On Friday, December 10, 2021 at 4:15:01 PM UTC-5 Jeffrey Walton wrote:

> I'm shutting down the web server until I get a grasp on the log4j 0-day 
> that is in the wild. At work we are seeing suspicious activity, like 
> servers scanning the network. We are not sure if it is related to the 0-day.
> Hopefully the shutdown will avoid an incident on our server and avoid a 
> server restore, if things go sideways.
> I hope the server will be back online Saturday afternoon. We will need to 
> wait for the Ubuntu devs to release the patch.

The server is back online. We set the following environmental variables per 
https://logging.apache.org/log4j/2.x/security.html :

  # Set variable for all users
  $ cat /etc/profile.d/02-log4j2-fix.sh 
  # https://logging.apache.org/log4j/2.x/security.html


  # Set variable for Apache
  $ cat /etc/apache2/envvars
  ## https://logging.apache.org/log4j/2.x/security.html

It looks like it stuck:

  $ whoami 
  $ printenv | grep LOG4J

If anyone has feedback, then please share it.


You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to