[리눅스] logpresso log4j2-scan

logpresso log4j2-scan

log4j2-scan은 CVE-2021-44228 취약점 스캔 및 완화 패치를 위한 단일 바이너리 명령줄 도구입니다. 또한 중첩된 JAR 파일 스캔 및 패치를 지원합니다.

https://github.com/logpresso/CVE-2021-44228-Scanner

$ docker-compose exec elasticsearch bash

$ find / -name log4j-core-*.jar


$ ls -l /usr/share/elasticsearch/lib/ | egrep log4j
-rw-r--r-- 1 elasticsearch root   264060 Jul  3  2019 log4j-api-2.11.1.jar
-rw-r--r-- 1 elasticsearch root  1607947 Jul  3  2019 log4j-core-2.11.1.jar

log4j2-scan 설치

$ wget https://github.com/logpresso/CVE-2021-44228-Scanner/releases/download/v1.2.2/logpresso-log4j2-scan-1.2.2-linux.tar.gz

$ tar xvfz logpresso-log4j2-scan-1.2.2-linux.tar.gz

./log4j2-scan /usr/share/elasticsearch log4j2-scan 실행

$ ./log4j2-scan  /usr/share/elasticsearch
[*] Found CVE-2021-44228 vulnerability in /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.10.2.jar, log4j 2.11.1

Scanned 170 directories and 936 files
Found 1 vulnerable files
Completed in 0.22 seconds

./log4j2-scan --fix /usr/share/elasticsearch log4j2-scan 실행 보안 조치

- ./log4j2-scan --trace --fix /usr/share/elasticsearch

$ ./log4j2-scan --fix /usr/share/elasticsearch
This command will remove JndiLookup.class from log4j2-core binaries. Are you sure [y/N]? y
[*] Found CVE-2021-44228 vulnerability in /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.10.2.jar, log4j 2.11.1

Scanned 170 directories and 936 files
Found 1 vulnerable files
Fixed 1 vulnerable files
Completed in 8.17 seconds

log4j2-scan 실행(확인)

$ ./log4j2-scan /usr/share/elasticsearch
[*] Found CVE-2021-44228 vulnerability in /usr/share/elasticsearch/bin/elasticsearch-sql-cli-7.10.2.jar, log4j 2.11.1 (mitigated)

Scanned 170 directories and 937 files
Found 1 vulnerable files
Completed in 0.22 seconds

Apache Log4j 2 다운로드 : https://downloads.apache.org/logging/log4j/2.15.0/