Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,640 --> 00:00:06,080
hello friends welcome back to my channel
2
00:00:03,439 --> 00:00:07,679
and today we are back with another
3
00:00:06,080 --> 00:00:10,080
important topic
4
00:00:07,679 --> 00:00:11,759
so this topic we are going to talk about
5
00:00:10,080 --> 00:00:14,320
one of the critical apache
6
00:00:11,759 --> 00:00:17,118
vulnerabilities which is recently
7
00:00:14,320 --> 00:00:19,278
identified and which is a hot topic now
8
00:00:17,118 --> 00:00:22,160
because every major tech companies and
9
00:00:19,278 --> 00:00:24,640
i.t companies or other companies are
10
00:00:22,160 --> 00:00:25,760
really running uh to get this fixed so
11
00:00:24,640 --> 00:00:27,679
this is a
12
00:00:25,760 --> 00:00:30,000
high critical vulnerabilities which has
13
00:00:27,679 --> 00:00:32,558
which have to be you know fixed very
14
00:00:30,000 --> 00:00:34,719
quickly that's what the information was
15
00:00:32,558 --> 00:00:38,238
passed and this uh vulnerability is
16
00:00:34,719 --> 00:00:40,719
called apache log 4j vulnerabilities
17
00:00:38,238 --> 00:00:42,959
so but i'm not going to talk uh more
18
00:00:40,719 --> 00:00:45,200
about how you know
19
00:00:42,960 --> 00:00:47,280
this vulnerabilities is created will
20
00:00:45,200 --> 00:00:49,039
give you basic information and i'm not
21
00:00:47,280 --> 00:00:49,840
going to talk from an apache point of
22
00:00:49,039 --> 00:00:52,160
view
23
00:00:49,840 --> 00:00:54,800
uh this tutorial is more about on the
24
00:00:52,159 --> 00:00:57,759
splunk so i want to talk about i know
25
00:00:54,799 --> 00:00:59,519
there is a advisory released by splunk
26
00:00:57,759 --> 00:01:02,558
as well on this apache lock for
27
00:00:59,520 --> 00:01:06,000
vulnerability and how this is impacting
28
00:01:02,558 --> 00:01:08,158
the splunk or splunk apps you know so
29
00:01:06,000 --> 00:01:09,840
now what i'm going to talk about in this
30
00:01:08,159 --> 00:01:12,159
tutorial or i'm going to show you is
31
00:01:09,840 --> 00:01:14,000
based on that article by splunk has
32
00:01:12,159 --> 00:01:16,159
released i'll give you you know the
33
00:01:14,000 --> 00:01:18,560
details on which our applications are
34
00:01:16,159 --> 00:01:21,759
having this problem and how we can fix
35
00:01:18,560 --> 00:01:22,560
those vulnerabilities uh for uh splunk
36
00:01:21,759 --> 00:01:24,079
so
37
00:01:22,560 --> 00:01:26,478
basically you know that process will be
38
00:01:24,079 --> 00:01:28,478
applicable for you for other
39
00:01:26,478 --> 00:01:30,400
places as well but i'm not sure but
40
00:01:28,478 --> 00:01:32,799
you'll have to check how that can be
41
00:01:30,400 --> 00:01:35,359
fixed for other applications so let's
42
00:01:32,799 --> 00:01:44,219
get started
43
00:01:35,359 --> 00:01:44,219
[Music]
44
00:01:44,239 --> 00:01:48,478
to give you some basic information on
45
00:01:46,640 --> 00:01:50,960
what is lock for j software
46
00:01:48,478 --> 00:01:54,158
vulnerability so as i said you know this
47
00:01:50,959 --> 00:01:56,239
is very top uh discussions now and every
48
00:01:54,159 --> 00:01:58,880
you know uh tech companies whether it's
49
00:01:56,239 --> 00:02:00,959
you know uh twitter or apple or any
50
00:01:58,879 --> 00:02:04,000
company so i think most of everybody
51
00:02:00,959 --> 00:02:05,919
will be using this log4j library so what
52
00:02:04,000 --> 00:02:09,118
it has been found like there is a bug in
53
00:02:05,920 --> 00:02:11,759
