License
THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE OF THIS SCRIPT. 
IN NO EVENT SHALL THESE SCRIPTS BE DEEMED TO BE CLOUD SERVICES AS PROVIDED BY QUALYS

Log4j Vulnerability Scanner Shell Script:

Description:
This shell script intends to collect necessary details and help detect CVE-2021-44228 and CVE-2021-45046 vulnerabilities reported in Log4j.
The script will scan the entire filesystem, including archives (and nested JARs) for the Java class that indicates the Java application contains a vulnerable Log4j library. 

Once Log4j QID is introduced in Qualys VM signature, the output file generated by this script will serve as a data point to assess and report the QID during agent VM scan.

Usage: 
Supported platforms: RHEL, CentOS, Ubuntu, Debian, Amazon Linux, OEL 
Supported architectures: x64, ARM

How to run the script? 
1) Create and save a script (.sh) file using any text editor.
2) Execute the script file using shell script. Use the following command:
sh <script-name>.sh
Here, <script-name> is actual script name.

The following details are shown in the output: 

Source: Path of pom.xml within a jar file
JNDI class found or not found status
Path of the jar
log4j version

The script’s standard output will be redirected to /usr/local/qualys/cloud-agent/log4j_findings.stdout.
Any error occurring during its execution is redirected to /usr/local/qualys/cloud-agent/log4j_findings.stderr: This file will also contain command execution start time and status on completing the run.
However, no status information will be written in the error file if its execution is aborted.

Sample output:(/usr/local/qualys/cloud-agent/log4j_findings.stdout) 
Source: META-INF/maven/org.slf4j/slf4j-log4j12/pom.xml META-INF/maven/log4j/log4j/pom.xml
JNDI-Class: JNDI Class Not Found
Path= /root/akshata/TestFiles_log4j/TestFiles/kafka-producer-intellij.jar
log4j Unknown
------------------------------------------------------------------------
Source: META-INF/maven/org.apache.logging.log4j/log4j-api/pom.xml META-INF/maven/org.apache.logging.log4j/log4j-core/pom.xml
JNDI-Class: JNDI Class Found
Path= /root/akshata/TestFiles_log4j/TestFiles/ProjWithVulLog4j-1.0-SNAPSHOT-jar-with-dependencies.jar
log4j 2.13.0
------------------------------------------------------------------------
Source: META-INF/maven/log4j/log4j/pom.xml
JNDI-Class: JNDI Class Not Found
Path= /usr/share/java/log4j.jar
log4j Unknown
------------------------------------------------------------------------

Sample error file: (/usr/local/qualys/cloud-agent/log4j_findings.stderr)
scanning started for log4j jar
Thu Dec 16 17:47:36 IST 2021
Run status : Success