POC详情: c6c8da9abe31515d7c3b888cfd4cfae3dc22ab7c

来源
https://github.com/lucab85/log4j-cve-2021-44228
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
介绍
# Log4j-CVE-2021-44228 detector scanner playbook

[![CI](https://github.com/lucab85/log4j-cve-2021-44228/actions/workflows/ci.yml/badge.svg)](https://github.com/lucab85/log4j-cve-2021-44228/actions/workflows/ci.yml)

Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script for Log4Shell (CVE-2021-44228).

[Red Hat version 1.3 detector 2022-01-10](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).

The result is saved in a txt file under `detector_dir` (default: `/opt/cve-2021-44228/`).

## Ansible Galaxy role

Code also available as Ansible Galaxy role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell)

```bash
ansible-galaxy install lucab85.ansible_role_log4shell
```

## How to run the Ansible Playbook

Default variables scan all the `/var/` path for affected files.
You could customize the `vars.yml` file for more options.

```bash
ansible-playbook log4j-cve-2021-44228.yml
```

## Dependencies

None.

## Requirements

ansible 2.9+

## Variables vars.yml

default values:

```yaml
rh_bullettin: >-
  https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
intro: |
  Ansible Playbook tested with detector version 1.3 released 2022-01-10.
  If a 404 error occur please adjust the URL with the latest version available
  for detector URL.
  Please refer to the Red Hat Security Bullettin for up-to-date information and
  adjust the playbook variables accordingly.
  {{ rh_bullettin }}.
vulnerable: |
  System MIGHT be vulnerable to log4j (CVE-2021-44228)
not_vulnerable: |
  System IS NOT vulnerable to log4j (CVE-2021-44228)
report_txt: "/report/vuln_log4j2_path_*.txt"
sh_detector: "cve-2021-44228--2022-01-10-1242.sh"
sh_signature: "cve-2021-44228--2022-01-10-1242.sh.asc"
detector_baseurl: "https://access.redhat.com/sites/default/files/"
force_download: false
detector_path: "/var/"
detector_dir: "/opt/cve-2021-44228/"
detector_run_dir: "tmp"
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
gpg_keyid: "7514F77D8366B0D9"
gpg_server: "pgp.mit.edu"
gpg_public_key: 'gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}'
clean_run_before: true
delete_after: false
verify_gpg: true
```

- `rh_bullettin`: link of the RHSB (default: [https://access.redhat.com/security/vulnerabilities/RHSB-2021-009](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009))
- `intro`: introduction text
- `vulnerable`: vulnerable text (visible only on debug level 2 execution `-vv`)
- `not_vulnerable`: NOT vulnerable text (visible only on debug level 2 execution `-vv`)
- `report_txt`: report path to print (default: `/report/vuln_log4j2_path_*.txt`)
- `sh_detector`: the filename of the detector bash script file
- `sh_signature`: the filename of the detector GPG signature file
- `detector_baseurl`: the base URL to download the previous files
- `force_download`: force to download every run the code (default: `false`)
- `detector_path`: the path to inspect (default `/var/`)
- `detector_dir`: the download path of the detector (default `/opt/cve-2021-44228/`)
- `detector_run_dir`: the subdirectory to create before the run (default `tmp`)
- `detector_options`: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
- `gpg_keyid`: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
- `gpg_server`: the GPG key server (default: `pgp.mit.edu`)
- `gpg_public_key`: command for gpg verification (default: `gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}`)
- `clean_run_before`: remove the run directory and recreate before the execution - detector requires an empty directory (default `true`)
- `delete_after`: remove the _detector_dir_ after the execution (default `false`)
- `verify_gpg`: perform the GPG signature download and verification (default: `true`)


