CVE-2021-44228 参考官方文档
https://kb.vmware.com/s/article/87096
remove_log4j_class.py https://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000d7LsEQAU
vMON.py https://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000cPSJyQAO
备份目录建立 d:\backup
第一步修复 vMon服务
"C:\Program Files\VMware\vCenter Server\bin\service-control" --stop --all
备份
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json
copy C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json d:\backup
copy C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json d:\backup
删除 vsphere-ui.json 如下行
// Enable remote debugging
// NOTE: Use this option only when you really need it. Don't keep it on by default.
// It has the potential to cause memory leaks. For further details, see
// https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own
// observations at PR 1878411, comments 21, 33, 34, and 35
//"-Xdebug",
//"-Xnoagent",
//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8002",
// Enable JMX
//"-Dcom.sun.management.jmxremote",
//"-Dcom.sun.management.jmxremote.port=9876",
//"-Dcom.sun.management.jmxremote.local.only=false",
//"-Dcom.sun.management.jmxremote.authenticate=false",
//"-Dcom.sun.management.jmxremote.ssl=false",5-bri
删除 vsphere-client.json 如下行
// This option will be removed soon. See JIRA VSUIP-180
// Enable remote debugging
// NOTE: Use this option only when you really need it. Don't keep it on by default.
// It has the potential to cause memory leaks. For further details, see
// https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own
// observations at PR 1878411, comments 21, 33, 34, and 35
//"-Xdebug",
//"-Xnoagent",
//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8001",
// Enable JMX
//"-Dcom.sun.management.jmxremote",
//"-Dcom.sun.management.jmxremote.port=9875",
//"-Dcom.sun.management.jmxremote.local.only=false",
//"-Dcom.sun.management.jmxremote.authenticate=false",
//"-Dcom.sun.management.jmxremote.ssl=false",
执行 vMON.py
"C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py
重新启动服务
"C:\Program Files\VMware\vCenter Server\bin\service-control" --stop --all
"C:\Program Files\VMware\vCenter Server\bin\service-control" --start --all
"C:\Program Files\VMware\vCenter Server\bin\service-control" --status
第二步 修复安全令牌服务 STS
备份
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf
copy C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf d:\backup\wrapper-1.conf
在"# Java 附加参数"部分末尾编辑并添加以下行
wrapper.java.additional.27="-Dlog4j2.formatMsgNoLookups=true"
第三步 PSC Client 仅 vCenter 6.5
备份
c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf
copy c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf d:\backup\wrapper-2.conf
在"# Java 附加参数"部分末尾编辑并添加以下行
wrapper.java.additional.23="-Dlog4j2.formatMsgNoLookups=true"
第四步 身份管理服务
备份注册表键值:
Regedit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java
编辑 Options 键值
增加一行
-Dlog4j2.formatMsgNoLookups=true
第五步 组件管理
执行 remove_log4j_class.py 脚本
"C:\Program Files\VMware\vCenter Server\python\python.exe" remove_log4j_class.py
使用 -r 参数验证
易受攻击的文件列表为空,修复完成