Add references/steps to follow for removing the exploit.

Question

Add references/steps to follow for removing the exploit.

harishch4 opened this issue 3 years ago · 1 comments

I ran the script on my server and got the below results. However, neither Java nor log4j is installed on my server. Please guide me on what to do next.
sudo python3 log4shell-detector.py -p /var/log/ --summary

[.] Starting scan DATE: 2021-12-14 05:34:03.155342
[.] Scanning FOLDER: /var/log/ ...

[!] 10 files with exploitation attempts detected in PATH: /var/log/
[!] FILE: /var/log/gitlab/gitlab-workhorse/current LINE_NUMBER: 255 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.3.gz LINE_NUMBER: 1489 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.3.gz LINE_NUMBER: 2204 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.3.gz LINE_NUMBER: 2205 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.3.gz LINE_NUMBER: 2444 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.3.gz LINE_NUMBER: 2445 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 1 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 2 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 3 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 136 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 157 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 158 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 159 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 372 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 373 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 374 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 375 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 376 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 581 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 582 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 583 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 584 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.2.gz LINE_NUMBER: 1227 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 25 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 52 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 63 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 64 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 165 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 1332 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 1537 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/nginx/gitlab_access.log.1.gz LINE_NUMBER: 1580 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.2.gz LINE_NUMBER: 2043 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.2.gz LINE_NUMBER: 2045 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.1.gz LINE_NUMBER: 504 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.1.gz LINE_NUMBER: 505 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.1.gz LINE_NUMBER: 5507 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.3.gz LINE_NUMBER: 6339 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.3.gz LINE_NUMBER: 6340 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.3.gz LINE_NUMBER: 6932 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.1.gz LINE_NUMBER: 1878 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.1.gz LINE_NUMBER: 1880 STRING: ${jndi:dns:/
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 5 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 6 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 474 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 1422 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 1423 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 2527 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production_json.log.2.gz LINE_NUMBER: 2528 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.3.gz LINE_NUMBER: 30592 STRING: ${jndi:ldap:
[!] FILE: /var/log/gitlab/gitlab-rails/production.log.3.gz LINE_NUMBER: 30594 STRING: ${jndi:ldap:
[!!!] 50 exploitation attempts detected in the complete scan
[.] Finished scan DATE: 2021-12-14 05:50:44.095624
[.] Scan took the following time to complete DURATION: 0 hours 16 minutes 40 seconds

Answer 1 · 2021-12-14T17:29:53.000Z

Done in README