Linux:
- Login as the Agent user
- Shutdown the Control-M/Agent using your standard steps
- Verify no Agent processes are running
- Verify no jobs are running on the Agent
- Download the Log4ShellApplicationsUnix.tar file from the following location into the Agent users home directory
- Extract the tar file with the command: tar -xvf Log4ShellApplicationsUnix.tar
- cd ctmag-Log4jScanner
- Run the following command to scan for vulnerabilities:
- ctmag-Log4jScanner.sh $HOME/bmcjava/bmcjava-V2 $CONTROLM > Log4jScannerOutput.txt
- Run the following command to mitigate any vulnerabilities found:
- ctmag-Log4jScanner.sh $HOME/bmcjava/bmcjava-V2 $CONTROLM --fix
The following question is displayed:
This command will remove JndiLookup.class from log4j2-core binaries. Are you sure [y/N]?
Please answer Y and press enter
- Start the Agent using your standard steps
Windows:
- Login to the Control-M/Agent host
- Download the Log4ShellApplicationsWindows.zip file from the following location into a temporary directory
- Extract the zip file
- Stop the Control-M/Agent service
- Verify no Agent processes are running
- Verify no jobs are running
- Open a command prompt and navigate to the temporary directory
- Run the following command to scan for vulnerabilities (adjust the path as needed):
- ctmag-Log4jScanner.bat "C:\Program Files\BMC Software\Control-M Common\bmcjava\bmcjava-V2\" "C:\Program Files\BMC Software\Control-M SaaS Agent\Default\" > Log4jScannerOutput.txt
- Run the following command to mitigate any vulnerabilities found (adjust the path as needed):
- ctmag-Log4jScanner.bat "C:\Program Files\BMC Software\Control-M Common\bmcjava\bmcjava-V2\" "C:\Program Files\BMC Software\Control-M SaaS Agent\Default\" --fix
- The following question is displayed:
This command will remove JndiLookup.class from log4j2-core binaries. Are you sure [y/N]?
Please answer Y and press enter - Start the Agent using your standard steps
Linux rollback steps:
- Shutdown the Control-M/Agent using your standard steps
- Open the Log4jScannerOutput.txt
- For each file that was updated:
o Go to the relevant directory
o Rename the updated jar according to the list by running the command:
- mv <jar file> <jar file>.Log4Jupdate
- Rename the backup jar to the original name:
- mv <jar file>.bak <jar file>
- Start the Agent using your standard steps
Windows rollback steps:
- Shutdown the Control-M/Agent using your standard steps
- Open the Log4jScannerOutput.txt
- For each file that was updated:
- Go to the relevant directory
- Rename the updated jar according to the list and add a suffix with “.Log4Jupdate”
- Rename the backup jar (.bak) to the original name
- Start the Agent using your standard steps