Scan docker containers for log4j/Log4Shell exploit

If you are running docker container on Unraid, follow these steps to scan containers; Open up a terminal window in unraid and copy/paste the following

curl -sSfL | sh -s -- -b /usr/local/bin

This will install the grype package. “temporarily, if you reboot you will have to re-install the package again.”

Then use this command in the terminal window to list your docker containers

docker image ls -a

Once you have the name for your docker image, you can run the grype tool in the terminal window.

$grype "docker-image-name":"tag"

for examplel

grype linuxserver/sonarr:develop

The tool will then scan the image for all vulnerabilities and will print them all out on the screen as a list. Look for log4j.

Pulled from housewrecker/gaps..

log4j-api 2.14.1 2.15.0 GHSA-jfh8-c2jp-5v3q Critical

pulled from jbartlett777/diskspeed..

log4j 1.2.16 GHSA-2qrg-x229-3v8q Critical

log4j 1.2.16 CVE-2019-17571 Critical

log4j 1.2.16 CVE-2020-9488 Low

log4j 1.2.17 GHSA-2qrg-x229-3v8q Critical

log4j 1.2.17 CVE-2019-17571 Critical

log4j 1.2.17 CVE-2020-9488 Low

One last thing, you can install this tool on a different device but you’ll probably have to;

chown "user" /usr/local/bin/

“temporarily” on the terminal of your different device to make it work. The tool just pulls the current docker image from dockerhub so it doesn’t need to be ran on the same machine if you don’t want to.


FavoriteLoadingAdd to favorites
Spread the love

Author: Shahzad Khan

Software developer / Architect