You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/logDue to issue registered on docker repository on github
"unexpected file permission error in container", #783
it is impossible to run rm -rf /somefolder for a folder that was created with ADD or COPY instructions of Dockerfile.
As a workaround to this it is possible to remove individual files one-by-one in case when this operation runs on the same layer:
find /src -type f | xargs -L1 rm -f.
Here is an example of Dockerfile:
