Latest Logpresso-based content with thanks to @jgstew.
All Logpresso / Log4jscan content is use at-your-own-risk
Logpresso has produced an open-source scanner. HCL does not review the source code or the compiled binaries provided by Logpresso. Use Logpresso tools at your own risk.
That said, Logpresso is a powerful tool to scan systems, identify the affected Java libaries, and optionally can mitigate the vulnerability by removing the JNDI class from the JAR file. A backup of the original file is preserved in case there is need to rollback the change.
While HCL cannot endorse Logpresso, for your own evaluation it is worth noting the tool has been referenced by the wider security community, including at https://www.cisecurity.org/log4j-zero-day-vulnerability-response/ and https://docs.microsoft.com/en-us/azure/databricks/kb/libraries/verify-log4j-version
Expand for Details (deprecated)
Here is an analysis to collect the results of the Logpresso scan utility:
Here is the task to run the utility on Windows:
Here is the task to run the utility on Linux: (I am not certain I am sufficiently excluding network drives!!!)
- https://github.com/jgstew/bigfix-content/blob/master/fixlet/Logpresso%20log4j2-scan%20-%20Linux%20x64.bes
- equivalent command:
sudo sh -c 'cd /tmp && ./log4j2-scan --exclude /mnt --exclude /cdrom --exclude /dev /
Right now, these do not make changes, these are reporting only. You can modify them to do the fix by adding to the command, but proceed with caution!
And again, specifically on Linux, I don’t think I am excluding all possible network drives! You should proceed with caution if you know your linux devices have remote mounts / network drives!
Please provide feedback on your testing, especially any refinements you would recommend for excluding obvious network drives or other folders you think should be excluded on Linux or Windows here: Log4j CVE-2021-44228 Detection and Mitigation