• Stars
    star
    258
  • Rank 158,189 (Top 4 %)
  • Language
    Shell
  • License
    The Unlicense
  • Created almost 3 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

a fast check, if your server could be vulnerable to CVE-2021-44228

log4j_checker_beta - Linux, macOS and Windows Scripts

If you want to use the windows/linux download cradles below, please review the scripts beforehand. Loading code from the internet and execute it is what brought us here with Log4Shell - right? ;-)

Linux and macOS servers or clients

The log4j_checker_beta.sh script is used to perform a fast check if your server is possibly affected by CVE-2021-44228 (the log4j vulnerability).
It does not give a 100% proof, that you are not vulnerable, but it gives a hint if it is possible, that you could be vulnerable.

  • scans files for occurrences of log4j
  • checks for packages containing log4j and Solr ElasticSearch
  • checks if Java is installed
  • Analyzes JAR/WAR/EAR files
  • Option of checking hashes of .class files in archives

Run with:

wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - |bash

If you only want to see the warnings use

wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - | bash | grep '\[WARNING\]'

Make sure, your locate database is updated before running with

sudo updatedb

Hash checking

The script can test .class files on the first level of JAR/WAR/EAR archives to see if they match with known sha256 hashes of vulnerable class files from log4j.
You have to provide a download of plain text file with sha256 hashes in HEX format, one per line, everything after first is ignored. The URL can be placed in variable download_file. Otherwise this feature will not operate.

The information Lunasec.io has put out about hashes of vulnerable binary Java .class files:

https://github.com/lunasec-io/lunasec/blob/master/tools/log4shell/constants/vulnerablehashes.go

Also see their blog: https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/

usage

We did include a SHA256_HASHES_URL in the script that directs to the file hashes-pre-cve.txt in this repository. But you can add your own URL as first parameter to the script on the shell or use a local file, e.g. store your file in hashes-pre-cve_local.txt and then call:

./log4j_checker_beta.sh hashes-pre-cve_local.txt

dependencies

The commands locate and unzip need to be installed. unzip to inspect the jar files.

To install on Debian and Ubuntu systems:

sudo apt install unzip locate
sudo updatedb

discussion

https://serverfault.com/questions/1086065/how-do-i-check-if-log4j-is-installed-on-my-server/1086132#1086132

Windows servers or clients

You can use the snippet

IEX (New-Object Net.Webclient).downloadstring("https://raw.githubusercontent.com/anlx-sw/log4j_checker_beta/main/get-vulnerablejars.ps1")

to directly check for potentially vulnerable jar files on windows. Or you could download this script and point the output to a writable fileshare. This still worked for me for me for Powershell 2.0 on Windows Server 2012.

Error handling or additional features where not added on purpose to keep it short and easy and compatible with Powershell 2.0 and older versions of Windows. This script just checks for jar files and searches for the string "JndiLookup.class" which indicates a vulnerable library. Use your tool of choice to run it with admin permissions (or just use it manually).

Alternatively, if you can't use powershell, you could this snippet for the command prompt to scan the current drive for jar files with the "JndiLookup.class". After running this line with admin permissions check the file c:\log4j-vuln.txt for vulnerable files.

cd \  && for /r %f in (*.jar) do (find /i /c "JndiLookup.class" "%f" 1>nul && echo "%f" >> "c:\log4j-vuln.txt")

More Repositories

1

rsync-homedir-excludes

455
star
2

php-mysql-fix

A php include that replaces all mysql functions with the corresponding mysqli functions
PHP
109
star
3

table2CSV

A small JQuery utility which allows you to export any HTML table as CSV file
JavaScript
54
star
4

mouse-speed

Bash script for to increase or decrease the mouse and touchpad speed and the RSI-tool typebreak
Shell
34
star
5

devPixelsPerPx-Toggle

Firefox Add-On Zoom Menu Elements - Zoom all elements by factor 2
JavaScript
19
star
6

set_resolution.py

Python
14
star
7

freifunk-faltblatt-6-seiten

freifunk-flyer 6 Seitig
14
star
8

fix-wordpress-permissions.sh

configures WordPress file permissions based on recommendations from http://codex.wordpress.org/Hardening_WordPress#File_permissions
Shell
13
star
9

mysql-backup.sh

Backup all tables in all databases with ignore list
Shell
11
star
10

gluon-build-script

instruction for build gluon (bash script and wiki text at the same time)
Shell
5
star
11

Coffee-plus-plus

Coffee++ keyboardlayout
5
star
12

remove-old-kernels

Shell
3
star
13

freifunk-red-andy

responsive redmine theme with logo and favicon
CSS
3
star
14

vhost-split.py

Split the same virtualhost configuration across multiple files
Python
2
star
15

timeeffect

online time tracking suite
PHP
2
star
16

batman-connect

Connect to your Freifunk community as node with your local computer
Shell
2
star
17

matrix-dl

Download backlogs from Matrix as raw text - fork of https://gitlab.gnome.org/yarikoptic/matrix-dl
Python
2
star
18

ffki-downloader

HTML
1
star
19

gluon-alt-esc

standalone packages for 2017.1.x of gluon issue #1094
Lua
1
star
20

freifunk-site-conf-scraper

This script downloads all sites from the gluon wiki to build an index
Shell
1
star
21

zoomed-default-font-fix

Fix for zoomed default-font
JavaScript
1
star
22

Win2rightMouseButton

replaces the Left Window key and the Window-key
AutoHotkey
1
star
23

FreifunkForumSearch

Search addon for Firefox in the german forum for openwifi https://forum.freifunk.net
1
star
24

intel-turbo-boost

dis-/enable Intel turbo-boost
Shell
1
star
25

freifunk-sticker

1
star
26

multi-matrix-ansible

1
star
27

Goldkarpfen

git mirror of https://gitlab.com/rubo77/Goldkarpfen
Shell
1
star
28

eliteNameGen

javascript elite name generator
JavaScript
1
star
29

ffmap-backend-bridge

two scripts, that serve ffmap-backend to access alfred and batman data
Shell
1
star
30

Thunderbird-AttachmentExtractor

JavaScript
1
star