{"type":"doc","content":[{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"This mitigation should only be applied to DPOD version >=1.0.10.0 <= 1.0.14.0.","type":"text","marks":[{"type":"strong"}]},{"type":"hardBreak"},{"text":"DPOD version >=1.0.15.0 is not affected by this vulnerability.","type":"text","marks":[{"type":"strong"}]},{"type":"hardBreak"},{"text":"DPOD version <=1.0.9.0 should be upgraded at least to 1.0.10.0 to apply this mitigation.","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Upgrading DPOD to a version <=1.0.14.0 ","type":"text"},{"text":"after","type":"text","marks":[{"type":"strong"}]},{"text":" applying this procedure will invalidate the mitigation and ","type":"text"},{"text":"make DPOD vulnerable again","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"type":"hardBreak"},{"text":"For example, if you apply this procedure on DPOD 1.0.13.0 and then upgrade to 1.0.14.0, DPOD will become vulnerable again.","type":"text"},{"type":"hardBreak"},{"text":"When upgrading DPOD, make sure to upgrade at least to 1.0.15.0, otherwise re-apply this procedure after the upgrade is complete.","type":"text"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"All-in-One Installation","type":"text"}]},{"type":"paragraph","content":[{"text":"For a DPOD all-in-one installation, follow the next steps:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Stop all the application services using ","type":"text"},{"text":"app","type":"text","marks":[{"type":"annotation","attrs":{"annotationType":"inlineComment","id":"6fa98752-79d1-46a1-ad6e-200b53b0117e"}},{"type":"code"}]},{"text":"-util.sh","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following commands:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"sed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-SyslogAgent-*\nsed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-WsmAgent-*\nsed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-es-raw-trans-*\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-HK-*\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-AppAdmin\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-UI\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-Reports\nsed -i \"s/-Dfile.encoding=UTF-8 org/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true org/g\" /etc/init.d/MonTier-Derby","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following command to validate the change:","type":"text"}]},{"type":"codeBlock","content":[{"text":"cd /etc/init.d; grep -r \"formatMsgNoLookups=true\" | cut -d : -f 1 | sort\n\nExpected results for architecure >=Medium:\n==========================================\nMonTier-AppAdmin\nMonTier-Derby\nMonTier-es-raw-trans-Node-1\nMonTier-es-raw-trans-Node-2\nMonTier-es-raw-trans-Node-3\nMonTier-es-raw-trans-Node-4\nMonTier-HK-ESRetention\nMonTier-HK-SyslogKeepalive\nMonTier-HK-WdpDeviceResources\nMonTier-HK-WdpServiceResources\nMonTier-HK-WsmKeepalive\nMonTier-Reports\nMonTier-SyslogAgent-1\nMonTier-SyslogAgent-2\nMonTier-SyslogAgent-3\nMonTier-SyslogAgent-4\nMonTier-UI\nMonTier-WsmAgent-1\nMonTier-WsmAgent-2\nMonTier-WsmAgent-3\nMonTier-WsmAgent-4","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Start all the application services using ","type":"text"},{"text":"app-util.sh","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Cell Manager","type":"text"}]},{"type":"paragraph","content":[{"text":"For a DPOD Cell Manager, follow the next steps:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Stop all the application services using ","type":"text"},{"text":"app-util.sh","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following commands:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"sed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-es-raw-trans-*\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-HK-*\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-AppAdmin\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-UI\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-Reports\nsed -i \"s/-Dfile.encoding=UTF-8 org/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true org/g\" /etc/init.d/MonTier-Derby","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following command to validate the change:","type":"text"}]},{"type":"codeBlock","content":[{"text":"cd /etc/init.d; grep -r \"formatMsgNoLookups=true\" | cut -d : -f 1 | sort\n\nExpected results:\n=================\nMonTier-AppAdmin\nMonTier-Derby\nMonTier-es-raw-trans-Node-1\nMonTier-es-raw-trans-Node-2\nMonTier-es-raw-trans-Node-3\nMonTier-es-raw-trans-Node-4\nMonTier-HK-ESRetention\nMonTier-HK-SyslogKeepalive\nMonTier-HK-WdpDeviceResources\nMonTier-HK-WdpServiceResources\nMonTier-HK-WsmKeepalive\nMonTier-Reports\nMonTier-UI","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Start all the application services using ","type":"text"},{"text":"app-util.sh","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Cell Member","type":"text"}]},{"type":"paragraph","content":[{"text":"For a DPOD Cell Member, follow the next steps:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Stop all the application services using ","type":"text"},{"text":"app-util.sh","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following commands:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"sed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-SyslogAgent-*\nsed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-WsmAgent-*\nsed -i \"s/-Djava.net.preferIPv4Stack=true\\\"/-Djava.net.preferIPv4Stack=true -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-es-raw-trans-*\nsed -i \"s/-Dfile.encoding=UTF-8\\\"/-Dfile.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true\\\"/g\" /etc/init.d/MonTier-AppAdmin","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Execute the following command to validate the change:","type":"text"}]},{"type":"codeBlock","content":[{"text":"cd /etc/init.d; grep -r \"formatMsgNoLookups=true\" | cut -d : -f 1 | sort\n\nExpected results:\n=================\nMonTier-AppAdmin\nMonTier-es-raw-trans-Node-2\nMonTier-es-raw-trans-Node-3\nMonTier-es-raw-trans-Node-4\nMonTier-SyslogAgent-\nMonTier-SyslogAgent-\nMonTier-SyslogAgent-\nMonTier-SyslogAgent-\nMonTier-WsmAgent-\nMonTier-WsmAgent-\nMonTier-WsmAgent-\nMonTier-WsmAgent-","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Start all the application services using ","type":"text"},{"text":"app-util.sh","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"paragraph"}],"version":1}

Browser not supported