Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Log contents to file by prefixing timestamp. Maximum file size is 50MB
- function log_to_console() {
- echo "$(date +'%Y-%m-%d %T')" "$HOSTNAME" "$@"
- }
- log_to_console "Running script to remove JndiLookup.class from jars in Unified Access Gateway"
- log_to_console "UAG Version: " $(tail -1 /opt/vmware/gateway/logs/version.info 2>/dev/null)
- mkdir /tmp/test
- mkdir /tmp/bkp
- log_to_console "Unpacking archive and removing JndiLookup.class"
- cp /opt/vmware/gateway/lib/ab-frontend-0.2.jar /tmp/bkp
- unzip -q -o /opt/vmware/gateway/lib/ab-frontend-0.2.jar -d /tmp/test
- unzip -q -o /tmp/test/hc.war -d /tmp/test/hc
- zip -dq /tmp/test/hc/WEB-INF/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
- rm /tmp/test/hc.war
- cd /tmp/test/hc
- zip -r -q ../hc.war .
- cd ..
- rm -rf hc
- log_to_console "Repackaging archive"
- zip -r -q ab-frontend-0.2.jar .
- chown gateway:users ab-frontend-0.2.jar
- mv ab-frontend-0.2.jar /opt/vmware/gateway/lib
- log_to_console "Replaced updated ab-frontend-0.2.jar, now looking for jndi in other places"
- find / -type f \( -name "*.jar" -o -name *.war \) -exec sh -c "zipinfo -1 {} 2>/dev/null | grep 'JndiLookup.class' && echo {}" \; | grep .jar | while read -r line ; do
- jar_path=$line
- log_to_console "Updating $jar_path"
- zip -dq $jar_path org/apache/logging/log4j/core/lookup/JndiLookup.class
- chown gateway:users $jar_path
- done
- log_to_console "Restarting authbroker"
- supervisorctl restart authbroker
- log_to_console "Cleaning up."
- cd /tmp
- rm -rf /tmp/test
- log_to_console "Verification: We are good if no jars are listed below"
- find / -type f \( -name "*.jar" -o -name *.war \) -exec sh -c "zipinfo -1 {} 2>/dev/null | grep 'JndiLookup.class' && echo {}" \;
- log_to_console "Verification: Grep authbroker-std-out.log for log4j errors, we are good if no exception is displayed below"
- cat /opt/vmware/gateway/logs/authbroker-std-out.log | grep log4j
- log_to_console "Done!"
Add Comment
Please, Sign In to add comment