this log4j library which is from apache
54
00:02:09,118 --> 00:02:15,439
and which allows an attacker or hacker
55
00:02:11,759 --> 00:02:18,959
to execute some code on our systems that
56
00:02:15,439 --> 00:02:21,439
uses a lock 4g to write locks okay so
57
00:02:18,959 --> 00:02:23,520
what uh it allows this because of this
58
00:02:21,439 --> 00:02:25,759
like you know it allows the hackers to
59
00:02:23,520 --> 00:02:28,879
access our complete uh
60
00:02:25,759 --> 00:02:30,878
servers or system wherever this log4j
61
00:02:28,878 --> 00:02:32,159
library is used so that's what the
62
00:02:30,878 --> 00:02:34,318
overall
63
00:02:32,159 --> 00:02:36,479
vulnerability is about and
64
00:02:34,318 --> 00:02:39,199
as i said now all the major tech
65
00:02:36,479 --> 00:02:41,119
companies are rushing to get this uh
66
00:02:39,199 --> 00:02:43,199
fixed and apache has already released
67
00:02:41,120 --> 00:02:45,840
the version so this vulnerability is
68
00:02:43,199 --> 00:02:48,959
mainly impacting on two dot uh versions
69
00:02:45,840 --> 00:02:50,840
till 2.14 some version and you know you
70
00:02:48,959 --> 00:02:54,000
can update it to
71
00:02:50,840 --> 00:02:55,360
2.15.0 or more than that and that will
72
00:02:54,000 --> 00:02:56,560
fix this problem
73
00:02:55,360 --> 00:02:59,440
so um
74
00:02:56,560 --> 00:03:02,319
the main uh reason why this uh you know
75
00:02:59,439 --> 00:03:05,759
is as a big issue is because as i said
76
00:03:02,318 --> 00:03:08,079
log4j is a library and it's mostly used
77
00:03:05,759 --> 00:03:10,639
on many java applications
78
00:03:08,080 --> 00:03:13,519
so we we know like we have a lot of java
79
00:03:10,639 --> 00:03:15,439
application most of all companies and
80
00:03:13,519 --> 00:03:18,158
all this java application
81
00:03:15,439 --> 00:03:21,199
will use some kind of logging of data
82
00:03:18,158 --> 00:03:24,079
and log4j is the best or easiest way to
83
00:03:21,199 --> 00:03:26,560
do that so every most of all company may
84
00:03:24,080 --> 00:03:28,799
be using this log4j libraries that's why
85
00:03:26,560 --> 00:03:31,360
you know now everybody is rushing to get
86
00:03:28,799 --> 00:03:34,239
this fixed so now let's talk about you
87
00:03:31,360 --> 00:03:36,080
know how this is impacting on splunk and
88
00:03:34,239 --> 00:03:37,840
we will see like what are apps which are
89
00:03:36,080 --> 00:03:39,360
having this problem how to get those
90
00:03:37,840 --> 00:03:41,920
fixed and i will also show you from
91
00:03:39,360 --> 00:03:43,760
where you can download you know the
92
00:03:41,919 --> 00:03:45,759
latest version and what are some
93
00:03:43,759 --> 00:03:47,518
solutions which is available and now how
94
00:03:45,759 --> 00:03:50,000
you can also identify
95
00:03:47,519 --> 00:03:52,879
this log4j using some scans and all
96
00:03:50,000 --> 00:03:55,199
those things so uh let's get started on
97
00:03:52,878 --> 00:03:56,959
the splunk topics before that i would
98
00:03:55,199 --> 00:03:59,280
request you like if you are new to my
99
00:03:56,959 --> 00:04:01,598
channel or if you have not subscribed to
100
00:03:59,280 --> 00:04:04,479
my channel click on the subscribe button
101
00:04:01,598 --> 00:04:06,238
and also like my video and also
102
00:04:04,479 --> 00:04:09,598
press the bell icon or give your
103
00:04:06,239 --> 00:04:11,519
comments share this videos with others
104
00:04:09,598 --> 00:04:14,079
so now coming to this
105
00:04:11,519 --> 00:04:16,160
