How to test if your Linux server is vulnerable to Log4j

2 years ago 374

Log4j is simply a superior vulnerability that has swept crossed the IT scenery quickly. Here's a azygous bid you tin tally to trial and spot if you person immoderate susceptible packages installed.

open root   security

Image: Shutterstock/LeoWolfert

The Log4j vulnerability is superior business. This zero-day flaw affects the Log4j room and tin let an attacker to execute arbitrary codification connected a strategy that depends connected Log4j to constitute log messages.

SEE: 40+ unfastened root and Linux presumption you request to know (TechRepublic Premium)

This vulnerability has the highest CVSS people of 10.0, truthful you request to wage attention. One of the large problems is knowing if you're vulnerable. This is analyzable by the galore ways Log4j tin beryllium deployed. Are you utilizing it arsenic portion of a Java project, is it rolled into a container, did you instal it with your organisation bundle manager, and (if so) which log4j packages did you install? Or did you instal it from source? Because of this, you mightiness not adjacent cognize if your server is vulnerable. 

Fortunately, for Linux servers, GitHub user, Rubo77 created a publication that volition cheque for for packages that see susceptible Log4j instances. It's successful beta, and it's not 1 100%, but it's a large spot to start. Understand, this publication doesn't trial for jar files that were packaged with applications, truthful bash not see it thing much than a launching constituent to commencement your forensics. 

I tested this publication against a server that I knew had a susceptible Log4j bundle installed, and it correctly tagged it. Here's however you tin tally that aforesaid publication connected your Linux servers to find retired if you mightiness beryllium vulnerable. Log into your server and contented the command:

wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O - | bash

The output of the bid volition springiness you immoderate indications if your server is vulnerable. As you tin spot (Figure A), my lawsuit includes liblog4j2-java mentation 2.11.2-1, which includes the vulnerability. In that case, I should instantly upgrade to 2.15.0. If it's not available, the occupation volition persist until the bundle is patched. 

Figure A

log4jb.jpg

My trial server is susceptible to the Log4j issue.

Remember, this publication is not a guarantee, but a bully spot to start. Even if it comes backmost to accidental your server is not vulnerable, support digging to marque definite you've updated each indispensable bundle to debar getting deed by this vulnerability.

Subscribe to TechRepublic's How To Make Tech Work connected YouTube for each the latest tech proposal for concern pros from Jack Wallen.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article