• Scanner: changed to version 2.9.2
• Bakery/WATO:
  • added option --throttle to limit CPU usage by max. # of files to scan per second
  • added option -Xmx to limit memory usage
  • removed option --force-fix/--backup-path
• Agent plugin:
  • added additional CVEs for Log4j 1 (CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2019-17571)
  • added Warn/Crit based on CVSS score
  • added CVE Description/Comment to service details
  • changed defaults for WARN/CRIT of affected files form (1, 1) to (None, None)
  • fixed missing comment in CVE data (THX to doc[at]snowheaven[dot]de)
• WATO:
  • added Monitoring state for CVE not found in agent data
  • changed options Scan for logback and Scan for log4j 1 enabled by default for new agent plugin rules
• Inventory
  • added entry's for CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2019-17571

Note: before updating to this version, untick "Fix files and backup" option in the agent rules.

• CHECK: added check plugin with the CVE id as item

• BAKERY: added option --exclude-pattern to the Exclude paths section

• INVENTORY: extended report for additional log4j/logback CVEs

• WATO:

  • added options for per CVE check
  • added discovery rule for per CVE check plugin
  • added rules for inventory plugins
  • changed display name (again) from 'CVE scanner for log4j (CVE-2021-44228-log4j)' to 'log4j CVE scanner (CVE-2021-44228-log4j)'
  • enabled 'attach_report_to_output' in "reporting" by default for new rules

• METRICS: added metrics/graph/perfometer for files_affected

• How To:

  • added "Inventory plugins", "Check plugin cve_2021_44228_log4j_cves" and "Scanner options implemented in the bakery" sections in "Use with the enterprise/free edition of CMK"
  • updated "The config file for cve_44228_log4j agent plugin"

Note: before installing the update untick the "Exclude paths" option in the agent rules and bake the agent. After the update you can reconfigure the "Exclude paths" option.

To use the new check plugin and the CVE inventory you need to enable "Enable reporting" -> "Send report to checkmk" in the bakery plugin rules. Whether a file is affected by a specific CVE and the additional information in the inventory is based solely on the log4j/logback version reported by the Logpresso scanner. It says nothing about whether the CVE is exploitable or not.

• added inventory for logpresso report
• changed scanner version to 2.7.2 (2022-01-11)
• WATO added option to add the logpresso report to the cmk inventory instead of reporting to file/directory
• WATO moved reporting from file option "Name of the file to report to" to "Append results to log file" (it's technically the same scanner option)
• WATO added options for inventory plugin

Note: before updating to v0.0.9 untick "Enable file reporting" in your agent rules. After updating you can reenable them. "Name of the file to report to" is moved to "Append results to log file"

• added PLUGIN_TIMEOUT to the config file
• added BAKERY_VERSION to the config file (for debugging)
• added warn on missing agent output (see WATO)
• added inventory plugin and view for reporting/sorting/filtering etc.
• added option to exclude files (bulk)
• changed check parse function made more robust on unexpected input
• changed windows script reading variables from file
• changed windows script timeout handling to match Linux script version
• changed WATO display names to CVE scanner for log4j (CVE-2021-44228-log4j)
• changed "Silent output" to enabled by default for new WATO rules
• changed handling of output of values to make it "sortable"
• fixed on Linux scanner got not killed on timeout by the agent
• fixed run_time missing on service info (THX to doc[at]snowheaven[dot]de)
• fixed missing newline on plugin section header output in Linux script

Known issues

• exclude files (bulk) is only working with windows see Can not exclude specific files (only paths/directories is working) #223

From the changelog

• changed logpresso scanner to version 2.7.1
• added bakery option for bulk exclude (--exclude-config)
• added bakery option for bulk search path (-f)
• added bakery option for append reporting to file (--json-log-path/--csv-log-path)
• added bakery option for change syslog facility (--syslog-facility)
• added bakery option for enable rfc5424 syslog message format (--rfc5424), fixes broken syslog message in CMK event console

After updating to this version you will need to reconfigure your bakery rules.