I dont have any remote devices sending to my cluster using log4j. I want to know if I can simply remove the plugin with
Code: Select all
yum remove log4j
Code: Select all
yum remove log4j
Code: Select all
find /usr/local/nagioslogserver -name "log4*" -ls | rev | cut -f1 -d"/" | rev | grep jar | sort -u
log4j-1.2.15.jar
log4j-1.2.17.jar
Code: Select all
yum list installed | grep -i log4
Also Tenables' Research Research Highlights:The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
156103 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.
Code: Select all
tar -czvf log4jbkp.122821.tgz /usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar
zip -d /usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar org/apache/log4j/net/JMSAppender.class
Code: Select all
tar -C / -xzvf log4jbkp.122821.tgz
Code: Select all
https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/