log4j 0-day
20 views
Skip to first unread message
Jeffrey Walton
Dec 10, 2021, 4:15:01 PM12/10/21
to Crypto++ Users
Hi Everyone,
I'm shutting down the web server until I get a grasp on the log4j 0-day that is in the wild. At work we are seeing suspicious activity, like servers scanning the network. We are not sure if it is related to the 0-day.
Hopefully the shutdown will avoid an incident on our server and avoid a server restore, if things go sideways.
I hope the server will be back online Saturday afternoon. We will need to wait for the Ubuntu devs to release the patch.
Jeff
Jeffrey Walton
Dec 11, 2021, 9:04:17 AM12/11/21
to Crypto++ Users
The server is back online. We set the following environmental variables per https://logging.apache.org/log4j/2.x/security.html :
# Set variable for all users
$ cat /etc/profile.d/02-log4j2-fix.sh
# https://logging.apache.org/log4j/2.x/security.html
export LOG4J_FORMAT_MSG_NO_LOOKUPS=true
# https://logging.apache.org/log4j/2.x/security.html
export LOG4J_FORMAT_MSG_NO_LOOKUPS=true
And:
# Set variable for Apache
$ cat /etc/apache2/envvars
...
## https://logging.apache.org/log4j/2.x/security.html
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
It looks like it stuck:
$ whoami
jwalton
$ printenv | grep LOG4J
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
jwalton
$ printenv | grep LOG4J
LOG4J_FORMAT_MSG_NO_LOOKUPS=true
If anyone has feedback, then please share it.
Jeff
Reply all
Reply to author
Forward
0 new messages