VMware just updated their KB adding additional step which needs to be run even if someone already did apply workaround. This additional step is to remove all JndiLookup classes per Apache Software Foundation guidance.
This step has been automated by script remove_log4j_class.py.
NOTE: If you have already completed the steps in this article or used the original script in KB 87088, you must still run the remove_log4j_class.py script on your previously remediated vCenter
NOTE: You MUST also run the remove_log4j_class.py script after using this python script to fully remediate a vCenter Server or PSC
RUN LIST:
- Take a backup of your vCenter.
- Download the script remove_log4j_class.py. NOTE: This is official VMware script and link is directing to VMware repo.
- Login to the vCSA using an SSH Client (using Putty.exe or any similar SSH Client)
- Transfer the file to /tmp folder on vCenter Server Appliance using WinSCP
NOTE: Note: It’s necessary to enable the bash shell before WinSCP will work
- Go to
/tmp
forlder - Run this command to execute script:
python remove_log4j_class.py
NOTE: The script will stop all vCenter services, proceed with removing the JndiLookup.class from all jar files on the appliance and finally start all vCenter services. The files that the script modifies will be reported as “VULNERABLE FILE” as the script runs
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A