Member since
01-23-2024
3
Posts
2
Kudos Received
0
Solutions
01-24-2024
08:23 PM
2 Kudos
@VidyaSargur Thank you. @araujo @vaishaakb , As we knew, CDH 7.1.7 SP1 has already fixed log4j vulnerability issue. But when we arrange scanning in CDH path, but there are still log4j1 jar package in it. (details as in my above list). So would like to seek your help to see why the old log4j jars are still there and which version of CDH will exclude those old log4j jars. Thanks.
... View more
01-23-2024
01:21 AM
in cloudera 7.1.7 sp1 CDH-7.1.7-1.cdh7.1.7.p1050.30900109 We still can find log4j files in the below paths: [yarn@cnl CDH]$ find -name log4j-1.2.17-cloudera6.jar ./lib/hadoop/client/log4j-1.2.17-cloudera6.jar ./lib/hadoop/lib/log4j-1.2.17-cloudera6.jar ./lib/atlas/extractors/lib/aws-s3/log4j-1.2.17-cloudera6.jar ./lib/atlas/extractors/lib/azure-adls/log4j-1.2.17-cloudera6.jar ./lib/atlas/server/webapp/atlas/WEB-INF/lib/log4j-1.2.17-cloudera6.jar ./lib/queuemanager/lib/dependencies/log4j-1.2.17-cloudera6.jar ./lib/hadoop-hdfs/lib/log4j-1.2.17-cloudera6.jar ./lib/cruise_control/libs/log4j-1.2.17-cloudera6.jar ./lib/hbase-solr/lib/log4j-1.2.17-cloudera6.jar ./lib/hbase_connectors/lib/log4j-1.2.17-cloudera6.jar ./lib/hbase/lib/client-facing-thirdparty/log4j-1.2.17-cloudera6.jar ./lib/impala/lib/log4j-1.2.17-cloudera6.jar ./lib/kafka/libs/log4j-1.2.17-cloudera6.jar ./lib/knox/dep/log4j-1.2.17-cloudera6.jar ./lib/livy2/jars/log4j-1.2.17-cloudera6.jar ./lib/oozie/embedded-oozie-server/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar ./lib/oozie/lib/log4j-1.2.17-cloudera6.jar ./lib/oozie/libtools/log4j-1.2.17-cloudera6.jar ./lib/oozie/oozie-sharelib-yarn/lib/hcatalog/log4j-1.2.17-cloudera6.jar ./lib/oozie/oozie-sharelib-yarn/lib/hive/log4j-1.2.17-cloudera6.jar ./lib/oozie/oozie-sharelib-yarn/lib/oozie/log4j-1.2.17-cloudera6.jar ./lib/oozie/oozie-sharelib-yarn/lib/spark/log4j-1.2.17-cloudera6.jar ./lib/hadoop-ozone/share/ozone/lib/log4j-1.2.17-cloudera6.jar ./lib/phoenix_omid/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-kms/ews/webapp/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-admin/ews/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-admin/ews/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-raz/webapp/ranger-raz/WEB-INF/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-tagsync/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-usersync/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-rms/ews/lib/log4j-1.2.17-cloudera6.jar ./lib/ranger-rms/ews/webapp/WEB-INF/lib/log4j-1.2.17-cloudera6.jar ./lib/schemaregistry/atlas-plugin/atlas-schema-registry-plugin-impl/log4j-1.2.17-cloudera6.jar ./lib/schemaregistry/libs/log4j-1.2.17-cloudera6.jar ./lib/schemaregistry/ranger-plugin/ranger-schema-registry-plugin-impl/log4j-1.2.17-cloudera6.jar ./lib/search/lib/log4j-1.2.17-cloudera6.jar ./lib/search/lib/search-crunch/log4j-1.2.17-cloudera6.jar ./lib/spark/jars/log4j-1.2.17-cloudera6.jar ./lib/streams_replication_manager/lib/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/interpreter/angular/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/interpreter/jdbc/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/interpreter/livy/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/interpreter/md/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/interpreter/sh/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/lib/interpreter/log4j-1.2.17-cloudera6.jar ./lib/zeppelin/lib/log4j-1.2.17-cloudera6.jar ./lib/zookeeper/lib/log4j-1.2.17-cloudera6.jar ./jars/log4j-1.2.17-cloudera6.jar And also in below jar files, they also include the log4j-1.2.17-cloudera6.jar. Since it will be scanned out from our vulnerability scanning tools. May I know if this log4j jar is using and any solution to remove it? Thanks. avro-tools-1.8.2.7.1.7.1026-1.jar avro-tools.jar cpx-server.jar cpx-server-1.0.0.7.1.7.1026-1.jar data_analytics_studio-event-processor-1.4.2.7.1.7.1026-1.jar data_analytics_studio-webapp-1.4.2.7.1.7.1026-1.jar hbase-indexer-mr-1.5.0.7.1.7.1026-1-job.jar$lib hbase-indexer-mr-job.jar log4j-1.2.17-cloudera6.jar parquet-tools-1.10.99.7.1.7.1026-1.jar phoenix5-hive-shaded.jar phoenix5-hive-shaded-6.0.0.7.1.7.1026-1.jar phoenix5-spark-shaded.jar phoenix5-spark-shaded-6.0.0.7.1.7.1026-1.jar phoenix-client-embedded-hbase-2.2.jar phoenix-client-embedded-hbase-2.2-5.1.1.7.1.7.1026-1.jar phoenix-client-hbase-2.2.jar phoenix-client-hbase-2.2-5.1.1.7.1.7.1026-1.jar
... View more