diff --git a/CHANGELOG b/CHANGELOG
index 0e894534b9e0f83200c6a4fc122d1d2115712360..5b0f285fa0a9c2ef916b8605c9583d6531c57679 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,5 +16,10 @@
added bakery options for file reporting, backup on fix files and debug
added multiple search paths to Windows agent
changed search path on Linux to multiple serach paths --> incompatible you need to reconfigure bakery rules
-2021-12-23: fixed exit code other than 0 in the linux/powershell scriptss (THX to cmasopust[at]greentube[dot]com)
+2021-12-23: fixed exit code other than 0 in the linux/powershell scripts (THX to cmasopust[at]greentube[dot]com)
changed scanner to version 2.6.1 (fixes: Can not use --report-dir together with --report-json issue #203)
+ reworked options handling in bakery plugin
+ reworked structure for windows all-drives/drives/search path in wato plugin --> --> incompatible you need to reconfigure bakery rules
+ windows agent plugin: execute scanner as cmd job to pass path/file names with spaces (THX to andreas-doehler@forum.checkmk)
+ windows agent plugin: init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
+2021-12-24: linux agent plugin: changed to pass the options as arry to the scanner
diff --git a/HOWTO.md b/HOWTO.md
index 1faa0f6a2fb0d57711e0ae9365139d539357eecb..fc2c14e9a5ec539785e14ad43e90fdda19d0c565 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -76,7 +76,7 @@ How can you do that?
</details>
<details><summary>The agent plugin script</summary>
-This is a basic shell script that runs the scanner and outputs the results for CMK. Here is the script for Linux as example.
+The agent plugin is a basic shell script that reads the sanner options from the config file, runs the scanner and outputs the results for CMK. Here is the script for Linux as example.
```
#!/bin/bash
@@ -89,11 +89,13 @@ This is a basic shell script that runs the scanner and outputs the results for C
#
# plugin for the check_mk linux agent
#
+# 2021-12-21: fixed exit code other than 0 (THX to cmasopust[at]greentube[dot]com)
+# 2021-12-24: fixed spaces in file names (https://stackoverflow.com/questions/19122448/bash-escaping-spaces-in-filename-in-variable)
-SCRIPTVERSION="2021-12-18-0.0.1"
+SCRIPTVERSION="2021-12-24-0.0.1d"
OPTIONS="/"
EXECUTABLE=/usr/lib/check_mk_agent/bin/log4j2-scan
-PLUGIN_CONF_DIR="/etc/check_mk/"
+PLUGIN_CONF_DIR="/etc/check_mk"
if [ -f $MK_CONFDIR/cve_2021_44228_log4j.cfg ]; then
@@ -102,15 +104,23 @@ elif [ -f $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg ]; then
. $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg 2>/dev/null
fi
+echo "<<<cve_2021_44228_log4j:sep(0)>>>"
+# 2021-12-19T22:08:52+01:00
+date +%FT%T%:z
+printf "SCAN OPTIONS: "
+printf " %s " "${OPTIONS[@]}"
+printf "\n"
+printf "SCRIPT VERSION: %s\n" "$SCRIPTVERSION"
+printf "%s\n" "----------------------------------------------------"
+
if [ -f $EXECUTABLE ]; then
- echo "<<<cve_2021_44228_log4j:sep(0)>>>"
- # 2021-12-19T22:08:52+01:00
- date +%FT%T%:z
- echo "SCAN OPTIONS: $OPTIONS"
- echo "SCRIPT VERSION: $SCRIPTVERSION"
- $EXECUTABLE $OPTIONS
- exit 0
+ $EXECUTABLE "${OPTIONS[@]}"
+else
+ printf "ERROR: Executable not found: %s\n" "$EXECUTABLE"
fi
+
+exit 0
+
```
The important lines (for the check plugin to work) are:
@@ -130,14 +140,27 @@ The important lines (for the check plugin to work) are:
The bakery creates the config file `cve_2021_44228_log4j.cfg` for the agent plugin. At the moment this holds only the options for the scanner.
