Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000194869

Data Protection Advisor: Manual remediation for Apache Log4j vulnerabilities Windows PowerShell script (CVE-2021-44228, CVE-2021-45046)

Summary: This article provides instructions for a manual remediation of a DPA Agent running on a Microsoft Windows node that is affected by the Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046). ...

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

This remediation involves utilizing a Windows PowerShell script which is using native Windows scripting commands.

These instructions can be applied to any type of Windows DPA installation including the DPA Application, DPA Datastore, and Standalone DPA Agent (installed alone on a server or on another type of application server).

See the below Dell Security Advisory for more information on the Apache Log4j vulnerabilities:

For questions or assistance with these instructions, contact Dell Technical Support.

Steps for manual remediation:

Note:

  • These instructions require that the Windows installation has PowerShell installed and that it is available (default).
  • Windows Administrator privileges and access is required.

 

  1. Download the text file attached to this KB article, log4j_jndiremoval.txt.

Note: Alternatively, the full text of the log4j_jndiremoval.txt file is provided at the end of these instructions, which can be copied and pasted into a text file.

  1. Copy or move the text file to the affected Windows node.
  2. Rename the text file and change the file extension from .txt to .ps1. Note: You may need to go to the Windows Explorer folder options, View, and check the box to display "file name extensions" before renaming the file.
  3. ​Open a Windows PowerShell window. From the Menu, click on Search, and type in PowerShell. "Windows PowerShell" should display. Right click on Windows PowerShell and select "Run as Administrator".

pic_01.JPG

 

  1. Stop the DPA Agent service. Do this by using the Windows Services snap-in or from the command line using the Windows PowerShell.

From the Windows PowerShell window, if this is an Agent installation on the DPA Application or DPA Datastore, the command is:

dpa agent stop

From the Windows PowerShell window, if this is an Standalone DPA Agent installation, the command is:

<dpa agent install path>\dpa stop

Example:   
C:\Program Files\EMC\DPA\agent\etc\dpa stop

  1. In the Windows PowerShell window, change directories to the directory with the script file.

pic_03.JPG

 

  1. Run the script in the PowerShell window using the verify option, which scans for and verifies the files that are affected. The command is:    
.\log4j_jndiremoval.ps1 -verify

pic_04.JPG

  1. Upon hitting enter, the script runs and then prompts for the path to the DPA installation. Enter the full path to the DPA installation.

pic_06.JPG

 

  1. After hitting Enter, the script runs and identifies any vulnerable files.

pic_07.JPG

 

  1. Re-run the script again in the PowerShell window omitting the Verify option. In this mode, the script scans for and fixes any of the files that are affected. The command is:   
.\log4j_jndiremoval.ps1

Note: The DPA install path must be entered again.

pic_09.JPG

 

  1. After hitting Enter, the script scans for and fixes any vulnerable files found.

pic_10.JPG

 

  1. At this point, the remediation is complete.
  2. As an optional step, recheck by running the script again. Run the script in the PowerShell window using the Verify option, which scans for and verifies the files that are affected. The command is:
.\log4j_jndiremoval.ps1 -verify

pic_14.JPG

 

  1. Start the DPA Agent service. This can be done using the Windows Services snap-in or from the command line using the Windows PowerShell.

From the Windows PowerShell window, if this is an Agent installation on the DPA Application or DPA Datastore, the command is:

dpa agent start

From the Windows PowerShell window, if this is an Standalone DPA Agent installation, the command is:

<dpa agent install path>\dpa start

Example:   
C:\Program Files\EMC\DPA\agent\etc\dpa start

 

Addendum:
Below is the complete text of the PowerShell script. If the file attached to this KB cannot be accessed, then this text can be copied and pasted as-is into a text file (.txt) for use in the above steps.

param ( [switch]$verify )
'--------------------------------------------------------------------------'
'--------------------------------------------------------------------------'
'      Data Protection Advisor CVE-2021-44228, CVE-2021-45046 Patcher 1.1  '
'      Developer : Pankaj Pande(p.pande@dell.com)                          '
'      Release : 29 Dec 2021                                               '
'--------------------------------------------------------------------------'
'Welcome to CVE-2021-44228, CVE-2021-45046 Patching Tool.'
'This utility will assist you in patching Data Protection Advisor for CVE-2021-44228 and CVE-2021-45046 on a Windows system.'
"Special Note : The tool automates remediation steps for all internal components. Following remediation, validation checks are also run. While this tool remediates these vulnerabilities, all available information from Apache on log4j continues to be monitored. If new CVEs are discovered, Dell Technologies' Engineering teams will clarify impact and new remediation steps where necessary. If needed this tool will be updated to include the new remediation steps."
'---------------------------------------------------------------------------'
function List-JndiLookup
{
    Param
    (
        [string[]]$JarFiles,
        [string] $FilenameToRemove
    )
    #initiate the .net namespace
    add-type -AssemblyName 'System.IO.Compression.filesystem'

