Skip to content

Commit e4f1bd7

Browse files
lucab85lucab85
committed
doc: update Ansible Role documentation
1 parent 6cb6f36 commit e4f1bd7

File tree

1 file changed

+19
-17
lines changed

1 file changed

+19
-17
lines changed

README.md

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@ lucab85.ansible_role_log4shell
44
[![CI](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml)
55
[![Release](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml)
66

7-
Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).
7+
Ansible role to scan target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).
88

9-
[Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).
9+
Tested with [Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).
1010

1111
Ansible Playbook
1212
------------
@@ -21,7 +21,7 @@ ansible 2.9+
2121
Role Variables
2222
--------------
2323

24-
default values:
24+
The default variable values - `defaults/main.yml`:
2525

2626
```yaml
2727
sh_detector: "cve-2021-44228--2021-12-20-1836.sh"
@@ -32,22 +32,24 @@ detector_dir: "/opt/cve-2021-44228/"
3232
detector_run_dir: 'tmp'
3333
detector_options: '-n -d --no-progress --scan {{ detector_path }}'
3434
gpg_keyid: '7514F77D8366B0D9'
35+
gpg_server: "pgp.mit.edu"
3536
clean_run_before: true
3637
delete_after: true
37-
verify_gpg: true
38+
verify_gpg: false
3839
```
3940
40-
- sh_detector: the filename of the detector bash script file
41-
- sh_signature: the filename of the detector GPG signature file
42-
- detector_baseurl: the base URL to download the previous files
43-
- detector_path: the path to inspect (default `/var/`)
44-
- detector_dir: the download path of the detector (default `detector_dir`)
45-
- detector_run_dir: the subdirectory to create before the run (default `opt`)
46-
- detector_options: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
47-
- gpg_keyid: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
48-
- clean_run_before: remove the run directory and recreate before the execution - detector requires empty directory (default `true`)
49-
- delete_after: remove the _detector_dir_ the execution (default `true`)
50-
- verify_gpg: perform the GPG signature donwload and verification (default: `true`)
41+
- `sh_detector`: the filename of the detector bash script file
42+
- `sh_signature`: the filename of the detector GPG signature file
43+
- `detector_baseurl`: the base URL to download the previous files
44+
- `detector_path`: the path to inspect (default `/var/`)
45+
- `detector_dir`: the download path of the detector (default `detector_dir` - `/opt/cve-2021-44228/`) Note: volume requires exec permission!
46+
- `detector_run_dir`: the subdirectory to create before the run (default `tmp`)
47+
- `detector_options`: the command lines options for detector script (default `-n -d --no-progress --scan {{ detector_path }}`)
48+
- `gpg_keyid`: the GPG public key to download for the verification (default Red Hat Product Security `7514F77D8366B0D9`)
49+
- `gpg_server`: the GPG server where to download the GPG public key (default `pgp.mit.edu`)
50+
- `clean_run_before`: remove the run directory and recreate before the execution - detector requires an empty directory (default `true`)
51+
- `delete_after`: remove the _detector_dir_ after the execution (default `false`)
52+
- `verify_gpg`: perform the GPG signature download and verification (default: `false`)
5153

5254

5355
Dependencies
@@ -58,7 +60,7 @@ None.
5860
Download
5961
------------
6062

61-
Code also available in Ansible Galaxy role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell)
63+
First download the latest version of Ansible role [lucab85.ansible_role_log4shell](https://galaxy.ansible.com/lucab85/ansible_role_log4shell) Ansible Galaxy:
6264

6365
```bash
6466
ansible-galaxy install lucab85.ansible_role_log4shell
@@ -68,7 +70,7 @@ ansible-galaxy install lucab85.ansible_role_log4shell
6870
Example Playbook
6971
----------------
7072

71-
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
73+
This is an example of how to use the `lucab85.ansible_role_log4shell` role (with variables passed in as parameters):
7274

7375
```yaml
7476
---

0 commit comments

Comments
 (0)