Good afternoon, is there any patches in the works or potential mitigation steps for the latest java log4j vulnerability (CVE-2021-44228)? I know that GeoEvent server uses log4j and can assume some other enterprise server's or portal potentially do as well. Any help would be appreciated in resolving this zero-day.
Thanks,
Solved! Go to Solution.
Install miniconda3, it's a minimal anaconda python setup. I'd also suggest looking into chocolatey or scoop as a package manager for windows. Make your own life a little easier.
When running the Python script with the --delete, I get the error
OSError: [WinError 145] The directory is not empty: 'C:\\Users\\<user>\\AppData\\Local\\Temp\\2\\tmptl5ay2w1\\org\\apache\\logging\\log4j\\core\\tools'
The listing runs fine.
We've just got a similar for our attempt on our test environment
We ran the CMD as adminstrator
OSError: [WinError 145] The directory is not empty: 'C:\\Users\\ADEB3D~1\\AppData\\Local\\Temp\\tmpw8tj9mrg\\org\\apache\\logging\\log4j\\core'
We ran the list again afterwards it patched the first 1 of 5 but not the
D:\ArcGIS\Server\framework\lib\shared\log4j-core-2.8.2.jar -- patched
D:\ArcGIS\Server\tools\configurebasedeployment\lib\log4j-core.jar -- needs patching
D:\ArcGIS\Server\tools\createsite\lib\log4j-core.jar -- needs patching
D:\ArcGIS\Server\tools\upgradebasedeployment\lib\log4j-core.jar -- needs patching
D:\ArcGIS\Server\tools\upgradeserver\lib\log4j-core.jar -- needs patching
Anyone got any suggestions?
We ran the tool again and this time it worked, we are considering running this again to see if it is a one off
D:\Log4j>D:\ArcGIS\Server\framework\runtime\ArcGIS\bin\Python\envs\arcgispro-py3\python.exe log4shellmitigation.py --list D:\ArcGIS\Server
Product home: D:\ArcGIS\Server
Pattern to search: D:\ArcGIS\Server\**\*log4j-core*.jar
Pattern to search: D:\ArcGIS\Server\**\pax-logging-log4j2\*\*.jar
Found files: 5
D:\ArcGIS\Server\framework\lib\shared\log4j-core-2.8.2.jar -- patched
D:\ArcGIS\Server\tools\configurebasedeployment\lib\log4j-core.jar -- patched
D:\ArcGIS\Server\tools\createsite\lib\log4j-core.jar -- patched
D:\ArcGIS\Server\tools\upgradebasedeployment\lib\log4j-core.jar -- patched
D:\ArcGIS\Server\tools\upgradeserver\lib\log4j-core.jar -- patched
Summary:
System has been patched. No updates are needed.
All done!
D:\Log4j>
I tried several times, but it doesn't reach the end.
Joris Frenkel
Seems to be a Windows file locking issue:
https://stackoverflow.com/questions/303200/how-do-i-remove-delete-a-folder-that-is-not-empty
I changed the two lines in the script where temp folders are removed to:
shutil.rmtree(temp_dir_name, ignore_errors=True)
(adding ignore_errors=True)
and now it works.
Thanks @jorisfrenkel! The script ran without issue for me on all but one server. But then I made the change you suggested and it got the job done.
I have a question about the recommended scripts regarding ArcGIS Enterprise und ArcGIS Server stand-alone 10.5-10.5.1 (Yes, we know the versions are quite old, but upgrading was not possibel due to internal reasons so fare).
The blog states the scripts have been validated for versions 10.6 and above, however they should work on older versions of ArcGIS Enterprise and ArcGIS Server as well.
@RandallWilliamsCould you let us know if Esri plans to test this for 10.5.x as well? This message is to uncertain at the moment to roll out the scripts in customer productions system. Or vice versa, why should the work in the older version as well. Could you give me some background information about this? Thanks a lot for all your help.
I've ran the --list function from the mitigation script on our 10.5 ArcGIS Server and I receive 0 results....
Is this good news? or bad news in that the script just simply doesn't work on 10.5......
Pattern to search: c:\Program Files\ArcGIS\Server\**\*log4j-core*.jar
Pattern to search: c:\Program Files\ArcGIS\Server\**\pax-logging-log4j2\*\*.jar
Found files: 0
All done!
C:\log4shellmitigation>
We have ArcGIS Enterprise 10.9. This morning I executed the recommended scripts.
Now my hosted feature services don't work anymore. I can't publish new ones either. Is this just my bad luck or does anyone else have the same issue?