forked from cloudera/cloudera-scripts-for-log4j
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun_log4j_patcher.sh
executable file
·157 lines (133 loc) · 4.69 KB
/
run_log4j_patcher.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
# CLOUDERA SCRIPTS FOR LOG4J
#
# (C) Cloudera, Inc. 2021. All rights reserved.
#
# Applicable Open Source License: Apache License 2.0
#
# CLOUDERA PROVIDES THIS CODE TO YOU WITHOUT WARRANTIES OF ANY KIND. CLOUDERA DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES WITH RESPECT TO THIS CODE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CLOUDERA IS NOT LIABLE TO YOU, AND WILL NOT DEFEND, INDEMNIFY, NOR HOLD YOU HARMLESS FOR ANY CLAIMS ARISING FROM OR RELATED TO THE CODE. ND WITH RESPECT TO YOUR EXERCISE OF ANY RIGHTS GRANTED TO YOU FOR THE CODE, CLOUDERA IS NOT LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE OR ONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, DAMAGES RELATED TO LOST REVENUE, LOST PROFITS, LOSS OF INCOME, LOSS OF BUSINESS ADVANTAGE OR UNAVAILABILITY, OR LOSS OR CORRUPTION OF DATA.
#
# --------------------------------------------------------------------------------------
set -e -o pipefail
# Program name
PROG=$(basename "$0")
BASEDIR=$(dirname "$0")
CDH_CDP_SCRIPT="$BASEDIR/cm_cdp_cdh_log4j_jndi_removal.sh"
HDP_SCRIPT="$BASEDIR/hdp_log4j_jndi_removal.sh"
log_info() {
echo "INFO : ${1}" 1>&2
}
log_error() {
error="$1"
echo "ERROR: ${error}" 1>&2
}
subcommand_usage() {
echo "Usage: $PROG (subcommand) [options]
Subcommands:
help Prints this message
cdh Scan a CDH cluster node
cdp Scan a CDP cluster node
hdp Scan a HDP cluster node
hdf Scan a HDF cluster node
Options (cdh and cdp subcommands only):
-t <targetdir> Override target directory (default: distro-specific)
-b <backupdir> Override backup directory (default: /opt/cloudera/log4shell-backup)
-p <dell|ibm|common> Override platform type (default: common)
Environment Variables:
SKIP_JAR If non-empty, skips scanning and patching .jar files
SKIP_TGZ If non-empty, skips scanning and patching .tar.gz files (cdh and cdp only)
SKIP_HDFS If non-empty, skips scanning and patching .tar.gz files in HDFS
RUN_SCAN If non-empty, runs a final scan for missed vulnerable files. This can take several hours.
" 1>&2
}
subcommand_cdh() {
TARGETDIR=/opt/cloudera
BACKUPDIR=/opt/cloudera/log4shell-backup
PLATFORM="common"
unset OPTIND OPTARG options
while getopts "t:b:p:" options
do
case ${options} in
(t)
TARGETDIR=${OPTARG}
;;
(b)
BACKUPDIR=${OPTARG}
;;
(p)
PLATFORM=${OPTARG}
;;
(?)
log_error "Invalid option ${OPTARG} passed .. "
exit 1
;;
esac
done
if [ ! -f $CDH_CDP_SCRIPT ]; then
log_error "Could not find CDH/CDP script: $CDH_CDP_SCRIPT"
exit 1
fi
log_info "Running CDH/CDP patcher script: $CDH_CDP_SCRIPT $TARGETDIR $BACKUPDIR $PLATFORM"
logfile=$(mktemp output_run_log4j_patcher.XXXXXX)
log_info "Log file: $logfile"
$CDH_CDP_SCRIPT "$TARGETDIR" "$BACKUPDIR" $PLATFORM | tee "$logfile" 2>&1
log_info "Finished"
}
subcommand_hdp() {
TARGETDIR="/usr/hdp/current /usr/hdf/current /usr/lib /var/lib"
BACKUPDIR=/opt/cloudera/log4shell-backup
unset OPTIND OPTARG options
while getopts "t:b:p:" options
do
case ${options} in
(t)
TARGETDIR=${OPTARG}
;;
(b)
BACKUPDIR=${OPTARG}
;;
(p)
PLATFORM=${OPTARG}
;;
(?)
log_error "Invalid option ${OPTARG} passed .. "
exit 1
;;
esac
done
log_info "Running HDP/HDF patcher script: $HDP_SCRIPT '$TARGETDIR' $BACKUPDIR $PLATFORM"
logfile=$(mktemp output_run_log4j_patcher.XXXXXX)
log_info "Log file: $logfile"
$HDP_SCRIPT "$TARGETDIR" $BACKUPDIR $PLATFORM | tee "$logfile" 2>&1
log_info "Finished"
}
main() {
subcommand="$1"
if [ x"${subcommand}x" == "xx" ]; then
subcommand="help"
else
shift # past sub-command
fi
case $subcommand in
help)
subcommand_usage
;;
cdh | cdp)
subcommand_cdh "$@"
;;
hdp)
subcommand_hdp "$@"
;;
hdf)
subcommand_hdp "$@"
;;
*)
# unknown option
subcommand_usage
exit 1
;;
esac
exit 0
}
main "$@"
exit 0