Sign In
Forgot Password

Don’t have an account? Create One.

NetBackup OpsCenter 8.2 Hotfix - OpsCenter CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability(Etrack - 4058565)

HotFix

Abstract

OpsCenter CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability

Description

Veritas Bug ID: ET 4058565

 

Version: OpsCenter 8.2

 

Problem Description: OpsCenter CVE-2021-44228 and CVE-2021-45046 Apache Log4j Vulnerability

Install on: OpsCenter Server 

 

CVE-2021-44228 FIX, Upgrade Log4j to 2.17.1
===========================================

 

Windows Steps to update for GUI+Server and ViewBuilder component

 

NOTE : If version 1 eeb of 4058565 i.e. OpsCenter_windows_AMD64_82EEB_ET4058565_1.zip is not installed, then please refer 2.11.0 version of log4j instead of 2.16.0 version of log4j in below steps wherever 2.16.0 has mentioned for replacement or removal.So upgrade from version 1 of eeb to version 2 of eeb is upgrade of 2.16.0 version to 2.17.1 version of log4j.
             
A) Steps for GUI+Server component

 

1. Take OpsCenter database backup, and additionally take backup of files 

    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin\OpsCenterServerService.xml
    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin\setEnv.bat
    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\gui\bin\setEnv.bat

2. Install Server component of EEB (-server option of OpsCenterEEBInstaller.bat) 

3. Stop OpsCenter Services

4. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
   these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

5. Note that the following are the log4j 2.16.0 file names which have the vulnerability CVE-2021-44228
    these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

6. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin and open OpsCenterServerService.xml and
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

    This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

7. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin and open setEnv.bat and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

8. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\gui\bin and open setEnv.bat and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

9. Delete jars having version "2.16.0" mentioned in step (5) from [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib folder

10. Start OpsCenter Services


B) OpsCenter ViewBuilder Component

 

1. Take backup of files 

    [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin\OpsCenterViewBuilder.xml
    [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin\setEnv.bat

2. Install ViewBuilder component of EEB (-jvb option of OpsCenterEEBInstaller.bat) and
   close ViewBuilder if it is open.

3. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
  these are present in [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

4. Note that the following are the log4j 2.16.0 file names which have the vulnerability CVE-2021-44228
   these are present in [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

5. Go to folder [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin and open OpsCenterViewBuilder.xml and
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

6. Go to folder [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin and open setEnv.bat and 
search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

7. Delete jars having version "2.16.0" mentioned in step (4) from [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib folder

8. Launch ViewBuilder

 

Linux Steps for GUI + Server component

 

NOTE : If version 1 eeb of 4058565 i.e. OpsCenter_LinuxR_x86_x86_64_82EEB_ET4058565_1.tar.gz is not installed, then please refer 2.11.0 version of log4j instead of 2.16.0 version of log4j in below steps wherever 2.16.0 has mentioned for replacement or removal.
So upgrade from version 1 of eeb to version 2 of eeb is upgrade of 2.16.0 version to 2.17.1 version of log4j.


1. Take OpsCenter database backup, and additionally take backup of following files 

      [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/bin/setEnv.sh 
      [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterGUI/bin/setEnv.sh 

2. Install Server component of EEB (-server option of OpsCenterEEBInstaller.sh)

3. Stop OpsCenter Services

4. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
    these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

5. Note that the following are the log4j file names which have the vulnerability CVE-2021-44228
   these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

6. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/bin and open setEnv.sh and 
   search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that OpsCenter is able to point to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar 
   and similarly for all other log4j jars.

7. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterGUI/bin/ and open setEnv.sh and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that OpsCenter is able to point to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar 
   and similarly for all other log4j jars.

8. Delete the jar files having version "2.16.0" mentioned in step (5) from [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib folder

9. Start OpsCenter Services

 

Using OpsCenter Emergency Engineering Binary (EEB) installer on Windows

 

1) Download the appropriate EEB package into into the C:\tmp directory.                        
2) Extract the EEB package.
3) As admin user on the Opscenter server/agent, install the EEB as follows.
     OpsCenterEEBInstaller.bat [-server | -agent | -jvb ] base-directory
   
     OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes
       e.g OpsCenterEEBInstaller.bat -server "C:\Program Files\Symantec"
   
     OpsCenterEEBInstaller.bat -agent base_directory_of_agent_installation_in_quotes
      e.g OpsCenterEEBInstaller.bat -agent "C:\Program Files\Symantec"
       
     OpsCenterEEBInstaller.bat -jvb base_directory_of_viewbuilder_installation_in_quotes

      e.g  OpsCenterEEBInstaller.bat -jvb "C:\Program Files\Symantec" 

 

Using OpsCenter Emergency Engineering Binary (EEB) installer on Linux

 

1) Download the appropriate EEB package into into the cd /tmp/OpsCenterEEBInstaller/unix                        
2) Extract the EEB package.
3) As root on the Opscenter server/agent, install the EEB package binaries as follows.
    cd /tmp/OpsCenterEEBInstaller/unix
   /bin/sh ./OpsCenterEEBInstaller.sh [-server | -agent] base-directory
   
   /bin/sh ./OpsCenterEEBInstaller.sh -server base_directory_of_server_installation
    e.g /bin/sh ./OpsCenterEEBInstaller.sh -server /opt
    
   /bin/sh ./OpsCenterEEBInstaller.sh -agent base_directory_of_agent_installation
    e.g  /bin/sh ./OpsCenterEEBInstaller.sh -agent /opt


Downloads:
NB_8.2_ET4058565_2.zip

 

Checksums for all files (cksum):

 File                                                                                                              CheckSum       Byte count
all/OpsCenter_LinuxR_x86_x86_64_82EEB_ET4058565_2.tar.gz    2082256888    79835948
all/OpsCenter_LinuxS_x86_x86_64_82EEB_ET4058565_2.tar.gz    3766477363    79835951
all/OpsCenter_windows_AMD64_82EEB_ET4058565_2.zip            2712492046    81776469

Applies to the following product releases

Update files

File name Description Version Platform Size

Knowledge base

71
2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...