Thanks Andreas.
I was looking if there was any option in the check_mk_agent that would allow something similar without installing anything.
I have created this small local check to find the files that I write here in case someone can take advantage of it. Sorry for the text in Spanish.
Copy on this path. The 86400 is the seconds how often it is executed (once a day)
/usr/lib/check_mk_agent/local/86400/check_log4j.py
Execution permissions
chmod 744 /usr/lib/check_mk_agent/local/86400/check_log4j.py
#!/bin/python
#-- coding: utf-8 --
‘’’
Plugin para localizar ficheros log4j por motivo de la vulnerabilidad
CVE-2021-44228 y si lo encuentra alertar en el checkmk
‘’’import subprocess
import sys
import os
import redef main():
files_log4j = ‘’
re_log4j = re.compile(‘log4j’)
re_log4j_version = re.compile(‘log4j(2|[[a-z|-]+2)’)
status = 0
cmd = “find / -name log4j.jar”
p = subprocess.Popen(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
(output, err) = p.communicate()for pathfile in output.splitlines(): filename = os.path.basename(pathfile) result = re_log4j.search(filename) if result: files_log4j += pathfile + '\\n' status = 1 # Comprueba si puede ser la version 2 result = re_log4j_version.search(filename) if result: status = 2 if status == 0: txt = 'No encontrado ficheros log4j' elif status == 1: txt = 'Encontrado ficheros log4j. Mirar en detalles para revisar la version.\\n' + files_log4j else: txt = 'Encontrado posibles ficheros log4j-2. Mirar en detalles para revisar la version.\\n' + files_log4j print(str(status) + ' log4j - ' + txt)if name == “main”:
main()