VMware vCenter log4j 漏洞脚本快速解决方案

Author： cen
发布时间：December 14, 2021
258 views
2 comments
4809 words
Categories： VMware

<p>VMware vCenter log4j属于最近VMware的极危漏洞，VMware官网已经给出了临时解决方案（<a href="https://kb.vmware.com/s/article/87081" target="_blank" rel="noreferrer noopener">Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081</a>)）！但是文档步骤相对冗长，小伙伴们难于下手解决。</p>

<p>这里首先感谢国外小伙伴<a href="https://github.com/blake-fm/vcenter-log4j" data-type="URL" data-id="https://github.com/blake-fm/vcenter-log4j">blake-fm</a>的工作，他给到了一键式的脚本解决方案！</p>

<p>大家可以实时关注<a href="https://github.com/blake-fm/vcenter-log4j" data-type="URL" data-id="https://github.com/blake-fm/vcenter-log4j">blake-fm</a>的github网站。</p>

<p>这里简单搬运下，方便国内的小伙伴！</p>

<h2>1.开启vCenter的SSH功能</h2>

<p>登录vCenter(VCSA)的管理页面，示例<span class="external-link"><a class="no-external-link" href="https://vc.tech.com:5480/" target="_blank"><i data-feather="external-link"></i>https://vc.tech.com:5480/</a></span>，在访问页面，打开ssh和BASH Shell登录，设置超时时间。注：其它开启ssh的方法也可以。</p>

<figure class="wp-block-image size-large"><a href="https://www.crazycen.com/usr/uploads/2021/12/image.png"><img src="https://www.crazycen.com/usr/uploads/2021/12/image-1024x525.png" alt="" class="wp-image-2047" style=""></a></figure>

<h2>2. 登录vCenter粘贴脚本</h2>

<p>SSH登录vCenter,输入shell，命令su -切换到root用户，然后粘贴其中的<a rel="noreferrer noopener" href="https://raw.githubusercontent.com/blake-fm/vcenter-log4j/main/log4j-vcenter-6.5-7.0-workaround.sh" data-type="URL" data-id="https://raw.githubusercontent.com/blake-fm/vcenter-log4j/main/log4j-vcenter-6.5-7.0-workaround.sh" target="_blank">全部内容</a>（直接粘贴，不用创建脚本文件）</p>

<p>国内小伙伴无法打开，可以使用下面链接。</p>

<div class="wp-block-file"><a id="wp-block-file--media-a61dafb4-675c-41ed-89e9-740622a21274" href="https://www.crazycen.com/usr/uploads/2021/12/log4j-vcenter-6.5-7.0-workaroun.txt">log4j-vcenter-6.5-7.0-workaroun</a><a href="https://www.crazycen.com/usr/uploads/2021/12/log4j-vcenter-6.5-7.0-workaroun.txt" class="wp-block-file__button" download aria-describedby="wp-block-file--media-a61dafb4-675c-41ed-89e9-740622a21274">下载</a></div>

<h2>3. 执行修复</h2>

<p>运行cve-workaround，会自动临时修复Log4j的问题。</p>

<pre class="wp-block-code"><code>root@vc &#91; /tmp ]# cve-workaround 
vMON Service                   Detected
vMON Service                   Applying workaround...
'/usr/lib/vmware-vmon/java-wrapper-vmon' -&gt; '/usr/lib/vmware-vmon/java-wrapper-vmon.bak'

Stopping vMON Service - this will take a while...

Operation not cancellable. Please wait for it to finish...
Performing stop operation on service observability...
Successfully stopped service observability
Performing stop operation on service vmware-pod...
Successfully stopped service vmware-pod
Performing stop operation on service vmware-vdtc...
Successfully stopped service vmware-vdtc
Performing stop operation on profile: ALL...
Successfully stopped service vmware-vmon
Successfully stopped profile: ALL.
Performing stop operation on service vmcad...
Successfully stopped service vmcad
Performing stop operation on service vmdird...
Successfully stopped service vmdird
Performing stop operation on service vmafdd...
Successfully stopped service vmafdd
Performing stop operation on service lwsmd...
Successfully stopped service lwsmd

Services stopped, restarting - this will take even longer...

Operation not cancellable. Please wait for it to finish...
Performing start operation on service lwsmd...
Successfully started service lwsmd
Performing start operation on service vmafdd...
Successfully started service vmafdd
Performing start operation on service vmdird...
Successfully started service vmdird
Performing start operation on service vmcad...
Successfully started service vmcad
Performing start operation on profile: ALL...
Successfully started service vmware-vmon
Successfully started profile: ALL.
Performing start operation on service observability...
Successfully started service observability
Performing start operation on service vmware-vdtc...
Successfully started service vmware-vdtc
Performing start operation on service vmware-pod...
Successfully started service vmware-pod
Update Manager Service         Detected
Update Manager Service         Applying workaround...
'/usr/lib/vmware-updatemgr/bin/jetty/start.ini' -&gt; '/usr/lib/vmware-updatemgr/bin/jetty/start.ini.bak'
Update Manager Service         Restarting service...
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service updatemgr...
Successfully stopped service updatemgr
Operation not cancellable. Please wait for it to finish...
Performing start operation on service updatemgr...
Successfully started service updatemgr
Analytics Service              Detected
Analytics Service              Applying workaround...
'/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar' -&gt; '/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar.bak'
Analytics Service              Restarting service...
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service analytics...
Successfully stopped service analytics
Operation not cancellable. Please wait for it to finish...
Performing start operation on service analytics...
Successfully started service analytics
DBCC Utility                   Detected
DBCC Utility                   Applying workaround...
'/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar' -&gt; '/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar.bak'
DBCC Utility                   No restart required.

Verification:

Number of processes running formatMsgNoLookups=true: 22

ERROR                          Process count mismatch.  Got 23 JRE processes, but confirmed 22.  Confirm using: ps auxww | grep formatMsgNoLookups
Confirmed                      Update Manager workaround.
Confirmed                      DBCC Utility workaround.
Confirmed                      Analytics Service workaround.
root@vc &#91; /tmp ]#
</code></pre>

<h2>4.执行验证（可略过）</h2>

<p>同时也可以运行cve-workaround -v进行验证。</p>

<pre class="wp-block-code"><code>root@vc &#91; /tmp ]# cve-workaround -v

Verification:

Number of processes running formatMsgNoLookups=true: 22

Last modification：October 6, 2023