Here's the PDF document of the same instructions
Note: The content of this blog is same as in KB: 87089 but with screenshots and expected outputs to make things easier
Purpose
CVE-2021-44228 has been determined to be present in vRealize Log Insight 8.2 - 8.6 via the Apache Log4j open source component it ships
This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing: CVE-2021-44228 - VMSA-2021-0028
Resolution
The workarounds described in this document are meant to be a temporary solution only.
Upgrades documented in the aforementioned advisory should be applied to remediate CVE-2021-44228 when available
Workaround
To apply the workaround for CVE-2021-44228 to vRealize Log Insight, perform the following steps:
For each vRealize Log Insight node:
step:1
Download and Copy the li-log4j-fix.sh script or file to /tmp directory
![](https://static.wixstatic.com/media/3521e7_579b0004f0d3413fa7f118cb36db0048~mv2.png/v1/fill/w_379,h_132,al_c,q_85,enc_auto/3521e7_579b0004f0d3413fa7f118cb36db0048~mv2.png)
![](https://static.wixstatic.com/media/3521e7_0aa91fae041b4f748c9eb1bd4b09fea1~mv2.png/v1/fill/w_980,h_368,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/3521e7_0aa91fae041b4f748c9eb1bd4b09fea1~mv2.png)
step:2
SSH to the node or use Console by pressing Alt+F1 and login as root and then change or browse to /tmp where the script has been copied
cd /tmp
step:3
List the files to see li-log4j-fix.sh script present
![](https://static.wixstatic.com/media/3521e7_1e3fc219148647b38450bde9007e31c9~mv2.png/v1/fill/w_541,h_116,al_c,q_85,enc_auto/3521e7_1e3fc219148647b38450bde9007e31c9~mv2.png)
step:4
Run below command to make this executable
chmod +x /tmp/li-log4j-fix.sh
![](https://static.wixstatic.com/media/3521e7_31b7b49796044ebd835855d5866e7a53~mv2.png/v1/fill/w_382,h_20,al_c,q_85,enc_auto/3521e7_31b7b49796044ebd835855d5866e7a53~mv2.png)
Once executed , you would see that the permissions of the file change
![](https://static.wixstatic.com/media/3521e7_ce79e58a64a54ed0893bc7add4439338~mv2.png/v1/fill/w_506,h_115,al_c,q_85,enc_auto/3521e7_ce79e58a64a54ed0893bc7add4439338~mv2.png)
step:5
Next step is to EXECUTE the script
root@li [ /tmp ]# ./li-log4j-fix.sh
Hardening Log Insight appliance against CVE-2021-44228. For more information refer to: https://www.tenable.com/cve/CVE-2021-44228.
Patching Log Insight Java options: /etc/default/loginsight... SUCCESS
Patching Cassandra Java options: /usr/lib/loginsight/application/lib/apache-cassandra-*/conf/jvm.options... SUCCESS
Patching Tomcat Java options: /usr/lib/loginsight/application/3rd_party/apache-tomcat-*/bin/catalina.sh... SUCCESS
ATTENTION: Please restart Log Insight service for the patch to take effect.
![](https://static.wixstatic.com/media/3521e7_518ebba48530495da2018b589dca5d09~mv2.png/v1/fill/w_980,h_120,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/3521e7_518ebba48530495da2018b589dca5d09~mv2.png)
step:6
Once done perform a LogInsight service restart
service loginsight restart
Wait for few seconds till vRealize LogInsight is fully up
![](https://static.wixstatic.com/media/3521e7_b26f1561dd3f4e19be7424973ea8bc34~mv2.png/v1/fill/w_980,h_367,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/3521e7_b26f1561dd3f4e19be7424973ea8bc34~mv2.png)
NOTE:
Since i have a standalone node for vRealize LogInsight , there was no need for me to upload and implement patch on other nodes. if there are multiple nodes in your environment then these steps have to be followed on each node one after another
Ensure the LogInsight services are completely up and running before proceeding to the next server
Validation
To verify the workaround for CVE-2021-44228 has been correctly applied to vRealize Log Insight, perform the following steps:
Log into each node as root via SSH or Console, pressing ALT+F1 in a Console to log in
Run the following command to verify if the workaround was successful:
ps axf | grep --color log4j2.formatMsgNoLookups | grep -v grep
![](https://static.wixstatic.com/media/3521e7_69a3992895484712962c5e5251236c7c~mv2.png/v1/fill/w_980,h_376,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/3521e7_69a3992895484712962c5e5251236c7c~mv2.png)
Note: There should be a output from the above command.
If there was no output on any particular node(s), that node(s) was not successfully modified
Re-run the script on that node(s) following the instructions above
Comments