{"id":7000,"date":"2021-12-17T14:38:13","date_gmt":"2021-12-17T13:38:13","guid":{"rendered":"https:\/\/tomaskalabis.com\/wordpress\/?p=7000"},"modified":"2021-12-22T10:40:35","modified_gmt":"2021-12-22T09:40:35","slug":"how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway","status":"publish","type":"post","link":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/","title":{"rendered":"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY"},"content":{"rendered":"\n<h3>How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY\u00a0<\/h3>\n<p>For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0<\/p>\n<p>Firtsly we need enable SSH login to the UAG Appliacne, which is by default permited.\u00a0<\/p>\n<p>Connect from VMware vCenter console to the UAG VA and run &#8220; <em>vi \/etc\/ssh\/sshd_config<\/em>&#8220; and change the <strong>PermitRootLogin no<\/strong> &gt; <strong>PermitRootLogin yes<\/strong> and save the file, after you must restart sshd service with command &#8222;<em>service sshd restart<\/em> &#8220; dont forget DISABLE the SSH connection after your work :)))\u00a0<\/p>\n<h4>UPDATED 22. 12. 2021<\/h4>\n<h4>How to workaround Apache Log4j on UAG:<\/h4>\n<p>(tested on euc-unified-access-gateway-v3.9.0.0-15751318)\u00a0<\/p>\n<p>Download and copy the script <a href=\"_wp_link_placeholder\" data-wplink-edit=\"true\">uag_rm_log4j_jndilookup.sh<\/a> to the UAG VA, you can use WinSCP, and copy file to the \/tmp folder.\u00a0<\/p>\n<ul>\n<li>SSH into UAG console as root user and cd to the directory in which the above script is located.<\/li>\n<li>Set executable permission for the above script &#8222;<strong>chmod +x uag_rm_log4j_jndilookup.sh<\/strong>&#8222;<\/li>\n<li>Run the script to remove all the occurrences of log4j&#8217;s JndiLookup.class<br \/>&#8222;.<strong>\/uag_rm_log4j_jndilookup.sh<\/strong>&#8222;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-large wp-image-7015\" src=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-494x118.png\" alt=\"\" width=\"494\" height=\"118\" srcset=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-494x118.png 494w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-288x69.png 288w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-768x183.png 768w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-1536x366.png 1536w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.49-2048x488.png 2048w\" sizes=\"(max-width: 494px) 100vw, 494px\" \/><\/a><\/p>\n<ul>\n<li>If the UAG version is between 2009 and 2111 it is also necessary to set the -Dlog4j2.formatMsgNoLookups=true option on the authbroker service with the following commands. Note the space between &#8222;s\/java \/java&#8220; and a space after &#8222;true \/&#8220; in the command, these are important to ensure the command works correctly and doesn&#8217;t attempt to modify the wrong lines in the configuration file.\u00a0<\/li>\n<\/ul>\n<p style=\"text-align: left;\">&#8222;<strong>sed -i &#8218;s\/java \/java -Dlog4j2.formatMsgNoLookups=true \/&#8216; \/opt\/vmware\/gateway\/supervisor\/conf\/authbroker.ini<\/strong>&#8222;<\/p>\n<ul>\n<li style=\"text-align: left;\">and run update of supervisorctl:<br \/><strong>&#8222;supervisorctl update&#8220;<\/strong><\/li>\n<li>verify that the new setting has taken affect by running the following command and checking that the process command parameters include -Dlog4j2.formatMsgNoLookups=true: <br \/>&#8222;<strong>ps -ef | grep ab-frontend<\/strong>&#8222;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-large wp-image-7014\" src=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-494x53.png\" alt=\"\" width=\"494\" height=\"53\" srcset=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-494x53.png 494w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-288x31.png 288w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-768x83.png 768w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-1536x166.png 1536w, https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-22-at-10.36.57-2048x221.png 2048w\" sizes=\"(max-width: 494px) 100vw, 494px\" \/><\/a><\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY\u00a0 For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to &#8230;<\/p>\n","protected":false},"author":2,"featured_media":7003,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[113],"tags":[360,188,359,80],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com<\/title>\n<meta name=\"description\" content=\"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com\" \/>\n<meta property=\"og:description\" content=\"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/\" \/>\n<meta property=\"og:site_name\" content=\"tomaskalabis.com\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-17T13:38:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-22T09:40:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png\" \/>\n\t<meta property=\"og:image:width\" content=\"211\" \/>\n\t<meta