Loading... <!-- wp:paragraph --> <p>VMware vCenter log4j属于最近VMware的极危漏洞,VMware官网已经给出了临时解决方案(<a href="https://kb.vmware.com/s/article/87081" target="_blank" rel="noreferrer noopener">Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081</a>))!但是文档步骤相对冗长,小伙伴们难于下手解决。</p> <!-- /wp:paragraph --> <!-- wp:paragraph --> <p>这里首先感谢国外小伙伴<a href="https://github.com/blake-fm/vcenter-log4j" data-type="URL" data-id="https://github.com/blake-fm/vcenter-log4j">blake-fm</a>的工作,他给到了一键式的脚本解决方案!</p> <!-- /wp:paragraph --> <!-- wp:paragraph --> <p>大家可以实时关注<a href="https://github.com/blake-fm/vcenter-log4j" data-type="URL" data-id="https://github.com/blake-fm/vcenter-log4j">blake-fm</a>的github网站。</p> <!-- /wp:paragraph --> <!-- wp:paragraph --> <p>这里简单搬运下,方便国内的小伙伴!</p> <!-- /wp:paragraph --> <!-- wp:heading --> <h2>1.开启vCenter的SSH功能</h2> <!-- /wp:heading --> <!-- wp:paragraph --> <p>登录vCenter(VCSA)的管理页面,示例<span class="external-link"><a class="no-external-link" href="https://vc.tech.com:5480/" target="_blank"><i data-feather="external-link"></i>https://vc.tech.com:5480/</a></span>,在访问页面,打开ssh和BASH Shell登录,设置超时时间。注:其它开启ssh的方法也可以。</p> <!-- /wp:paragraph --> <!-- wp:image {"id":2047,"sizeSlug":"large","linkDestination":"media"} --> <figure class="wp-block-image size-large"><a href="https://www.crazycen.com/usr/uploads/2021/12/image.png"><img src="https://www.crazycen.com/usr/uploads/2021/12/image-1024x525.png" alt="" class="wp-image-2047" style=""></a></figure> <!-- /wp:image --> <!-- wp:heading --> <h2>2. 登录vCenter粘贴脚本</h2> <!-- /wp:heading --> <!-- wp:paragraph --> <p>SSH登录vCenter,输入shell,命令su -切换到root用户,然后粘贴其中的<a rel="noreferrer noopener" href="https://raw.githubusercontent.com/blake-fm/vcenter-log4j/main/log4j-vcenter-6.5-7.0-workaround.sh" data-type="URL" data-id="https://raw.githubusercontent.com/blake-fm/vcenter-log4j/main/log4j-vcenter-6.5-7.0-workaround.sh" target="_blank">全部内容</a>(直接粘贴,不用创建脚本文件)</p> <!-- /wp:paragraph --> <!-- wp:paragraph --> <p>国内小伙伴无法打开,可以使用下面链接。</p> <!-- /wp:paragraph --> <!-- wp:file {"id":2046,"href":"https://www.crazycen.com/usr/uploads/2021/12/log4j-vcenter-6.5-7.0-workaroun.txt"} --> <div class="wp-block-file"><a id="wp-block-file--media-a61dafb4-675c-41ed-89e9-740622a21274" href="https://www.crazycen.com/usr/uploads/2021/12/log4j-vcenter-6.5-7.0-workaroun.txt">log4j-vcenter-6.5-7.0-workaroun</a><a href="https://www.crazycen.com/usr/uploads/2021/12/log4j-vcenter-6.5-7.0-workaroun.txt" class="wp-block-file__button" download aria-describedby="wp-block-file--media-a61dafb4-675c-41ed-89e9-740622a21274">下载</a></div> <!-- /wp:file --> <!-- wp:heading --> <h2>3. 执行修复</h2> <!-- /wp:heading --> <!-- wp:paragraph --> <p>运行cve-workaround,会自动临时修复Log4j的问题。</p> <!-- /wp:paragraph --> <!-- wp:code --> <pre class="wp-block-code"><code>root@vc [ /tmp ]# cve-workaround vMON Service Detected vMON Service Applying workaround... '/usr/lib/vmware-vmon/java-wrapper-vmon' -> '/usr/lib/vmware-vmon/java-wrapper-vmon.bak' Stopping vMON Service - this will take a while... Operation not cancellable. Please wait for it to finish... Performing stop operation on service observability... Successfully stopped service observability Performing stop operation on service vmware-pod... Successfully stopped service vmware-pod Performing stop operation on service vmware-vdtc... Successfully stopped service vmware-vdtc Performing stop operation on profile: ALL... Successfully stopped service vmware-vmon Successfully stopped profile: ALL. Performing stop operation on service vmcad... Successfully