Hi Doc,
Do you have a little wrapper for Linux and windows to hand to put in as a check?
I’ve been looking into the article the checkMK have put out but I’m having trouble applying the check to my RAW edition of check_mk. Automatically detecting log4j vulnerabilities in your IT | Checkmk
Any help would be amazing.
this does not work in checkmk raw edition 2.0.0.p17 as the output is expected in a different format:
State
Service
Status detail
UNKN
0
Invalid plugin status ‘Found’. Invalid performance data: ‘potentially’. Output is: vulnerable files
UNKN
Found
Invalid plugin status ‘0;1;1’. Invalid performance data: ‘2’. Output is: vulnerable files
UPDATE:
If I remove the output of “\n$LONG” the local check is recognized but the check has the state “OK” although there were 2 files found:
OK CVE-2021-44228_log4j count: 2.00
Problem is in two places not only one, first is " | awk ‘{ print $2}’ " spits out two rows , and the second problem is that " $SHORT\n$LONG" spits out two rows as well so i only use long one. This work in the way that : will give value “10” if there is 1 vulnerable files and “01” if there is 1 potentially vulnerable files and obviously if “11” then 1 vulnerable files and 1 potentially vulnerable files, not perfect but it does the trick:
Solution in first problem:
COUNT=echo "$RESULT" | grep "vulnerable files" | awk '{printf "%s", $2}'
Solution on second problem:
echo “P CVE-2021-44228_log4j count=”$COUNT";1;1 $LONG"
Apache selbst nutzt kein log4j, auch Apache Tomcat in der Standardauslieferung nicht. Das Einzige was betroffen sein kann, sind Produkte, die du selbst in das checkmk Umfeld bringst.