Implementing workaround to remediate CVE-2021-44228 for vRealize LogInsight 8.2 - 8.6 versions
Implementing workaround to remediate CVE-2021-44228 for vRealize LogInsight 8.2 - 8.6 versions
-
-
Dec 13, 2021
-
2 min read
Updated: Jun 13, 2022
Rated NaN out of 5 stars.
Here’s the PDF document of the same instructions
CVE-2021-44228 vRealize LogInsight Workaround Implementation.pdf
Download PDF • 686KB
Note: The content of this blog is same as in KB: 87089but with screenshots and expected outputs to make things easier
Purpose
- CVE-2021-44228 has been determined to be present in vRealize Log Insight 8.2 - 8.6 via the Apache Log4j open source component it ships
- This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing: CVE-2021-44228 - VMSA-2021-0028
Resolution
- The workarounds described in this document are meant to be a temporary solution only.
- Upgrades documented in the aforementioned advisory should be applied to remediate CVE-2021-44228 when available
Workaround
- To apply the workaround for CVE-2021-44228 to vRealize Log Insight, perform the following steps:
For each vRealize Log Insight node:
step:1
Download and Copy the li-log4j-fix.sh script or file to /tmp directory
step:2
SSH to the node or use Console by pressing Alt+F1 and login as root and then change or browse to /tmp where the script has been copied
cd /tmpstep:3
List the files to see li-log4j-fix.sh script present
step:4
Run below command to make this executable
chmod +x /tmp/li-log4j-fix.sh
Once executed , you would see that the permissions of the file change
step:5
Next step is to EXECUTE the script
root@li [ /tmp ]# ./li-log4j-fix.sh
Hardening Log Insight appliance against CVE-2021-44228. For more information refer to: https://www.tenable.com/cve/CVE-2021-44228.
Patching Log Insight Java options: /etc/default/loginsight... SUCCESS
Patching Cassandra Java options: /usr/lib/loginsight/application/lib/apache-cassandra-*/conf/jvm.options... SUCCESS
Patching Tomcat Java options: /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/bin/catalina.sh... SUCCESS
ATTENTION: Please restart Log Insight service for the patch to take effect.
step:6
Once done perform a LogInsight service restart
service loginsight restartWait for few seconds till vRealize LogInsight is fully up
NOTE:
- Since i have a standalone node for vRealize LogInsight , there was no need for me to upload and implement patch on other nodes. if there are multiple nodes in your environment then these steps have to be followed on each node one after another
- Ensure the LogInsight services are completely up and running before proceeding to the next server
Validation
-
To verify the workaround for CVE-2021-44228 has been correctly applied to vRealize Log Insight, perform the following steps:
- Log into each node as root via SSH or Console, pressing ALT+F1 in a Console to log in
- Run the following command to verify if the workaround was successful:
ps axf | grep --color log4j2.formatMsgNoLookups | grep -v grep
Note: There should be a output from the above command.
If there was no output on any particular node(s), that node(s) was not successfully modified
Re-run the script on that node(s) following the instructions above