此補救措施涉及使用 Windows PowerShell 指令檔,其中使用原生的 Windows 指令碼命令。
這些指示可套用至任何類型的 Windows DPA 安裝,包括 DPA 應用程式、DPA 資料存放區和獨立 DPA 代理程式 (單獨安裝在伺服器或其他類型的應用程式伺服器上)。
如需 Apache Log4j 漏洞的詳細資訊,請參閱以下 Dell 安全性公告:
如需這些指示的相關疑問或協助,請聯絡 Dell 技術支援部門。
手動補救步驟:
注意:
注意:或者,在指示的結尾亦提供 log4j_jndiremoval.txt 檔案的完整內容,可複製並貼至文字檔。
在 Windows PowerShell 視窗中,如果這是在 DPA 應用程式或 DPA 資料存放區上的代理程式安裝,則命令是:
dpa agent stop
在 Windows PowerShell 視窗中,如果這是獨立的 DPA 代理程式安裝,則命令是:
\dpa stop
範例:
C:\Program Files\EMC\DPA\agent\etc\dpa stop
注意:必須再次輸入 DPA 安裝路徑。
在 Windows PowerShell 視窗中,如果這是在 DPA 應用程式或 DPA 資料存放區上的代理程式安裝,則命令是:
dpa agent start
在 Windows PowerShell 視窗中,如果這是獨立的 DPA 代理程式安裝,則命令是:
\dpa start
範例:
C:\Program Files\EMC\DPA\agent\etc\dpa start
附錄:
以下是 PowerShell 指令檔的完整文字。如果無法存取附加至此 KB 的檔案,則可將複製這些文字並貼在文字檔 (.txt) 中,以進行上述步驟。
param ( [switch]$verify ) '--------------------------------------------------------------------------' '--------------------------------------------------------------------------' ' Data Protection Advisor CVE-2021-44228, CVE-2021-45046 Patcher 1.1 ' ' Developer : Pankaj Pande(p.pande@dell.com) ' ' Release : 29 Dec 2021 ' '--------------------------------------------------------------------------' 'Welcome to CVE-2021-44228, CVE-2021-45046 Patching Tool.' 'This utility will assist you in patching Data Protection Advisor for CVE-2021-44228 and CVE-2021-45046 on a Windows system.' "Special Note : The tool automates remediation steps for all internal components. Following remediation, validation checks are also run. While this tool remediates these vulnerabilities, all available information from Apache on log4j continues to be monitored. If new CVEs are discovered, Dell Technologies' Engineering teams will clarify impact and new remediation steps where necessary. If needed this tool will be updated to include the new remediation steps." '---------------------------------------------------------------------------' function List-JndiLookup { Param ( [string[]]$JarFiles, [string] $FilenameToRemove ) #initiate the .net namespace add-type -AssemblyName 'System.IO.Compression.filesystem' "The number of files to be processed is : $($JarFiles.Count)" #list the files we are processing # them later foreach ($JarFile in $JarFiles) { "$JarFile" } $processedFiles = 0; $skippedFiles = 0; foreach ($JarFile in $JarFiles) { # Open the jar for updating (.jar files are just .zip files) try { $ProcessJarFile = [io.compression.zipfile]::Open($JarFile,'Update') } catch { # Error Handling } "Checking $JarFile for $FilenameToRemove" $totalFilesInJar = ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Count if($totalFilesInJar -gt 0){ $processedFiles++ } #close Zip try { $ProcessJarFile.Dispose() } catch { # Error Handling } } if ( $processedFiles -gt 0) { Write-Host "$processedFiles file(s) found vulnerable" -fore red Write-Host "Finished...Please make sure to run the patching on this sytem" -fore red } else { Write-Host "$processedFiles file(s) found vulnerable" -fore green Write-Host "Finished...No Action needed" -fore green } } function Remove-JndiLookup { Param ( [string[]]$JarFiles, [string] $FilenameToRemove ) #initiate the .net namespace add-type -AssemblyName 'System.IO.Compression.filesystem' "The number of files to be processed is : $($JarFiles.Count)" #list the files we are processing # them later foreach ($JarFile in $JarFiles) { "$JarFile" } "Starting patching/Removel Process" $processedFiles = 0; $skippedFiles = 0; foreach ($JarFile in $JarFiles) { # Open the jar for updating (.jar files are just .zip files) try { $ProcessJarFile = [io.compression.zipfile]::Open($JarFile,'Update') } catch { # Error Handling } "Checking $JarFile for $FilenameToRemove" $totalFilesInJar = ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Count if($totalFilesInJar -gt 0){ "Deleting unwanted file $FilenameToRemove from $JarFile" ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Delete() $processedFiles++ } else { "File $FilenameToRemove not found inside $JarFile, this may have already been deleted." $skippedFiles++ } # Clean up / close the zip try { $ProcessJarFile.Dispose() } catch { # Error Handling } } "$processedFiles file(s) processed`n$skippedFiles file(s) skipped" Write-Host "Finished..." -fore green } if ( $verify ) { Write-Host "Running in dry-run mode. Will not process any files" -fore green } else { Write-Host "Running in fix mode. Will patch files that are found affected" -fore red } $dpa_path = Read-Host "Enter the DPA location " Write-Host "Running in : '$dpa_path' " -fore green if ($verify) { List-JndiLookup -JarFiles (Get-ChildItem -Exclude 'tmp' -Recurse -Path "$dpa_path" -Filter 'dpa*.jar' | ? { $_.FullName -inotmatch 'tmp' }).FullName -FilenameToRemove 'JndiLookup.class' } else { Remove-JndiLookup -JarFiles (Get-ChildItem -Exclude 'tmp' -Recurse -Path "$dpa_path" -Filter 'dpa*.jar' | ? { $_.FullName -inotmatch 'tmp' }).FullName -FilenameToRemove 'JndiLookup.class' }
如需這些指示的相關疑問或協助,請聯絡 Dell 技術支援部門。