Only for Linux hosts yet.
check_CVE-2021-44228_log4j.sh
#!/bin/bash
# Christian Wirtz, 2021-12-13
# Wrapper around:
# https://github.com/logpresso/CVE-2021-44228-Scanner
# for checkmk usage
DESTPATH="/usr/share/"
RESULT=`/usr/lib/check_mk_agent/bin/log4j2-scan $DESTPATH`
COUNT=`echo "$RESULT" | grep "vulnerable files" | awk '{ print $2}'`
SHORT=`echo "$RESULT" | grep "vulnerable files"`
LONG=`echo "$RESULT" | awk 1 ORS='\\\\n'`
echo "P CVE-2021-44228_log4j count=$COUNT;1;1 $SHORT\n$LONG"
We used the binary from Logpresso.
Structure under /usr/lib/check_mk_agent/
|-- bin
| `-- log4j2-scan
`-- local
`-- 86400
`-- check_CVE-2021-44228_log4j.sh