cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
muduki
Calcite | Level 5 muduki
Calcite | Level 5

log4j remediation

Posted 02-16-2022 08:57 AM (936 views)

Hello,

 

I am looking for some help with log4j remediation.

 

Once I run the below remediation script for the identified jar file, how to do I validate it?

 

zip -q -d path-to-JAR-file org/apache/logging/log4j/core/lookup/JndiLookup.class

 

0 Likes
Reply
5 REPLIES 5
muduki
Calcite | Level 5 muduki
Calcite | Level 5

Re: log4j remediation

Posted 02-21-2022 03:38 AM (885 views)  |   In reply to AMSAS

Thank you for the link. Yes, I gone through that earlier, but that gives the steps for remediation. I dont see any specific step for validation.

 

Would you mind to share if you are aware of any validation steps for manual log4j remediation?

0 Likes
Reply
jasonfor
Calcite | Level 5 jasonfor
Calcite | Level 5

Re: log4j remediation

Posted 03-24-2022 05:57 PM (818 views)  |   In reply to muduki

For validation, I would rerun the search and if they were zipped, you shouldn't get any results for log4j-core-2.*.jar.

0 Likes
Reply
jasonfor
Calcite | Level 5 jasonfor
Calcite | Level 5

Re: log4j remediation

Posted 03-25-2022 10:26 AM (800 views)  |   In reply to jasonfor

Correction: 

The find command will still find those jar files.  You want to verify that JndiLookup.class has been removed.

 

I think you can use something similar to this:

 

find . -name *.jar | xargs grep JndiLookup.class

 

Another way would be to spot check one or two jar files, by copying them to a temporary location, run “unzip jarfilename.jar”, and eyeball the extracted folder and see if JndiLookup.class is no longer there.

0 Likes
Reply
jasonfor
Calcite | Level 5 jasonfor
Calcite | Level 5

Re: log4j remediation

Posted 03-24-2022 06:04 PM (816 views)  |   In reply to muduki

Is this the only command to issue for UNIX? zip -q -d path-to-JAR-file org/apache/logging/log4j/core/lookup/JndiLookup.class

 

Also does the path-to-JAR-file include the actual .jar file, for example what's in red (/opt/sas/sashome/SASEnvironmentManagerAgent/2.5/installer/lib/log4j-core-2.11.1.jar)

 

Thank you.

0 Likes
Reply

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 5 replies
  • ‎02-16-2022 08:57 AM
  • 937 views
  • 0 likes
  • 3 in conversation