CVE-2021-44228 Log4j formatMsgNoLookups=true for BigFix Compliance
Log In or Register to download the BES file, and more.

0 Votes

Description

Updates the BigFix Compliance jvm.options file to disable log message lookups by adding

-Dlog4j2.formatMsgNoLookups=true

to the jvm.options file for BigFix Compliance.  This is effective only for Compliance versions 2.0.2 or higher.


Property Details

ID26891
StatusAlpha - Code that was just developed
TitleCVE-2021-44228 Log4j formatMsgNoLookups=true for BigFix Compliance
DomainBESC
SourceInternal
Source Release Date12/10/2021 12:00:00 AM
KeywordsCVE, CVE-2021-44228, Log4j, vulnerability, Compliance
Added by on 12/11/2021 9:32:29 AM
Last Modified by on 12/11/2021 9:32:29 AM
Counters 703 Views / 20 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 266 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
x64 of operating system
Used in 16 fixlets and 16 analyses   * Results in a true/false
Show indented relevance
windows of operating system AND (if exists property "in proxy agent context" then not in proxy agent context else true)
Used in 2 fixlets   * Results in a true/false
Show indented relevance
exists keys ("IBM BigFix Compliance";"BigFix Compliance") of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x64 registry
Used in 1 fixlet   * Results in a true/false
Show indented relevance
((not exists line whose ((it starts with "-Dlog4j2.formatMsgNoLookups=true") ) of it) ) of file ((((value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigfix Compliance" of x64 registry) | (value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Bigfix Compliance" of x64 registry))) as string & "\wlp\usr\servers\server1\jvm.options")

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
parameter "jvm_options_folder" = "{((((value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigfix Compliance" of x64 registry) | (value "InstallLocation" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Bigfix Compliance" of x64 registry))) as string & "\wlp\usr\servers\server1\")}"

parameter "jvm_options_backup" = "{parameter "jvm_options_folder" as string & "jvm.old.options"}"
parameter "jvm_options_file" = "{parameter "jvm_options_folder" as string & "jvm.options"}"

delete __appendfile
appendfile {concatenation "%0d%0a" of lines of file (parameter "jvm_options_file")}
appendfile -Dlog4j2.formatMsgNoLookups=true

delete "{parameter "jvm_options_backup"}"
move "{parameter "jvm_options_file"}" "{parameter "jvm_options_backup"}"
copy __appendfile "{parameter "jvm_options_file"}"

waithidden net stop TEMA
waithidden net start TEMA
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
talsela87 -
thanks!