splunk security advisory so this link i
106
00:04:14,080 --> 00:04:18,000
will give you to the video description
107
00:04:16,160 --> 00:04:20,639
so i think this is getting updated uh
108
00:04:18,000 --> 00:04:22,959
regularly on their findings so now you
109
00:04:20,639 --> 00:04:25,040
can see as per this uh
110
00:04:22,959 --> 00:04:27,359
blog itself it has clearly mentioned
111
00:04:25,040 --> 00:04:30,000
about this critical remote core
112
00:04:27,360 --> 00:04:31,879
execution vulnerabilities and it is
113
00:04:30,000 --> 00:04:34,879
based on this apache
114
00:04:31,879 --> 00:04:36,879
log4j2 version so it is from 2.0 to
115
00:04:34,879 --> 00:04:39,918
2.14.1
116
00:04:36,879 --> 00:04:42,639
so you know anything which is above you
117
00:04:39,918 --> 00:04:44,560
know 2.15.0 i think that's where they
118
00:04:42,639 --> 00:04:46,079
help release the
119
00:04:44,560 --> 00:04:48,079
version apache has released the new
120
00:04:46,079 --> 00:04:51,120
version for lock4j
121
00:04:48,079 --> 00:04:53,599
uh so we can use that to fix this now
122
00:04:51,120 --> 00:04:56,319
basically for splunk you know splunk is
123
00:04:53,600 --> 00:04:58,160
already reviewing all the products
124
00:04:56,319 --> 00:04:59,918
impacting uh because of this
125
00:04:58,160 --> 00:05:02,240
vulnerability and they're also working
126
00:04:59,918 --> 00:05:04,478
on the mitigations that's what it says
127
00:05:02,240 --> 00:05:06,960
and you know uh basically the splunk
128
00:05:04,478 --> 00:05:10,399
enterprise or you know they don't have
129
00:05:06,959 --> 00:05:12,560
an impact uh unless you can see course
130
00:05:10,399 --> 00:05:15,038
enterprise functionality does not use
131
00:05:12,560 --> 00:05:17,360
log4j so therefore no impact so if you
132
00:05:15,038 --> 00:05:20,800
are using a splunk enterprise there is
133
00:05:17,360 --> 00:05:24,000
no impact unless if you are using data
134
00:05:20,800 --> 00:05:27,120
fabric search tfs or splunk analytics
135
00:05:24,000 --> 00:05:30,079
for hadoop hung so if these two products
136
00:05:27,120 --> 00:05:32,160
are used because this how you know
137
00:05:30,079 --> 00:05:35,038
there is a impact because this product
138
00:05:32,160 --> 00:05:37,199
uses a leveraged log 4g so if you're
139
00:05:35,038 --> 00:05:39,680
using these two as part of our your
140
00:05:37,199 --> 00:05:41,199
splunk and the price then you
141
00:05:39,680 --> 00:05:43,759
will end up in some kind of
142
00:05:41,199 --> 00:05:46,160
vulnerabilities so if these features are
143
00:05:43,759 --> 00:05:48,160
not used then there is no active attack
144
00:05:46,160 --> 00:05:51,039
vector related to these vulnerabilities
145
00:05:48,160 --> 00:05:53,280
which is released on apache lock 4g so
146
00:05:51,038 --> 00:05:55,599
that's what clearly it's mentioned
147
00:05:53,279 --> 00:05:58,000
and you can also read like all the
148
00:05:55,600 --> 00:05:59,680
recent non-windows version of splunk
149
00:05:58,000 --> 00:06:02,160
enterprise
150
00:05:59,680 --> 00:06:04,240
for these features so
151
00:06:02,160 --> 00:06:06,880
and windows version does not include
152
00:06:04,240 --> 00:06:09,360
include log forge so there is no uh
153
00:06:06,879 --> 00:06:11,360
problem in that and you know we are not
154
00:06:09,360 --> 00:06:12,800
using it but there is also another steps
155
00:06:11,360 --> 00:06:15,439
you know if you
156
00:06:12,800 --> 00:06:17,038
want to you delete any unwanted jar file
157
00:06:15,439 --> 00:06:20,160