property=\"og:image:height\" content=\"212\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tomas Kalabis\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tomas Kalabis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/\",\"name\":\"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com\",\"isPartOf\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png\",\"datePublished\":\"2021-12-17T13:38:13+00:00\",\"dateModified\":\"2021-12-22T09:40:35+00:00\",\"author\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6\"},\"description\":\"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png\",\"contentUrl\":\"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png\",\"width\":211,\"height\":212},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tomaskalabis.com\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#website\",\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/\",\"name\":\"tomaskalabis.com\",\"description\":\"my personal blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tomaskalabis.com\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6\",\"name\":\"Tomas Kalabis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g\",\"caption\":\"Tomas Kalabis\"},\"sameAs\":[\"https:\/\/x.com\/tomaskalabis\"],\"url\":\"https:\/\/tomaskalabis.com\/wordpress\/author\/kalabis\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com","description":"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/","og_locale":"cs_CZ","og_type":"article","og_title":"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com","og_description":"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0","og_url":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/","og_site_name":"tomaskalabis.com","article_published_time":"2021-12-17T13:38:13+00:00","article_modified_time":"2021-12-22T09:40:35+00:00","og_image":[{"width":211,"height":212,"url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png","type":"image\/png"}],"author":"Tomas Kalabis","twitter_misc":{"Napsal(a)":"Tomas Kalabis","Odhadovan\u00e1 doba \u010dten\u00ed":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/","url":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/","name":"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY - tomaskalabis.com","isPartOf":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage"},"image":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png","datePublished":"2021-12-17T13:38:13+00:00","dateModified":"2021-12-22T09:40:35+00:00","author":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6"},"description":"For VMware UAG thats is in most cases exposed to internet, its necessary to apply WORKAROUND for CVE-2021-44228 to Unified Access Gateway version 2009 through to 2111.\u00a0","breadcrumb":{"@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/"]}]},{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#primaryimage","url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png","contentUrl":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png","width":211,"height":212},{"@type":"BreadcrumbList","@id":"https:\/\/tomaskalabis.com\/wordpress\/how-to-mitigate-apache-log4j-exploit-on-vmware-unified-access-gateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tomaskalabis.com\/wordpress\/"},{"@type":"ListItem","position":2,"name":"How to mitigate Apache Log4j exploit on VMware UNIFIED ACCESS GATEWAY"}]},{"@type":"WebSite","@id":"https:\/\/tomaskalabis.com\/wordpress\/#website","url":"https:\/\/tomaskalabis.com\/wordpress\/","name":"tomaskalabis.com","description":"my personal blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tomaskalabis.com\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/8e7e83f618a561ed3734a38cef4cf1d6","name":"Tomas Kalabis","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/tomaskalabis.com\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9f7e4796b38d5720e8a07b918f423311?s=96&d=retro&r=g","caption":"Tomas Kalabis"},"sameAs":["https:\/\/x.com\/tomaskalabis"],"url":"https:\/\/tomaskalabis.com\/wordpress\/author\/kalabis\/"}]}},"jetpack_featured_media_url":"https:\/\/tomaskalabis.com\/wordpress\/wp-content\/uploads\/2021\/12\/Screenshot-2021-12-17-at-14.37.34.png","_links":{"self":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7000"}],"collection":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/comments?post=7000"}],"version-history":[{"count":3,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7000\/revisions"}],"predecessor-version":[{"id":7017,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/posts\/7000\/revisions\/7017"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/media\/7003"}],"wp:attachment":[{"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/media?parent=7000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/categories?post=7000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tomaskalabis.com\/wordpress\/wp-json\/wp\/v2\/tags?post=7000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}