## Demo execution

The full output of the execution of the playbook against the RHEL8 demo target host:

```bash
$ ansible-playbook -i test/inventory log4j-cve-2021-44228.yml -vv
ansible-playbook [core 2.12.1]
  config file = None
  configured module search path = ['/Users/lberton/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/5.1.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/lberton/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.10.1 (main, Dec  6 2021, 23:20:29) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: log4j-cve-2021-44228.yml *********************************************************************************************************************************************************
2 plays in log4j-cve-2021-44228.yml

PLAY [download detector for Apache Log4j (CVE-2021-44228)] *********************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:29
ok: [localhost] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [print information] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:31
ok: [localhost] => {
    "msg": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009.\n"
}

TASK [download detector] *******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:35
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 67710, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh"}

TASK [download detector signature] *********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:42
ok: [localhost] => {"changed": false, "dest": "./cve-2021-44228--2022-01-10-1242.sh.asc", "elapsed": 0, "gid": 20, "group": "staff", "mode": "0644", "msg": "HTTP Error 304: Not Modified", "owner": "lberton", "size": 811, "state": "file", "status_code": 304, "uid": 501, "url": "https://access.redhat.com/sites/default/files/cve-2021-44228--2022-01-10-1242.sh.asc"}
META: ran handlers
META: ran handlers

PLAY [detector for Apache Log4j (CVE-2021-44228)] ******************************************************************************************************************************************
META: ran handlers

TASK [include_vars] ************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:54
ok: [demo.example.com] => {"ansible_facts": {"clean_run_before": true, "delete_after": false, "detector_baseurl": "https://access.redhat.com/sites/default/files/", "detector_dir": "/opt/cve-2021-44228/", "detector_options": "-n -d --no-progress --scan {{ detector_path }}", "detector_path": "/var/", "detector_run_dir": "tmp", "force_download": false, "gpg_keyid": "7514F77D8366B0D9", "gpg_public_key": "gpg --keyserver {{ gpg_server }} --recv {{ gpg_keyid }}", "gpg_server": "pgp.mit.edu", "intro": "Ansible Playbook tested with detector version 1.3 released 2022-01-10.\nIf a 404 error occur please adjust the URL with the latest version available\nfor detector URL.\nPlease refer to the Red Hat Security Bullettin for up-to-date information and\nadjust the playbook variables accordingly.\n{{ rh_bullettin }}.\n", "not_vulnerable": "System IS NOT vulnerable to log4j (CVE-2021-44228)\n", "report_txt": "/report/vuln_log4j2_path_*.txt", "rh_bullettin": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009", "sh_detector": "cve-2021-44228--2022-01-10-1242.sh", "sh_signature": "cve-2021-44228--2022-01-10-1242.sh.asc", "verify_gpg": true, "vulnerable": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n"}, "ansible_included_var_files": ["/Users/lberton/prj/github/log4j-cve-2021-44228/vars.yml"], "changed": false}

TASK [dependency present] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:56
ok: [demo.example.com] => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "Nothing to do", "rc": 0, "results": []}

TASK [create detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:67
ok: [demo.example.com] => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 193, "state": "directory", "uid": 0}

TASK [copy detector file] ******************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:73
ok: [demo.example.com] => {"changed": false, "checksum": "4fa53e1f03dc8d4228479dd9a3a288a83146aa96", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "secontext": "system_u:object_r:usr_t:s0", "size": 67710, "state": "file", "uid": 0}

TASK [copy detector signature] *************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:82
ok: [demo.example.com] => {"changed": false, "checksum": "ecd1150a9826112acfa3f6dd9af0d536f51eb02f", "dest": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "secontext": "system_u:object_r:usr_t:s0", "size": 811, "state": "file", "uid": 0}

TASK [gpg public key] **********************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:92
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--keyserver", "pgp.mit.edu", "--recv", "7514F77D8366B0D9"], "delta": "0:00:07.831962", "end": "2022-01-10 17:09:05.217573", "msg": "", "rc": 0, "start": "2022-01-10 17:08:57.385611", "stderr": "gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" not changed\ngpg: Total number processed: 1\ngpg:              unchanged: 1", "stderr_lines": ["gpg: key 7514F77D8366B0D9: \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" not changed", "gpg: Total number processed: 1", "gpg:              unchanged: 1"], "stdout": "", "stdout_lines": []}

TASK [gpg verify detector] *****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:97
changed: [demo.example.com] => {"changed": true, "cmd": ["gpg", "--verify", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh.asc", "/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh"], "delta": "0:00:00.006127", "end": "2022-01-10 17:09:05.649893", "msg": "", "rc": 0, "start": "2022-01-10 17:09:05.643766", "stderr": "gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC\ngpg:                using RSA key 7514F77D8366B0D9\ngpg: Good signature from \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg:          There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9", "stderr_lines": ["gpg: Signature made Mon 10 Jan 2022 12:42:22 PM UTC", "gpg:                using RSA key 7514F77D8366B0D9", "gpg: Good signature from \"Red Hat, Inc. (tools key) <secalert@redhat.com>\" [unknown]", "gpg: WARNING: This key is not certified with a trusted signature!", "gpg:          There is no indication that the signature belongs to the owner.", "Primary key fingerprint: 8B12 20FC 564E 9583 2002  05FF 7514 F77D 8366 B0D9"], "stdout": "", "stdout_lines": []}

TASK [remove any detector run directory] ***************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:103
changed: [demo.example.com] => {"changed": true, "path": "/opt/cve-2021-44228/tmp", "state": "absent"}

TASK [create detector run directory] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:110
changed: [demo.example.com] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/opt/cve-2021-44228/tmp", "secontext": "unconfined_u:object_r:usr_t:s0", "size": 6, "state": "directory", "uid": 0}

TASK [run detector/scanner] ****************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:116
fatal: [demo.example.com]: FAILED! => {"changed": true, "cmd": ["/opt/cve-2021-44228/cve-2021-44228--2022-01-10-1242.sh", "-n", "-d", "--no-progress", "--scan", "/var/", "--tmp", "/opt/cve-2021-44228/tmp"], "delta": "0:00:38.292411", "end": "2022-01-10 17:09:45.263799", "msg": "non-zero return code", "rc": 2, "start": "2022-01-10 17:09:06.971388", "stderr": "", "stderr_lines": [], "stdout": "\nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*", "stdout_lines": ["", "This script (v1.3) is primarily designed to detect CVE-2021-44228 on supported", "Red Hat Enterprise Linux 6-8 systems.", "Result may be inaccurate for other systems.", "Result may be inaccurate for affected log4j-core jar files other than those found", "in the two listed maven repositories as of 2021-12-13 and between versions", "2.0(.*) inclusive and 2.14.* inclusive:", "* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/", "* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/", "Symbolic links are not followed. Only local filesystem paths are supported.", "", "Finished scanning of the specified directory", "/var", "", "The specified directory contains vulnerable log4j-core jar files.", "* 3 files were identified.", "* Paths of the identified files can be found in .txt files in the directory", "  /opt/cve-2021-44228/tmp/report", "* To print all these paths, you can run the following command in the 'report' directory:", "  cat vuln_log4j2_path_*.txt", "* The paths may show paths inside zip/jar archive files, signified by a double slash //.", "", "Please note that vulnerability is determined based on the version only.", "This script doesn't detect any mitigations.", "", "Follow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.", "", "running_kernel = *4.18.0-348.el8.x86_64*", "vulnerable = *3*", "result = *2*", "scan_path = */var*", "tmp_path = */opt/cve-2021-44228/tmp*", "num_before = *5*", "num_after = *5*", "queue_position = *5*", "queue_length = *5*", "queue_length_check = *5*"]}