you can do that i will show you that as
158
00:06:17,038 --> 00:06:22,399
well now if you come to this product
159
00:06:20,160 --> 00:06:24,800
list so they have also listed what all
160
00:06:22,399 --> 00:06:27,198
the products which are impacted uh by
161
00:06:24,800 --> 00:06:29,360
this vulnerability so the main thing is
162
00:06:27,199 --> 00:06:32,560
like the java management extension so if
163
00:06:29,360 --> 00:06:34,800
you are using jmx plugin so this java
164
00:06:32,560 --> 00:06:36,959
plug you know management plug-in to
165
00:06:34,800 --> 00:06:39,759
capture a lot of data
166
00:06:36,959 --> 00:06:41,918
you need to know that this is using uh
167
00:06:39,759 --> 00:06:44,319
you know this jam uh j
168
00:06:41,918 --> 00:06:45,038
this um you know apache
169
00:06:44,319 --> 00:06:46,080
uh
170
00:06:45,038 --> 00:06:49,120
dot log
171
00:06:46,079 --> 00:06:52,000
log4j file okay
172
00:06:49,120 --> 00:06:54,319
sorry about so apache log4j
173
00:06:52,000 --> 00:06:57,959
files are used and you know you can see
174
00:06:54,319 --> 00:07:01,039
this version uh the impacted version is
175
00:06:57,959 --> 00:07:03,439
3.0210 so even though it says that fixes
176
00:07:01,038 --> 00:07:06,000
pending and workaround to be determined
177
00:07:03,439 --> 00:07:09,038
uh one of suggestion i can tell you is
178
00:07:06,000 --> 00:07:10,800
like you know it's uh more like a
179
00:07:09,038 --> 00:07:14,478
file right so what you can do is you can
180
00:07:10,800 --> 00:07:16,720
go to apache uh you know log 4j download
181
00:07:14,478 --> 00:07:19,680
i will give this link for that as well
182
00:07:16,720 --> 00:07:22,240
and you can download this uh you know
183
00:07:19,680 --> 00:07:24,400
tar file for linux and if you're for
184
00:07:22,240 --> 00:07:26,160
windows you can download the bin file
185
00:07:24,399 --> 00:07:28,478
and you can extract it so which will
186
00:07:26,160 --> 00:07:29,439
give you the you know complete uh list
187
00:07:28,478 --> 00:07:31,519
of
188
00:07:29,439 --> 00:07:34,000
uh the files
189
00:07:31,519 --> 00:07:36,399
so you can go to the download so if it's
190
00:07:34,000 --> 00:07:39,279
going to be zip file you can download it
191
00:07:36,399 --> 00:07:40,879
for zip file if it's for a linux machine
192
00:07:39,279 --> 00:07:43,679
you can download the tar file now you
193
00:07:40,879 --> 00:07:45,680
can see it give you the all versions so
194
00:07:43,680 --> 00:07:49,280
basically you know what we will have it
195
00:07:45,680 --> 00:07:52,079
in uh splunk jmx plugin would be
196
00:07:49,279 --> 00:07:54,478
the api and also the core
197
00:07:52,079 --> 00:07:57,519
so these two files you know it should be
198
00:07:54,478 --> 00:08:01,279
a used in the jmx plugin it will be
199
00:07:57,519 --> 00:08:04,318
available under the splunk home etc apps
200
00:08:01,279 --> 00:08:06,638
and you will have a splunk th jmx and
201
00:08:04,319 --> 00:08:08,720
inside that you will have bin and lib
202
00:08:06,639 --> 00:08:12,560
and you should be able to see these
203
00:08:08,720 --> 00:08:14,560
files like log4j api analog 4g core and
204
00:08:12,560 --> 00:08:16,720
maybe some other file as well but i've
205
00:08:14,560 --> 00:08:19,199
seen these two specifically
206
00:08:16,720 --> 00:08:21,919
so what you can do is you can you know
207
00:08:19,199 --> 00:08:23,840
rename the old files or you can you know
208
00:08:21,918 --> 00:08:26,399
make it as a backup
209
00:08:23,839 --> 00:08:28,399
