小岑博客

  • 首页
  • VMware
  • 实验室
  • 培训&认证
  • 关于我
  • 分类目录
    • Citrix
    • Linux
    • Windows
    • 互联网
    • 存储
    • 虚拟化
    • 超融合
  1. 首页
  2. VMware
  3. 正文

VMware vCenter log4j 漏洞脚本快速解决方案

2021年12月14日 2289点热度 4人点赞 2条评论

VMware vCenter log4j属于最近VMware的极危漏洞,VMware官网已经给出了临时解决方案(Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081))!但是文档步骤相对冗长,小伙伴们难于下手解决。

这里首先感谢国外小伙伴blake-fm的工作,他给到了一键式的脚本解决方案!

大家可以实时关注blake-fm的github网站。

这里简单搬运下,方便国内的小伙伴!

1.开启vCenter的SSH功能

登录vCenter(VCSA)的管理页面,示例https://vc.tech.com:5480/,在访问页面,打开ssh和BASH Shell登录,设置超时时间。注:其它开启ssh的方法也可以。

2. 登录vCenter粘贴脚本

SSH登录vCenter,输入shell,命令su -切换到root用户,然后粘贴其中的全部内容(直接粘贴,不用创建脚本文件)

国内小伙伴无法打开,可以使用下面链接。

log4j-vcenter-6.5-7.0-workaroun下载

3. 执行修复

运行cve-workaround,会自动临时修复Log4j的问题。

root@vc [ /tmp ]# cve-workaround 
vMON Service                   Detected
vMON Service                   Applying workaround...
'/usr/lib/vmware-vmon/java-wrapper-vmon' -> '/usr/lib/vmware-vmon/java-wrapper-vmon.bak'

Stopping vMON Service - this will take a while...

Operation not cancellable. Please wait for it to finish...
Performing stop operation on service observability...
Successfully stopped service observability
Performing stop operation on service vmware-pod...
Successfully stopped service vmware-pod
Performing stop operation on service vmware-vdtc...
Successfully stopped service vmware-vdtc
Performing stop operation on profile: ALL...
Successfully stopped service vmware-vmon
Successfully stopped profile: ALL.
Performing stop operation on service vmcad...
Successfully stopped service vmcad
Performing stop operation on service vmdird...
Successfully stopped service vmdird
Performing stop operation on service vmafdd...
Successfully stopped service vmafdd
Performing stop operation on service lwsmd...
Successfully stopped service lwsmd

Services stopped, restarting - this will take even longer...

Operation not cancellable. Please wait for it to finish...
Performing start operation on service lwsmd...
Successfully started service lwsmd
Performing start operation on service vmafdd...
Successfully started service vmafdd
Performing start operation on service vmdird...
Successfully started service vmdird
Performing start operation on service vmcad...
Successfully started service vmcad
Performing start operation on profile: ALL...
Successfully started service vmware-vmon
Successfully started profile: ALL.
Performing start operation on service observability...
Successfully started service observability
Performing start operation on service vmware-vdtc...
Successfully started service vmware-vdtc
Performing start operation on service vmware-pod...
Successfully started service vmware-pod
Update Manager Service         Detected
Update Manager Service         Applying workaround...
'/usr/lib/vmware-updatemgr/bin/jetty/start.ini' -> '/usr/lib/vmware-updatemgr/bin/jetty/start.ini.bak'
Update Manager Service         Restarting service...
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service updatemgr...
Successfully stopped service updatemgr
Operation not cancellable. Please wait for it to finish...
Performing start operation on service updatemgr...
Successfully started service updatemgr
Analytics Service              Detected
Analytics Service              Applying workaround...
'/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar' -> '/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar.bak'
Analytics Service              Restarting service...
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service analytics...
Successfully stopped service analytics
Operation not cancellable. Please wait for it to finish...
Performing start operation on service analytics...
Successfully started service analytics
DBCC Utility                   Detected
DBCC Utility                   Applying workaround...
'/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar' -> '/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar.bak'
DBCC Utility                   No restart required.

Verification:


Number of processes running formatMsgNoLookups=true: 22

ERROR                          Process count mismatch.  Got 23 JRE processes, but confirmed 22.  Confirm using: ps auxww | grep formatMsgNoLookups
Confirmed                      Update Manager workaround.
Confirmed                      DBCC Utility workaround.
Confirmed                      Analytics Service workaround.
root@vc [ /tmp ]#

4.执行验证(可略过)

同时也可以运行cve-workaround -v进行验证。

root@vc [ /tmp ]# cve-workaround -v

Verification:


Number of processes running formatMsgNoLookups=true: 22

ERROR                          Process count mismatch.  Got 23 JRE processes, but confirmed 22.  Confirm using: ps auxww | grep formatMsgNoLookups
Confirmed                      Update Manager workaround.
Confirmed                      DBCC Utility workaround.
Confirmed                      Analytics Service workaround.
root@vc [ /tmp ]# 
本作品采用 知识共享署名-非商业性使用 4.0 国际许可协议 进行许可
标签: 暂无
最后更新:2021年12月14日

小岑

我是小岑,欢迎来到我的博客,青年人,爱捣鼓些东西,对世界充满着好奇,热爱旅游。 这里随便写写,记录些文字,大抵和技术相关。 VMware vExpert | VCIX | VCAP | VCP

点赞
< 上一篇
下一篇 >

文章评论

  • haibo

    666+

    2021年12月15日
    回复
  • 文雨

    不错,学习了。

    小问题,rss过来会403,打开一下主页再开就没问题了。。。

    2022年1月11日
    回复
  • razz evil exclaim smile redface biggrin eek confused idea lol mad twisted rolleyes wink cool arrow neutral cry mrgreen drooling persevering
    取消回复

    小岑

    我是小岑,欢迎来到我的博客,青年人,爱捣鼓些东西,对世界充满着好奇,热爱旅游。 这里随便写写,记录些文字,大抵和技术相关。 VMware vExpert | VCIX | VCAP | VCP


    COPYRIGHT © 2022 crazycen.com. ALL RIGHTS RESERVED.

    Theme Kratos Made By Seaton Jiang

    鄂ICP备16016796号-1