Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Cloud era installation path

avatar
New Contributor

I am trying build a security work around Cloudera platform for log4j. I know for log4j cloudera has different jars built. But question is are these present only in /opt/cloudera/cm and /opt/cloudera/parcels//CDH-7.1.7-1.cdh7.1.7.p1000.24102687/, or it can be anywhere under /opt/cloudera

Is /opt/cloudera/ default directory installation path for any cloudera product?

1.2.17-cloudera6 jar only cdh7 or they are applicable to cdh7 and below

6 REPLIES 6

avatar
Super Guru

@learncloud1111 ,

 

All vulnerabilities regarding log4j have already been fixed/addressed by Cloudera in CDP 7.1.7 SP1. You should not need to fix anything else on your own.

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

in cloudera 7.1.7 sp1 CDH-7.1.7-1.cdh7.1.7.p1050.30900109

We still can find log4j files in the below paths: 

[yarn@cnl CDH]$ find -name log4j-1.2.17-cloudera6.jar
./lib/hadoop/client/log4j-1.2.17-cloudera6.jar
./lib/hadoop/lib/log4j-1.2.17-cloudera6.jar
./lib/atlas/extractors/lib/aws-s3/log4j-1.2.17-cloudera6.jar
./lib/atlas/extractors/lib/azure-adls/log4j-1.2.17-cloudera6.jar
./lib/atlas/server/webapp/atlas/WEB-INF/lib/log4j-1.2.17-cloudera6.jar
./lib/queuemanager/lib/dependencies/log4j-1.2.17-cloudera6.jar
./lib/hadoop-hdfs/lib/log4j-1.2.17-cloudera6.jar
./lib/cruise_control/libs/log4j-1.2.17-cloudera6.jar
./lib/hbase-solr/lib/log4j-1.2.17-cloudera6.jar
./lib/hbase_connectors/lib/log4j-1.2.17-cloudera6.jar
./lib/hbase/lib/client-facing-thirdparty/log4j-1.2.17-cloudera6.jar
./lib/impala/lib/log4j-1.2.17-cloudera6.jar
./lib/kafka/libs/log4j-1.2.17-cloudera6.jar
./lib/knox/dep/log4j-1.2.17-cloudera6.jar
./lib/livy2/jars/log4j-1.2.17-cloudera6.jar
./lib/oozie/embedded-oozie-server/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar
./lib/oozie/lib/log4j-1.2.17-cloudera6.jar
./lib/oozie/libtools/log4j-1.2.17-cloudera6.jar
./lib/oozie/oozie-sharelib-yarn/lib/hcatalog/log4j-1.2.17-cloudera6.jar
./lib/oozie/oozie-sharelib-yarn/lib/hive/log4j-1.2.17-cloudera6.jar
./lib/oozie/oozie-sharelib-yarn/lib/oozie/log4j-1.2.17-cloudera6.jar
./lib/oozie/oozie-sharelib-yarn/lib/spark/log4j-1.2.17-cloudera6.jar
./lib/hadoop-ozone/share/ozone/lib/log4j-1.2.17-cloudera6.jar
./lib/phoenix_omid/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-kms/ews/webapp/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-admin/ews/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-admin/ews/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-raz/webapp/ranger-raz/WEB-INF/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-tagsync/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-usersync/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-rms/ews/lib/log4j-1.2.17-cloudera6.jar
./lib/ranger-rms/ews/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar
./lib/schemaregistry/atlas-plugin/atlas-schema-registry-plugin-impl/log4j-1.2.17-cloudera6.jar
./lib/schemaregistry/libs/log4j-1.2.17-cloudera6.jar
./lib/schemaregistry/ranger-plugin/ranger-schema-registry-plugin-impl/log4j-1.2.17-cloudera6.jar
./lib/search/lib/log4j-1.2.17-cloudera6.jar
./lib/search/lib/search-crunch/log4j-1.2.17-cloudera6.jar
./lib/spark/jars/log4j-1.2.17-cloudera6.jar
./lib/streams_replication_manager/lib/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/interpreter/angular/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/interpreter/jdbc/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/interpreter/livy/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/interpreter/md/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/interpreter/sh/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/lib/interpreter/log4j-1.2.17-cloudera6.jar
./lib/zeppelin/lib/log4j-1.2.17-cloudera6.jar
./lib/zookeeper/lib/log4j-1.2.17-cloudera6.jar
./jars/log4j-1.2.17-cloudera6.jar

 

And also in below jar files, they also include the log4j-1.2.17-cloudera6.jar. Since it will be scanned out from our vulnerability scanning tools. May I know if this log4j jar is using and any solution to remove it? Thanks.

avro-tools-1.8.2.7.1.7.1026-1.jar
avro-tools.jar
cpx-server.jar
cpx-server-1.0.0.7.1.7.1026-1.jar
data_analytics_studio-event-processor-1.4.2.7.1.7.1026-1.jar
data_analytics_studio-webapp-1.4.2.7.1.7.1026-1.jar
hbase-indexer-mr-1.5.0.7.1.7.1026-1-job.jar$lib
hbase-indexer-mr-job.jar
log4j-1.2.17-cloudera6.jar
parquet-tools-1.10.99.7.1.7.1026-1.jar
phoenix5-hive-shaded.jar
phoenix5-hive-shaded-6.0.0.7.1.7.1026-1.jar
phoenix5-spark-shaded.jar
phoenix5-spark-shaded-6.0.0.7.1.7.1026-1.jar
phoenix-client-embedded-hbase-2.2.jar
phoenix-client-embedded-hbase-2.2-5.1.1.7.1.7.1026-1.jar
phoenix-client-hbase-2.2.jar
phoenix-client-hbase-2.2-5.1.1.7.1.7.1026-1.jar

avatar
Community Manager

@johnnyyqzheng, Welcome to our community! To help you get the best possible answer, I have tagged in our experts @araujo @vaishaakb  who may be able to assist you further.

Please feel free to provide any additional information or details about your query, and we hope that you will find a satisfactory solution to your question.



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:

avatar
New Contributor

@VidyaSargur Thank you. @araujo @vaishaakb , 

As we knew, CDH 7.1.7 SP1 has already fixed log4j vulnerability issue. 

But when we arrange scanning in CDH path, but there are still log4j1 jar package in it. (details as in my above list). 

So would like to seek your help to see why the old log4j jars are still there and which version of CDH will exclude those old log4j jars. Thanks.

avatar
New Contributor

hi, @araujo , @vaishaakb , may I know if there is any finding?

avatar
Master Collaborator

@johnnyyqzheng Apologies for the delayed update. Writing this update as soon as I could.

From your previous post, I see that you are still observing the presence of the log4j files after upgrading to CDP 717 SP1. 

May I know if you got a chance to review the KB article regarding this? If not, Please read this and let me know if you have followup questions. 

https://my.cloudera.com/knowledge/Clarification-of-Log4J-1x-Remediation-on-CDP-717-SP1-and-CM771?id=...

V