2021-12-15: GreyNoise Internal Audit - Apache Log4j
about 3 years ago by Greg Wells
Actions Taken to Mitigate Log4j Risks
| Audit Task | Mitigation Actions |
|---|---|
| Full test of web application (aka GreyNoise Visualizer) input fields | ✅ No vulnerable fields |
| Employee hardware check | 1. Push environment variables via MDM to all laptops with a JRE installed to mitigate by running all java commands with the parameter -Dlog4j2.formatMsgNoLookups=true 2. Write global system properties for all application launcher classes and environment variables. ✅ All systems updated |
| Audit log files for known log4j strings | Monitoring log files with following commands: find /var/log -name *.gz -print0 | xargs -0 zgrep -E -i '${jndi:(ldap[s]?|rmi)://[^\n]+' egrep -i -r '${jndi:(ldap[s]?|rmi)://[^\n]+' /var/log ✅ No results |
| Check for vulnerable .jar files | Monitoring .jar files matching known-bad hashes from https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes ✅ No results |
| Audit internal infrastructure and sensor collector network | Ran JNDI callbacks to sensor nodes Monitored data pipeline for leaks ✅ No results |