...ignoring

TASK [print NOT vulnerable message] ********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:123
skipping: [demo.example.com] => {}

TASK [print vulnerable message] ************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:129
ok: [demo.example.com] => {
    "msg": "System MIGHT be vulnerable to log4j (CVE-2021-44228)\n \nThis script (v1.3) is primarily designed to detect CVE-2021-44228 on supported\nRed Hat Enterprise Linux 6-8 systems.\nResult may be inaccurate for other systems.\nResult may be inaccurate for affected log4j-core jar files other than those found\nin the two listed maven repositories as of 2021-12-13 and between versions\n2.0(.*) inclusive and 2.14.* inclusive:\n* https://maven.repository.redhat.com/ga/org/apache/logging/log4j/log4j-core/\n* https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/\nSymbolic links are not followed. Only local filesystem paths are supported.\n\nFinished scanning of the specified directory\n/var\n\nThe specified directory contains vulnerable log4j-core jar files.\n* 3 files were identified.\n* Paths of the identified files can be found in .txt files in the directory\n  /opt/cve-2021-44228/tmp/report\n* To print all these paths, you can run the following command in the 'report' directory:\n  cat vuln_log4j2_path_*.txt\n* The paths may show paths inside zip/jar archive files, signified by a double slash //.\n\nPlease note that vulnerability is determined based on the version only.\nThis script doesn't detect any mitigations.\n\nFollow https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 for advice.\n\nrunning_kernel = *4.18.0-348.el8.x86_64*\nvulnerable = *3*\nresult = *2*\nscan_path = */var*\ntmp_path = */opt/cve-2021-44228/tmp*\nnum_before = *5*\nnum_after = *5*\nqueue_position = *5*\nqueue_length = *5*\nqueue_length_check = *5*"
}

TASK [files in detector run directory] *****************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:135
ok: [demo.example.com] => {"changed": false, "examined": 4, "files": [{"atime": 1641834585.1820261, "ctime": 1641834585.1820261, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566206, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.1820261, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 66, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2100265, "ctime": 1641834585.2100265, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 67566207, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2100265, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 60, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1641834585.2410266, "ctime": 1641834585.2410266, "dev": 64768, "gid": 0, "gr_name": "root", "inode": 84002242, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1641834585.2410266, "nlink": 1, "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 68, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "matched": 3, "msg": "All paths examined", "skipped_paths": {}}

TASK [print debug] *************************************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:144
ok: [demo.example.com] => {
    "msg": {
        "changed": false,
        "examined": 4,
        "failed": false,
        "files": [
            {
                "atime": 1641834585.1820261,
                "ctime": 1641834585.1820261,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566206,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.1820261,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_10f0000c81f423e3.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 66,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2100265,
                "ctime": 1641834585.2100265,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 67566207,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2100265,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_add914421c92120d.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 60,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            },
            {
                "atime": 1641834585.2410266,
                "ctime": 1641834585.2410266,
                "dev": 64768,
                "gid": 0,
                "gr_name": "root",
                "inode": 84002242,
                "isblk": false,
                "ischr": false,
                "isdir": false,
                "isfifo": false,
                "isgid": false,
                "islnk": false,
                "isreg": true,
                "issock": false,
                "isuid": false,
                "mode": "0644",
                "mtime": 1641834585.2410266,
                "nlink": 1,
                "path": "/opt/cve-2021-44228/tmp/report/vuln_log4j2_path_ce677e1bb46d86c5.txt",
                "pw_name": "root",
                "rgrp": true,
                "roth": true,
                "rusr": true,
                "size": 68,
                "uid": 0,
                "wgrp": false,
                "woth": false,
                "wusr": true,
                "xgrp": false,
                "xoth": false,
                "xusr": false
            }
        ],
        "matched": 3,
        "msg": "All paths examined",
        "skipped_paths": {}
    }
}

TASK [read vulnerable path(s) found] *******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:150
changed: [demo.example.com] => {"changed": true, "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt", "delta": "0:00:00.004155", "end": "2022-01-10 17:09:46.451923", "msg": "", "rc": 0, "start": "2022-01-10 17:09:46.447768", "stderr": "", "stderr_lines": [], "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar", "stdout_lines": ["/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar", "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"]}

TASK [print vulnerable path(s) found] ******************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:156
ok: [demo.example.com] => {
    "msg": {
        "changed": true,
        "cmd": "cat /opt/cve-2021-44228/tmp/report/vuln_log4j2_path_*.txt",
        "delta": "0:00:00.004155",
        "end": "2022-01-10 17:09:46.451923",
        "failed": false,
        "msg": "",
        "rc": 0,
        "start": "2022-01-10 17:09:46.447768",
        "stderr": "",
        "stderr_lines": [],
        "stdout": "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar\n/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar",
        "stdout_lines": [
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-tests.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7.jar",
            "/var/www/test-log4j/apache-log4j-2.7-bin/log4j-core-2.7-sources.jar"
        ]
    }
}

TASK [remove detector directory] ***********************************************************************************************************************************************************
task path: /Users/lberton/prj/github/log4j-cve-2021-44228/log4j-cve-2021-44228.yml:161
skipping: [demo.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************************************************************************************************************************
demo.example.com           : ok=15   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=1   
localhost                  : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

