Vulnerability CVE-2021-44228

Question

What can be done to common log4j issue ?

ArturB

The quickest way is to apply the patch:

#!/bin/bash
cat <<EOF
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j utility was disclosed publicly via the project’s GitHub on December 9, 2021.
The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
Affected products: Elasticsearch, Logstash.
EOF

# elasticsearch
if [ -d "/usr/share/elasticsearch" ]
then
        echo -e "\n\nFound Elasticsearch home directory!\n"
        for jar in $(find /usr/share/elasticsearch -name 'log4j-core-2.*'); do
                        echo "Patching: "$jar; zip -q -d $jar org/apache/logging/log4j/core/lookup/JndiLookup.class
        done
fi


# logstash
if [ -d "/usr/share/logstash" ]
then
        echo -e "\n\nFound Logstash home directory!\n"
        for jar in $(find /usr/share/logstash -name 'log4j-core-2.*'); do
                        echo "Patching: "$jar; zip -q -d $jar org/apache/logging/log4j/core/lookup/JndiLookup.class
        done
fi

cat <<EOF
After applying the patch, please restart the services:

# systemctl restart logstash
# systemctl restart elasticsearch
EOF