Jamf Nation Community

Eskobar · ‎01-18-2022

Hello,

I have detected Log4j vulnerability on our 200 machines.
I have an issue upgrading the jar file.
I can delete /Users/*/Library/Aternity/Agent/lib/log4j-core-2.13.3.jar
However I do not know how to replace/override it with log4j-core-2.17.1.jar.
How to replace jar file in jamf ?

Jamf Cloud Hosted v10.35.0

ljcacioppo · ‎01-18-2022

You will likely want to see how Aternity plans to remediate this. Here is their response to the log4j vulnerabilities:
https://aternity.force.com/customersuccess/s/article/Apache-Log4j-Zero-Day-Exploit

In that link, there is a section that talks about the agent, but it appears to be behind a login wall. If you use eternity, I would imagine you may have a login to get to that page. Otherwise, Id recommend reaching out to their support as the issue would best be resolved by them issuing an updated agent for you to deploy or a patch you can apply.

chrisB · ‎01-19-2022

If you can delete it by:

rm -f /Users/*/Library/Aternity/Agent/lib/log4j-core-2.13.3.jar

Then you can deploy the new jar-File (with a PKG) to a temp directory [/private/tmp/log4j-core-2.17.1.jar] and use a postinstall script to move it (back) to all user's home folders:

#!/bin/zsh

# Create a file with a list of all users

dscl /Local/Default -list /Users uid | awk '$2 >= 500 { print $1; }' > /private/tmp/users.txt

# Use the list of users to copy your file to the appropriate location

for a in `cat /private/tmp/users.txt` ; do cp -pf /private/tmp/log4j-core-2.17.1.jar /Users/$a/Library/Aternity/Agent/lib/; done
for a in `cat /private/tmp/users.txt` ; do chmod -R 777 /Users/$a/Library/Aternity/Agent/lib/; done

# Delete all temporary files

rm -f /private/tmp/users.txt
rm -f /private/tmp/log4j-core-2.17.1.jar

exit 0

(AFAIR: With SPSS 28.0.1.0 I had to replace 3 JAR files in 3 different directories.)

Jamf Nation Community

Log4j Vulnerability jar upgrade