Check JVM option -Dlog4j2.formatMsgNoLookups=true is set

stephanediondev · stephanediondev · commit 5a580fc5ab2b · 2021-12-31T09:40:51.000+01:00
diff --git a/src/Controller/ElasticsearchClusterController.php b/src/Controller/ElasticsearchClusterController.php
@@ -261,11 +261,13 @@ public function audit(Request $request, string $elasticsearchUsername, string $e
 
         $plugins = [];
         $nodesPlugins = [];
+        $formatMsgNoLookups = [];
 
         $cpuPercent = false;
         $diskPercent = false;
         $heapSize = false;
         $heapSizeJvm = false;
+        $inputArgumentsJvm = false;
         $fileDescriptors = false;
 
         if (true === isset($parameters['cluster_settings']['cluster.routing.allocation.disk.threshold_enabled']) && 'true' == $parameters['cluster_settings']['cluster.routing.allocation.disk.threshold_enabled']) {
@@ -332,6 +334,15 @@ public function audit(Request $request, string $elasticsearchUsername, string $e
                 }
             }
 
+            if (true === isset($node['jvm']['input_arguments'])) {
+                $inputArgumentsJvm = true;
+                if (true === in_array('-Dlog4j2.formatMsgNoLookups=true', $node['jvm']['input_arguments'])) {
+                    $formatMsgNoLookups[$node['name']] = true;
+                } else {
+                    $formatMsgNoLookups[$node['name']] = false;
+                }
+            }
+
             if (true === isset($node['file_desc.max'])) {
                 $fileDescriptors = true;
                 if (-1 < $node['file_desc.max'] && 65535 > $node['file_desc.max']) {
@@ -397,6 +408,7 @@ public function audit(Request $request, string $elasticsearchUsername, string $e
             'total_shards_per_node',
             'replication_100_percent',
             'deprecations',
+            'format_msg_no_lookups',
         ];
 
         $checkpoints = [];
@@ -715,6 +727,22 @@ public function audit(Request $request, string $elasticsearchUsername, string $e
                         }
                     }
                 break;
+            case 'format_msg_no_lookups':
+                if (true === $inputArgumentsJvm) {
+                    $fail = [];
+                    foreach ($formatMsgNoLookups as $node => $parameter) {
+                        if (false === $parameter) {
+                            $fail[] = $node;
+                        }
+                    }
+
+                    if (0 < count($fail)) {
+                        $results['audit_fail'][$checkpoint] = $fail;
+                    } else {
+                        $results['audit_pass'][$checkpoint] = [];
+                    }
+                }
+                break;
             }
         }
 
diff --git a/templates/Modules/cluster/cluster_audit.html.twig b/templates/Modules/cluster/cluster_audit.html.twig
@@ -529,6 +529,23 @@
                                         {% endblock %}
                                     {% endembed %}
                                 {% endif %}
+
+                                {% if 'format_msg_no_lookups' == checkpoint %}
+                                    {% embed 'Embed/audit_checkpoint_embed.html.twig' %}
+                                        {% block comment %}
+                                            {% if 'audit_fail' == result %}
+                                                {{ ('audit_comments.' ~ checkpoint ~ '.fail')|trans|raw }}
+                                                {% for node in parameters %}
+                                                    {{ node }}{% if false == loop.last %},{% endif %}
+                                                {% endfor %}
+                                            {% endif %}
+                                        {% endblock %}
+
+                                        {% block external_link %}
+                                            <a class="btn btn-secondary btn-sm" rel="noreferrer" target="_blank" href="https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476">{{ 'help'|trans }}</a>
+                                        {% endblock %}
+                                    {% endembed %}
+                                {% endif %}
                             </tr>
                         {% endfor %}
                     {% endfor %}
diff --git a/translations/messages.en.yaml b/translations/messages.en.yaml
@@ -89,6 +89,7 @@ audit_checkpoints:
     max_shards_per_node: "The cluster shards per node limit is below 1000"
     total_shards_per_node: "The cluster shards allocation per node limit is below 1000"
     deprecations: "There is no deprecations"
+    format_msg_no_lookups: "The JVM option -Dlog4j2.formatMsgNoLookups=true is set"
 audit_comments:
     fail_for_nodes: "The checkpoint fails for the following nodes:"
     fail_for_repositories: "The checkpoint fails for the following repositories:"
@@ -133,6 +134,8 @@ audit_comments:
         note: "The setting <code>{setting}</code> is set to <code>{value}</code>."
     total_shards_per_node:
         note: "The setting <code>{setting}</code> is set to <code>{value}</code>."
+    format_msg_no_lookups:
+        fail: "The JVM option <code>-Dlog4j2.formatMsgNoLookups=true</code> is not set for the following nodes:"
 authentication_secret: "Authentication secret"
 available: "Available"
 awaiting_info: "Awaiting info"
