Hello folks,
Below script will help you locate log4j jar files and their versions on your Windows endpoints. It simply searches for file names containing log4j and generates a list of files and their file paths. You can than refer to Apache website to decide if they need your attention. Hope it helps your remediation efforts.
Moderators, please upload this to scripts.itarian.com so our community can find it easily.
Happy holidays!
#This script will help you locate log4j jar files and their versions on your Windows endpoints.
#It simply searches for file names containing log4j and generates a list of files and their file paths.
#You can than refer to Apache website to decide if they need your attention. Hope it helps your remediation efforts.
#Make sure to check “configure parameters” button before running the procedure and use default value “log4j”
#Searching files in drive names from B to E, change this for your endpoints if needed. see below
param = itsm.getParameter(‘Keyword’)
import ctypes
import sys
import os
import re
search_name="."+param+"."
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirect ion
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirecti on
def enter(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def exit(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
with disable_file_system_redirection():
disk=os.popen( r’wmic logicaldisk get name’).read()
#Searching drive names from B to E, change this for your endpoints if needed.
drive_list = re.findall(r’.*[B-E]:’,disk)
#print drive_list
#print type (drive_list)
drive = “”
for drive in drive_list:
drive_path = drive+""
for dirpath,dirs,files in os.walk(drive_path):
try:
for k in files:
result = re.search(search_name,k,re.IGNORECASE)
if result != None:
fpath=os.path.join(dirpath,k)
print fpath
except:
pass