You have 2 options, use the script descrived bellow or follow the instrutions
script in this gist if you want the source code
wget https://gist.githubusercontent.com/Vertecedoc4545/6e54487f07a1888b656b656c0cdd9764/raw/2c5e8ccb428fc331307e2f653cab88174c051310/build-ubuntu-23.sh
chmod +x build-ubuntu-23.sh
./build-ubuntu-23.sh
qemu-system-x86_64 -enable-kvm \
-m 4G -smp 4 \
-device virtio-vga-gl,xres=1280,yres=720 \
-serial mon:stdio \
-display sdl,gl=on,show-cursor=on \
-usb -device usb-mouse -device usb-kbd -device usb-tablet \
-net user,hostfwd=tcp::8022-:22 -net nic \
-drive format=raw,file=chromiumos_qemu_image.bin
| #!/bin/sh -eu | |
| export CLUSTER_NAME=dreamkast-cluster | |
| export CLUSTER_REGION=ap-northeast-1 | |
| export PROFILE=default | |
| curl -o /tmp/iam_policy.json "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.1/docs/install/iam_policy.json" | |
| aws iam create-policy \ | |
| --policy-name "AWSLoadBalancerControllerIAMPolicy" \ | |
| --policy-document "file:///tmp/iam_policy.json" \ |
| # this fixes log4shell on all your software | |
| # you also need to restart all java services. | |
| # be aware that although jndilookup in log4j is almost nowhere in use, if your software uses it it will produce exceptions. | |
| locate '*log4j-core*jar' | xargs -L 1 -I swot zip -d swot org/apache/logging/log4j/core/lookup/JndiLookup.class | |
| # reference: https://nvd.nist.gov/vuln/detail/CVE-2021-44228#:~:text=removing%20the%20JndiLookup%20class%20from%20the%20classpath%20(example%3A%20zip%20%2Dq%20%2Dd%20log4j%2Dcore%2D*.jar%20org/apache/logging/log4j/core/lookup/JndiLookup.class). |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
| ; bootloader which can only print hello world to the screen, I used qemu for emulation | |
| ; I might come back to this in the future, maybe | |
| ; Code is almost a year old so yeah I don't expect to understand it because it's poorly commented | |
| [org 0x7c00] | |
| call START | |
| START: |
| #!/usr/bin/env python | |
| import sys | |
| from ansible.parsing.vault import PromptVaultSecret, VaultLib | |
| from ruamel.yaml import YAML | |
| old_secret = PromptVaultSecret(prompt_formats=["Old password: "]) | |
| old_secret.load() | |
| new_secret = PromptVaultSecret(prompt_formats=["New password: "]) |
| #!/usr/bin/env python3 | |
| from getpass import getpass | |
| from requests import request | |
| ########################################### | |
| # Prompt the user for required information. | |
| ########################################### | |
| print('\n' + ('*' * 25) + ' Required Information: ' + ('*' * 25)) |
| if [ "$EUID" -ne 0 ] | |
| then | |
| echo -e "\033[0;33mWARNING:\033[0m This script requires root privileges!" | |
| fi | |
| if [ $# -ne 2 ] | |
| then | |
| echo -e "\033[0;31mERROR:\033[0m Image name and/or drive not given in arguments!" | |
| echo "Usage:" | |
| echo -e "\t\033[1;31mbackup <image name> <drive>\033[0m" |
Cloud-init combined with terraform can be a powerful tool to provision instances on startup. Debugging scripts that are run by cloud-init however are not the easiest to debug.
Usually on an Ubuntu machine a lot of what is happening can be found in the syslog
cat /var/log/syslog