+Example config file for the Linux agent plugin
```
# Created by Check_MK Agent Bakery.
# This file is managed via WATO, do not edit manually or you
# lose your changes next time when you update the agent.
-OPTIONS="--scan-logback --scan-log4j1 --no-symlink --scan-zip --silent /"
+OPTIONS=(--exclude "/mnt" --exclude "/test with space" --exclude-fs nfs,fuse.vmhgfs-fuse --syslog-level debug --syslog-udp checkmk --scan-logback --scan-log4j1 --scan-zip --no-symlink --silent "/");
+
```
+Example config file for the Windows agent plugin
+```
+# Created by Check_MK Agent Bakery.
+# This file is managed via WATO, do not edit manually or you
+# lose your changes next time when you update the agent.
+
+OPTIONS=--all-drives --syslog-level debug --syslog-udp checkmk --report-dir "D:\Kannweg\reports" --report-json --scan-logback --scan-log4j1 --scan-zip --silent
+
+```
+
+
**Note**: as mentioned in the table on top there is a sample config for Linux and Windows available. In the sample you will find a short decription to all posible options (as with scanner version 2.5.3)
</details>
@@ -178,7 +201,7 @@ C:\>
Linux shell
```
-thl-cmk@checkmk:~$ /usr/lib/check_mk_agent/plugins/86400/cve_2021_44228_log4j.sh
+thl-cmk@checkmk:~$sudo /usr/lib/check_mk_agent/plugins/86400/cve_2021_44228_log4j.sh
<<<cve_2021_44228_log4j:sep(0)>>>
2021-12-20T16:12:56+01:00
SCAN OPTIONS: /
diff --git a/README.md b/README.md
index 672cd4465fc35dbee0048a3a16996c0bec6f0c52..5d0e115754208726446ce0a77aecb3318e609ac1 100644
--- a/README.md
+++ b/README.md
@@ -43,16 +43,38 @@ Check Info:
#### Want to contribute?
Nice ;-) Have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")
---
-Sample output [(sample details)](/../../../-/raw/master/doc/sample-details.png "see sample details") and [(sample syslog events in CMK event console)](/../../../-/raw/master/doc/sample-syslog.png "sample syslog events in CMK event console")
+<details><summary>Sample output</summary>
+
**Note**: in the service details you will find the raw output from the scanner
-WATO
+<details><summary>Sample output details</summary>
-
+ 
-WATO bakery
+</details>
-
+<details><summary>Sample syslog events in CMK event console</summary>
+
+
+</details>
+
+</details>
+<details><summary>WATO options check plugin</summary>
+
+
+</details>
+
+<details><summary>WATO bakery Linux</summary>
+
+
+
+</details>
+
+<details><summary>WATO bakery Windows</summary>
+
+
+
+</details>
diff --git a/agents/bakery/cve_2021_44228_log4j.py b/agents/bakery/cve_2021_44228_log4j.py
index 9467a411d474e7884b6deb493f6c2a674f554626..be89fe7def7c45a6c8db1e8996d348d061df1e8a 100755
--- a/agents/bakery/cve_2021_44228_log4j.py
+++ b/agents/bakery/cve_2021_44228_log4j.py
@@ -9,6 +9,8 @@
#
# bakery plugin for check_mk
#
+# 2021-12-23: reworked options handling
+#
from pathlib import Path
from typing import List
@@ -17,54 +19,70 @@ from cmk.base.cee.plugins.bakery.bakery_api.v1 import FileGenerator, OS, Plugin,
def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
+ options_array: List = []
+ search_path_array: List = []
+ separator: str = ' ' # needs matching separator in the shell scripts
+
options = conf[1].copy()
interval = options.get('interval', 86400)
timeout = options.get('timeout', 300)
- search_path = options.get('search_path')
-
- drives_to_scan = options.get('drives_to_scan', '--all-drives')
- if drives_to_scan != '--all-drives':
- drives_to_scan = f'--drives {",".join(drives_to_scan)}'
- exclude_paths = ' --exclude '.join(options.get('exclude_paths', '')).strip(' ')
- if exclude_paths:
- exclude_paths = f' --exclude {exclude_paths}'
-
- exclude_fs = ','.join(options.get('exclude_fs', '')).strip(' ')
- if exclude_fs:
- exclude_fs = f'--exclude-fs {exclude_fs}'
+ search_path = ''
+ if conf[0] == 'linux':
+ for path in options['search_linux']:
+ path = path.strip(' ').strip("'").strip('"')
+ search_path_array.append(f'"{path}"')
+ search_path = ' '.join(search_path_array)
+ elif conf[0] == 'windows':
+ if options['search_windows'] == 'all_drives':
+ options_array.append('--all-drives')
+ elif 'drives_to_scan' in options['search_windows']:
+ label, drives_to_scan = options['search_windows']
+ drives_to_scan = f'--drives {",".join(drives_to_scan)}'
+ options_array.append(drives_to_scan)
+ elif 'search_paths' in options['search_windows']:
+ label, search_path = options['search_windows']
+ search_path = f'{" ".join(search_path)}'
+
+ for path in options.get('exclude_paths', []):
+ path = path.strip(' ').strip("'").strip('"')
+ options_array.append(f'--exclude "{path}"')
+
+ if options.get('exclude_fs'):
+ exclude_fs = ','.join(options['exclude_fs'])
+ options_array.append(f'--exclude-fs {exclude_fs}')
- syslog = ''
if options.get('syslog'):
+ options_array.append(f'--syslog-level {options["syslog"].get("syslog_level", "info")}')
syslog_server = f'--syslog-udp {options["syslog"]["syslog_server"]}'
- syslog_level = f'--syslog-level {options["syslog"].get("syslog_level", "info")}'
syslog_port = options['syslog'].get('syslog_port', None)
if syslog_port is not None:
syslog_port = f':{syslog_port}'
else:
syslog_port = ''
- syslog = f'{syslog_server}{syslog_port} {syslog_level}'
+ options_array.append(f'{syslog_server}{syslog_port}')
- reporting = ''
if options.get('reporting'):
- report_dir = f'--report-dir {options["reporting"]["report_dir"]}'
- report_format = options['reporting'].get('report_format', '')
- no_empty_report = options['reporting'].get('no_empty_report', '')
- reporting = f' {report_dir} {report_format} {no_empty_report}'
+ report_dir = options["reporting"]["report_dir"].strip(' ').strip("'").strip('"')
+ options_array.append(f'--report-dir "{report_dir}"')
+ options_array.append(options['reporting'].get('report_format', '--report-csv'))
+ if options['reporting'].get('no_empty_report'):
+ options_array.append('--no-empty-report')
- backup_dir = ''
if options.get('fix_files'):
- backup_dir = f'--backup-path {options["fix_files"]["backup_dir"]}'
+ backup_dir = options["fix_files"]["backup_dir"].strip(' ').strip("'").strip('"')
+ options_array.append(f'--backup-path "{backup_dir}"')
if options['fix_files'].get('not_exclude_backup') is None:
- backup_dir += f' --exclude {options["fix_files"]["backup_dir"]}'
- backup_dir += f' {options["fix_files"].get("force_fix", "")}'