```

## License

MIT / BSD

## Author Information

This role was created in 2021 by [Luca Berton](https://www.lucaberton.it/), author of [Ansible Pilot](https://www.ansiblepilot.com/).

## Ansible Pilot

More information

- [Website](https://www.ansiblepilot.com/)
- [Ansible Pilot YouTube channel](https://www.youtube.com/channel/UC5MNbTYRHSCu9vAki3z9SmA)
- [Medium](https://ansiblepilot.medium.com/)
- [Twitter](https://twitter.com/ansiblepilot)

## Donate

Thank you for supporting me

- [Patreon](https://patreon.com/lucaberton)
- [Buy me a pizza](https://www.buymeacoffee.com/lucab)
- [GitHub sponsor](https://github.com/sponsors/lucab85)
文件快照

 [4.0K]  /data/pocs/c6c8da9abe31515d7c3b888cfd4cfae3dc22ab7c
├── [1.0K]  LICENSE
├── [4.9K]  log4j-cve-2021-44228.yml
├── [ 31K]  README.md
├── [4.0K]  test
│   ├── [  30]  devops.sudo
│   ├── [ 156]  inventory
│   ├── [1.2K]  provision.yml
│   └── [ 596]  Vagrantfile
└── [2.2K]  vars.yml

1 directory, 8 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。