This agent plugin intergrates the CVE-2021-44228-Scanner from logpresso with checkmk the system monitoring from tribe29.

Included in this package is the scanner for Linux and Windows in version 2.7.1 (2022-01-02). You will find the release notes/latest version for the logpresso scanner here logpresso CVE-2021-44228-Scanner Releases.

Note: The package for CMK1.6 will not be always on the same level as the version for CMK 2.0.

The scanner (and so the plugin) can discover the following log4j issues

• CVE-2021-44228
• CVE-2021-4104
• CVE-2021-42550
• CVE-2021-45105
• CVE-2021-45046
• CVE-2021-44832 RCE

You will find more information on this on the Apache Log4j Security Vulnerabilities page.

• cve_2021_44228_log4j.mkp (plugin for CMK 2.0)
• cve_2021_44228_log4j_cmk16.mkp (plugin for CMK 1.6)

You can find the latest version of this plugin and a lot more checkmk plugins here

Note: before you update read the CHANGELOG please, and have a look at the Releases, there might be unexpected changes.

• in the checkmk Entrprise/Free edition you can install the plugin via Setup > Maintenance > Extension packages
• in the checkmk RAW/Community edition you need to copy the package to your checkmk server (via SCP for example), and then - as site user - install the package with mkp install cve_2021_44228_log4.mkp on the cli.

To use this plugin you need to deploy the scanner and the plugin for your destination platform. You can do this via the agent bakery (Setup > Agents> Windows, Linux, Solaris, AIX > Agent rules > CVE-2021-44228-log4j). Here you can also configure some options for the scanner (see WATO bakery). If you have created (baked) a new agent package you need to redeploy the agent (automatic update/software deployment)

To use this plugin with the checkmk RAW/Community edition or have a platform that is not supported by the bakery have a look at the how to information. There you will also find more information around this plugin.

Note: only Linux and Windows is implemented for this bakery plugin. If you need this for AIX/Solaris have a look at the contribution guidelines

Nice ;-) Have a look at the contribution guidelines

• service: creates the service CVE-2021-44228-log4j

• state:
  critical

  • if a (potentially) vulnerable file is found
  • if an error is found (from the agent plugin or the scanner)

  warning

  • if a file state mitigated is found
  • if a file is skipped by the scanner

• wato: (see WATO options)

• perfdata (if avilable):
  • Vulnerable files
  • Potentially vulnerable files
  • Mitigated files
  • Files sskipped
  • Files scanned
  • Directories scanned
  • Run time