diff --git a/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh b/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
index 7f46fce9b094af8186e4b0b9736a1222b73a84f6..960fa6e126bb8f29c50e06034bfc8e7ec36aa064 100755
--- a/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
+++ b/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
@@ -11,14 +11,15 @@ START_DATE=$(date +%s)
DEST="/" # scan under this path
WAITTIME="10800" # max scan runtime (default: 3h = 10800sec)
-EXCLUDE_PATHS="--exclude /mnt"
-LOGFILE="/tmp/local-spring-vuln-scanner"
-ARGS="--quiet --log $LOGFILE $EXCLUDE_PATHS"
+EXCLUDE_PATHS="--exclude /mnt --exclude /lost+found --exclude /media --exclude /run/user/"
+LOGFILE="/tmp/local-spring-vuln-scanner.log"
+ARGS="--verbose --quiet --log $LOGFILE $EXCLUDE_PATHS"
SERVICENAME="CVE-Spring4Shell"
PWD="/usr/lib/check_mk_agent"
# search pattern
PATTERN_VULNERABLE="^indicator for vulnerable component found in "
+PATTERN_INSPECTED="^Inspecting "
PATTERN_DENY=": permission denied$"
PATTERN_CVES="^Checking for vulnerabilities: "
PATTERN_REPLACE="indicator for vulnerable component found in "
@@ -27,8 +28,6 @@ WAITMAX=$(which waitmax)
COMMAND="$WAITMAX $WAITTIME $PWD/bin/local-spring-vuln-scanner $ARGS $DEST"
-MSG="Scanned path: $DEST"
-
# Check if a scan is already running
PROCESSES=$(pgrep -lfc local-spring-vuln-scanner)
@@ -49,16 +48,17 @@ CVES=$(echo "$CVES" | awk -F':' '{print $2}')
# trim spaces at the beginning of string
CVES=${CVES##*( )}
-MSG="Checked for: $CVES, $MSG"
+LONGOUTPUT="Checked for: $CVES\nScanned path: $DEST"
DENIED=$(grep -c "$PATTERN_DENY" $LOGFILE)
VULNERABLE=$(grep -cE "$PATTERN_VULNERABLE" $LOGFILE)
+INSPECTED=$(grep -cE "$PATTERN_INSPECTED" $LOGFILE)
END_DATE=$(date +%s)
RUN_TIME=$(("$END_DATE" - "$START_DATE"))
# Perfdata
-PERFDATA="files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
# Output if errors while scanning
if [[ $EXITCODE -gt 0 ]]
@@ -70,25 +70,25 @@ fi
# Output if suspicious files found
if [[ $VULNERABLE -eq 0 ]]
then
- MSG="$MSG, No vulnerabilities found"
+ MSG="No vulnerabilities found"
else
# get files with indicator
FILES_VULNERABLE=$(sed -n -e "/$PATTERN_VULNERABLE/p" $LOGFILE | sed "s/$PATTERN_REPLACE//g" | sed ':a;N;$!ba;s/\n/\\n/g')
FILES_VULNERABLE="\nIndicator for vulnerable component found in:\n$FILES_VULNERABLE"
- MSG="$MSG, Found indicators for vulnerable components"
+ MSG="Found indicators for vulnerable components"
+ LONGOUTPUT="$LONGOUTPUT\n$FILES_VULNERABLE"
fi
if [[ DENIED -gt 0 ]]
then
# get denied files
FILES_DENIED=$(sed -n -e "/$PATTERN_DENY/p" $LOGFILE | sed ':a;N;$!ba;s/\n/\\n/g')
- FILES_DENIED="\Unscanned files:\n$FILES_DENIED"
+ FILES_DENIED="\nUnscanned files:\n$FILES_DENIED"
+ LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
fi
-LONGOUTPUT="$FILES_VULNERABLE\n$FILES_DENIED"
-
# Default output
-echo "P $SERVICENAME $PERFDATA $MSG $LONGOUTPUT"
+echo "P $SERVICENAME $PERFDATA $MSG\n$LONGOUTPUT\n"
# cleanup
unset ARGS
@@ -100,11 +100,13 @@ unset END_DATE
unset EXITCODE
unset FILES_DENIED
unset FILES_VULNERABLE
+unset INSPECTED
unset LOGFILE
unset LONGOUTPUT
unset MSG
unset PATTERN_CVES
unset PATTERN_DENY
+unset PATTERN_INSPECTED
unset PATTERN_REPLACE
unset PATTERN_VULNERABLE
unset PERFDATA
diff --git a/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1 b/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
index 07957b542f7d230aa5292a94d45e3e04c53f3668..f9a1e3c16414756e761270f970a3cb0e994d031f 100755
--- a/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
+++ b/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
@@ -13,6 +13,7 @@ $SVC_NAME = "CVE-Spring4Shell"
# pattern to search in output
$PATTERN_VULNERABLE="^indicator for vulnerable component found in "
+$PATTERN_INSPECTING="^Inspecting "
$PATTERN_DENY=": Access is denied\.$"
$PATTERN_CVES="^Checking for vulnerabilities: "
$PATTERN_REPLACE="indicator for vulnerable component found in "
@@ -20,12 +21,12 @@ $PATTERN_REPLACE="indicator for vulnerable component found in "
# get list of drives to check without empty drives (like CDROM), returns i.e. "C:\ D:\"
$DRIVES_TO_CHECK = (Get-PSDrive -PSProvider "FileSystem" | Where-Object used -gt 0 | Select -ExpandProperty root) -join " "
