/checkmk-log4j-scanner

Scans for Log4j versions effected by CVE-2021-44228

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

(inett GmbH)

check_mk extension to check for log4j2 CVE-2021-44228

This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0)

How it works

Run in 5 steps:

  1. Find all .jar, .war, .ear, .aar files recursively.
  2. Find META-INF/maven/org.apache.logging.log4j/log4j-core/pom.properties entry from JAR file.
  3. Read groupId, artifactId, and version.
  4. Compare log4j2 version and print vulnerable version.