Log4J Pre-release Mitigation for On-Premise Customers | Communifire Documentation

Depending on your organization's infrastructure, on-premise installations may be impacted by the Log4j vulnerability identified by Elasticsearch, which makes up a component of the Axero software. Out of an abundance of caution, we recommend patching your on-premise server with the following mitigation. In addition, we recommend scheduling an on-premise upgrade so that we can update the version of the Elasticsearch software in your installation to mitigate the Log4j vulnerability.

On-premise upgrades can be done independently or scheduled with an Axero support engineer by opening a private support ticket here.

Elasticsearch Tech Stack Vulnerability

Axero's Elasticsearch technology stack versions are as follows:

• Elasticsearch Version: 7.5.1
• JDK: 8.0
• NEST Client Version: 7.4.1

Based on the Elasticsearch mitigation matrix in Figure 1.1, the stack has a DNS information leak vulnerability. Our Elasticsearch version does NOT contain the remote code execution vulnerability.

Figure 1.1: Mitigation Summary Matrix (source https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) 

Proposed Solution

Out of an abundance of caution, we recommend patching your on-premise server with the following mitigation. The Elasticsearch organization has proposed the following solution for our current tech stack :

1. Make sure your File Explorer is configured to see Hidden files:
   • Open File Explorer on Windows 10
   • Click on C drive then click on View. Next click to checkmark on "Hidden items"
   • 
   • You should see the ProgramData folder. 
   • For different operating systems go here: https://support.microsoft.com/en-us/windows/show-hidden-files-0320fe58-0117-fd59-6851-9b7f9840fdb2#:~:text=%EF%BB%BFWindows%2010%20%EF%BB%BF,drives%2C%20and%20then%20select%20OK.
2. Navigate to C:\ProgramData\Elastic\Elasticsearch\config and copy the jvm.options file to the desktop.
   • 
3. Modify the file by adding the following option at end of the file.
   • ## Remediation for Log4J Vulnerability
-Dlog4j2.formatMsgNoLookups=true
4. Paste the modified file back into C:\ProgramData\Elastic\Elasticsearch\config
5. Restart Elasticsearch node following these steps adapted for Windows from Elasticsearch:
   1. Type cmd on the windows search bar and click "Run as Administrator"
      • 
   2. On cmd prompt run the following commands one by one (see commands.txt attached file) :
      1. curl -X PUT "localhost:9207/_cluster/settings?pretty" -H"Content-Type: application/json" -d"{\"persistent\"{\"cluster.routing.allocation.enable\": \"primaries\"}}"
      2. curl -X POST "localhost:9207/_flush/synced?pretty"
      3. curl -X POST "localhost:9207/_ml/set_upgrade_mode?enabled=true&pretty"
      4. net stop elasticsearch
      5. net start elasticsearch
   3. Run commands 
      • curl -X GET "localhost:9207/_cat/health?pretty"  and curl -X GET "localhost:9207/_cat/nodes?pretty"
      • Wait until you see each node in "green" status. 

   4. Run command:

      • curl -X PUT "localhost:9207/_cluster/settings?pretty" -H "Content-Type:application/json" -d"{\"persistent\": {\"cluster.routing.allocation.enable\":null}}"

   5. Monitor progress with commands:   curl -X GET "localhost:9207/_cat/health?pretty"  and curl -X GET "localhost:9207/_cat/recovery?pretty"
      • wait until you see each node in "green" status. 
   6. Done!

To verify the web app is still communicating properly with Elasticsearch do the following:

1. Log in to your Communifire intranet web app as admin. 
2. Go to your Control Panel:
   • 
3. Go to System>Advanced System Utilities
   • 
4. Verify that everything is in green:
   • 

An Axero update will be available in January 2022 that will include a new version of the Elasticsearch software that resolves the Log4j vulnerability.