DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > Detect Log4j Vulnerability Using ACS

Detect Log4j Vulnerability Using ACS

Here, learn how to detect Log4j vulnerability using Red Hat Advanced Cluster Security, or ACS, which will help protect and defend your Kubernetes cluster.

shailendra singh user avatar by
shailendra singh
·
Feb. 04, 22 · Security Zone · Tutorial
Like (3)
Save
Tweet
4.08K Views

Join the DZone community and get the full member experience.

Join For Free

In this article, I will discuss how to detect Log4j vulnerability using Red Hat Advanced Cluster Security or ACS, which will help you to protect and defend your Kubernetes cluster.

ACS protects your application across build, deploy, and runtime. It performs risk profiling of your entire environment and ranks your running deployments according to their security risk. It also detects the suspicious process execution within the container. 

Let's explore how to detect applications using the older Log4j jar running in the Kubernetes cluster (here I am using Red Hat OpenShift Container Platform 4.9).

Prerequisites

Install the following technologies before beginning this exercise:

  • Red Hat OpenShift Container Platform 4.9 (or any Kubernetes cluster)

  • Deploy Red Hat Advanced Cluster Security for Kubernetes 3.67(ACS) 

Note: I have purposely deployed a SpringBoot application using log4j-core version 2.14.1 [quay.io/shailendra14k/log4jissue]

Search for the Log4j Violation

ACS comes with 75+ default policies out of the box. You can also create the custom policy as per the requirement. Log4j security policy by default comes with the latest ACS 3.67 version.

For the older versions, policies are available on StackRox.

Open ACS Management console —> Navigate to Violation tab —> Search for policy:Log4Shell —> This will display the list of all the deployments having the vulnerable log4j jars. 

ACS Management console

Which Layer Has the Vulnerable Log4j Jars?

ACS will help you to identify the exact layer in the image which has included the Log4j jars.  

Click on the Search → filter Image:<name of the image>. In my case, it is quay.io/shailendra14k/log4jissue:latest.

Once you find the image, click on the IMAGES button under view on the column.

ACS ImagesClick on the Dockerfile and verify each layer.

ACS Dockerfile verificationNotification?

Yes, you can integrate ACS with various notifiers such as Slack, Jira, Splunk, and Syslog. I have integrated with Jira and Syslog server. 

To get the notification, you will first have to enable it by going to the System policies → Select the policies against which you want to enable the notification→ click on Action → Enable notification.

Enable Notification

Once the notification is enabled, you will be notified of every violation. As I have integrated with JIRA, for every violation, a bug is created with all the details of the deployment as below. 

Deployment

Conclusion

We saw how to identify the Log4j venerable deployment across the Kubernetes cluster. In the next tutorial, I will walk through how to enforce the policy behavior at build, deploy, or runtime, which will block any deployment violating the policies.

Thank you for reading! 

Log4j Kubernetes Vulnerability

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Building a QR Code Generator with Azure Functions
  • How Do You Integrate Emissary Ingress With OPA?
  • The Developer's Guide to SaaS Compliance
  • Implementing Microservices Architectures

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo