2021-12-15: GreyNoise Internal Audit - Apache Log4j

Actions Taken to Mitigate Log4j Risks

Audit Task

Mitigation Actions

Full test of web application (aka GreyNoise Visualizer) input fields

No vulnerable fields

Employee hardware check

  1. Push environment variables via MDM to all laptops with a JRE installed to mitigate by running all java commands with the parameter -Dlog4j2.formatMsgNoLookups=true

  2. Write global system properties for all application launcher classes and environment variables.

All systems updated

Audit log files for known log4j strings

Monitoring log files with following commands:

find /var/log -name *.gz -print0 | xargs -0 zgrep -E -i '${jndi:(ldap[s]?|rmi)://[^\n]+'

egrep -i -r '${jndi:(ldap[s]?|rmi)://[^\n]+' /var/log

No results

Check for vulnerable .jar files

Monitoring .jar files matching known-bad hashes from https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

No results

Audit internal infrastructure and sensor collector network

Ran JNDI callbacks to sensor nodes
Monitored data pipeline for leaks

No results