+ options_array.append(f'--exclude {backup_dir}')
+ if options['fix_files'].get('force_fix'):
+ options_array.append(f'--force-fix')
for key in [
'interval',
'timeout',
- 'search_path',
- 'drives_to_scan',
+ 'search_linux',
+ 'search_windows',
'exclude_paths',
'exclude_fs',
'syslog',
@@ -76,18 +94,12 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
except KeyError:
pass
- options = ' '.join(options.values())
- options = f'{options} {syslog} {reporting} {backup_dir} {exclude_paths} {exclude_fs}'.strip(' ')
+ for value in options.values():
+ options_array.append(value)
- while ' ' in options:
- options = options.replace(' ', ' ')
+ options = separator.join(options_array)
if conf[0] == 'linux':
- if search_path is None:
- search_path = '/'
- else:
- search_path = ' '.join(search_path)
-
yield Plugin(
base_os=OS.LINUX,
source=Path('cve_2021_44228_log4j.linux'),
@@ -104,17 +116,12 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
yield PluginConfig(
base_os=OS.LINUX,
- lines=[f'OPTIONS="{options} {search_path}"'],
+ lines=[f'OPTIONS=({options}{separator}{search_path});'],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
)
elif conf[0] == 'windows':
- if search_path is None:
- search_path = ''
- else:
- search_path = ' '.join(search_path)
-
yield Plugin(
base_os=OS.WINDOWS,
source=Path('cve_2021_44228_log4j.windows'),
@@ -128,10 +135,9 @@ def get_cve_2021_44228_log4j_files(conf: List[any]) -> FileGenerator:
source=Path('log4j2-scan.windows'),
target=Path('..\\bin\\log4j2-scan.exe'),
)
-
yield PluginConfig(
base_os=OS.WINDOWS,
- lines=[f'OPTIONS="{options} {drives_to_scan} {search_path}"'],
+ lines=[f'OPTIONS={options}{separator}{search_path}'],
target=Path('cve_2021_44228_log4j.cfg'),
include_header=True,
)
diff --git a/agents/plugins/cve_2021_44228_log4j.cfg.linux b/agents/plugins/cve_2021_44228_log4j.cfg.linux
index 3b8a046b9f9aa7e32d1912b85e0bc72540a42359..888a5682784a70f771ec49ed2b71a40e23b7ddd2 100644
--- a/agents/plugins/cve_2021_44228_log4j.cfg.linux
+++ b/agents/plugins/cve_2021_44228_log4j.cfg.linux
@@ -3,10 +3,10 @@
# lose your changes next time when you update the agent.
# default options on linux systems
-OPTIONS="/"
+OPTIONS=("/");
# sample options for windows
-# OPTIONS="--scan-logback --scan-log4j1 --no-symlink --silent /usr"
+# OPTIONS=(--scan-logback --scan-log4j1 --no-symlink --silent "/usr");
# ##################################################################################
#
diff --git a/agents/plugins/cve_2021_44228_log4j.cfg.windows b/agents/plugins/cve_2021_44228_log4j.cfg.windows
index 1170c24b7fba9bfd1e956789711e8361b7d8ffa6..c245777cb6bfb8d84cbeae10bc0246655ad2febe 100644
--- a/agents/plugins/cve_2021_44228_log4j.cfg.windows
+++ b/agents/plugins/cve_2021_44228_log4j.cfg.windows
@@ -3,10 +3,10 @@
# lose your changes next time when you update the agent.
# default options on linux systems
-OPTIONS="--all-drives"
+OPTIONS=--all-drives
# sample options for windows
-# OPTIONS="--scan-logback --scan-log4j1 --no-symlink --silent --drives c,d"
+# OPTIONS=--scan-logback --scan-log4j1 --no-symlink --silent --drives c,d