-$MSG = "Scanned drive(s): $($DRIVES_TO_CHECK)"
+$LONGOUTPUT = "Scanned drive(s): $($DRIVES_TO_CHECK)"
$EXECUTABLE = "c:\ProgramData\checkmk\agent\bin\local-spring-vuln-scanner.exe"
-$EXCLUDE_PATHS = ""
+$EXCLUDE_PATHS = "--exclude ""C:\System Volume Information"""
$LOGFILE = "$env:TEMP\spring4shell.log"
-$ARGS = "--quiet --log $($LOGFILE) $($EXCLUDE_PATHS)"
+$ARGS = "--verbose --quiet --log $($LOGFILE) $($EXCLUDE_PATHS)"
$RUN = "$EXECUTABLE $ARGS $DRIVES_TO_CHECK"
@@ -50,43 +51,48 @@ catch {
return
}
- if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
+if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
+ # search for CVEs checked for:
+ $CVES = (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_CVES | Select -ExpandProperty Line).split(":")[1].trim()
+ $LONGOUTPUT="$LONGOUTPUT\nChecked for: $CVES"
+
# search for vulnerabilites and remove log file name from output:
$FILES_VULNERABLE = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_VULNERABLE | Select -ExpandProperty Line
$VULNERABLE = $FILES_VULNERABLE.Length
if ( $VULNERABLE -gt 0 ) {
$FILES_VULNERABLE=($FILES_VULNERABLE -join "\n") -replace $PATTERN_REPLACE, ""
$FILES_VULNERABLE = "\nIndicator for vulnerable component found in:\n$FILES_VULNERABLE"
- $MSG = "$MSG, Found indicators for vulnerable components"
+ $MSG = "Found indicators for vulnerable components"
+ $LONGOUTPUT="$LONGOUTPUT\n$FILES_VULNERABLE"
} else {
- $MSG = "$MSG, No vulnerabilities found"
+ # $MSG = "$MSG, No vulnerabilities found"
+ $MSG = "No vulnerabilities found"
}
- # get number/list of denied files
- $FILES_DENIED= (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_DENY)
+ # search for denied files and remove log file name from output:
+ $FILES_DENIED= (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_DENY) | Select -ExpandProperty Line
$DENIED = $FILES_DENIED.Length
if ( $DENIED -gt 0 ) {
$FILES_DENIED=($FILES_DENIED -join "\n")
$FILES_DENIED = "\nUnscanned files:\n$FILES_DENIED"
+ $LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
}
- # search for CVEs checked for:
- $CVES = (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_CVES | Select -ExpandProperty Line).split(":")[1].trim()
- } else {
+ # get number of inspected .jar/.war files
+ $FILES_INSPECTED = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_INSPECTING | Select -ExpandProperty Line
+ $INSPECTED = $FILES_INSPECTED.length
+
+ # remove log file
+ Remove-Item -Path $LOGFILE
+
+} else {
Write-output "1 $($SVC_NAME) Logfile $($LOGFILE) not found"
return
- }
-
-if (Test-Path -Path $LOGFILE -PathType Leaf) {
- Remove-Item -Path $LOGFILE
}
-$MSG = "Checked for: $CVES, $MSG"
-$LONGOUTPUT="$FILES_VULNERABLE\n$FILES_DENIED"
-
$END_TIME = Get-Date
$RUN_TIME = (New-TimeSpan -Start $START_TIME -End $END_TIME).TotalSeconds
-$PERFDATA="files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+$PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
write-output "P $($SVC_NAME) $PERFDATA $MSG\n$LONGOUTPUT\n"
exit 0
diff --git a/packages/spring4shell b/packages/spring4shell
index 545c15cf1a8da0d06cdd1cdac73df642a7eb599a..7d5b81c670a39236867b94ba87c86ce08a375d85 100644
--- a/packages/spring4shell
+++ b/packages/spring4shell
@@ -33,7 +33,7 @@
'name': 'spring4shell',
'num_files': 4,
'title': 'Spring4Shell check plugin',
- 'version': '0.95',
+ 'version': '0.96a',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/spring4shell.mkp b/spring4shell.mkp
index a80a227aa17df6b03ece55e95883169f48d87cf3..1125bbaa8a980dee0117f737b9f127cab1b2f775 100644
Binary files a/spring4shell.mkp and b/spring4shell.mkp differ
diff --git a/web/plugins/metrics/spring4shell.py b/web/plugins/metrics/spring4shell.py
index fb8fd6e793f61ae50dc976e3cf9cf3be9ea6613a..bf52ddc556879624afb6de38696d8621b818b9d7 100644
--- a/web/plugins/metrics/spring4shell.py
+++ b/web/plugins/metrics/spring4shell.py
@@ -18,6 +18,11 @@ from cmk.gui.plugins.metrics import (
check_metrics,
)
+metric_info['files_inspected'] = {
+ 'title': _('Inspected files'),
+ 'unit': 'count',
+ 'color': '31/a',
+}
metric_info['files_vulnerable'] = {
'title': _('Vulnerable'),
'unit': 'count',