Difference between revisions of "Vulnerability Remediation"
(Created page with "= Lingoport's Response to Major Software Vulnerabilities = == Apache Log4j Security Vulnerabilities == A major security vulnerability allowing for remote code execution on a...") |
|||
| Line 27: | Line 27: | ||
2. Replace other log4j instances on your system with 2.15 |
2. Replace other log4j instances on your system with 2.15 |
||
| − | The following script will |
+ | The following script will replace vulnerable log4j libraries with 2.15. It searches all of /var /tomcat /home /opt /lib for the vulnerable libraries, and replace any that are found. |
| + | |||
| + | <pre> |
||
| + | #!/bin/bash |
||
| + | |||
| + | strip_version() { |
||
| + | target="$1" |
||
| + | echo "$target" | sed -E 's|-[0-9.]+.jar|-|' |
||
| + | } |
||
| + | |||
| + | if [[ ! -d /tmp/apache-log4j-2.15.0-bin/ ]] ; then |
||
| + | echo >&2 "Please retrieve apache log4j 2.15 and unzip it in /tmp before running this script" |
||
| + | exit 1 |
||
| + | fi |
||
| + | |||
| + | while read -r log4j_jar ; do |
||
| + | if [[ -z "$log4j_jar" ]] ; then |
||
| + | continue |
||
| + | fi |
||
| + | if [[ "$log4j_jar" == *"-2.15"* ]] ; then |
||
| + | echo "Up to date: $log4j_jar" |
||
| + | continue |
||
| + | fi |
||
| + | if [[ "$log4j_jar" == *"-1."* ]] ; then |
||
| + | echo "1.x - safe: $log4j_jar" |
||
| + | continue |
||
| + | fi |
||
| + | if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then |
||
| + | echo "$log4j_jar" |
||
| + | while read -r replace_target ; do |
||
| + | user_group="$(stat -c "%U:%G" "$replace_target")" |
||
| + | without_version="$(strip_version "$replace_target")" |
||
| + | patched_jar="$(basename "$without_version")2.15.0.jar" |
||
| + | echo "$replace_target - $perms - $without_version - $patched_jar" |
||
| + | set -x |
||
| + | cp /tmp/apache-log4j-2.15.0-bin/"$patched_jar" "$(dirname "$replace_target")" |
||
| + | chown "$user_group" "$(dirname "$replace_target")/$patched_jar" |
||
| + | mv "$replace_target" "$replace_target.orig.vulnerable" |
||
| + | set +x |
||
| + | done <<< "$(find "$(dirname "$log4j_jar")" -name "log4j*")" |
||
| + | #cp "$log4j_jar" "$log4j_jar.orig.vulnerable" |
||
| + | #zip -q -d "$log4j_jar" org/apache/logging/log4j/core/lookup/JndiLookup.class |
||
| + | fi |
||
| + | done <<< "$(find / '(' -path '/var*' -o -path '/tomcat*' -o -path '/home*' -o -path '/opt*' -o -path '/lib*' ')' -name 'log4j*.jar')" |
||
| + | |||
| + | </pre> |
||
Revision as of 20:39, 11 December 2021
Contents
Lingoport's Response to Major Software Vulnerabilities
Apache Log4j Security Vulnerabilities
A major security vulnerability allowing for remote code execution on affected systems.
See: https://logging.apache.org/log4j/2.x/security.html
Lingoport Response
Pending further action, Lingoport has shut down all non-critical systems.
Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.15 followed by a hard reboot.
For Lingoport Clients
The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.15.
1. Retrieve log4j 2.15:
cd /tmp/ curl -O https://dlcdn.apache.org/logging/log4j/2.15.0/apache-log4j-2.15.0-bin.zip unzip apache-log4j-2.15.0-bin.zip
2. Replace other log4j instances on your system with 2.15
The following script will replace vulnerable log4j libraries with 2.15. It searches all of /var /tomcat /home /opt /lib for the vulnerable libraries, and replace any that are found.
#!/bin/bash
strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}
if [[ ! -d /tmp/apache-log4j-2.15.0-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.15 and unzip it in /tmp before running this script"
exit 1
fi
while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.15"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "$log4j_jar"
while read -r replace_target ; do
user_group="$(stat -c "%U:%G" "$replace_target")"
without_version="$(strip_version "$replace_target")"
patched_jar="$(basename "$without_version")2.15.0.jar"
echo "$replace_target - $perms - $without_version - $patched_jar"
set -x
cp /tmp/apache-log4j-2.15.0-bin/"$patched_jar" "$(dirname "$replace_target")"
chown "$user_group" "$(dirname "$replace_target")/$patched_jar"
mv "$replace_target" "$replace_target.orig.vulnerable"
set +x
done <<< "$(find "$(dirname "$log4j_jar")" -name "log4j*")"
#cp "$log4j_jar" "$log4j_jar.orig.vulnerable"
#zip -q -d "$log4j_jar" org/apache/logging/log4j/core/lookup/JndiLookup.class
fi
done <<< "$(find / '(' -path '/var*' -o -path '/tomcat*' -o -path '/home*' -o -path '/opt*' -o -path '/lib*' ')' -name 'log4j*.jar')"
