vCenter Server 및 vCenter Cloud Gateway에서 CVE-2021-44228 및 CVE-2021-45046을 해결-VMON service
※참고 문서 : https://knowledge.broadcom.com/external/article?legacyId=87081 Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud GatewayAdditional Information To revert the workarounds, replace the
bettery.tistory.com
vCenter Server 및 vCenter Cloud Gateway에서 CVE-2021-44228 및 CVE-2021-45046을 해결-Analytics Service, CM Service
2025.01.03 - [분류 전체보기] - vCenter Server 및 vCenter Cloud Gateway에서 CVE-2021-44228 및 CVE-2021-45046을 해결-VMON service vCenter Server 및 vCenter Cloud Gateway에서 CVE-2021-44228 및 CVE-2021-45046을 해결-VMON service※참고
bettery.tistory.com
Identity Management Service
- Back up and edit the the vmware-sts-idmd file
cp /etc/rc.d/init.d/vmware-sts-idmd /root/vmware-sts-idmd.bak
vi /etc/rc.d/init.d/vmware-sts-idmd
- Insert a new line near line 177 before "$DEBUG_OPTS \" with "-Dlog4j2.formatMsgNoLookups=true \" as seen in the example:
$JSVC_BIN -procname $SERVICE_NAME \
-wait 120 \
-server \
<snip>
-Dlog4j.configurationFile=file://$PREFIX/share/config/log4j2.xml \
-Dlog4j2.formatMsgNoLookups=true \
$DEBUG_OPTS \
$DAEMON_CLASS
- Restart the vmware-sts-idmd service
service-control --stop vmware-sts-idmd
service-control --start vmware-sts-idmd
Verify the changes
Once all sections are complete, use the following steps to confirm if they were implemented successfully.
- Verify if the stsd, idmd, and vMon controlled services were started with the new -
Dlog4j2.formatMsgNoLookups=true parameter:
ps auxww | grep formatMsgNoLookups
Check if the processes include -Dlog4j2.formatMsgNoLookups=true
- Verify the Analytics Service changes:
grep -i jndilookup /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar | wc -l
This should return 0 lines- Verify the CM Service changes:
grep -i jndilookup /usr/lib/vmware-cm/lib/log4j-core.jar | wc -l
This should return 0 lines