Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to confirm Log4J mitigations are effective?

EDR: How to confirm Log4J mitigations are effective?

Environment

  • EDR Server: 7.3.x - 7.5.x
  • EDR Server: 7.6.0

Question


Answer

  • To confirm mitigations are effective, run the following from the terminal:
  • Command 1: An entry should be added to the /etc/cb/solr*/solr.in.sh file for the parameter: SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
grep /etc/cb/solr*/solr.in.sh -e 'formatMsgNoLookups'
  • Command 2 (all affected EDR versions): Post implementation this command should not return a value for 'JndiLookup.class':
zip -sf /usr/share/cb/solr/server/lib/ext/log4j-core-2.13.3.jar | grep 'JndiLookup.class'



 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-16-2021
Views:
424
Contributors