Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/robertdebock/ansible-role-cve_2021_44228
Check and report for cve_2021_44228 (log4shell) on your system.
https://github.com/robertdebock/ansible-role-cve_2021_44228
ansible cve202144228 log4j log4shell molecule playbook security tox
Last synced: about 2 months ago
JSON representation
Check and report for cve_2021_44228 (log4shell) on your system.
- Host: GitHub
- URL: https://github.com/robertdebock/ansible-role-cve_2021_44228
- Owner: robertdebock
- License: apache-2.0
- Archived: true
- Created: 2021-12-15T14:53:17.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2023-12-22T09:20:42.000Z (9 months ago)
- Last Synced: 2024-05-29T08:12:41.203Z (4 months ago)
- Topics: ansible, cve202144228, log4j, log4shell, molecule, playbook, security, tox
- Homepage: https://robertdebock.nl/
- Size: 67.4 KB
- Stars: 10
- Watchers: 3
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# [Ansible role cve_2021_44228](#cve_2021_44228)
> THIS ROLE HAS BEEN ARCHIVED AS OF DEC 2023.
Check and report for cve_2021_44228 (log4shell) on your system.
|GitHub|GitLab|Downloads|Version|
|------|------|---------|-------|
|[](https://github.com/robertdebock/ansible-role-cve_2021_44228/actions)|[](https://gitlab.com/robertdebock-iac/ansible-role-cve_2021_44228)|[](https://galaxy.ansible.com/robertdebock/cve_2021_44228)|[](https://github.com/robertdebock/ansible-role-cve_2021_44228/releases/)|
## [Example Playbook](#example-playbook)
This example is taken from [`molecule/default/converge.yml`](https://github.com/robertdebock/ansible-role-cve_2021_44228/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.
```yaml
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.cve_2021_44228
```
The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/robertdebock/ansible-role-cve_2021_44228/blob/master/molecule/default/prepare.yml):
```yaml
---
- name: Prepare
hosts: all
become: yes
gather_facts: no
roles:
- role: robertdebock.bootstrap
# The role is prepared to install extra software and also remove when
# the role is done. This is not idempotent, so in this playbook, the
# required software is already installed.
vars_files:
- ../../vars/main.yml
post_tasks:
- name: Install required software
ansible.builtin.package:
name: ["{{ cve_2021_44228_ps_package }}", unzip]
```
Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.
## [Role Variables](#role-variables)
The default values for the variables are set in [`defaults/main.yml`](https://github.com/robertdebock/ansible-role-cve_2021_44228/blob/master/defaults/main.yml):
```yaml
---
# defaults file for cve_2021_44228
# You can disable certain checks using these variables.
# Check suspicous processes.
cve_2021_44228_check_processes: yes
# Check suspicous packages.
cve_2021_44228_check_packages: yes
# This check uses `find`, which may use the disk intensively.
# Check suspicous files.
cve_2021_44228_check_files: yes
# This check uses `find`, which may use the disk intensively.
# Check suspicous jars
cve_2021_44228_check_archives: yes
# Add your own paths if you want to. The more paths you add, the more
# the disk will be used, but not having enough paths poses a risk of
# not finding vulnerable files.
# Paths to find files and jars in.
cve_2021_44228_paths_to_check:
- /var
- /etc
- /usr
- /opt
- /lib64
# The types of archives to scan.
cve_2021_44228_archive_patterns:
- "*.jar"
- "*.war"
- "*.ear"
- "*.aar"
```
## [Requirements](#requirements)
- pip packages listed in [requirements.txt](https://github.com/robertdebock/ansible-role-cve_2021_44228/blob/master/requirements.txt).
## [State of used roles](#state-of-used-roles)
The following roles are used to prepare a system. You can prepare your system in another way.
| Requirement | GitHub | GitLab |
|-------------|--------|--------|
|[robertdebock.bootstrap](https://galaxy.ansible.com/robertdebock/bootstrap)|[](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap)|
## [Context](#context)
This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.
Here is an overview of related roles:
## [Compatibility](#compatibility)
This role has been tested on these [container images](https://hub.docker.com/u/robertdebock):
|container|tags|
|---------|----|
|[Alpine](https://hub.docker.com/r/robertdebock/alpine)|all|
|[Amazon](https://hub.docker.com/r/robertdebock/amazonlinux)|all|
|[Debian](https://hub.docker.com/r/robertdebock/debian)|all|
|[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|all|
|[Fedora](https://hub.docker.com/r/robertdebock/fedora/)|all|
|[opensuse](https://hub.docker.com/r/robertdebock/opensuse)|all|
|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|focal, bionic|
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-cve_2021_44228/issues).
## [License](#license)
[Apache-2.0](https://github.com/robertdebock/ansible-role-cve_2021_44228/blob/master/LICENSE).
## [Author Information](#author-information)
[robertdebock](https://robertdebock.nl/)
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).