[Update] Precautionary steps to protect RecoveryManager Plus from Log4j vulnerabilities (CVE-2021-44228), (CVE-2021-45046), (CVE-2021-45105), and (CVE-2021-44832)

[Update] Precautionary steps to protect RecoveryManager Plus from Log4j vulnerabilities (CVE-2021-44228), (CVE-2021-45046), (CVE-2021-45105), and (CVE-2021-44832)

This post has been updated on 13/1/2022.

In RecoveryManager Plus , the affected log4j version is used in the bundled dependency. Our security experts are analyzing the issue and as of now, we have no conclusive evidence of our product being affected by it. However, we strongly recommend all our customers to follow the below steps as a precautionary measure.

  1. Update RecoveryManager Plus to the latest build using the relevant service pack.
  2. Stop RecoveryManager Plus.
  3. Navigate to <RecoveryManager Plus installation folder>\ES\lib where <RecoveryManager Plus installation folder> is the location where RecoveryManager Plus is installed in your machine.
  4. Take a backup of the files log4j-1.2-api-2.16.0.jar, log4j-api-2.16.0.jar, and log4j-core-2.16.0.jar, and move them to a different folder other than the RecoveryManager Plus installation folder.
  5. Navigate to <RecoveryManager Plus installation folder>\ES\plugins\search-guard-6, take a backup of the file log4j-slf4j-impl-2.16.0.jar, and move it to a different folder other than the RecoveryManager Plus installation folder.
  6. Download the files in this link, extract the contents of the .zip file,  and copy the lib and plugins folders from the extracted .zip file to the <RecoveryManager Plus installation folder>\ES folder.
  7. Navigate to <RecoveryManagerPlus installation folder>\ES\bin\ and delete the elasticsearch-sql-cli-6.5.4.jar file.
  8. If you have configured on-premises backup repositories in RecoveryManager Plus other than RMP-NODE1, you will have to replace the lib files in those repositories as well. 
  9. To replace the lib files, navigate to <Repository path>\RecoveryManager Plus Elasticsearch\ES\lib where <Repository path> is the path displayed in the UI.  Take a backup of the files log4j-1.2-api-2.16.0.jar, log4j-api-2.16.0.jar, and log4j-core-2.16.0.jar, and move them to a different folder other than the repository.
  10. Navigate to <Repository path>\RecoveryManager Plus Elasticsearch\ES\plugins\search-guard-6, take a backup of the file log4j-slf4j-impl-2.16.0.jar, and move it to a different folder other than the repository.
  11. Download the files in this link, extract the contents of the .zip file, and copy the lib and plugins folders from the extracted .zip file to the <Repository path>\ES folder.
  12. Navigate to <Repository path>\RecoveryManager Plus Elasticsearch\ES\bin\ and delete the elasticsearch-sql-cli-6.5.4.jar file.
  13. Restart RecoveryManager Plus.

Note: As per the latest update from Apache, there is no need to perform the previous workarounds listed below (modifying jvm.options file and wrapper.conf files). Apache has released a .jar file which can mitigate against this vulnerability. 

Old workaround suggested by Apache which is now redundant:
  1. Update RecoveryManager Plus to the latest build using the relevant service pack.
  2. Stop RecoveryManager Plus.
  3. Navigate to <RecoveryManager Plus installation folder>\ES\config where <RecoveryManager Plus installation folder> is the location where RecoveryManager Plus is installed in your machine.
  4. Take a backup of jvm.options file.
  5. Edit the jvm.options file and append the following content as the last line.
    -Dlog4j2.formatMsgNoLookups=true

  6. If you have configured on-premises backup repositories in RecoveryManager Plus other than RMP-NODE1, you will have to make the same changes to jvm.options file in those repositories.
  7. In the configured repositories, navigate to <Repository path>\RecoveryManager Plus Elasticsearch\ES\config where <Repository path> is the path displayed in the UI. 

  8. Locate the jvm.options file  and append the following content as the last line.
    -Dlog4j2.formatMsgNoLookups=true
  9. Navigate to <RecoveryManager Plus installation folder>\conf
  10. Take a backup of wrapper.conf.
  11. Edit the wrapper.conf file.
  12. Search for the string "wrapper.java.additional.20" and add the below sequence as the last entry and save the file. 
    wrapper.java.additional.21=-Dlog4j2.formatMsgNoLookups=true

    Note: If "wrapper.java.additional.20" does not exist, then insert this entry as wrapper.java.additional.20=-Dlog4j2.formatMsgNoLookups=true
  13. Restart RecoveryManager Plus.
If you require assistance, you can reach us by the following ways:
Toll Free: +1-408-916-9393


                  New to ADSelfService Plus?