stopped service vmcad Performing stop operation on service vmdird... Successfully stopped service vmdird Performing stop operation on service vmafdd... Successfully stopped service vmafdd Performing stop operation on service lwsmd... Successfully stopped service lwsmd Services stopped, restarting - this will take even longer... Operation not cancellable. Please wait for it to finish... Performing start operation on service lwsmd... Successfully started service lwsmd Performing start operation on service vmafdd... Successfully started service vmafdd Performing start operation on service vmdird... Successfully started service vmdird Performing start operation on service vmcad... Successfully started service vmcad Performing start operation on profile: ALL... Successfully started service vmware-vmon Successfully started profile: ALL. Performing start operation on service observability... Successfully started service observability Performing start operation on service vmware-vdtc... Successfully started service vmware-vdtc Performing start operation on service vmware-pod... Successfully started service vmware-pod Update Manager Service Detected Update Manager Service Applying workaround... '/usr/lib/vmware-updatemgr/bin/jetty/start.ini' -> '/usr/lib/vmware-updatemgr/bin/jetty/start.ini.bak' Update Manager Service Restarting service... Operation not cancellable. Please wait for it to finish... Performing stop operation on service updatemgr... Successfully stopped service updatemgr Operation not cancellable. Please wait for it to finish... Performing start operation on service updatemgr... Successfully started service updatemgr Analytics Service Detected Analytics Service Applying workaround... '/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar' -> '/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar.bak' Analytics Service Restarting service... Operation not cancellable. Please wait for it to finish... Performing stop operation on service analytics... Successfully stopped service analytics Operation not cancellable. Please wait for it to finish... Performing start operation on service analytics... Successfully started service analytics DBCC Utility Detected DBCC Utility Applying workaround... '/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar' -> '/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar.bak' DBCC Utility No restart required. Verification: Number of processes running formatMsgNoLookups=true: 22 ERROR Process count mismatch. Got 23 JRE processes, but confirmed 22. Confirm using: ps auxww | grep formatMsgNoLookups Confirmed Update Manager workaround. Confirmed DBCC Utility workaround. Confirmed Analytics Service workaround. root@vc [ /tmp ]# </code></pre> <!-- /wp:code --> <!-- wp:heading --> <h2>4.执行验证(可略过)</h2> <!-- /wp:heading --> <!-- wp:paragraph --> <p>同时也可以运行cve-workaround -v进行验证。</p> <!-- /wp:paragraph --> <!-- wp:code --> <pre class="wp-block-code"><code>root@vc [ /tmp ]# cve-workaround -v Verification: Number of processes running formatMsgNoLookups=true: 22 ERROR Process count mismatch. Got 23 JRE processes, but confirmed 22. Confirm using: ps auxww | grep formatMsgNoLookups Confirmed Update Manager workaround. Confirmed DBCC Utility workaround. Confirmed Analytics Service workaround. root@vc [ /tmp ]# </code></pre> <!-- /wp:code --> Last modification:October 6, 2023 © Allow specification reprint Support Appreciate the author AliPayWeChat Like 如果觉得我的文章对你有用,请随意赞赏
2 comments
不错,学习了。
小问题,rss过来会403,打开一下主页再开就没问题了。。。
666+