Instructions for Applying log4j patch script on cluster

Following instructions are applicable for clusters running any 6.5.1x or any 6.6.0x.

Step 1. Download log4j patch script apply_log4j_patch.sh from downloads.cohesity.com under the Patches tab.

Step 2. Enable the support user and give sudo access permission.

You have to enable the support user on UI. You can skip this step if the support user is already enabled. To enable support user, login to the cluster as admin user on UI. At the top right, click on the Settings icon. Select Cluster, and then Access Management. On that page, Set password for the support user and remember it. Enable Sudo access to the support user. After this you don't need UI. You can logout and close the browser.

NOTE: The support user should be used in the next step. if you have difficulty enabling support user, please contact Cohesity Support.

Step 3. Copy log4j patch script apply_log4j_patch.sh to the support user's home directory.

For example,

  scp apply_log4j_patch.sh support@10.2.32.140:/home/support
  

NOTE-1: 10.2.32.140 is given as an example. Please enter the IP address of the cluster node you want to ssh in the next step.

NOTE-2: You can also use winscp or other scp utilities.

Step 4. ssh to the cluster node.

For example,

  ssh support@10.2.32.140
  

NOTE: You may want to refer the article on How-to-use-the-bash-shell-on-a-Cohesity-node.

Step 5. Execute the patch script.

From the support user's home directory, execute the following command. Do not abort the execution until it completes.

  sudo su -l cohesity /home/support/apply_log4j_patch.sh
  

NOTE-1: It is enough to execute this script on one node. It will detect and remove the vulnerabilities on all the nodes automatically.

NOTE-2: It takes approximately 3-5 minutes to complete the execution of the cluster.

NOTE-3: No service will be brought down during this operation.

NOTE-4: This operation cannot be reverted after the vulnerabilities are removed.

Step 6. Verification.

From the support user's home directory, rerun the following command. Do not abort the execution until it completes.

  sudo su -l cohesity /home/support/apply_log4j_patch.sh
  
  

Instructions to apply log4j patch for agents

Follow the agent instructions link under the Patches tab.