Log4j and log4j2 library vulnerability

Mastadamus

@girish min patch to rectify log4j2 issues is 2.16 .. 2.15 is affected by cvss 9.0 rce in some instances.

Mastadamus

@rmdes good suggestion.

Mastadamus

@mastadamus I'm happy to report that Crowdsec successfully responded to a log4j exploit scanner. If you set up your nginx log configuration per my post in support, and install the nginx collection as well as the log4j2 collection with an firewall iptable bouncer it will auto block any ip belonging to an attempt it parses out.

crowdsec crowdsecurity/apache_log4j2_cve-2021-44228 Ip 45.83.65.33 2021-12-17 07:55:25 2021-12-17 07:55:25

rmdes

@mastadamus do you have a step by step instructions to setup crowdsec in a cloudron context ?

Mastadamus

@rmdes I'll put one together later tonight.

Mastadamus

@rmdes https://forum.cloudron.io/topic/6224/crowdsec-install-guide-for-cloudron-purposes

rmdes

@mastadamus thanks alot, will try to implement this & will report under your post

3gal

@nebulon I found log4j2 libary usage in kutt (urlshortener)

Standard config:

# ONLY NEEDED FOR MIGRATION !!1!
# Neo4j database credential details
NEO4J_DB_URI=bolt://localhost
NEO4J_DB_USERNAME=
NEO4J_DB_PASSWORD=

changed to this without errors:

# ONLY NEEDED FOR MIGRATION !!1!
# Neo4j database credential details
#NEO4J_DB_URI=bolt://localhost
#NEO4J_DB_USERNAME=neo4j
#NEO4J_DB_PASSWORD=BjEphmupAf1D5pDD

Is there anything else to do?
Is that even a issue?

girish

@3gal neo4j and log4j are different. the former is a database and the latter is logging library. Kutt anyway is written in typescript and not affected by log4j issue.

3gal

@girish ah i didnt even notice bevause of all the 4j notices my eyes where too open

thx for looking at this anyway