Implementing workaround to remediate CVE-2021-44228 for vRealize LogInsight 8.2 - 8.6 versions

Updated: Jun 13



 

Here's the PDF document of the same instructions



CVE-2021-44228 vRealize LogInsight Workaround Implementation
.pdf
Download PDF • 686KB

 

Note: The content of this blog is same as in KB: 87089 but with screenshots and expected outputs to make things easier



 

Purpose

  • CVE-2021-44228 has been determined to be present in vRealize Log Insight 8.2 - 8.6 via the Apache Log4j open source component it ships

  • This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing: CVE-2021-44228 - VMSA-2021-0028



 

Resolution

  • The workarounds described in this document are meant to be a temporary solution only.

  • Upgrades documented in the aforementioned advisory should be applied to remediate CVE-2021-44228 when available



 


Workaround

  • To apply the workaround for CVE-2021-44228 to vRealize Log Insight, perform the following steps:


For each vRealize Log Insight node:


step:1

Download and Copy the li-log4j-fix.sh script or file to /tmp directory




step:2

SSH to the node or use Console by pressing Alt+F1 and login as root and then change or browse to /tmp where the script has been copied


cd /tmp

step:3

List the files to see li-log4j-fix.sh script present


step:4

Run below command to make this executable



chmod +x /tmp/li-log4j-fix.sh

Once executed , you would see that the permissions of the file change

step:5


Next step is to EXECUTE the script


root@li [ /tmp ]# ./li-log4j-fix.sh 

Hardening Log Insight appliance against CVE-2021-44228. For more information refer to: https://www.tenable.com/cve/CVE-2021-44228. 

Patching Log Insight Java options: /etc/default/loginsight... SUCCESS 
Patching Cassandra Java options: /usr/lib/loginsight/application/lib/apache-cassandra-*/conf/jvm.options... SUCCESS 
Patching Tomcat Java options: /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/bin/catalina.sh... SUCCESS 

ATTENTION: Please restart Log Insight service for the patch to take effect.

step:6

Once done perform a LogInsight service restart


service loginsight restart 

Wait for few seconds till vRealize LogInsight is fully up



NOTE:

  • Since i have a standalone node for vRealize LogInsight , there was no need for me to upload and implement patch on other nodes. if there are multiple nodes in your environment then these steps have to be followed on each node one after another

  • Ensure the LogInsight services are completely up and running before proceeding to the next server




 

Validation

  • To verify the workaround for CVE-2021-44228 has been correctly applied to vRealize Log Insight, perform the following steps:

  1. Log into each node as root via SSH or Console, pressing ALT+F1 in a Console to log in

  2. Run the following command to verify if the workaround was successful:


ps axf | grep --color log4j2.formatMsgNoLookups | grep -v grep


Note: There should be a output from the above command.

If there was no output on any particular node(s), that node(s) was not successfully modified

Re-run the script on that node(s) following the instructions above



 

77 views0 comments