Install on: OpsCenter Server 

CVE-2021-44228 FIX, Upgrade Log4j to 2.17.1
===========================================

Windows Steps to update for GUI+Server and ViewBuilder component

NOTE : If version 1 eeb of 4058565 i.e. OpsCenter_windows_AMD64_82EEB_ET4058565_1.zip is not installed, then please refer 2.11.0 version of log4j instead of 2.16.0 version of log4j in below steps wherever 2.16.0 has mentioned for replacement or removal.So upgrade from version 1 of eeb to version 2 of eeb is upgrade of 2.16.0 version to 2.17.1 version of log4j.
             
A) Steps for GUI+Server component

1. Take OpsCenter database backup, and additionally take backup of files 

    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin\OpsCenterServerService.xml
    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin\setEnv.bat
    [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\gui\bin\setEnv.bat

2. Install Server component of EEB (-server option of OpsCenterEEBInstaller.bat) 

3. Stop OpsCenter Services

4. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
   these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

5. Note that the following are the log4j 2.16.0 file names which have the vulnerability CVE-2021-44228
    these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

6. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin and open OpsCenterServerService.xml and
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

    This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

7. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\bin and open setEnv.bat and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

8. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\gui\bin and open setEnv.bat and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

9. Delete jars having version "2.16.0" mentioned in step (5) from [OPSCENTER_SERVER_INSTALL_LOCATION]\OpsCenter\server\lib folder

10. Start OpsCenter Services

B) OpsCenter ViewBuilder Component

1. Take backup of files 

    [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin\OpsCenterViewBuilder.xml
    [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin\setEnv.bat

2. Install ViewBuilder component of EEB (-jvb option of OpsCenterEEBInstaller.bat) and
   close ViewBuilder if it is open.

3. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
  these are present in [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

4. Note that the following are the log4j 2.16.0 file names which have the vulnerability CVE-2021-44228
   these are present in [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

5. Go to folder [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin and open OpsCenterViewBuilder.xml and
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

6. Go to folder [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\bin and open setEnv.bat and 
search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

This step will ensure that classpath refers to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar and similarly for all other log4j jars.

7. Delete jars having version "2.16.0" mentioned in step (4) from [OPSCENTER_VIEWBUILDER_INSTALL_LOCATION]\OpsCenter\viewbuilder\lib folder

8. Launch ViewBuilder

Linux Steps for GUI + Server component

NOTE : If version 1 eeb of 4058565 i.e. OpsCenter_LinuxR_x86_x86_64_82EEB_ET4058565_1.tar.gz is not installed, then please refer 2.11.0 version of log4j instead of 2.16.0 version of log4j in below steps wherever 2.16.0 has mentioned for replacement or removal.
So upgrade from version 1 of eeb to version 2 of eeb is upgrade of 2.16.0 version to 2.17.1 version of log4j.

1. Take OpsCenter database backup, and additionally take backup of following files 

      [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/bin/setEnv.sh 
      [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterGUI/bin/setEnv.sh 

2. Install Server component of EEB (-server option of OpsCenterEEBInstaller.sh)

3. Stop OpsCenter Services

4. Note that the following are the log4j 2.17.1 file names which have CVE-2021-44228 fixed, 
    these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib

    log4j-api-2.17.1.jar
    log4j-core-2.17.1.jar
    log4j-jcl-2.17.1.jar
    log4j-web-2.17.1.jar

5. Note that the following are the log4j file names which have the vulnerability CVE-2021-44228
   these are present in [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib

    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-jcl-2.16.0.jar
    log4j-web-2.16.0.jar

6. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/bin and open setEnv.sh and 
   search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that OpsCenter is able to point to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar 
   and similarly for all other log4j jars.

7. Go to folder [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterGUI/bin/ and open setEnv.sh and 
    search for "2.16.0" and replace with "2.17.1". You should see 4 such entries.

   This step will ensure that OpsCenter is able to point to log4j-api-2.17.1.jar instead of log4j-api-2.16.0.jar 
   and similarly for all other log4j jars.

8. Delete the jar files having version "2.16.0" mentioned in step (5) from [OPSCENTER_SERVER_INSTALL_LOCATION]/SYMCOpsCenterServer/lib folder

9. Start OpsCenter Services

Using OpsCenter Emergency Engineering Binary (EEB) installer on Windows

1) Download the appropriate EEB package into into the C:\tmp directory.                        
2) Extract the EEB package.
3) As admin user on the Opscenter server/agent, install the EEB as follows.
     OpsCenterEEBInstaller.bat [-server | -agent | -jvb ] base-directory
   
     OpsCenterEEBInstaller.bat -server base_directory_of_server_installation_in_quotes
       e.g OpsCenterEEBInstaller.bat -server "C:\Program Files\Symantec"
   
     OpsCenterEEBInstaller.bat -agent base_directory_of_agent_installation_in_quotes
      e.g OpsCenterEEBInstaller.bat -agent "C:\Program Files\Symantec"
       
     OpsCenterEEBInstaller.bat -jvb base_directory_of_viewbuilder_installation_in_quotes

      e.g  OpsCenterEEBInstaller.bat -jvb "C:\Program Files\Symantec" 

Using OpsCenter Emergency Engineering Binary (EEB) installer on Linux

1) Download the appropriate EEB package into into the cd /tmp/OpsCenterEEBInstaller/unix                        
2) Extract the EEB package.
3) As root on the Opscenter server/agent, install the EEB package binaries as follows.
    cd /tmp/OpsCenterEEBInstaller/unix
   /bin/sh ./OpsCenterEEBInstaller.sh [-server | -agent] base-directory
   
   /bin/sh ./OpsCenterEEBInstaller.sh -server base_directory_of_server_installation
    e.g /bin/sh ./OpsCenterEEBInstaller.sh -server /opt
    
   /bin/sh ./OpsCenterEEBInstaller.sh -agent base_directory_of_agent_installation
    e.g  /bin/sh ./OpsCenterEEBInstaller.sh -agent /opt

Downloads:
NB_8.2_ET4058565_2.zip

Checksums for all files (cksum):

 File                                                                                                              CheckSum       Byte count
all/OpsCenter_LinuxR_x86_x86_64_82EEB_ET4058565_2.tar.gz    2082256888    79835948
all/OpsCenter_LinuxS_x86_x86_64_82EEB_ET4058565_2.tar.gz    3766477363    79835951
all/OpsCenter_windows_AMD64_82EEB_ET4058565_2.zip            2712492046    81776469