×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Free Advice log4j Vulnerability on IBM i, take it or leave it, *no
guarantee.*
*Step 1*
Run Jesse's Gorzinki's script
https://github.com/ThePrez/IBMiOSS-utils/blob/master/avoid_log4shell.sh
Restart all system Java stuff.
*Step 2*
You're looking for jars of log4j version 2.x that contain the Java class
JndiLookup.class
If they are log4j 1.x you have a different problem, it's time to upgrade.
Here is an interactive bash shell session looking for stuff.
$ cd / $ for i in `find . | grep log4j | grep .jar`; do echo $i; jar tf $i
| grep -i jndi; done # Looks for any log4j jar and prints name then looks
to see if it contains a class with the string "jndi" in any mixture of case
$ for i in `find . | grep '\.ear^`; do echo $i ; jar tf $i | grep -i log4j;
done
# Looks for any .ear file that contains a log4j jar ... if you see "log4j"
appear, unpack that .ear using jar -xf filename.ear in a temp dir and
examine the log4j* jar
$ for i in `find . | grep '\.war^`; do echo $i ; jar tf $i | grep -i log4j;
done
# Looks for any .war file that contains a log4j jar ... if you see "log4j"
appear, unpack that .war using jar -xf filename.war in a temp dir and
examine the log4j* jar
midrange.com
