
if options.get('exclude_fs'):
exclude_fs = ','.join(options['exclude_fs'])
options_array.append(f'--exclude-fs {exclude_fs}')
+ options.pop('exclude_fs')
if options.get('syslog'):
options_array.append(f'--syslog-level {options["syslog"].get("syslog_level", "info")}')
@@ -65,13 +81,26 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
else:
syslog_port = ''
options_array.append(f'{syslog_server}{syslog_port}')
+ if options['syslog'].get('syslog_facility'):
+ options_array.append(f'--syslog-facility {options["syslog"]["syslog_facility"]}')
+ if options['syslog'].get('syslog_rfc5424'):
+ options_array.append(f'--rfc5424')
+ options.pop('syslog')
if options.get('reporting'):
- report_dir = options["reporting"]["report_dir"].strip(' ').strip("'").strip('"')
- options_array.append(f'--report-dir "{report_dir}"')
- options_array.append(options['reporting'].get('report_format', '--report-csv'))
+ report_dir = options['reporting']['report_dir'].strip(' ').strip("'").strip('"')
+ if options['reporting'].get('log_path'):
+ log_path = options['reporting']['log_path']
+ if options['reporting'].get('report_format') == '--report-json':
+ options_array.append(f'--json-log-path "{report_dir}{path_separator}{log_path}"')
+ else:
+ options_array.append(f'--csv-log-path "{report_dir}{path_separator}{log_path}"')
+ else:
+ options_array.append(f'--report-dir "{report_dir}"')
+ options_array.append(options['reporting'].get('report_format', '--report-csv'))
if options['reporting'].get('no_empty_report'):
options_array.append('--no-empty-report')
+ options.pop('reporting')
if options.get('fix_files'):
backup_dir = options["fix_files"]["backup_dir"].strip(' ').strip("'").strip('"')
@@ -80,22 +109,18 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
options_array.append(f'--exclude "{backup_dir}"')
if options['fix_files'].get('force_fix'):
options_array.append(f'--force-fix')
+ options.pop('fix_files')
- for key in [
- 'interval',
- 'timeout',
- 'search_linux',
- 'search_windows',
- 'exclude_paths',
- 'exclude_fs',
- 'syslog',
- 'reporting',
- 'fix_files',
- ]:
- try:
- options.pop(key)
- except KeyError:
- pass
+ if options.get('exclude_paths'):
+ if 'exclude_paths' in options['exclude_paths']:
+ label, paths = options['exclude_paths']
+ for path in paths:
+ path = path.strip(' ').strip("'").strip('"')
+ options_array.append(f'--exclude "{path}"')
+ elif 'exclude_paths_file' in options['exclude_paths']:
+ label, exclude_paths = options['exclude_paths']
+ options_array.append(f'--exclude-config {config_path}cve_2021_44228_log4j_exclude.cfg')
+ options.pop('exclude_paths')
for value in options.values():
options_array.append(value)
@@ -125,6 +150,22 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
include_header=True,
)
+ if exclude_paths:
+ yield PluginConfig(
+ base_os=OS.LINUX,
+ lines=[exclude_paths],
+ target=Path('cve_2021_44228_log4j_exclude.cfg'),
+ include_header=False,
+ )
+
+ if include_paths:
+ yield PluginConfig(
+ base_os=OS.LINUX,
+ lines=[include_paths],
+ target=Path('cve_2021_44228_log4j_search.cfg'),
+ include_header=False,
+ )
+
elif conf[0] == 'windows':
yield Plugin(
base_os=OS.WINDOWS,
@@ -146,6 +187,22 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
include_header=True,
)
+ if exclude_paths:
+ yield PluginConfig(
+ base_os=OS.WINDOWS,
+ lines=[exclude_paths],
+ target=Path('cve_2021_44228_log4j_exclude.cfg'),
+ include_header=False,
+ )
+
+ if include_paths:
+ yield PluginConfig(
+ base_os=OS.WINDOWS,
+ lines=[include_paths],
+ target=Path('cve_2021_44228_log4j_search.cfg'),
+ include_header=False,
+ )
+
register.bakery_plugin(
name='cve_2021_44228_log4j',
diff --git a/agents/plugins/log4j2-scan.linux b/agents/plugins/log4j2-scan.linux
index d1294f10cdaaf8ecdc93fe17af96d753cc2416e4..28cb8a40f7bf98cd6d79a9c99aa7859f5df7e59e 100755
Binary files a/agents/plugins/log4j2-scan.linux and b/agents/plugins/log4j2-scan.linux differ
diff --git a/agents/plugins/log4j2-scan.windows b/agents/plugins/log4j2-scan.windows
index fc5a1905b1c2c21fa92ddc5bbce82557a6287bf7..09a97bf4a5ba1bcdea3a070a72848bf7dfa5a7c2 100755
Binary files a/agents/plugins/log4j2-scan.windows and b/agents/plugins/log4j2-scan.windows differ
diff --git a/cve_2021_44228_log4j.mkp b/cve_2021_44228_log4j.mkp
index a17006e6d7942a3f7fe566c798cdda0c409b95f0..d28039fc1141ccccdda4e068b884adfab15f0fe2 100644
Binary files a/cve_2021_44228_log4j.mkp and b/cve_2021_44228_log4j.mkp differ
diff --git a/packages/cve_2021_44228_log4j b/packages/cve_2021_44228_log4j
index 5413d0f90c5e2bb7d70d7ab8bab242b659eaf645..1b55f6d8f1086bd361e56c3931090dc45ec75ca4 100644
--- a/packages/cve_2021_44228_log4j
+++ b/packages/cve_2021_44228_log4j
@@ -32,7 +32,7 @@
'name': 'cve_2021_44228_log4j',
'num_files': 10,
'title': 'CVE-2021-44228-log4j scanner plugin',
- 'version': '20211229.v0.0.6',
+ 'version': '20220103.v0.0.7',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/wato/cve_2021_44228_log4j.py b/web/plugins/wato/cve_2021_44228_log4j.py
index 2a67d23c93802f3c7babcf91d67cf6b1c950ae3e..15f707394f46d0e1571d0f9a62480c6f151487c8 100644
--- a/web/plugins/wato/cve_2021_44228_log4j.py
+++ b/web/plugins/wato/cve_2021_44228_log4j.py
@@ -12,6 +12,8 @@
# 2021-12.19: added WATO options scan_logback, log4j_1, no_symlink, scan_zip, silent
# 2021-12-23: reworked structure for windows all-drives/drives/search path
# 2021-12-27: added files_skipped and errors, files/directories scanned lower levels
+# 2021-12-30: added bulk config for search path end exclude path
+# 2022-01-02: added options for syslog facility, rfc5424 syslog message format, append reporting to file
#
from cmk.gui.i18n import _
@@ -27,6 +29,9 @@ from cmk.gui.valuespec import (
ListOfStrings,
ListChoice,
DropdownChoice,
+ TextAreaUnicode,
+ # FileUpload,
+ # UploadOrPasteTextFile,
)
from cmk.gui.plugins.wato import (
@@ -36,11 +41,15 @@ from cmk.gui.plugins.wato import (
HostRulespec,
)
+from cmk.gui.mkeventd import (
+ syslog_facilities,
+)
+
from cmk.gui.cee.plugins.wato.agent_bakery.rulespecs.utils import (
RulespecGroupMonitoringAgentsAgentPlugins,
)
-bakery_plugin_version = '2021-12-23-0.0.1d'
+bakery_plugin_version = '2022-01-02-0.0.3'
##############################################################
#
@@ -184,6 +193,7 @@ rulespec_registry.register(
#
##############################################################
+
_base_options_config_fix_files = (
'fix_files',
Dictionary(
@@ -198,10 +208,10 @@ _base_options_config_fix_files = (
)),
('backup_dir',
TextUnicode(
- title=_('Backup directory'),
+ title=_('Backup directory (must exist)'),
help=_(
'Specify backup file path. Remember the directory must exist '
- 'and scanner must be able to write there!'
+ 'and the scanner must be able to write there!'
),
allow_empty=False,
)),
@@ -304,16 +314,6 @@ _base_option_config_exclude_fs = (
)
)
-_base_option_config_exclude_paths = (
- 'exclude_paths',
- ListOfStrings(
- title=_('Exclude paths'),
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
- help=_('Exclude specified paths from the scanning'),
- )
-)
_base_option_config_syslog = (
'syslog',
@@ -348,6 +348,59 @@ _base_option_config_syslog = (
],
default_value='info',
)),
+ ('syslog_facility',
+ DropdownChoice(
+ title=_('Facility'),
+ help=_('Default value is 16 (local0). Facility value must be in the range of 0 to 23'),
+ choices=syslog_facilities,
+
+ # from ~/lib/check_mk/gui/mkeventd.py
+ # syslog_facilities: DropdownChoices = [
+ # (0, "kern"),
+ # (1, "user"),
+ # (2, "mail"),
+ # (3, "daemon"),
+ # (4, "auth"),
+ # (5, "syslog"),
+ # (6, "lpr"),
+ # (7, "news"),
+ # (8, "uucp"),
+ # (9, "cron"),
+ # (10, "authpriv"),
+ # (11, "ftp"),
+ # (12, "(12: unused)"),
+ # (13, "(13: unused)"),
+ # (14, "(14: unused)"),
+ # (15, "(15: unused)"),
+ # (16, "local0"),
+ # (17, "local1"),
+ # (18, "local2"),
+ # (19, "local3"),
+ # (20, "local4"),
+ # (21, "local5"),
+ # (22, "local6"),
+ # (23, "local7"),
+ # (31, "snmptrap"),
+ # ]
+ default_value=16,
+ )),
+ ('syslog_rfc5424',
+ FixedValue(
+ '--rfc5424',
+ title=_('Use RFC5424 syslog format'),
+ totext=_('Formatting of syslog messages as in RFC5424 enabled'),
+ help=_('Without formatting the message as of RFC5424, the message looks like this \"<133>{\"time\": '
+ '\"2022-01-01 19:35:25+0100\", \"hostname\": \"checkmk\", \"path\": '
+ '\"/usr/bin/pycharm/pycharm-community-2021.1.3/lib/log4j.jar\", \"entry\": \"\", \"product\": '
+ '\"Log4j 1\", \"version\": \"1.2.17.2\", \"cve\": \"CVE-2021-4104\", \"status\": '
+ '\"MITIGATED\", \"fixed\": false}\". \nThis will break some syslog implementations becaus of '
+ 'the missing/wrong syslog header. For example CMKs event console will show \"{\"time\":\" as '
+ 'the Application. With RFC5424 enabled the message is changed like this '
+ '\"<133> 1 2022-01-01T23:20:50.52Z HOSTNAME LOPGRESSO LOG4J2-SCAN DETECT - {your message}\". '
+ 'APP-NAME: LOPGRESSO, PROCID: LOG4J2-SCAN, MSGID: DETECT. MSGID can also be ERROR in case of a '
+ 'scan error, for example on broken zip or jar files.'
+ ),
+ )),
],
required_keys=['syslog_server']
),
@@ -360,8 +413,18 @@ _base_option_config_report = (
elements=[
('report_dir',
TextUnicode(
- title=_('Report output directory'),
- help=_('Specify report output directory. Remember the scanner must be able to write there!'),
+ title=_('Report output directory (must exist)'),
+ help=_('Specify report output directory. If report file is not configured, the scanner will create on '
+ 'each run a new file in the format "log4j2_scan_report_yyyyMMdd_HHmmss" with the extension '
+ '"csv" or "json". Remember the scanner must be able to write there!'),
+ allow_empty=False,
+ )),
+ ('log_path',
+ TextUnicode(
+ title=_('Name of the file to report to'),
+ help=_('Specify json log file. If report file exists, log will be appended. The report file will '
+ 'be created in the "Report output directory" (see above). Remember the scanner must be able '
+ 'to write there!'),
allow_empty=False,
)),
('report_format',
@@ -409,6 +472,37 @@ _base_options_config_trace = (
)
+_base_option_config_exclude_paths = (
+ 'exclude_paths',
+ CascadingDropdown(
+ title=_('Exclude paths'),
+ default_value='exclude_paths',
+ sorted=False,
+ choices=[
+ ('exclude_paths',
+ _('Exclude paths'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
+ help=_('Exclude specified paths from the scanning'),
+ )),
+ ('exclude_paths_file',
+ _('Exclude paths (bulk)'),
+ TextAreaUnicode(
+ help='Specify path list. Paths should be separated by new line. Prepend # for comment.',
+ allow_empty=False,
+ forbidden_chars='|<>',
+ strip=True,
+ cols=85,
+ rows=5,
+ default_value='# Specify path list. Paths should be separated by new line. Prepend # for comment.\n'
+ ))
+ ],
+ )
+)
+
+
def _valuespec_agent_config_cve_2021_44228_log4j():
return CascadingDropdown(
title=_('CVE-2021-44228-log4j'),
@@ -416,89 +510,120 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
f'If you activate this option, then the agent plugin <tt>cve_2021_44228_log4j</tt> will be deployed. '
f'This will scan for files with the CVE-2021-44228-log4j issue. (Plugin version: {bakery_plugin_version})'
),
+ sorted=False,
choices=[
- (
- 'linux',
- _('Deploy Linux CVE-2021-44228-log4j agent plugin'),
- Dictionary(elements=[
- ('search_linux',
- ListOfStrings(
- title=_('Search paths'),
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
- help=_('Paths where the scanner searches for vulnerable files'),
- default_value=['/'],
- )),
- _base_options_config_scan_logback,
- _base_options_config_log4j_1,
- _base_options_config_scan_zip,
- _base_options_config_fix_files,
- _base_options_config_no_symlink,
- _base_option_config_exclude_paths,
- _base_option_config_exclude_fs,
- _base_options_config_silent,
- _base_options_config_interval,
- _base_options_config_timeout,
- _base_option_config_syslog,
- _base_option_config_report,
- _base_options_config_debug,
- # _base_options_config_trace, # run takes to long, produces to much output
- ],
- required_keys=['search_linux']
- ),
- ),
- (
- 'windows',
- _('Deploy Windows CVE-2021-44228-log4j agent plugin'),
- Dictionary(elements=[
- ('search_windows',
- CascadingDropdown(
- title=_('Search method'),
- default_value='all_drives',
- choices=[
- ('all_drives', _('All drives')),
- ('drives_to_scan',
- _('Drives to scan'),
- ListOfStrings(
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
- help=_('This drives will be scanned, default is "--all-drives"'),
- default_value=['C'],
- )),
- ('search_paths',
- _('Search paths'),
- ListOfStrings(
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
- help=_('Paths where the scanner searches for vulnerable files'),
- default_value=['C:\\'],
- )),
- ],
- )),
- _base_options_config_scan_logback,
- _base_options_config_log4j_1,
- # _base_options_config_no_symlink, # sym links on windows?
- _base_options_config_scan_zip,
- _base_options_config_fix_files,
- _base_option_config_exclude_paths,
- # _base_option_config_exclude_fs, # filesystem type on windows?
- _base_options_config_silent,
- _base_options_config_interval,
- _base_options_config_timeout,
- _base_option_config_syslog,
- _base_option_config_report,
- _base_options_config_debug,
- # _base_options_config_trace, # run takes to long, produces to much output
- ],
- required_keys=['search_windows']
- ),
- ),
+ ('linux',
+ _('Deploy Linux CVE-2021-44228-log4j agent plugin'),
+ Dictionary(elements=[
+ ('search_in',
+ CascadingDropdown(
+ title=_('Search method'),
+ default_value='search_paths',
+ sorted=False,
+ choices=[
+ ('search_paths',
+ _('Search paths'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
+ help=_('Paths where the scanner searches for vulnerable files'),
+ default_value=['/'],
+ )),
+ ('include_paths_file',
+ _('Search paths (bulk)'),
+ TextAreaUnicode(
+ help='Specify path list. Paths should be separated by new line. Prepend # for comment.',
+ allow_empty=False,
+ forbidden_chars='|<>',
+ strip=True,
+ cols=85,
+ rows=5,
+ default_value='# Specify path list. Paths should be separated by new line. '
+ 'Prepend # for comment.\n'
+ '/\n',
+ ))
+ ],
+ )),
+ _base_options_config_scan_logback,
+ _base_options_config_log4j_1,
+ _base_options_config_scan_zip,
+ _base_options_config_fix_files,
+ _base_option_config_exclude_paths,
+ _base_option_config_exclude_fs,
+ _base_options_config_no_symlink,
+ _base_option_config_syslog,
+ _base_option_config_report,
+ _base_options_config_silent,
+ _base_options_config_interval,
+ _base_options_config_timeout,
+ _base_options_config_debug,
+ # _base_options_config_trace, # run takes to long, produces to much output
+ ],
+ required_keys=['search_in']
+ )),
+ ('windows',
+ _('Deploy Windows CVE-2021-44228-log4j agent plugin'),
+ Dictionary(elements=[
+ ('search_in',
+ CascadingDropdown(
+ title=_('Search method'),
+ default_value='all_drives',
+ sorted=False,
+ choices=[
+ ('all_drives', _('All drives')),
+ ('drives_to_scan',
+ _('Drives to scan'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
+ help=_('This drives will be scanned, default is "--all-drives"'),
+ default_value=['C'],
+ )),
+ ('search_paths',
+ _('Search paths'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
+ help=_('Paths where the scanner searches for vulnerable files'),
+ default_value=['C:\\'],
+ )),
+ ('include_paths_file',
+ _('Search paths (bulk)'),
+ TextAreaUnicode(
+ help='Specify path list. Paths should be separated by new line. Prepend # for comment.',
+ allow_empty=False,
+ forbidden_chars='|<>',
+ strip=True,
+ cols=85,
+ rows=5,
+ default_value='# Specify path list. Paths should be separated by new line. '
+ 'Prepend # for comment.\r\n'
+ 'C:\\\r\n',
+ ))
+ ],
+ )),
+ _base_options_config_scan_logback,
+ _base_options_config_log4j_1,
+ _base_options_config_scan_zip,
+ _base_options_config_fix_files,
+ _base_option_config_exclude_paths,
+ # _base_option_config_exclude_fs, # filesystem type on windows?
+ # _base_options_config_no_symlink, # sym links on windows?
+ _base_option_config_syslog,
+ _base_option_config_report,
+ _base_options_config_silent,
+ _base_options_config_interval,
+ _base_options_config_timeout,
+ _base_options_config_debug,
+ # _base_options_config_trace, # run takes to long, produces to much output
+ ],
+ required_keys=['search_in']
+ )),
(None, _('Do not deploy the CVE-2021-44228-log4j agent plugin')),
],
-
)