Security Bulletin
Summary
There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability (CVE-2021-44228) by applying the applicable workaround steps to IBM Financial Crimes Insight for Claims Fraud.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
| Counter Fraud Management - Banking | All |
Remediation/Fixes
None
Workarounds and Mitigations
The recommended solution is to apply the fix for Elastic Search and Hadoop as in steps below as soon as possible.
Steps for Elastic Search:
To fix the log4j vulnerability in Elastic Search for IBM Financial Crimes Insight for Claims Fraud, complete the following steps:
- Log into OpenShift cluster using
oc loginfrom Ambari server. - Ensure all Elastic Search pods are healthy and Running.
oc get po | grep fci-elasticsearch - Set the
JVMproperty to apply log4j fix. To set, complete the following commands.oc patch sts fci-elasticsearch-master -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","env":[{"name":"ES_JAVA_OPTS","value":"-Dlog4j2.formatMsgNoLookups=true"}]}]}}}}' oc patch sts fci-elasticsearch-data -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","env":[{"name":"ES_JAVA_OPTS","value":"-Dlog4j2.formatMsgNoLookups=true"}]}]}}}}' oc patch sts fci-elasticsearch-client -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","env":[{"name":"ES_JAVA_OPTS","value":"-Dlog4j2.formatMsgNoLookups=true"}]}]}}}}'The Elastic Search pods are restarted automatically after the commands are executed.
- Ensure all Elastic search pods are restarted.
oc get po | grep fci-elasticsearch - Verify if the log4j fix is applied successfully. The JVM process starts with a new JVM argument
-Dlog4j2.formatMsgNoLookups=true.oc exec fci-elasticsearch-data-0 -- ps aux oc exec fci-elasticsearch-master-0 -- ps aux
Steps for Hadoop:
To fix the log4j vulnerability in Hadoop for IBM Financial Crimes Insight for Claims Fraud, complete the following steps:
-
- Download the cloudera-scripts-for-log4j-main.zip file.
- Copy it to all the Hadoop nodes.
- Do the following steps for every Hadoop nodes:
- Copy the
cloudera-scripts-for-log4j-main.zipfile to the/root/. - Run the below commands to extract the
.zipfile:cd /root unzip cloudera-scripts-for-log4j-main.zip - Run the below command and note down the folder names, such as
/usr,/fcigraph, and/grid.find / -name log4j*.jar > list_of_impacted_jars.txt - Create a backup folder with the below command.
mkdir /log4j_backup - Run the following command for each folder found in the preceding step to apply the fix:
./run_log4j_patcher.sh hdp -t /usr/ -b /log4j_backup > patch.log 2>&1 &Note: In the above command, replace
/usr/with the folder names at the preceding step, such as/fcigraph/,/grid/, etc.This process may take 10 to 15 minutes.
- Copy the
- Run the following commans to verify:
cd /log4j_backup find . -name *.backupNote: This lists all the impacted
.jarfiles that are patched, and the list matches the list_of_impacted_jars.txt. - Restart the impacted services from Ambari console (
hiveandoozie).
Get Notified about Future Security Bulletins
References
Change History
20 Dec 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
21 December 2021
Initial Publish date:
20 December 2021
UID
ibm16528874