grahampugh · December 17, 2021 09:52
diff --git a/fix_log4j.sh b/fix_log4j.sh
 #!/bin/bash

 : <<DOC
 https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html

 deletes:
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-1.2-api-2.13.3.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-api-2.13.3.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-core-2.13.3.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-slf4j-impl-2.13.3.jar

 creates:
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-1.2-api-2.16.0.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-api-2.16.0.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-core-2.16.0.jar
 /usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-slf4j-impl-2.16.0.jar
 DOC

 # old_jars=( log4j-1.2-api-2.13.3.jar log4j-api-2.13.3.jar log4j-core-2.13.3.jar log4j-slf4j-impl-2.13.3.jar )
 new_jars=( log4j-1.2-api-2.16.0.jar log4j-api-2.16.0.jar log4j-core-2.16.0.jar log4j-slf4j-impl-2.16.0.jar )

 new_jar_source="/root/log4j-vuln-2021-12-17/apache-log4j-2.16.0-bin"
 webapps_dir="/usr/share/tomcat8/webapps"
 backup_dir="/root/log4j-vuln-2021-12-17/backups"

 mkdir -p "/root/log4j-vuln-2021-12-17"
 cd "/root/log4j-vuln-2021-12-17" || exit
 if [[ ! -d apache-log4j-2.16.0-bin ]]; then
    curl https://dlcdn.apache.org/logging/log4j/2.16.0/apache-log4j-2.16.0-bin.zip -o apache-log4j-2.16.0-bin.zip
    unzip apache-log4j-2.16.0-bin.zip
 fi

 mkdir -p "$backup_dir"

 # build a list of instances
 dir_list=()
 while IFS= read -d $'\0' -r dir ; do
    dir_list=("${dir_list[@]}" "$dir")
 done < <(find "$webapps_dir/" -mindepth 1 -maxdepth 1 -type d ! -name "*manager" -print0)

 echo "This script will delete the following files (backups will be made):"
 for instance in "${dir_list[@]}"; do
    find "$instance/WEB-INF/lib" -name "log4j-*" -type f
 done

 echo
 read -r -p "WARNING! Are you sure? (Y/N) : " are_you_sure
 case "$are_you_sure" in
    Y|y)
        echo "Confirmed"
    ;;
    *)
        echo "Not confirmed - exiting"
        exit
    ;;
 esac

 echo
 echo "Stopping tomcat8"
 systemctl stop tomcat8

 # remove the old jar files
 echo
 echo "Moving old jar files to backup directory $backup_dir"
 for instance in "${dir_list[@]}"; do
    find "$instance/WEB-INF/lib" -name "log4j-*" -type f -exec mv {} "$backup_dir/" \;
 done

 # copy in the new jar files
 echo
 echo "Copying in the new jar files"
 for instance in "${dir_list[@]}"; do
    for jar_file in "${new_jars[@]}"; do
        if cp "$new_jar_source/$jar_file" "$instance/WEB-INF/lib/" ; then
            echo "Copied $jar_file to $instance"
        else
            echo "Failed to copy $jar_file to $instance"
        fi
    done
    # reset permissions
    echo
    echo "Resetting file ownership to tomcat8:tomcat8"
    chown tomcat8:tomcat8 "$instance/WEB-INF/lib/"log4j-*
 done

 echo
 echo "Done. Starting tomcat8"

 systemctl start tomcat8

 echo

 systemctl status tomcat8

 echo
 echo "Script complete"
	#!/bin/bash

	: <<DOC
	https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html

	deletes:
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-1.2-api-2.13.3.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-api-2.13.3.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-core-2.13.3.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-slf4j-impl-2.13.3.jar

	creates:
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-1.2-api-2.16.0.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-api-2.16.0.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-core-2.16.0.jar
	/usr/share/tomcat8/webapps/*/WEB-INF/lib/log4j-slf4j-impl-2.16.0.jar
	DOC

	# old_jars=( log4j-1.2-api-2.13.3.jar log4j-api-2.13.3.jar log4j-core-2.13.3.jar log4j-slf4j-impl-2.13.3.jar )
	new_jars=( log4j-1.2-api-2.16.0.jar log4j-api-2.16.0.jar log4j-core-2.16.0.jar log4j-slf4j-impl-2.16.0.jar )

	new_jar_source="/root/log4j-vuln-2021-12-17/apache-log4j-2.16.0-bin"
	webapps_dir="/usr/share/tomcat8/webapps"
	backup_dir="/root/log4j-vuln-2021-12-17/backups"

	mkdir -p "/root/log4j-vuln-2021-12-17"
	cd "/root/log4j-vuln-2021-12-17" \|\| exit
	if [[ ! -d apache-log4j-2.16.0-bin ]]; then
	curl https://dlcdn.apache.org/logging/log4j/2.16.0/apache-log4j-2.16.0-bin.zip -o apache-log4j-2.16.0-bin.zip
	unzip apache-log4j-2.16.0-bin.zip
	fi

	mkdir -p "$backup_dir"

	# build a list of instances
	dir_list=()
	while IFS= read -d $'\0' -r dir ; do
	dir_list=("${dir_list[@]}" "$dir")
	done < <(find "$webapps_dir/" -mindepth 1 -maxdepth 1 -type d ! -name "*manager" -print0)

	echo "This script will delete the following files (backups will be made):"
	for instance in "${dir_list[@]}"; do
	find "$instance/WEB-INF/lib" -name "log4j-*" -type f
	done

	echo
	read -r -p "WARNING! Are you sure? (Y/N) : " are_you_sure
	case "$are_you_sure" in
	Y\|y)
	echo "Confirmed"
	;;
	*)
	echo "Not confirmed - exiting"
	exit
	;;
	esac

	echo
	echo "Stopping tomcat8"
	systemctl stop tomcat8

	# remove the old jar files
	echo
	echo "Moving old jar files to backup directory $backup_dir"
	for instance in "${dir_list[@]}"; do
	find "$instance/WEB-INF/lib" -name "log4j-*" -type f -exec mv {} "$backup_dir/" \;
	done

	# copy in the new jar files
	echo
	echo "Copying in the new jar files"
	for instance in "${dir_list[@]}"; do
	for jar_file in "${new_jars[@]}"; do
	if cp "$new_jar_source/$jar_file" "$instance/WEB-INF/lib/" ; then
	echo "Copied $jar_file to $instance"
	else
	echo "Failed to copy $jar_file to $instance"
	fi
	done
	# reset permissions
	echo
	echo "Resetting file ownership to tomcat8:tomcat8"
	chown tomcat8:tomcat8 "$instance/WEB-INF/lib/"log4j-*
	done

	echo
	echo "Done. Starting tomcat8"

	systemctl start tomcat8

	echo

	systemctl status tomcat8

	echo
	echo "Script complete"