@all there is an update version of the package avalable here.
- CHECK: added check plugin with the CVE id as item (on multiple requests of a single user @Doc
) - BAKERY: added option –exclude-pattern to the Exclude paths section (@rprengel)
- INVENTORY: extended report for additional log4j/logback CVEs
- WATO:
- added options for per CVE check
- added discovery rule for per CVE check plugin
- added rules for inventory plugins
- changed display name (again) from ‘CVE scanner for log4j (CVE-2021-44228-log4j)’ to ‘log4j CVE scanner (CVE-2021-44228-log4j)’
- enabled “Send report to checkmk” in “Enable reporting” by default for new rules
- METRICS: added metrics/graph/perfometer for files_affected
- How To:
- added “Inventory plugins”, “Check plugin cve_2021_44228_log4j_cves” and “Scanner options implemented in the bakery” sections in “Use with the enterprise/free edition of CMK”
- updated “The config file for cve_44228_log4j agent plugin”
)Note: before installing the update untick the “Exclude paths” option in the agent rules and bake the agent.
After the update you can reconfigure the “Exclude paths” option.
To use the new check plugin and the CVE inventory you need to enable “Enable reporting” → “Send report to checkmk” in the bakery plugin rules. Whether a file is affected by a specific CVE and the additional information in the inventory is based solely on the log4j/logback version reported by the Logpresso scanner. It says nothing about whether the CVE is exploitable or not.