Removal of JMSAppender.class and SocketServer.class from log4j jar
search cancel

Removal of JMSAppender.class and SocketServer.class from log4j jar

book

Article ID: 232344

calendar_today

Updated On:

Products

CA Workload Automation AE CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

Our security team would like to remove the JMSAppender.class and SocketServer.class from the log4j.jar files.

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

unzip -l log4j*.jar will list the files inside. We do not care about those with the $ sign.
zip -q -d will remove the class file listed using below syntax
Backup the jar file before changing so it can be reverted if the service will not start or if the service is not logging properly.

 

Steps to remediate:
1. Backup original jar files (BOTH!) in case it is found to be needed later and put in safe directory.
cp /opt/CA/WorkloadCC/bin/lib/log4j.jar /home/a763380/log4j.jar.backup
cp /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar /home/a763380/log4j-1.2.17.jar.backup
tar cvf /home/a763380/save.tar /home/a763380/log4j*

2. Stop WCC services

3. Run below command to remove the vulnerable classes from log4j.jar
zip -q -d /opt/CA/WorkloadCC/bin/lib/log4j.jar org/apache/log4j/net/JMSAppender.class
zip -q -d /opt/CA/WorkloadCC/bin/lib/log4j.jar org/apache/log4j/net/SimpleSocketServer.class
zip -q -d /opt/CA/WorkloadCC/bin/lib/log4j.jar org/apache/log4j/net/SocketServer.class
zip -q -d /opt/CA/WorkloadCC/bin/lib/log4j.jar org/apache/log4j/net/SocketAppender.class
zip -q -d /opt/CA/WorkloadCC/bin/lib/log4j.jar org/apache/log4j/net/SocketHubAppender.class

4. Run below command to remove the vulnerable classes from log4j-1.2.17.jar
zip -q -d /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar org/apache/log4j/net/JMSAppender.class
zip -q -d /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar org/apache/log4j/net/SimpleSocketServer.class
zip -q -d /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar org/apache/log4j/net/SocketServer.class
zip -q -d /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar org/apache/log4j/net/SocketAppender.class
zip -q -d /opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar org/apache/log4j/net/SocketHubAppender.class

5. Copy the new log4j-1.2.17.jar to the other directories
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/forecast/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/configuration-services/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/quickview/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/resources/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/ecli/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/jsc-rest/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/asi/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/configuration/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/reporting-rest/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/rest/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/quick-edit/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/webapps/app-editor/WEB-INF/lib/log4j-1.2.17.jar
cp -f log4j-1.2.17.jar /opt/CA/WorkloadCC/tomcat/lib/log4j-1.2.17.jar
6. Restart WCC services

**********************************************************************
**********************************************************************
Affected WCC jar files that contain the 5 vulnerable classes:

/opt/CA/WorkloadCC/bin/lib/log4j.jar
/opt/CA/WorkloadCC/tomcat/webapps/wcc/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/forecast/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/configuration-services/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/quickview/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/resources/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/ecli/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/jsc-rest/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/asi/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/configuration/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/reporting-rest/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/rest/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/quick-edit/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/webapps/app-editor/WEB-INF/lib/log4j-1.2.17.jar
/opt/CA/WorkloadCC/tomcat/lib/log4j-1.2.17.jar