https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/803915#M449 <P>For validation, I would rerun the search and if they were zipped, you shouldn't get any results for log4j-core-2.*.jar.</P> Thu, 24 Mar 2022 21:57:38 GMT jasonfor 2022-03-24T21:57:38Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/796552#M420 <P>Hello,</P><P>&nbsp;</P><P>I am looking for some help with log4j remediation.</P><P>&nbsp;</P><P>Once I run the below remediation script for the identified jar file, how to do I validate it?</P><P>&nbsp;</P><PRE class=""><CODE>zip -q -d <EM>path-to-JAR-file</EM> org/apache/logging/log4j/core/lookup/JndiLookup.class</CODE></PRE><P>&nbsp;</P> Wed, 16 Feb 2022 13:57:22 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/796552#M420 muduki 2022-02-16T13:57:22Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/796597#M421 <P>Start here:</P> <P>&nbsp;</P> <P><A href="https://support.sas.com/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html" target="_self">SAS Statement Regarding Remote Code Execution Vulnerability (CVE-2021-44228)</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 16 Feb 2022 15:58:05 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/796597#M421 AMSAS 2022-02-16T15:58:05Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/797557#M422 <P>Thank you for the link. Yes, I gone through that earlier, but that gives the steps for remediation. I dont see any specific step for validation.</P><P>&nbsp;</P><P>Would you mind to share if you are aware of any validation steps for manual log4j remediation?</P> Mon, 21 Feb 2022 08:38:22 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/797557#M422 muduki 2022-02-21T08:38:22Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/803915#M449 <P>For validation, I would rerun the search and if they were zipped, you shouldn't get any results for log4j-core-2.*.jar.</P> Thu, 24 Mar 2022 21:57:38 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/803915#M449 jasonfor 2022-03-24T21:57:38Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/803917#M450 <P>Is this the only command to issue for UNIX?&nbsp;<STRONG>zip -q -d path-to-JAR-file org/apache/logging/log4j/core/lookup/JndiLookup.class</STRONG></P><P>&nbsp;</P><P>Also does the&nbsp;<STRONG>path-to-JAR-file&nbsp;</STRONG>include the actual .jar file, for example what's in red (/opt/sas/sashome/SASEnvironmentManagerAgent/2.5/installer/lib/<STRONG><FONT color="#FF0000">log4j-core-2.11.1.jar</FONT></STRONG><FONT color="#000000">)</FONT></P><P>&nbsp;</P><P><FONT color="#000000">Thank you.</FONT></P> Thu, 24 Mar 2022 22:04:49 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/803917#M450 jasonfor 2022-03-24T22:04:49Z https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/804078#M451 <P>Correction:&nbsp;</P><P>The find command will still find those jar files.&nbsp; You want to verify that JndiLookup.class has been removed.</P><P>&nbsp;</P><P>I think you can use something similar to this:</P><P>&nbsp;</P><P>find . -name *.jar | xargs grep JndiLookup.class</P><P>&nbsp;</P><P>Another way would be to spot check one or two jar files, by copying them to a temporary location, run “unzip jarfilename.jar”, and eyeball the extracted folder and see if JndiLookup.class is no longer there.</P> Fri, 25 Mar 2022 14:26:15 GMT https://communities.sas.com/t5/SAS-Software-for-Learning/log4j-remediation/m-p/804078#M451 jasonfor 2022-03-25T14:26:15Z