Steps to manually upgrade Log4j to version 2.25.x for AutoSys Workload Automation Agents
search cancel

Steps to manually upgrade Log4j to version 2.25.x for AutoSys Workload Automation Agents

book

Article ID: 429676

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Customers have reported being flagged for Log4j vulnerabilities within their agent estate, specifically affecting Agent versions 12.1 and 12.1 SP1. While general instructions exist for instance-level updates, there is a requirement to discretely upgrade the Log4j JAR files on the agents to mitigate these security vulnerabilities.

Environment

A Workload Automation AE - Business Agents (AutoSys)

12.1, 12.1 SP1

Linux / UNIX

Cause

Infrastructure vulnerability scanners (such as Tenable or Qualys) identify older Log4j 2.x versions as vulnerable. Upgrading to a more recent, patched version like 2.25.3 is necessary to comply with security standards and resolve the identified vulnerabilities.

Resolution

1. Download Binaries:
Obtain the latest Log4j binaries from the Apache logging site: "https://logging.apache.org/log4j/2.x/download.html"
Download: "apache-log4j-2.25.3-bin.zip"

2. Unzip and Identify Required Files:
Unzip the archive and locate the following core JAR files:
 "log4j-core-2.25.3.jar"
 "log4j-api-2.25.3.jar"

"log4j-slf4j-impl.jar"

3. Stop the Agent:
Navigate to the agent installation directory and shut down the service

./cybAgent -s

Note: Verify that no listeners or processes are active on the agent port (default 7520) using:

netstat -anp | grep 7520
ps -ef | grep 7520

4. Backup Existing Files:
Move the existing Log4j JARs to a secure backup location:
Directory: "/opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/"

mv log4j-core.jar /home/backup_oldlog4j
mv log4j-api.jar /home/backup_oldlog4j

mv log4j-slf4j-impl.jar /home/backup_oldlog4j

5. Deploy New JARs:
Copy the new 2.25.3 JARs from your source folder to the agent's extension directory:

cp log4j-core-2.25.3.jar /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/
cp log4j-api-2.25.3.jar /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/

cp log4j-slf4j-impl-2.25.3.jar /opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/

6. Set Permissions and Ownership:
Switch to the "/opt/CA/WorkloadAutomationAE/SystemAgent/WA_AGENT/jars/ext/" directory and apply the correct attributes:

chmod 755 log4j-core-2.25.3.jar log4j-api-2.25.3.jar log4j-slf4j-impl-2.25.3.jar 
chown autosys:autosys log4j-core-2.25.3.jar log4j-api-2.25.3.jar  log4j-slf4j-impl-2.25.3.jar

7. Rename to Generic Names:
Rename the versioned JARs to the names expected by the agent classpath:

mv log4j-core-2.25.3.jar log4j-core.jar 
mv log4j-api-2.25.3.jar log4j-api.jar

mv  log4j-slf4j-impl-2.25.3.jar log4j-slf4j-impl.jar

8. Restart the Agent:

 ./cybAgent -a

Agent service is starting...
Agent service has been started

Example:
 ps -ef|grep cybAgent
<user>       <pid>       1  0 14:38 ?        00:00:00 ./cybAgent.bin -a
netstat -anp| grep 7520
tcp6       0      0 :::7520                 :::*                    LISTEN      <pid>/java

Additional Information

https://knowledge.broadcom.com/external/article?articleId=426496

 

Powered by Wolken Software