A script to detect and block the Log4J flaw (Log4shell)

The Log4J flaw is still talking about, we have written a short guide to know the impacted materials by Log4shell vulnerabilities.

Developers have succeeded in creating a small program which can scan your server (Windows / Linux) and which is able to block the vulnerability.

LogPresso: The utility to scan and block the vulnerability

Presentation

LogPresso is available directly on the official GitHub: https://github.com/logpresso/CVE-2021-44228-Scanner

The program is available for Windows Linux and even Mac.

logpresso
The program is available on several operating systems

Once downloaded you must unzip the program then call it from the command line. In our example we will use a Windows server.

log4j2-scan
Log4j2-scan file

Go to the folder where the program is located.

Use the following command

log4j2-scan.exe votre-chemin-a-scanner

This command scans directories and detects if the library is impacted by the flaw.

log4j2 scan analysis
Above is the result of a simple analysis on a typical family computer.

You will notice that two tools are impacted , Luniitheque + Screaming Frog!

It is also possible to patch the flaw with the following command

log4j2-scan [--fix] chemin-fichier
log4j2 scan fix
Here the scan will delete the files!
Warning ! Only the following flaws “patch” with the command fix!

Log4j v2 – CVE-2021-44228 (JndiLookup), CVE-2021-45046 (JndiLookup) Log4j v1 – CVE-2021-4104 (JMSAppender), CVE-2019-17571 (SocketServer), CVE-2017-5645 (SocketServer), CVE-2020-9488 (SMTPAppender)

With the command –fix the program will rename the vulnerable JAR file to .bak and create a new file without the JndiLookup.class file. The .bak files are archived in a zip file named this way log4j2_scan_backup_yyyyMMdd_HHmmss.zip

To restore .bak files use the –restore command.

Regularly follow LogPresso’s Github page to update the program.