Script for checking for Log4j security vulnerabilities
Many IT administrators are currently struggling with the disclosure of the Log4j security vulnerability. Log4j is not an application but an extension used by many vendors in the Java field. The major challenge lies in identifying these applications.
We spared no expense in developing this check. This check searches for, identifies, and classifies these Java libraries on the system. Libraries found are listed in the output, and an alert is triggered.
The script can (if desired) additionally close the security gap by removing the vulnerability within the libraries. If this component is actively used by the application, it may impair the application's functionality.
Therefore, the file is backed up beforehand as a .bak file, so that the original version can be restored if necessary. The parameter "Fix findings" can be answered with "Yes" and "No".
The search scope is limited to the local hard drive (C:) by default. To search all hard drives, enter the value "2" in the "Drives" option.
The third parameter, "Alarm", can be set in three levels:
- Critical (alarm triggered by open gaps)
- Warning [Recommended] (Alarm for open and "defused" vulnerabilities)
- Off (No alarm)
When adding the check, please note the execution time. This must be explicitly set. Most systems can manage with a timeout of 1200 seconds (20 minutes). The limit for checks is 3600 seconds.
For longer explanations, the script can be used as an exercise.
32-bit systems are not supported by the scan and will be flagged immediately. Therefore, this system can be addressed separately.