then you can you know move these new
210
00:08:26,399 --> 00:08:29,279
files into that location and then you
211
00:08:28,399 --> 00:08:31,839
can
212
00:08:29,279 --> 00:08:33,918
stop the splunk and restart the splunk
213
00:08:31,839 --> 00:08:35,759
service so that should take care you
214
00:08:33,918 --> 00:08:37,038
know at least the usage of the old
215
00:08:35,759 --> 00:08:40,958
plugin
216
00:08:37,038 --> 00:08:42,559
all the no lock 4g version in your jmx
217
00:08:40,958 --> 00:08:44,479
app so i would
218
00:08:42,559 --> 00:08:47,119
say you know that's one of uh
219
00:08:44,480 --> 00:08:48,639
option i suggest um
220
00:08:47,120 --> 00:08:50,399
as far as i see you know if you just
221
00:08:48,639 --> 00:08:51,679
want to replace with all the new version
222
00:08:50,399 --> 00:08:53,759
this would be the
223
00:08:51,679 --> 00:08:56,079
easiest way unless you know splunk come
224
00:08:53,759 --> 00:08:56,799
up with some kind of solution so if you
225
00:08:56,080 --> 00:08:58,560
can
226
00:08:56,799 --> 00:09:00,639
once they come up you should be able to
227
00:08:58,559 --> 00:09:02,799
use that solution as well
228
00:09:00,639 --> 00:09:05,600
now you can see also other apps like
229
00:09:02,799 --> 00:09:06,838
jboss tomcat you know data stream
230
00:09:05,600 --> 00:09:09,759
processor
231
00:09:06,839 --> 00:09:11,279
itsi you know kafka connect and the
232
00:09:09,759 --> 00:09:12,639
price you know if you see the enterprise
233
00:09:11,278 --> 00:09:14,159
we already spoke about it it's
234
00:09:12,639 --> 00:09:16,559
applicable only for
235
00:09:14,159 --> 00:09:18,719
if you're using hung or dfs
236
00:09:16,559 --> 00:09:21,119
but basically you also have some places
237
00:09:18,720 --> 00:09:23,040
this file will be seen but even though
238
00:09:21,120 --> 00:09:24,879
it's there it's not the impacting or
239
00:09:23,039 --> 00:09:27,039
it's not used anywhere so you that's
240
00:09:24,879 --> 00:09:28,958
what it says but if you want delete them
241
00:09:27,039 --> 00:09:30,879
you can delete uh
242
00:09:28,958 --> 00:09:32,159
using some settings i will show you that
243
00:09:30,879 --> 00:09:34,639
how to do that
244
00:09:32,159 --> 00:09:37,519
and other apps like splunk enterprise
245
00:09:34,639 --> 00:09:40,000
amazon machine image splunk and docker
246
00:09:37,519 --> 00:09:42,080
container logging for java you know
247
00:09:40,000 --> 00:09:44,080
stream processor and you can see in
248
00:09:42,080 --> 00:09:46,480
which version is on-prem cloud all those
249
00:09:44,080 --> 00:09:48,240
things are defined now they also diff
250
00:09:46,480 --> 00:09:49,839
confirm that these products are not
251
00:09:48,240 --> 00:09:51,600
vulnerable so they have already gone
252
00:09:49,839 --> 00:09:54,080
through a list of uh
253
00:09:51,600 --> 00:09:56,320
apps uh so you can also see like if you
254
00:09:54,080 --> 00:09:58,160
are you know using any of this app then
255
00:09:56,320 --> 00:10:00,720
it's not vulnerable as well it's not
256
00:09:58,159 --> 00:10:04,000
using the apache lock for js you can see
257
00:10:00,720 --> 00:10:05,519
splunk universal photo now you see like
258
00:10:04,000 --> 00:10:08,159
if you want to remove even though it's
259
00:10:05,519 --> 00:10:10,799
not used for example if the does not
260
00:10:08,159 --> 00:10:13,278
leverage the presence of these libraries
261
00:10:10,799 --> 00:10:15,039
that not did not you know introduce any
262
00:10:13,278 --> 00:10:17,200
