Windows 版 vCenter Server 中的 log4j 处理

最新推荐文章于 2023-10-24 10:37:32 发布

ixpqq

最新推荐文章于 2023-10-24 10:37:32 发布

阅读量1.1k

点赞数

文章标签： windows

本文链接：https://blog.csdn.net/ixpqq/article/details/122048982

版权

CVE-2021-44228 参考官方文档

https://kb.vmware.com/s/article/87096

remove_log4j_class.py https://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000d7LsEQAU

vMON.py https://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000cPSJyQAO

备份目录建立 d:\backup

第一步修复 vMon服务
"C:\Program Files\VMware\vCenter Server\bin\service-control" --stop --all

备份
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json
C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json

copy C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-ui.json d:\backup
copy C:\ProgramData\VMware\vCenterServer\cfg\vmware-vmon\svcCfgfiles\vsphere-client.json d:\backup

删除 vsphere-ui.json 如下行
// Enable remote debugging
// NOTE: Use this option only when you really need it. Don't keep it on by default.
// It has the potential to cause memory leaks. For further details, see
// https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own
// observations at PR 1878411, comments 21, 33, 34, and 35
//"-Xdebug",
//"-Xnoagent",
//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8002",
// Enable JMX
//"-Dcom.sun.management.jmxremote",
//"-Dcom.sun.management.jmxremote.port=9876",
//"-Dcom.sun.management.jmxremote.local.only=false",
//"-Dcom.sun.management.jmxremote.authenticate=false",
//"-Dcom.sun.management.jmxremote.ssl=false",5-bri

删除 vsphere-client.json 如下行
// This option will be removed soon. See JIRA VSUIP-180
// Enable remote debugging
// NOTE: Use this option only when you really need it. Don't keep it on by default.
// It has the potential to cause memory leaks. For further details, see
// https://bugs.openjdk.java.net/browse/JDK-8164921 as well as our own
// observations at PR 1878411, comments 21, 33, 34, and 35
//"-Xdebug",
//"-Xnoagent",
//"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8001",
// Enable JMX
//"-Dcom.sun.management.jmxremote",
//"-Dcom.sun.management.jmxremote.port=9875",
//"-Dcom.sun.management.jmxremote.local.only=false",
//"-Dcom.sun.management.jmxremote.authenticate=false",
//"-Dcom.sun.management.jmxremote.ssl=false",

执行 vMON.py
"C:\Program Files\VMware\vCenter Server\python\python.exe" vMON.py

重新启动服务
"C:\Program Files\VMware\vCenter Server\bin\service-control" --stop --all
"C:\Program Files\VMware\vCenter Server\bin\service-control" --start --all
"C:\Program Files\VMware\vCenter Server\bin\service-control" --status

第二步修复安全令牌服务 STS

备份
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf

copy C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\wrapper.conf d:\backup\wrapper-1.conf

在"# Java 附加参数"部分末尾编辑并添加以下行
wrapper.java.additional.27="-Dlog4j2.formatMsgNoLookups=true"

第三步 PSC Client 仅 vCenter 6.5
备份
c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf

copy c:\ProgramData\VMware\vCenterServer\runtime\vmware-psc-client\conf\wrapper.conf d:\backup\wrapper-2.conf

在"# Java 附加参数"部分末尾编辑并添加以下行
wrapper.java.additional.23="-Dlog4j2.formatMsgNoLookups=true"

第四步身份管理服务
备份注册表键值：
Regedit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VMwareIdentityMgmtService\Parameters\Java

编辑 Options 键值
增加一行
-Dlog4j2.formatMsgNoLookups=true

第五步组件管理
执行 remove_log4j_class.py 脚本
"C:\Program Files\VMware\vCenter Server\python\python.exe" remove_log4j_class.py

使用 -r 参数验证
易受攻击的文件列表为空，修复完成

ixpqq

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
Windows 版 vCenter Server 中的 log4j 处理

CVE-2021-44228 参考官方文档https://kb.vmware.com/s/article/87096remove_log4j_class.pyhttps://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000d7LsEQAUvMON.pyhttps://kb.vmware.com/sfc/servlet.shepherd/version/download/0685G00000cPSJyQAO备份目...
复制链接

扫一扫