locate all nested war/jar files inside jboss/wildfly - log4j [duplicate]

security ubuntu log4j

I have read about security vulnerabilities related to Log4j.

How do I check if Log4j is installed on my server? My specific servers use Ubuntu 18.04.6 LTS.

I have installed many third-party packages and maybe some of them contain it.

Is there a command to run on my server to check if Log4j is installed?


Solution 1:

Try this script to get a hint:

echo "checking for log4j vulnerability..."
OUTPUT="$(locate log4j|grep -v log4js)"
if [ "$OUTPUT" ]; then
  echo "[WARNING] maybe vulnerable, those files contain the name:"
  echo "$OUTPUT"
fi
OUTPUT="$(dpkg -l|grep log4j|grep -v log4js)"
if [ "$OUTPUT" ]; then
  echo "[WARNING] maybe vulnerable, dpkg installed packages:"
  echo "$OUTPUT"
fi
if [ "$(command -v java)" ]; then
  echo "java is installed, so note that Java applications often bundle their libraries inside jar/war/ear files, so there still could be log4j in such applications."
fi
echo "If you see no output above this line, you are safe. Otherwise check the listed files and packages."

Make sure your locate database is up to date with updatedb.

Or better check and run the enhanced script from GitHub which also searches inside packed Java files. Run in one line with

wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - | bash

I am not sure if there could be compiled Java Programs running on the server without java being installed though?

Or even compiled versions where the source files aren't even found inside packed archives any more?

There is also a lot development on GitHub, where you find attacks and countermeasures.

This takes to much time for me. I am looking for someone I can transfer the ownership of the repository on GitHub

Solution 2:

There is no command that will surely tell you that. Some applications ship the libraries they use directly as a jar file, some will contain them in an archive.

And even then you don't know which version is shipped and how it is used. The only way to be sure you mitigate the CVE is to read the security announcements and release notes of your applications and follow their advisories.

Solution 3:

Try this Commands:

  • dpkg -l | grep liblog4j

  • dpkg -l | grep log4

  • find / -name log4j-core-*.jar

  • locate log4j | grep -v log4js

Related

How to add user to postfix? [closed]
Is it possible to trigger a shell script on incoming emails, can it be done without services like dovecot, postix, etc? [closed]
Network interface periodically going down with speed changed to 0 kernel errors
What is the difference between securing a linux box using hosts.[allow|deny] vs iptables?
Identifying current main DHCP server
Configured MySQL for SSL , but SSL is still DISABLED..!
How to query DNS for special **NAMED** TXT records
Rsync: backup Windows to Linux (remote) [migrated]
Apache, redirect for a moved directory
How to select network interface given ip address in ansible across Debian and FreeBSD?
Find the probability that the ball ends up in the slot in the middle
On convolution theorem and Fourier transform