chr*_*0ph 6 security log4j cve-2021-44228
如何找到易受攻击的 Log4j 程序 ( CVE-2021-44228 ),以及当我无法更新到固定 Log4j 版本时如何提供急救?
\n小智 5
可以从log4j-core JAR 文件中删除 JndiLookup 类,以便在 Log4j 安全灾难 ( CVE-2021-44228 ) 的情况下提供急救。
\n如果您无法按照 Log4j 本身的建议将 Java 应用程序更新到具有固定 Log4j 版本的版本,请删除 JndiLookup 类。
\n所以这只是一个急救快速修复,直到您获得应用程序更新!以下PowerShell脚本将在 所有驱动器中搜索 log4j-core*.jar 文件。在任何找到的类中,我们将使用“zip -q -d”命令从中删除 JndiLookup 类。
\n在 Windows 10 电脑上,有用于编写脚本的 PowerShell。\n因此,创建一个包含以下内容的anyname.ps1文件:
\n# Ensure we can run everything\nSet-ExecutionPolicy Bypass -Scope Process -Force\n\n# Escape characters in PowerShell: https://ss64.com/ps/syntax-esc.html\n\nWrite-Host "Start iterating drives..."\n$volumes = Get-WmiObject win32_volume -filter "drivetype=3"\nforeach ($volume in $volumes)\n{\n $driveletter = $volume.driveletter # e.g. C:\n if ($driveletter -ne $null)\n {\n $drivename = $volume.name # e.g. C:\\\n\n Write-Host "`n== Checking $driveletter... =="\n\n # Find log4j-core*.jar files, directly\n # and remove org/apache/logging/log4j/core/lookup/JndiLookup.class\n # with zip.exe -q -d command.\n # Use unzip -l | findstr JndiLookup as paranoia check.\n Write-Host "== Find log4j-core*.jar files... =="\n Get-ChildItem -Path $drivename -Filter log4j-core*.jar -Recurse -ErrorAction SilentlyContinue | % {\n Write-Host "== $($_.FullName) =="\n\n Write-Host "> zip.exe -q -d `"$($_.FullName)`" `"org/apache/logging/log4j/core/lookup/JndiLookup.class`""\n zip.exe -q -d "$($_.FullName)" "org/apache/logging/log4j/core/lookup/JndiLookup.class"\n\n Write-Host "> unzip.exe -l `"$($_.FullName)`" | findstr JndiLookup"\n unzip.exe -l "$($_.FullName)" | findstr JndiLookup\n\n Write-Host "== END =="\n }\n\n # Find JndiLookup.class in uncompressed directories on the file-system (aka *.class)\n Write-Host "== Find uncompressed JndiLookup.class files... =="\n Get-ChildItem -Path $drivename -Filter JndiLookup.class -Recurse -ErrorAction SilentlyContinue | % {\n Write-Host "== $($_.FullName) =="\n\n Write-Host "> Remove-Item -Path `"$($_.FullName)`" -Force"\n Remove-Item -Path $_.FullName -Force\n\n Write-Host "== END =="\n }\n }\n}\n\n# Find embedded log4j-core*.jar files ("Java \xc3\x9cber JARs" or shaded JARs, i.e., JARs in other JAR/WAR/etc.)\nWrite-Host "== Find log4j-core*.jar files that are embedded into other archives... =="\nWrite-Host "TODO: Not supported!"\nWrite-Host "INSTEAD APPLY: https://github.com/mergebase/log4j-detector"\n\n# Find log4j in docker containers\nWrite-Host "== Find log4j in docker containers... =="\nWrite-Host "TODO: Not supported!"\nWrite-Host "READ: https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/"\nWrite-Host "THUS, APPLY: docker scan"\n\nWrite-Host "Press ENTER to continue..."\ncmd /c Pause | Out-Null\n\n现在您可以执行这个 .ps1 文件。
\n执行 .ps1 文件的简单方法:除了同名的 .ps1 文件之外,创建一个anyname.cmd文件,其中包含以下内容:
\npowershell.exe -ExecutionPolicy ByPass -noprofile -command "&{start-process powershell -ArgumentList \'-ExecutionPolicy ByPass -noprofile -NoExit -file \\"%~dpn0.ps1\\"\' -verb RunAs}"\n您可以双击cmd。它将以提升的权限执行 .ps1 脚本。
\nlog4j(版本 2.15、2.16 和现在的 2.17)已尝试进行多次修复。可能是“急救”删除 JndiLookup 类(从任何 log4j JAR 中,可能是嵌入式的,即“Java \xc3\x9cber JAR”或阴影 JAR,或在文件系统上的未压缩目录中,又名 *.class)实际上应该是您当前和未来的首选选择。
\n| 归档时间: |
|
| 查看次数: |
16994 次 |
| 最近记录: |