From 035a7ed28c5c6ba39604ae4e1e94c7442b37c78d Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Tue, 8 Feb 2022 16:00:59 +0300 Subject: [PATCH] Fix log4j vulnerability in ami --- Dockerfile | 20 ++++++++++++++++++++ Dockerfile.ami | 20 -------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index 44b2fc0..e3d44b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,15 @@ ARG SOURCE_REPO_URL="deb http://static.teamlab.com.s3.amazonaws.com/repo/debian ARG DEBIAN_FRONTEND=noninteractive ARG PACKAGE_SYSNAME="onlyoffice" +ARG LOG4J_VER=2.17.1 +ARG LOG4J_BIN=apache-log4j-${LOG4J_VER}-bin +ARG LOG4J_ARCH=${LOG4J_BIN}.tar.gz +ARG LOG4J_DIR=./log4j + +ARG ELK_DIR=/usr/share/elasticsearch +ARG ELK_LIB_DIR=${ELK_DIR}/lib +ARG ELK_MODULE_DIR=${ELK_DIR}/modules + LABEL ${PACKAGE_SYSNAME}.community.release-date="${RELEASE_DATE}" \ ${PACKAGE_SYSNAME}.community.version="${VERSION}" \ description="Community Server is a free open-source collaborative system developed to manage documents, projects, customer relationship and emails, all in one place." \ @@ -84,6 +93,17 @@ RUN apt-get -y update && \ mono-webserver-hyperfastcgi=0.4-7 \ ${PACKAGE_SYSNAME}-communityserver \ ${PACKAGE_SYSNAME}-xmppserver && \ + rm -v ${ELK_LIB_DIR}/log4j-*.jar ${ELK_MODULE_DIR}/*/log4j-*.jar && \ + wget https://dlcdn.apache.org/logging/log4j/${LOG4J_VER}/${LOG4J_ARCH}&& \ + mkdir ${LOG4J_DIR} && \ + tar -xf ${LOG4J_ARCH} -C ${LOG4J_DIR} && \ + cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-api-${LOG4J_VER}.jar ${ELK_LIB_DIR} && \ + cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-core-${LOG4J_VER}.jar ${ELK_LIB_DIR} && \ + cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-1.2-api-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-core && \ + cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-slf4j-impl-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-identity-provider && \ + cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-slf4j-impl-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-security && \ + rm -vr ${LOG4J_ARCH} ${LOG4J_DIR} && \ + zip -q -d ${ELK_LIB_DIR}/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/Dockerfile.ami b/Dockerfile.ami index bddbd26..65e5aa9 100644 --- a/Dockerfile.ami +++ b/Dockerfile.ami @@ -2,26 +2,6 @@ FROM onlyoffice/communityserver:latest AS communityserver-ami ARG APPSETTING_CONFIG=/var/www/onlyoffice/WebStudio/web.appsettings.config ARG RESOURCE_SQL=/var/www/onlyoffice/Sql/onlyoffice.resources.sql -ARG LOG4J_VER=2.17.1 -ARG LOG4J_BIN=apache-log4j-${LOG4J_VER}-bin -ARG LOG4J_ARCH=${LOG4J_BIN}.tar.gz -ARG LOG4J_DIR=./log4j - -ARG ELK_DIR=/usr/share/elasticsearch -ARG ELK_LIB_DIR=${ELK_DIR}/lib -ARG ELK_MODULE_DIR=${ELK_DIR}/modules - -RUN rm -v ${ELK_LIB_DIR}/log4j-*.jar ${ELK_MODULE_DIR}/*/log4j-*.jar && \ - wget https://dlcdn.apache.org/logging/log4j/${LOG4J_VER}/${LOG4J_ARCH}&& \ - mkdir ${LOG4J_DIR} && \ - tar -xf ${LOG4J_ARCH} -C ${LOG4J_DIR} && \ - cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-api-${LOG4J_VER}.jar ${ELK_LIB_DIR} && \ - cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-core-${LOG4J_VER}.jar ${ELK_LIB_DIR} && \ - cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-1.2-api-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-core && \ - cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-slf4j-impl-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-identity-provider && \ - cp -v ${LOG4J_DIR}/${LOG4J_BIN}/log4j-slf4j-impl-${LOG4J_VER}.jar ${ELK_MODULE_DIR}/x-pack-security && \ - rm -vr ${LOG4J_ARCH} ${LOG4J_DIR} - RUN apt-get -y update && \ apt-get install -yq xmlstarlet