# ##################################################################################
#
diff --git a/agents/plugins/cve_2021_44228_log4j.linux b/agents/plugins/cve_2021_44228_log4j.linux
index 0b8c05b463e5bcc371c3ef6b3f89554dd7f35df3..ddc432cc65d7bb2c433369faa7d124c07af0c464 100755
--- a/agents/plugins/cve_2021_44228_log4j.linux
+++ b/agents/plugins/cve_2021_44228_log4j.linux
@@ -9,12 +9,12 @@
# plugin for the check_mk linux agent
#
# 2021-12-21: fixed exit code other than 0 (THX to cmasopust[at]greentube[dot]com)
-#
+# 2021-12-24: fixed spaces in file names (https://stackoverflow.com/questions/19122448/bash-escaping-spaces-in-filename-in-variable)
-SCRIPTVERSION="2021-12-18-0.0.1c"
+SCRIPTVERSION="2021-12-24-0.0.1d"
OPTIONS="/"
EXECUTABLE=/usr/lib/check_mk_agent/bin/log4j2-scan
-PLUGIN_CONF_DIR="/etc/check_mk/"
+PLUGIN_CONF_DIR="/etc/check_mk"
if [ -f $MK_CONFDIR/cve_2021_44228_log4j.cfg ]; then
@@ -23,13 +23,19 @@ elif [ -f $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg ]; then
. $PLUGIN_CONF_DIR/cve_2021_44228_log4j.cfg 2>/dev/null
fi
+echo "<<<cve_2021_44228_log4j:sep(0)>>>"
+# 2021-12-19T22:08:52+01:00
+date +%FT%T%:z
+printf "SCAN OPTIONS: "
+printf " %s " "${OPTIONS[@]}"
+printf "\n"
+printf "SCRIPT VERSION: %s\n" "$SCRIPTVERSION"
+printf "%s\n" "----------------------------------------------------"
+
if [ -f $EXECUTABLE ]; then
- echo "<<<cve_2021_44228_log4j:sep(0)>>>"
- # 2021-12-19T22:08:52+01:00
- date +%FT%T%:z
- echo "SCAN OPTIONS: $OPTIONS"
- echo "SCRIPT VERSION: $SCRIPTVERSION"
- echo "----------------------------------------------------"
- $EXECUTABLE $OPTIONS
- exit 0
+ $EXECUTABLE "${OPTIONS[@]}"
+else
+ printf "ERROR: Executable not found: %s\n" "$EXECUTABLE"
fi
+
+exit 0
diff --git a/agents/plugins/cve_2021_44228_log4j.windows b/agents/plugins/cve_2021_44228_log4j.windows
index c8cdf083c01985c6bc723c08847092e340a22226..da77c33eab2e61ac822230b2034521eb6078a522 100755
--- a/agents/plugins/cve_2021_44228_log4j.windows
+++ b/agents/plugins/cve_2021_44228_log4j.windows
@@ -9,29 +9,77 @@
2021-12-21: fixed missing $MK_CONFDIR variable (THX to Rene@frorum.checkmk)
2021-12-21: fixed OPTION handling (THX to Rene@frorum.checkmk)
- 2021.12.23: fixed exi code other than 0 (THX to cmasopust[at]greentube[dot]com)
+ 2021-12-23: fixed exit code other than 0 (THX to cmasopust[at]greentube[dot]com)
+ execute scanner as cmd job to pass path/file names with spaces (THX to andreas-doehler@forum.checkmk)
+ init powershell console (buffer/window size/encoding) (THX to andreas-doehler@forum.checkmk)
#>
-$SCRIPTVERSION="2021-12-21-0.0.2c"
+###
+
+$pshost = Get-Host # Get the PowerShell Host.
+$pswindow = $pshost.UI.RawUI # Get the PowerShell Host's UI.
+
+$newsize = $pswindow.BufferSize # Get the UI's current Buffer Size.
+$newsize.height = 300 # Set the new buffer's heigt to 300 lines.
+$newsize.width = 200 # Set the new buffer's width to 200 columns.
+$pswindow.buffersize = $newsize # Set the new Buffer Size as active.
+
+$newsize = $pswindow.windowsize # Get the UI's current Window Size.
+$newsize.width = 200 # Set the new Window Width to 200 columns.
+$pswindow.windowsize = $newsize # Set the new Window Size as active.
