Skip to content
/ inspec-log4j Public

An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

trickyearlobe/inspec-log4j

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
controls
controls
 
 
libraries
libraries
 
 
README.md
README.md
 
 
inspec.lock
inspec.lock
 
 
inspec.yml
inspec.yml
 
 

Repository files navigation

inspec-log4j

This profile scans for vulnerable versions of Log4j Core JAR files directly on the file system, and embedded in WAR files.

Running the profile locally

git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j

Running the profile against a remote SSH target

Ensure you have SSH keys loaded for a privileged user (such as root) on the target. Alternatively, check the CLI docs to see how to use Inspec with SUDO

git clone https://github.com/trickyearlobe/inspec-log4j
inspec exec inspec-log4j -t ssh://root@host

Packaging the profile for upload to Chef Automate

git clone https://github.com/trickyearlobe/inspec-log4j
inspec archive inspec-log4j

About

An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages