StreamSets

StreamSets

Connect with experts and peers to elevate technical expertise, solve problems and share insights.


#DataIntegration
#Data
 View Only
Back to discussions
Expand all | Collapse all

Amazon Linux Log4jhotpatch Error with Streamsets Datacollector

  • 1.  Amazon Linux Log4jhotpatch Error with Streamsets Datacollector

    Posted Wed March 16, 2022 09:06 PM

    Issue:

    Since December 2021, Amazon Linux 1 and 2 uses Log4jhotpatch by default in their AMI images. The Tool/Service injects a Java agent into a running JVM process and attempts to add an "agent" jar file in Streamsets’ class path. This may cause an error during Streamsets start up because java security policies. Error usually occurs when using systemd or init.d startup scripts with Streamsets services (e.g. Data Collector).  The error does not effect the Streamsets Service in anyway. Streamsets has already has remediation instructions and patches in place. Please read for further information.

    Technical Service Bulletin 2021-12-14 (TSB) - Update on Apache Log4j Zero-day Vulnerability Assessment and Remediation (CVE-2021-44228)

     

    Error:

    Exception in thread "Attach Listener" java.lang.ExceptionInInitializerError
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:386)
      at sun.instrument.InstrumentationImpl.loadClassAndCallAgentmain(InstrumentationImpl.java:411)
        Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermiss... "read")
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
      at java.security.AccessController.checkPermission(AccessController.java:886)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
      at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
      at java.lang.System.getProperty(System.java:755)
      at Log4jHotPatch.<clinit>(Log4jHotPatch.java:59)
    ... 6 more
    Agent failed to start

     

    Resolution:

    Disable the Log4jHotPatch tool by running the following command:

    sudo touch /etc/log4j-cve-2021-44228-hotpatch.kill

    Then restart the Streamsets service (e.g. Data Collector)

     

    References:

    Announcements  Amazon Linux Hotpatch Announcement for Apache Log4j
    https://alas.aws.amazon.com/announcements/2021-001.html

    Hotpatch for Apache Log4j
    https://aws.amazon.com/blogs/opensource/hotpatch-for-apache-log4j/