Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here’s a single command you can run to test and see if you have any vulnerable packages installed.
The Log4j vulnerability is serious business. This zero-day flaw affects the Log4j library and can allow an attacker to execute arbitrary code on a system that depends on Log4j to write log messages.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
This vulnerability has the highest CVSS score of 10.0, so you need to pay attention. One of the big problems is knowing if you’re vulnerable. This is complicated by the many ways Log4j can be deployed. Are you using it as part of a Java project, is it rolled into a container, did you install it with your distribution package manager, and (if so) which log4j packages did you install? Or did you install it from source? Because of this, you might not even know if your server is vulnerable.
Fortunately, for Linux servers, GitHub user, Rubo77 created a script that will check for for packages that include vulnerable Log4j instances. It’s in beta, and it’s not one 100%, but it’s a great place to start. Understand, this script doesn’t test for jar files that were packaged with applications, so do not consider it anything more than a launching point to start your forensics.
I tested this script against a server that I knew had a vulnerable Log4j package installed, and it correctly tagged it. Here’s how you can run that same script on your Linux servers to find out if you might be vulnerable. Log into your server and issue the command:
wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - | bash
The output of the command will give you some indications if your server is vulnerable. As you can see (Figure A), my instance includes liblog4j2-java version 2.11.2-1, which includes the vulnerability. In that case, I should immediately upgrade to 2.15.0. If it’s not available, the problem will persist until the package is patched.
Remember, this script is not a guarantee, but a good place to start. Even if it comes back to say your server is not vulnerable, keep digging to make sure you’ve updated every necessary package to avoid getting hit by this vulnerability.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.