Log4j and log4j2 library vulnerability
-
@necrevistonnezr ah ok, then this is fine. It is not exposed or anything.
-
I am aware of solr being detected by the static analyzers (the marketplace images complain about the same). solr is used internally for full text search in the mail container. It's not on by default and it's also not exposed outside the internal docker network (so not exposed to outside world).
Still, we will update the mail container. Solr only put out a new release yesterday which update log4j.
-
@mastadamus I'm happy to report that Crowdsec successfully responded to a log4j exploit scanner. If you set up your nginx log configuration per my post in support, and install the nginx collection as well as the log4j2 collection with an firewall iptable bouncer it will auto block any ip belonging to an attempt it parses out.
crowdsec crowdsecurity/apache_log4j2_cve-2021-44228 Ip 45.83.65.33 2021-12-17 07:55:25 2021-12-17 07:55:25
-
@mastadamus do you have a step by step instructions to setup crowdsec in a cloudron context ?
-
-
@mastadamus thanks alot, will try to implement this & will report under your post
-
@nebulon I found log4j2 libary usage in kutt (urlshortener)
Standard config:
# ONLY NEEDED FOR MIGRATION !!1! # Neo4j database credential details NEO4J_DB_URI=bolt://localhost NEO4J_DB_USERNAME= NEO4J_DB_PASSWORD=
changed to this without errors:
# ONLY NEEDED FOR MIGRATION !!1! # Neo4j database credential details #NEO4J_DB_URI=bolt://localhost #NEO4J_DB_USERNAME=neo4j #NEO4J_DB_PASSWORD=BjEphmupAf1D5pDD
Is there anything else to do?
Is that even a issue? -