Scanning for Log4J on a container - the CVES not found

traubas · April 17, 2022, 10:38am

Hello,
I’m running 2 containers containing vulnerable processes with log4j vulnerability.
My feed is probably updated since i have cves and nvts up until April 14 2022 ~
I’m still not getting results.
I know there is a connection between the greenbone software and the docker services since i can see the JAVA logs in the containers receiving requests from the scanner (but not the log4j ones though i don’t know how to tell).

this is my feed status

also these are my scan configs

i’ve tried running:
greenbone-nvt-sync && greenbone-feed-sync --type GVMD_DATA && greenbone-scapdata-sync && greenbone-certdata-sync

but that doesn’t help.
i’ve noticed the scan configs are of 2020?
is this ok?
in the feed status everything is 2022 even the GVMD DATA which is 78 days old as it says.

Any ideas?

Also: Can anyone maybe upload Full and Fast scan config XML file so i can import it if there is a new version?

Jimicoop · April 22, 2022, 7:46pm

Clone your Full and fast config
Edit
Check the box on the general line to allow scanning for Log4j

Dexus · April 23, 2022, 6:18pm

If you run this on docker, you should set the hostname and domainname on the docker run command. Else you will see in the logs something like could not get bpf and nothing ist running. Also you need to use the network mode host or ipvlan or macvlan because only then your container listen to all ports. Which is need for the log4j etc. scans.

Best example is my gvm container, you find the link in my profile.

Regards Josef