Skip to content

Instantly share code, notes, and snippets.

@TaylorBurnham

TaylorBurnham/Log4j Remediation.md

Created February 1, 2022 15:08
Show Gist options
  • Save TaylorBurnham/d4da5a7286ef29384562b0e7f9ac9b48 to your computer and use it in GitHub Desktop.
Save TaylorBurnham/d4da5a7286ef29384562b0e7f9ac9b48 to your computer and use it in GitHub Desktop.
Download ZIP
Demonstration of patching a specific file in a container, then mapping it with a hard link. This should only be done when upgrading isn't possible.
Raw
Log4j Remediation.md

  1. Copy the file from the container.

    docker cp logstash:/usr/share/logstash/logstash-core/lib/jars/log4j-core-2.13.3.jar patched/.

  2. Delete the JndiLookup.class from the JAR.

    zip -d patched/log4j-core-2.13.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

  3. Update docker-compose.yml to hard link the patched file.

    version: '3.2'
services:
   logstash:
   ...
   volumes:
   ...
   - type: bind
     source: ./patched/log4j-core-2.13.3.jar
     target: /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.13.3.jar
     read_only: true
   ...

  4. Re-create the container.

    docker-compose up -d logstash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment