This repo has the docker and k8s YAMLs that are needed to recreate the log4j vulnerability (seel below).
Follow this blog to understand how all of this is tied together.
In case you need to customize the docker images
cd <Git-Repo>/web-server
make build push cd <Git-Repo>/marshalsec
make build push cd <Git-Repo>/attack-server
make build pushMake sure that you update the DockerHub to reflect your user-id before attempting to push.
For the POC, you don't need to customize the docker images.
You can deploy the YAMLs under the k8s folder to any Kubernetes Cluster.
cd <Git-Repo>/k8s
kubectl create -f .This will deploy 3 PODs on the cluster, each reprenting an "actor" playing it's part for us to understsand how the log4j vunerability works.
In addition to the YAMLs included here, you will need to deploy an Ingress on the Kubernetes cluster to allow testing the vunerable web app from public end-points.
Heres a sample that works for Ngnix-Ingress.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: log4j-ingress
labels:
app: log4j
env: dev
namespace: log4j
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
#nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- <YOUR-DOMAIN-NAME-HERE>
#secretName: tls-java-secret
rules:
- host: <YOUR-DOMAIN-NAME-HERE>
http:
paths:
- path: /
backend:
serviceName: log4j-webserver
servicePort: 8080