In response to the Log4j CVE vulnerabilities, CVE-2021-44228 and CVE-2021-45046, this document describes how to
detect these critical vulnerabilities on Windows and UNIX systems. 

Use the following CCS technical standards to scan Windows and UNIX target systems and detect if the vulnerable Log4jcore*.jar components are present.
Download the CCS_Log4j_Critical_Vulnerabilities_Detection.zip file (this can be downloaded from the support portal where the CCS Media is downloaded from under Content_Release) and use the following CCS technical standards:

     ● Windows Patch Assessment for Log4j Vulnerabilities CVE-2021-44228 and CVE-2021-45046
     ● Log4j critical vulnerabilities CVE-2021-45046 and CVE-2021-44228 detection on all Windows systems - Script
        based
     ● Log4j critical vulnerabilities CVE-2021-45046 and CVE-2021-44228 detection on all UNIX systems

Windows Patch Assessment for Log4j Vulnerabilities CVE-2021-44228 and CVE-2021-45046

This standard verifies the status of these vulnerable CVEs against the installed products as per the feed available in
Ivanti's Shavlik patch assessment file. You can also download the most recent Shavlik feed to get the most coverage as
and when the feed is updated. You can download it from https://content.ivanti.com/data/WindowsPatchData.zip.

Perform the following steps to detect the vulnerable CVEs on Windows:

1. Copy the below XML files on the CCS Application Server machine.
     • Win_Patch_Assessment_Log4j_Vulnerabilities_detection.xml
2. Import the standard XML into a CCS system.
3. Copy the WindowsPatchData.zip file to the following location on a CCS Manager machine:
     • C:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\DPS\control\Windows\PatchAssessment
4. Run the CER job.

Log4j critical vulnerabilities CVE-2021-45046 and CVE-2021-44228 detection on all Windows systems - Script based

This standard scans the entire Windows file system to find and report the vulnerable log4j-core*.jar file. This is a script based check and hence can be used to scan Windows Agent-based systems only.
For large file systems, the scan may take some time to complete.

Prerequisites to use the script-based check:

     ● Control Compliance Suite 12.x Agent
     ● Integrated Command Engine (ICE) settings must be enabled on the agent system

Perform the following steps to detect the vulnerable log4j-core*.jar files on Windows:

1. Copy the following XML files on the CCS Application Server machine:
     • Win_Log4j_critical_vulnerabilities_detection_Scriptbased.xml
     • Win_Log4j_critical_vulnerabilities_detection_Scriptbased_Script.xml
2. Import the standard XML into a CCS system.
3. Run the CER job.

Log4j critical vulnerabilities CVE-2021-45046 and CVE-2021-44228 detection on all UNIX systems

This standard contains a command-based check that you can use to identify all the versions of the log4j-core*.jar file
present in the entire UNIX file system and detect any vulnerable jar files. For large file systems, the scan may take some
time to complete.

Prerequisites to use the command-based check:

     • Make sure the sha256sum and zipgrep commands are present on the target UNIX machines.
     • Add the following commands in the CommandWhitelist.ini configuration file present on the CCS Manager
       machine at <ccs_installation_path>\Reporting and Analytics\DPS\control\Unix\ConfigFiles:
          o awk,basename,continue,cut,do,done,echo,egrep,env,export,fi,find,if,sha256sum,sudo,then,tr,while,zipgrep

Perform the following steps to detect the vulnerable log4j-core*.jar on UNIX:

1. Copy the following XML files on the CCS Application Server machine:
     • Unx_Log4j_critical_vulnerabilities_detection.xml
     • Unx_Log4j_critical_vulnerabilities_detection_Command.xml
2. Import the standard xml into a CCS system.
3. Run the CER job.