+
+[Console]::OutputEncoding = [System.Text.UTF8Encoding]::new($true)
+
+###
+
+
+
+$SCRIPTVERSION="2021-12-23-0.0.2d"
$OPTIONS="--all-drives"
$EXECUTABLE="C:\ProgramData\checkmk\agent\bin\log4j2-scan.exe"
-$PLUGIN_CONF_DIR="C:\ProgramData\checkmk\agent\config"
+
+# config file directory
+$MK_CONFDIR = $env:MK_CONFDIR
+
+# Fallback if no MK_CONFDIR is set
+if (!$MK_CONFDIR) {
+ $MK_CONFDIR= "$env:ProgramData\checkmk\agent\config"
+}
if (Test-Path -Path $MK_CONFDIR\cve_2021_44228_log4j.cfg -PathType Leaf) {
$OPTIONS=(Select-String -Path $MK_CONFDIR\cve_2021_44228_log4j.cfg -Pattern "OPTIONS=")
-} elseif (Test-Path -Path $PLUGIN_CONF_DIR\cve_2021_44228_log4j.cfg -PathType Leaf) {
- $OPTIONS=(Select-String -Path $PLUGIN_CONF_DIR\cve_2021_44228_log4j.cfg -Pattern "OPTIONS=")
}
-$OPTIONS=($OPTIONS -split "=")[1] -replace '"','' -split " "
+$OPTIONS=($OPTIONS -split "=")[1]
+
+Write-Output "<<<cve_2021_44228_log4j:sep(0)>>>"
+# 2021-12-19T22:08:52+01:00
+Get-Date -Format "yyyy-MM-ddTHH:mm:ssK"
+Write-Output "SCAN OPTIONS: $OPTIONS"
+Write-Output "SCRIPT VERSION: $SCRIPTVERSION"
+Write-Output "----------------------------------------------------"
if (Test-Path -Path $EXECUTABLE -PathType Leaf) {
- echo "<<<cve_2021_44228_log4j:sep(0)>>>"
- # 2021-12-19T22:08:52+01:00
- Get-Date -Format "yyyy-MM-ddTHH:mm:ssK"
- echo "SCAN OPTIONS: $OPTIONS"
- echo "SCRIPT VERSION: $SCRIPTVERSION"
- echo "----------------------------------------------------"
- & $EXECUTABLE $OPTIONS
+ $EXECUTABLE = $EXECUTABLE + " " + $OPTIONS
+} else {
+ Write-Output "ERROR: Executable not found: $EXECUTABLE"
exit 0
}
+
+$JOB_LOG4J = Start-Job -ScriptBlock { cmd /c $using:EXECUTABLE } -Name "log4j2"
+
+while ($JOB_LOG4J.state -eq "running") {
+ Start-Sleep -Seconds 10 # Sleep for 10 seconds
+}
+
+if ($JOB_LOG4J.state -eq "completed") {
+ Receive-Job -Job $JOB_LOG4J
+} else {
+ Write-Output "ERROR: Job did not complete successfully."
+ Write-Output "ERROR: Job status: $JOB_LOG4J.state"
+
+}
+
+Remove-Job $JOB_LOG4J
+
+exit 0
diff --git a/cve_2021_44228_log4j.mkp b/cve_2021_44228_log4j.mkp
index 0cb7a59b9c51f27bea08a25a7476e972e47d6aef..8445d83dc29b94aa9f5157d8c57d6bb5ce7879d4 100644
Binary files a/cve_2021_44228_log4j.mkp and b/cve_2021_44228_log4j.mkp differ
diff --git a/doc/wato-bakery-linux.png b/doc/wato-bakery-linux.png
new file mode 100644
index 0000000000000000000000000000000000000000..01ba08bc78271382c36b1f5b658e70b1ca5a91b0
Binary files /dev/null and b/doc/wato-bakery-linux.png differ
diff --git a/doc/wato-bakery-windows.png b/doc/wato-bakery-windows.png
new file mode 100644
index 0000000000000000000000000000000000000000..9d59799efaf7becbf4c53fc039ec91b52e2674d8
Binary files /dev/null and b/doc/wato-bakery-windows.png differ
diff --git a/packages/cve_2021_44228_log4j b/packages/cve_2021_44228_log4j
index 265225c4c2e71c53a00a4fc6a470249715278d67..3a8205cb278bd9b62295bcf7bf83a7aa1702ff52 100644
--- a/packages/cve_2021_44228_log4j
+++ b/packages/cve_2021_44228_log4j
@@ -32,7 +32,7 @@
'name': 'cve_2021_44228_log4j',
'num_files': 10,
'title': 'CVE-2021-44228-log4j scanner plugin',
- 'version': '20211222.v0.0.4f',
+ 'version': '20211224.v0.0.4g',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/wato/cve_2021_44228_log4j.py b/web/plugins/wato/cve_2021_44228_log4j.py
index 2f5d838182614fade9ca2526a66d76c7ec82a22e..e5f0272fee81a5e49007f7ba696f83a905b9e865 100644
--- a/web/plugins/wato/cve_2021_44228_log4j.py
+++ b/web/plugins/wato/cve_2021_44228_log4j.py
