Log4j Remediation - Linux
- 20 Dec 2021
- DarkLight
Log4j Remediation - Linux
- Updated on 20 Dec 2021
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
This document will illustrate how to upgrade the Commvault agents to minimal code versions to support the Log4j hotfix.
The hotfix impacts the Commvault product features below:
• Cloud Apps package
• Oracle agent - Database archiving, data masking, and logical dump backup
• Microsoft SQL Server agent - Database archiving, data masking, and table-level restore
Informational
This remediation guide is written assuming wget as a standard method of fetching files, please adjust accordingly within the uniqueness of your environment.
Installing wget Example
[root@acm-lab-linux01 ~]# yum install wget
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
http://mirror.mia.velocihost.net/centos/7.9.2009/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article
https://access.redhat.com/solutions/69319
If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
updates/7/x86_64/primary_db | 13 MB 00:00:00
Determining fastest mirrors
* base: mirror.grid.uchicago.edu
* extras: mirror.mia.velocihost.net
* updates: mirror.grid.uchicago.edu
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================================
Installing:
wget x86_64 1.14-18.el7_6.1 base 547 k
Transaction Summary
========================================================================================================================================================
Install 1 Package
Total download size: 547 k
Installed size: 2.0 M
Is this ok [y/d/N]: y
Downloading packages:
wget-1.14-18.el7_6.1.x86_64.rpm | 547 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : wget-1.14-18.el7_6.1.x86_64 1/1
Verifying : wget-1.14-18.el7_6.1.x86_64 1/1
Installed:
wget.x86_64 0:1.14-18.el7_6.1
Complete!Download Commvault Dependency Package
Using the following credentials, download the Commvault Maintenance package:
user: expedient
pass: publ1c
wget https://download.expedient.com/cv/log4j/Commvault_Maintenance_11_20_77_linux-x8664.tar --user=expedient --ask-password[root@acm-lab-linux01 ~]# wget https://download.expedient.com/cv/log4j/Commvault_Maintenance_11_20_77_linux-x8664.tar --user=expedient --ask-password
Password for user ‘expedient’:
--2021-12-16 18:40:59-- https://download.expedient.com/cv/log4j/Commvault_Maintenance_11_20_77_linux-x8664.tar
Resolving download.expedient.com (download.expedient.com)... 209.166.171.26
Connecting to download.expedient.com (download.expedient.com)|209.166.171.26|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to download.expedient.com:443.
HTTP request sent, awaiting response... 200 OK
Length: 1817609728 (1.7G) [application/x-tar]
Saving to: ‘Commvault_Maintenance_11_20_77_linux-x8664.tar’
100%[============================================================================================================>] 1,817,609,728 101MB/s in 18s
2021-12-16 18:41:17 (97.9 MB/s) - ‘Commvault_Maintenance_11_20_77_linux-x8664.tar’ saved [1817609728/1817609728]Download Log4j Specfic Patching
Using the following credentials, download the Log4j package:
user: expedient
pass: publ1c
wget https://download.expedient.com/cv/log4j/v11SP20_Available_HotFix4561_linux-x8664.tar --user=expedient --ask-password
[root@acm-lab-linux01 ~]# wget https://download.expedient.com/cv/log4j/v11SP20_Available_HotFix4561_linux-x8664.tar --user=expedient --ask-password
Password for user ‘expedient’:
--2021-12-16 18:17:27-- https://download.expedient.com/cv/log4j/v11SP20_Available_HotFix4561_linux-x8664.tar
Resolving download.expedient.com (download.expedient.com)... 209.166.171.26
Connecting to download.expedient.com (download.expedient.com)|209.166.171.26|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to download.expedient.com:443.
HTTP request sent, awaiting response... 200 OK
Length: 23875584 (23M) [application/x-tar]
Saving to: ‘v11SP20_Available_HotFix4561_linux-x8664.tar’
100%[==============================================================================================================>] 23,875,584 92.5MB/s in 0.2s
2021-12-16 18:17:27 (92.5 MB/s) - ‘v11SP20_Available_HotFix4561_linux-x8664.tar’ saved [23875584/23875584]Extract Remediation Packages
sudo mkdir Commvault_Maintenance_11_20_77_linux-x8664
tar -xf Commvault_Maintenance_11_20_77_linux-x8664.tar -C Commvault_Maintenance_11_20_77_linux-x8664
sudo mkdir v11SP20_Available_HotFix4561_linux-x8664
tar -xf v11SP20_Available_HotFix4561_linux-x8664.tar -C v11SP20_Available_HotFix4561_linux-x8664Update Commvault Agent Dependencies
sudo chmod +x ./Commvault_Maintenance_11_20_77_linux-x8664/InstallUpdates
./Commvault_Maintenance_11_20_77_linux-x8664/InstallUpdates
Update Commvault Agent with Log4j Patch
sudo chmod +x v11SP20_Available_HotFix4561_linux-x8664/InstallUpdates
./v11SP20_Available_HotFix4561_linux-x8664/InstallUpdates
This remediation will need to be applied to all Commvault protected systems within your environment.
Was this article helpful?