Summary

Question

Customer Environment

Root Cause

Symptoms

Troubleshooting Steps

Resolution

Pre check: 

Master Node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

Data Node: 

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

Note: we are expecting JndiLookup.class

Sample Result:

Please execute below commands to fix log4j security vulnerability on customer setup (druid).

On SCI master node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. sudo zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
3. sudo docker cp log4j-core-2.5.jar imply-master:/root/imply/dist/druid/lib/
4. sudo docker commit imply-master $(sudo docker ps --format "{{.Image}}" --filter name=imply-master)
5. sudo docker-compose up -d imply-master imply-query imply-data

On SCI data node:

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. sudo zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
3. sudo docker cp log4j-core-2.5.jar imply-data:/root/imply/dist/druid/lib/
4. sudo docker commit imply-data $(sudo docker ps --format "{{.Image}}" --filter name=imply-data)
5. sudo docker-compose up -d imply-data

Sample Result:

Post Check:

Master Node:

1. sudo docker cp imply-master:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

Data Node: 

1. sudo docker cp imply-data:/root/imply/dist/druid/lib/log4j-core-2.5.jar .
2. zipinfo log4j-core-2.5.jar | grep JndiLookup.class

Note: we are expecting no JndiLookup.class


Sample Result:

NOTE: If you have upgrade druid value before (300GB - default value), please contact TSE to assist you to upgrade back again to desired value but if you are using the 300GB. It will be still 300GB.