Now if the UAG version is between 20 it is also necessary to set the -Dlog4j2.formatMsgNoLookups=true option on the authbroker service with the following commands. Note the space between “s/java /java” and a space after “true /” in the command, these are important to ensure the command works correctly and doesn’t attempt to modify the wrong lines in the configuration file. Well we need to connect to UAG and create a uag_rm_log4j_jndilookup.sh fileĬopy into the file the code, and enable it for execution Log_to_console "Verification: Grep authbroker-std-out.log for log4j errors, we are good if no exception is displayed below"Ĭat /opt/vmware/gateway/logs/authbroker-std-out.log | grep log4j Log_to_console "Replaced updated ab-frontend-0.2.jar, now looking for jndi in other places"įind / -type f \( -name "*.jar" -o -name *.war \) -exec sh -c "zipinfo -1 " \ Mv ab-frontend-0.2.jar /opt/vmware/gateway/lib Zip -dq /tmp/test/hc/WEB-INF/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class ![]() Unzip -q -o /tmp/test/hc.war -d /tmp/test/hc Unzip -q -o /opt/vmware/gateway/lib/ab-frontend-0.2.jar -d /tmp/test Log_to_console "Unpacking archive and removing JndiLookup.class"Ĭp /opt/vmware/gateway/lib/ab-frontend-0.2.jar /tmp/bkp Log_to_console "UAG Version: " $(tail -1 /opt/vmware/gateway/logs/ 2>/dev/null) Maximum file size is 50MBĮcho "$(date '%Y-%m-%d %T')" "$HOSTNAME" "Running script to remove JndiLookup.class from jars in Unified Access Gateway" # Log contents to file by prefixing timestamp. ![]()
0 Comments
Leave a Reply. |