How to Detect Log4J vulnerabilities in your organization
Hi,
I just finished deploying this method for Windows devices in my company, figure I'd share to save some time for everyone else.
Deploy this script to all your Windows machines. It will write the path of any affected .jar files to a text. The text can subsequently be read into a custom inventory item using the rule: ShellCommandTextReturn(cmd.exe /c type C:\programdata\quest\kace\customdata\log4jclass.txt)
Answers (2)
I got an error
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($affected.Count -eq 0) {
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (elseif:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I'm sure it's something simple but I just don't know enough about scripting yet to figure it out on my own.
This is the output log for the failed attempt:
gci : Access is denied
At C:\ProgramData\Quest\KACE\scripts\466\detectlog4j.ps1:4 char:61
+ ... m | foreach { (gci ($_.Root) -rec -force -include *.jar -ea 0 | forea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ChildItem], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetChildItemCommand - ScottAday 3 years ago