Check and report for cve_2022_23307 (log4shell) on your system.
GitHub | GitLab | Quality | Downloads | Version | Issues | Pull Requests |
---|---|---|---|---|---|---|
This example is taken from molecule/default/converge.yml
and is tested on each push, pull request and release.
---
- name: converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: buluma.cve_2022_23307
The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml
:
---
- name: prepare
hosts: all
become: yes
gather_facts: no
roles:
- role: buluma.bootstrap
# The role is prepared to install extra software and also remove when
# the role is done. This is not idempotent, so in this playbook, the
# required software is already installed.
vars_files:
- ../../vars/main.yml
post_tasks:
- name: install required software
ansible.builtin.package:
name: ["{{ cve_2022_23307_ps_package }}", unzip]
The default values for the variables are set in defaults/main.yml
:
---
# defaults file for cve_2022_23307
# You can disable certain checks using these variables.
# Check suspicous processes.
cve_2022_23307_check_processes: yes
# Check suspicous packages.
cve_2022_23307_check_packages: yes
# This check uses `find`, which may use the disk intensively.
# Check suspicous files.
cve_2022_23307_check_files: yes
# This check uses `find`, which may use the disk intensively.
# Check suspicous jars
cve_2022_23307_check_archives: yes
# Add your own paths if you want to. The more paths you add, the more
# the disk will be used, but not having enough paths poses a risk of
# not finding vulnerable files.
# Paths to find files and jars in.
cve_2022_23307_paths_to_check:
- /var
- /etc
- /usr
- /opt
- /lib64
# The types of archives to scan.
cve_2022_23307_archive_patterns:
- "*.jar"
- "*.war"
- "*.ear"
- "*.aar"
- pip packages listed in requirements.txt.
The following roles are used to prepare a system. You can prepare your system in another way.
Requirement | GitHub | GitLab |
---|---|---|
buluma.bootstrap |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
container | tags |
---|---|
alpine | all |
amazon | all |
debian | all |
el | 7, 8 |
fedora | all |
opensuse | all |
ubuntu | focal, bionic |
The minimum version of Ansible required is 2.10, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub
Apache-2.0