Unless you have been living under a rock you heard about the bash vulnerability discovered known as shellshock. Read on to learn what has been done to address this vulnerability in Log Insight.
Since Log Insight is shipped as a virtual appliance running SLES it has bash and is vulnerable. Now Log Insight does highly recommend that you run Log Insight in a secure network. From the security guide:
To protect sensitive information gathered by Log Insight, place the server or servers on a management network segment protected by a firewall from the rest of your internal network.
In addition, it is important to understand that being able to exploit a vulnerability requires an attack vector. There is no known attack vector for this vulnerability in Log Insight. In any case, the vulnerability should be patched. VMware has released patches for both Log Insight 1.5 and 2.0. More information is available in this KB.
The upgrade procedure is very straightforward. Simply download the PAK file and apply from the Appliance page of the Administration section in the Log Insight UI. For more information, see my video on upgrading Log Insight (note: if you are in a clustered environment then you need to go to the cluster page, put each worker in maintenance mode one at a time, and select the upgrade button). Once you have upgraded, you can confirm the vulnerability is removed by running the check available on shellshocker.
Note: If you are running Log Insight 1.0 then you need to upgrade to 1.5. If you are running a Log Insight tech preview release see the Log Insight tech preview community for more information.
© 2014 – 2021, Steve Flanders. All rights reserved.