LOG4J CVE-2021-44228 - Mitigation
A quick post to provide some resources which will help in the mitigation of this issue. We have updated this post to include information on the second LOG4J vulnerability CVE-2021-45046;
This is my favourite representation of the issue;
Has a load of useful resources related to LOG4J;
Has published an advisory;
Our Security Vendors
With both of these firewall vendors you will need to set the IPS protection to prevent as by default they are detect only.
RSA have published an advisory on affected/not affected systems
It you are running a firewall without IPS protection such as a native cloud firewall from Azure or AWS you are limited with what you can do, you would be well advised to deployed a full threat protection firewall or WAF to combat this (and other) issues, contact us to discuss further. See the bottom of this post for contact options.
You can use these commands to identify if LOG4J is present on your system. You wlll need to adapt the commands to suit your distribution of Linux.
Look for files
sudo find / -iname "log4j"
Look for packages
sudo apt list --installed | grep log4j
If you are still unsure, and, need a scan run of your system(s), please contact us as we have our deployment of Tenable Nessus Professional with both local and remote LOG4SHELL detection templates and can work with you to check your exposure. Contact us via our contact form on this website or log a ticket via our support portal if you have been granted access;
and finally if you wondering how we feel after all of this well here you go...