Good Day everyone. In this section we will cover the workaround steps for Data Protection Central or System Manager to fix the Apache Log4j remote code execution vulnerability. We will be applying the workaround fix on data protection central and for these steps users can refer to the Dell EMC knowledge base article 194485 or 194520. As a prerequisite for applying this workaround we will need to download two files.
One is the ping federate zip file another one is the update log4j files .sh script. Once the file has been downloaded user can SSH into Data Protection Central as 'admin' user and switch as a root user. Stop the SSO service using the command provided in step 2. Now copy the attached file to the kb, the files that we had downloaded into the DPC server under temp directory, and unzip the file using the following command.
In order to copy these files users can use file transfer software like WinSCP etc. Once the files are in temp directory issue the unzip command to unzip the pingfederate zip file. Once that is done then copy the update Log4j files.sh script. Run the update Log4j script from the temp directory and this should do the remediation for us.
If the remediation fails we can run the manual steps as well, provided in the kb article and as shown here. Now let's go through the demo section. As we can see I've logged into the DPC or Data Protection Central as admin user.
Now we will switch to root user using credentials for the DPC. Once we are logged in as root user we will cd to the temp directory, this is where we had copied the files using Windows cp, and we can see the two files are required are the ones that are highlighted here. Now we'll unzip the pingfederate file using the unzip command.
Once the files have been unzipped we need to provide the executable permissions to the update script, so enter chmod plus x and then put the script name here. Once the script has been provided the executable permissions then the script can be run using command dot slash and the script name, and as you can see the script is updating the files that that are required and it will restart the services. And we can see the message which that shows it completed, and that confirms we've remediated the Data Protection Central system.
Thank you.
