The zero-day vulnerability known as log4j has been described as one of the most serious security issues in recent years, allowing attackers to remotely execute code and gain access to machines. Not only is log4j simple to take advantage of, its ubiquitous nature means it has been embedded in a vast array of applications, services and software tools—and employed by bad actors around the world.
As we wrapped 2021, a lot of time was being spent identifying if infrastructure was affected. You can read Fairwinds’ statement on our open source tooling and Insights platform here.
If you are a Kubernetes user and need to understand if you have log4j container vulnerabilities present, Fairwinds can help. Fairwinds Insights is guardrails and governance software that allows teams responsible for Kubernetes to identify container vulnerabilities and suggest remediation advice.
Fairwinds Insights will scan your containers against known CVEs including log4j. If a container is at risk, Insights will create an Action Item.
You can see the details for the containers that are affected as well as the severity - in this case - critical. Users can then upgrade to the latest fixed version. Insights will continuously scan to identify further log4j vulnerabilities (amongst others).
Team leaders can use Fairwinds Insights to monitor the health of containers across teams and multiple clusters.
You can use Fairwinds Insights today to help your team identify log4j container vulnerabilities. It's available to use for free - you can sign up here. You’ll confirm your email, set up a new organization and then be able to add clusters and coworkers to the organization.
There are three ways to connect with Fairwinds Insights:
The fastest way to identify log4j container vulnerabilities is to install the in-cluster agent. You can read more about this in the Fairwinds Insights documentation.
Don’t let your containers catch you out. Use Fairwinds Insights to ensure Kubernetes security.