Apache Log4j 远程代码执行漏洞的响应 (CVE-2021-44228)--vCenter Server6.5实践--临时解决方案

0.建议操作前系统做快照

vMON

1.停止vcenter服务

 cd "C:\Program Files\VMware\vCenter Server\bin"

执行

.\service-control --stop --all

2.备份vsphere-ui.json和vsphere-client.json到c:\Log4j(环境中没有更改的用例,所以备份可以忽略)

C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\

执行 :

copy .\vsphere-ui.json ,.\vsphere-client.json C:\Log4j\

 

3.接下来检查两个脚本中的参数,但是在我的环境中一条都没有符合

example of types of lines to remove

// Enable remote debugging

// NOTE: Use this option only when you really need it. Don't keep it on by default.

//       It has the potential to cause memory leaks. For further details, see

//       https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own

//      observations at PR 1878411, comments 21, 33, 34, and 35

//"-Xdebug",

//"-Xnoagent",

//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8002",

// Enable JMX

//"-Dcom.sun.management.jmxremote",

//"-Dcom.sun.management.jmxremote.port=9876",

//"-Dcom.sun.management.jmxremote.local.only=false",

//"-Dcom.sun.management.jmxremote.authenticate=false",

//"-Dcom.sun.management.jmxremote.ssl=false",5-bri

 

C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json

example of types of lines to remove

// This option will be removed soon. See JIRA VSUIP-180

// Enable remote debugging

// NOTE: Use this option only when you really need it. Don't keep it on by default.

//       It has the potential to cause memory leaks. For further details, see

//       https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own

//      observations at PR 1878411, comments 21, 33, 34, and 35

//"-Xdebug",

//"-Xnoagent",

//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8001",

// Enable JMX

//"-Dcom.sun.management.jmxremote",

//"-Dcom.sun.management.jmxremote.port=9875",

//"-Dcom.sun.management.jmxremote.local.only=false",

//"-Dcom.sun.management.jmxremote.authenticate=false",

//"-Dcom.sun.management.jmxremote.ssl=false",

 

Note: Do not simply uncomment these lines. Remove them completely.

4.执行vMON.py

 cd "C:\Program Files\VMware\vCenter Server\python"

.\python.exe vMON.py

5.重启服务(建议最后执行)

  .\service-control --start --all

  .\service-control --status

STS

1.备份wrapper.conf

copy C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf C:\Log4j

\sts-wrapper.conf

2.在Java Additional Parameters末尾添加

wrapper.java.additional.27="-Dlog4j2.formatMsgNoLookups=true"

Apache Log4j 远程代码执行漏洞的响应 (CVE-2021-44228)--vCenter Server6.5实践--临时解决方案

 

PSC

1.备份

c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf

C:\Program Files\VMware\vCenter Server\bin> copy c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf C:\Log4

j\psc-client-wrapper.conf

2.编辑wrapper.conf,添加 wrapper.java.additional.23="-Dlog4j2.formatMsgNoLookups=true"到# Java Additional Parameters" 的最后一项

Apache Log4j 远程代码执行漏洞的响应 (CVE-2021-44228)--vCenter Server6.5实践--临时解决方案

Identity Management Service

1.备份注册表

2.在此处添加-Dlog4j2.formatMsgNoLookups=true

Apache Log4j 远程代码执行漏洞的响应 (CVE-2021-44228)--vCenter Server6.5实践--临时解决方案

Component Manager

1.备份C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar

 copy 'C:\Program Files\VMware\vCenter Server\cm\lib\log4j-core.jar' C:\Log4j\log4j-core.jar

 

2.重命名为.zip,解压log4j-core.jar,删除

core.jar.zip\org\apache\logging\log4j\core\lookup\JndiLookup.class

3.去掉.zip后缀

最后重启vcenter服务

C:\Program Files\VMware\vCenter Server\bin> .\service-control --start --all

上一篇:在source insight中加入TortoiseSVN的功能


下一篇:Tomcat6 配置多虚拟主机,多域名绑定一IP