Security News > 2021 > December > How to test if your Linux server is vulnerable to Log4j
Here's a single command you can run to test and see if you have any vulnerable packages installed.
Are you using it as part of a Java project, is it rolled into a container, did you install it with your distribution package manager, and which log4j packages did you install? Or did you install it from source? Because of this, you might not even know if your server is vulnerable.
For Linux servers, GitHub user, Rubo77 created a script that will check for for packages that include vulnerable Log4j instances.
I tested this script against a server that I knew had a vulnerable Log4j package installed, and it correctly tagged it.
Here's how you can run that same script on your Linux servers to find out if you might be vulnerable.
The output of the command will give you some indications if your server is vulnerable.
News URL
Related news
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- Ebury botnet malware infected 400,000 Linux servers since 2009 (source)
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Ebury botnet compromises 400,000+ Linux servers (source)