One moment please...
 
 
Exact Synergy Enterprise   
 

Synergy with Elasticsearch for Windows – addressing log4j vulnerability

Considering the Elastic.co advisory:
Elasticsearch running on JDK8 or below is susceptible to an information leak via DNS which is fixable by the JVM property identified below. The JVM option identified below is effective for Elasticsearch version 6.6.2. 

Solutions and Mitigations:
Set the JVM option “-Dlog4j2.formatMsgNoLookups=true” 

Elasticsearch can be run through the command prompt or through a Windows service. When you run Elasticsearch from the command prompt, you start the service manually. Every time you restart the machine you should also start Elasticsearch. Another way is through a Windows service. You install this Windows service and configure it to start when the system is restarted. 

Depending on which method you use, you can perform one of the following solutions: 

  1. Run Elasticsearch as a Windows service
  2. Run Elasticsearch from the command prompt

Run Elasticsearch as a Windows service

If the elasticsearch is setup to run as a service and the service configuration was created using “elasticsearch-service.bat manager” the JVM options for the service are stored in the service configuration executable rather than jvm.options file. 

Update existing service config with the JVM class as follows: 

  1. Login to the server where elasticsearch service is installed. 
  2. Run command prompt as an administrator. 
  3. Navigate to the elasticsearch installation directory for example:
    C:\Install>cd elasticsearch-6.6.2\
    In the properties of the elasticsearch service (Start > Run > Services.msc) you can see under “path to executable” in which directory elasticsearch is installed.
  4. Go to the bin directory:
    C:\Install>cd elasticsearch-6.6.2\bin
  5. Execute following command: “elasticsearch-service.bat manager”
    C:\Install\elasticsearch-6.6.2\bin>elasticsearch-service.bat manager 
    Elasticsearch service properties:
  6. Open the Java tab:
  7. In Java Options scroll to the -Dlog4j options and add: 
    “-Dlog4j2.formatMsgNoLookups=true” 
  8. Click Apply and restart the elasticsearch service.

Run Elasticsearch from the command prompt 

  1. Login to the server where elasticsearch service is installed and navigate to installation directory for example: C:\elasticsearch-6.2.2\
    In the properties of the elasticsearch service (Start > Run > Services.msc) you can see under “path to executable” in which directory elasticsearch is installed.
  2. Open the Config folder:
  3. Use a text editor and open the jvm.options file:


  4. In the jvm configuration file scroll to the Expert settings and find the # log4j 2 section: 

    # log4j 2 
    -Dlog4j.shutdownHookEnabled=false 
    -Dlog4j2.disable.jmx=true 
    -Djava.io.tmpdir=${ES_TMPDIR}

  5. Add the JVM Option as recommended by Elastic so the section looks like:

    # log4j 2 
    -Dlog4j.shutdownHookEnabled=false 
    -Dlog4j2.disable.jmx=true 
    -Dlog4j2.formatMsgNoLookups=true 
    -Djava.io.tmpdir=${ES_TMPDIR}

  6. Save the jvm.options file.
  7. Restart elasticsearch service. 

     
 Main Category: Attachments & notes  Document Type: Support - On-line help
 Category:  Security  level: All - 0
 Sub category:  Document ID: 30.458.709
 Assortment:  Date: 15-12-2021
 Release:  Attachment:
 Disclaimer

Tags
No tags added