---
# Author: Simon Monai
# Copyright: Sidarion AG 2021
# License: MIT
- name: Fix FortiSIEM 6.3.x from Log4J CVE-2021-44228 on Supervisors
hosts: fortisiem_super
vars:
- elastic: yes
tasks:
- name: Disable Lookup in log4j.properties for Elastic-Based deployments
ansible.builtin.lineinfile:
path: /opt/phoenix/config/javaQueryServer/log4j.properties
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backup: yes
state: present
loop:
- { regexp: '^log4j\.appender\.stdout\.layout\.ConversionPattern=%5p \[%t\] \(%F:%L\) - %m%n$', line: 'log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) - %m{nolookups}%n' }
- { regexp: '^log4j\.appender\.R\.layout\.ConversionPattern=%d %p \[%t\] %c - %m%n$', line: 'log4j.appender.R.layout.ConversionPattern=%d %p [%t] %c - %m{nolookups}%n' }
- { regexp: '^log4j\.appender\.SYSLOG\.layout\.ConversionPattern=%d\{MMM dd HH:mm:ss\} %m%n$', line: 'log4j.appender.SYSLOG.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %m{nolookups}%n' }
when: elastic # Only when elastic is enabled
tags:
- elastic
- fortisiem_super
- fortisiem
- cve-2021-44228
- name: Add JVM Option
ansible.builtin.lineinfile:
path: /opt/glassfish/domains/domain1/config/domain.xml
line: '-Dlog4j2.formatMsgNoLookups=true'
insertbefore: '<\/java-config>$'
#insertafter: '-Dcom\.sun\.enterprise\.server\.logging\.max_history_files=20<\/jvm-options>$'
state: present
backup: yes
tags:
- fortisiem
- cve-2021-44228
- name: Fix FortiSIEM 6.3.x from Log4J CVE-2021-44228 on all type of machines
hosts: fortisiem
tasks:
- name: Disable Lookup in log4j.properties R Conversion Pattern
ansible.builtin.lineinfile:
path: /opt/phoenix/config/log4j.properties
regexp: '^log4j\.appender\.R\.layout\.ConversionPattern=%d %p \[%t\] %c - %m%n$'
line: 'log4j.appender.R.layout.ConversionPattern=%d %p [%t] %c - %m{nolookups}%n'
backup: yes
state: present
tags:
- fortisiem
- cve-2021-44228
- name: Disable Lookup in log4j.properties in Syslog Conversion pattern
ansible.builtin.lineinfile:
path: /opt/phoenix/config/log4j.properties
regexp: '^log4j\.appender\.SYSLOG\.layout\.ConversionPattern=%d{MMM dd HH:mm:ss} %m%n$'
line: 'log4j.appender.SYSLOG.layout.ConversionPattern=%d{MMM dd HH:mm:ss} %m{nolookups}%n'
backup: yes
state: present
tags:
- fortisiem
- cve-2021-44228
- name: Add No Lookups Line to Config file
ansible.builtin.lineinfile:
path: /opt/phoenix/config/log4j.properties
line: "log4j2.formatMsgNoLookups=True"
backup: yes
state: present
tags:
- fortisiem
- cve-2021-44228
- name: Restart FortiSIEM
become: yes
ansible.builtin.command: killall -9 java
tags:
- fortisiem
- cve-2021-44228