    "The number of files to be processed is : $($JarFiles.Count)"
    #list the files we are processing
    # them later
    foreach ($JarFile in $JarFiles)
    {
        "$JarFile"
   }

   
    $processedFiles = 0;
    $skippedFiles = 0;

    foreach ($JarFile in $JarFiles)
    {
        # Open the jar for updating (.jar files are just .zip files)
        try {
            $ProcessJarFile = [io.compression.zipfile]::Open($JarFile,'Update')
        } catch {
            # Error Handling
        }        


        "Checking $JarFile for $FilenameToRemove"
        $totalFilesInJar = ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Count
        if($totalFilesInJar -gt 0){
            $processedFiles++
        }
        #close Zip
        try {
            $ProcessJarFile.Dispose()
        } catch {
            # Error Handling
        }          

    }

    if ( $processedFiles  -gt 0) 
    {
        Write-Host "$processedFiles file(s) found vulnerable" -fore red
        Write-Host "Finished...Please make sure to run the patching on this sytem" -fore red  
    }
    else
    {
        Write-Host "$processedFiles file(s) found vulnerable" -fore green 
        Write-Host "Finished...No Action needed" -fore green          
    }

  
    
}

function Remove-JndiLookup
{
    Param
    (
        [string[]]$JarFiles,
        [string] $FilenameToRemove
    )
    #initiate the .net namespace
    add-type -AssemblyName 'System.IO.Compression.filesystem'

    "The number of files to be processed is : $($JarFiles.Count)"
    #list the files we are processing
    # them later
    foreach ($JarFile in $JarFiles)
    {
        "$JarFile"
    }

    "Starting patching/Removel Process"

    $processedFiles = 0;
    $skippedFiles = 0;

    foreach ($JarFile in $JarFiles)
    {
        # Open the jar for updating (.jar files are just .zip files)
        try {
            $ProcessJarFile = [io.compression.zipfile]::Open($JarFile,'Update')
        } catch {
            # Error Handling
        }        

        "Checking $JarFile for $FilenameToRemove"
        $totalFilesInJar = ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Count

        if($totalFilesInJar -gt 0){
            "Deleting unwanted file $FilenameToRemove from $JarFile"
            ($ProcessJarFile.Entries | Where FullName -Match $FilenameToRemove).Delete()

            $processedFiles++
        }
        else {
            "File $FilenameToRemove not found inside $JarFile, this may have already been deleted."
            $skippedFiles++
        }

        # Clean up / close the zip
        try {
            $ProcessJarFile.Dispose()
        } catch {
            # Error Handling
        }  
    }

    "$processedFiles file(s) processed`n$skippedFiles file(s) skipped"
    Write-Host "Finished..." -fore green
}

if ( $verify  ) 
{
    Write-Host "Running in dry-run mode. Will not process any files" -fore green
}
else
{
    Write-Host "Running in fix mode. Will patch files that are found affected" -fore red    
}
$dpa_path = Read-Host "Enter the DPA location "
Write-Host "Running in : '$dpa_path' " -fore green
if ($verify) {
    List-JndiLookup -JarFiles (Get-ChildItem -Exclude 'tmp' -Recurse -Path "$dpa_path" -Filter 'dpa*.jar'  | ? { $_.FullName -inotmatch 'tmp' }).FullName -FilenameToRemove 'JndiLookup.class'
}
else {
    Remove-JndiLookup -JarFiles (Get-ChildItem -Exclude 'tmp' -Recurse -Path "$dpa_path" -Filter 'dpa*.jar'  | ? { $_.FullName -inotmatch 'tmp' }).FullName -FilenameToRemove 'JndiLookup.class'
}

 



For questions or assistance with these instructions, contact Dell Technical Support.

Attachments

log4jjndiremovalps1_pkb_en_US_1.txt

Article Properties

Last Published Date

18 Aug 2022

Version

4

Article Type

How To

Back to Top