@@ -10,7 +10,7 @@
# WATO file for the cve_2021_44228 plugins (bakery and check)
#
# 2021-12.19: added WATO options scan_logback, log4j_1, no_symlink, scan_zip, silent
-#
+# 2021-12-23: reworked structure for windows all-drives/drives/search path
from cmk.gui.i18n import _
from cmk.gui.valuespec import (
@@ -26,7 +26,7 @@ from cmk.gui.plugins.wato import (
CheckParameterRulespecWithItem,
)
-bakery_plugin_version = '2021-12-21-0.0.1b'
+bakery_plugin_version = '2021-12-23-0.0.1c'
##############################################################
#
@@ -370,13 +370,14 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
'linux',
_('Deploy Linux CVE-2021-44228-log4j agent plugin'),
Dictionary(elements=[
- ('search_path',
+ ('search_linux',
ListOfStrings(
title=_('Search paths'),
orientation='horizontal',
allow_empty=False,
valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
help=_('Paths where the scanner searches for vulnerable files'),
+ default_value=['/'],
)),
_base_options_config_scan_logback,
_base_options_config_log4j_1,
@@ -392,29 +393,58 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
_base_option_config_report,
_base_options_config_debug,
# _base_options_config_trace, # run takes to long, produces to much output
- ]),
+ ],
+ required_keys=['search_linux']
+ ),
),
(
'windows',
_('Deploy Windows CVE-2021-44228-log4j agent plugin'),
Dictionary(elements=[
- ('search_path',
- ListOfStrings(
- title=_('Search paths'),
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
- help=_('Paths where the scanner searches for vulnerable files'),
- )),
- ('drives_to_scan',
- ListOfStrings(
- title=_('Drives to scan'),
- orientation='horizontal',
- allow_empty=False,
- valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
- help=_('This drives will be scanned, default is "--all-drives"'),
- default_value=['C'],
+ ('search_windows',
+ CascadingDropdown(
+ title=_('Search method'),
+ default_value='all_drives',
+ choices=[
+ ('all_drives', _('All drives')),
+ ('drives_to_scan',
+ _('Drives to scan'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
+ help=_('This drives will be scanned, default is "--all-drives"'),
+ default_value=['C'],
+ )),
+ ('search_paths',
+ _('Search paths'),
+ ListOfStrings(
+ orientation='horizontal',
+ allow_empty=False,
+ valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
+ help=_('Paths where the scanner searches for vulnerable files'),
+ default_value=['C:\\'],
+ )),
+ ],
)),
+
+ # ('search_path',
+ # ListOfStrings(
+ # title=_('Search paths'),
+ # orientation='horizontal',
+ # allow_empty=False,
+ # valuespec=TextInput(allow_empty=False, regex='[^|<>]'),
+ # help=_('Paths where the scanner searches for vulnerable files'),
+ # )),
+ # ('drives_to_scan',
+ # ListOfStrings(
+ # title=_('Drives to scan'),
+ # orientation='horizontal',
+ # allow_empty=False,
+ # valuespec=TextInput(size=1, maxlen=1, minlen=1, allow_empty=False, regex='[a-zA-Z]'),
+ # help=_('This drives will be scanned, default is "--all-drives"'),
+ # default_value=['C'],
+ # )),
_base_options_config_scan_logback,
_base_options_config_log4j_1,
# _base_options_config_no_symlink, # sym links on windows?
@@ -429,7 +459,9 @@ def _valuespec_agent_config_cve_2021_44228_log4j():
_base_option_config_report,
_base_options_config_debug,
# _base_options_config_trace, # run takes to long, produces to much output
- ]),
+ ],
+ required_keys=['search_windows']
+ ),
),
(None, _('Do not deploy the CVE-2021-44228-log4j agent plugin')),
],