Add test for log4j-cve-2021-44228-hotpatch service

demartinofra · demartinofra · commit 48376df0e5c1 · 2022-01-13T20:34:20.000+01:00
Signed-off-by: Francesco De Martino &lt;fdm@amazon.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+3.0.3
+-----
+
+**CHANGES**
+- Disable log4j-cve-2021-44228-hotpatch service on Amazon Linux to avoid incurring in potential performance degradation.
+
 3.0.2
 -----
 
diff --git a/cli/src/pcluster/resources/imagebuilder/parallelcluster_test.yaml b/cli/src/pcluster/resources/imagebuilder/parallelcluster_test.yaml
@@ -38,3 +38,19 @@ phases:
               /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a status | grep status | grep stopped
               [[ $? -ne 0 ]] && echo "amazon-cloudwatch-agent is not stopped" && exit 1
               echo "CloudWatch test passed"
+
+      - name: Log4jPatcher
+        action: ExecuteBash
+        inputs:
+          commands:
+            - |
+              set -vx
+              OS="{{ test.OperatingSystemName.outputs.stdout }}"
+              if [[ ${OS} =~ ^alinux ]]; then
+                echo "verify log4j-cve-2021-44228-hotpatch service is disabled"
+                systemctl show -p SubState log4j-cve-2021-44228-hotpatch | grep -i -v running
+                [[ $? -ne 0 ]] && echo "log4j-cve-2021-44228-hotpatch service is running" && exit 1
+                systemctl show -p LoadState log4j-cve-2021-44228-hotpatch | grep -i "LoadState=masked"
+                [[ $? -ne 0 ]] && echo "log4j-cve-2021-44228-hotpatch service is not masked" && exit 1
+              fi
+              echo "Log4jPatcher Group test passed"
