2021-12-15: GreyNoise Internal Audit - Apache Log4j

Actions Taken to Mitigate Log4j Risks

Audit TaskMitigation Actions
Full test of web application (aka GreyNoise Visualizer) input fieldsNo vulnerable fields
Employee hardware check1. Push environment variables via MDM to all laptops with a JRE installed to mitigate by running all java commands with the parameter -Dlog4j2.formatMsgNoLookups=true

2. Write global system properties for all application launcher classes and environment variables.

All systems updated
Audit log files for known log4j stringsMonitoring log files with following commands:

find /var/log -name *.gz -print0 | xargs -0 zgrep -E -i '${jndi:(ldap[s]?|rmi)://[^\n]+'

egrep -i -r '${jndi:(ldap[s]?|rmi)://[^\n]+' /var/log

No results
Check for vulnerable .jar filesMonitoring .jar files matching known-bad hashes from https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

No results
Audit internal infrastructure and sensor collector networkRan JNDI callbacks to sensor nodes
Monitored data pipeline for leaks

No results