attack vector that means even though the
263
00:10:15,039 --> 00:10:18,639
file is listed there it's not
264
00:10:17,200 --> 00:10:20,959
introducing any
265
00:10:18,639 --> 00:10:21,838
uh you know or vulnerabilities or it's
266
00:10:20,958 --> 00:10:23,919
not
267
00:10:21,839 --> 00:10:25,920
introducing any attack vector
268
00:10:23,919 --> 00:10:27,599
so uh but in case if you want to be
269
00:10:25,919 --> 00:10:29,599
cautious and if you want you want to
270
00:10:27,600 --> 00:10:32,000
remove even though it's not used you
271
00:10:29,600 --> 00:10:33,600
want to remove those you have to go to
272
00:10:32,000 --> 00:10:37,519
all these location and you should be
273
00:10:33,600 --> 00:10:39,040
able to see uh these files for log 4j
274
00:10:37,519 --> 00:10:41,120
and you should you can delete them but
275
00:10:39,039 --> 00:10:43,439
you know the pro one statement they have
276
00:10:41,120 --> 00:10:45,120
given is once you remove it you know
277
00:10:43,440 --> 00:10:47,920
when you're starting up splunk you may
278
00:10:45,120 --> 00:10:50,399
get some integrity errors because these
279
00:10:47,919 --> 00:10:52,559
are files are moved and this is
280
00:10:50,399 --> 00:10:54,559
as expected because we are deleting
281
00:10:52,559 --> 00:10:57,359
those files and these errors can be
282
00:10:54,559 --> 00:11:00,719
ignored so that's what it says you know
283
00:10:57,360 --> 00:11:03,278
in the case but if you are using any any
284
00:11:00,720 --> 00:11:05,360
apps you know which as part of this list
285
00:11:03,278 --> 00:11:09,200
and specifically as i see like java apps
286
00:11:05,360 --> 00:11:11,200
like jmx plug-in or jmx app i know it's
287
00:11:09,200 --> 00:11:13,360
definitely using it so you have to go
288
00:11:11,200 --> 00:11:15,519
there and you can change uh delete those
289
00:11:13,360 --> 00:11:18,159
older version and you can put the new
290
00:11:15,519 --> 00:11:21,120
jar files over the locations so it says
291
00:11:18,159 --> 00:11:24,159
that it's mainly in the jmx app so it's
292
00:11:21,120 --> 00:11:26,240
under etc apps and the splunk tha jmx
293
00:11:24,159 --> 00:11:28,958
and bin lips which you should be able to
294
00:11:26,240 --> 00:11:30,799
see those files
295
00:11:28,958 --> 00:11:32,159
so that's what i'm to show like i'll
296
00:11:30,799 --> 00:11:34,159
give you these links in the video
297
00:11:32,159 --> 00:11:37,679
description so you can have a look into
298
00:11:34,159 --> 00:11:40,319
this you can go to this uh apache log4j
299
00:11:37,679 --> 00:11:42,559
to know a download file as well then you
300
00:11:40,320 --> 00:11:45,040
can go through it and you know you can
301
00:11:42,559 --> 00:11:47,359
download the files and you can zip unzip
302
00:11:45,039 --> 00:11:49,759
it and you can make use of that so
303
00:11:47,360 --> 00:11:51,039
that's all overall thing about this uh
304
00:11:49,759 --> 00:11:54,319
vulnerability
305
00:11:51,039 --> 00:11:57,439
so i i hope it's useful for you and uh i
306
00:11:54,320 --> 00:11:59,278
hope you know you like my videos and for
307
00:11:57,440 --> 00:12:01,920
watching more videos i will request you
308
00:11:59,278 --> 00:12:04,078
to subscribe for more videos and also
309
00:12:01,919 --> 00:12:06,250
like my videos share and comment so
310
00:12:04,078 --> 00:12:15,088
thank you for watching
311
00:12:06,250 --> 00:12:15,089
[Music]
312
00:12:15,278 --> 00:12:17,360
you
22680
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.