Should customers be unable to trigger an update of their Avantra agent 20.11.X to 20.11.701 or 20.11.10, then there is a configuration change required in the installation folder of the Agent followed by an agent restart.
Below you will find a piece of sample code (RUN_JS custom check) that is designed to be reviewed and adapted for customer environments to trigger an update to the agent configuration and restart the agent. Please take note of the marked dependencies at the top of the code such as the agent having the ability to restart itself.
Platform: Linux based agents
Agent Versions: 20.11.x
// Name: Update jvm.options file for an Avantra agent
// Type: Autoamtion step example-code ONLY (please adapt to your environment)
// Description: Update your linux-based agent config to include protection against CVE-2021-44228 - Log4j 2 Vulnerability
// Author: Avantra Support
// Date: Sat Dec 11 2021
// ASSUMPTIONS
// 1) Your agent is running under the systemd service avantra-agent
// 2) Your agent is correctly configured with the ability to restart itself e.g. sudo systemctl restart avantra-agent
// 3) Your install directory is set below
// ######### Variable and constant declarations
const agentInstallLocation = "/opt/avantra/agent/";
const log4j_disable = "log4j2.formatMsgNoLookups=true";
const agent_java_args = 'AGENT_JAVA_ARGS="';
const configFileLocation = agentInstallLocation + "cfg/jvm.options";
const agentRestartCommand = 'nohup bash -c "sleep 5 ; sudo systemctl restart avantra-agent " &';
// ######### Functions
// ######### Check Execution Logic
// Get the contents of the current configuration file
var currentConfig = os.exec("cat " + configFileLocation);
// If we have managed to open the file then we can continue - otherwise we error out.
if(currentConfig.exitCode === 0){
// Pull the file contents into a variable.
var fileContents = currentConfig.out;
// Search for the log4j2 disabling string
// This way, if it's already present we can stop execution.
var stringLocation = fileContents.indexOf(log4j_disable);
// If the configuration is not already in place, we continue.
if(stringLocation === -1){
// Get the location of the "AGENT_JAVA_ARGS=" string so we know where to add the config.
var location_of_java_args_wrapper = fileContents.indexOf(agent_java_args);
// If we cannot locate the configuration within the file - we error out
// You may adjust the code here if you want to add new config if it doesn't exist but that is your choice to make.
if(location_of_java_args_wrapper === -1){
check.message = 'Unable to find valid java configuration items in the file i.e. no AGENT_JAVA_ARGS="-Dx=y -Dy=z"';
}
// Next we get the location of the config flags within the AGENT_JAVA_ARGS="<this stuff in here>" string
var location_of_start_of_existing_config = (location_of_java_args_wrapper + (agent_java_args.length));
// Create a variable to house the new coniguration file contents.
var result = "";
// In case the config is not the first item in that file, we append all the stuff at the beginning to the output.
if(location_of_java_args_wrapper > 0){
result = fileContents.slice(0, location_of_java_args_wrapper);
}
// Build the new configuration file.
var result = result + agent_java_args + "-D" + log4j_disable + " " + fileContents.slice(location_of_start_of_existing_config,fileContents.length);
// Output the new configuration file contents to the file.
os.exec("echo '" + result + "' > " + configFileLocation);
// Now that the configuration is updated - we can trigger an agent restart
os.exec(agentRestartCommand);
check.message = "Configuration updated successfully and agent restart triggered.";
// If the config is already in place then we throw and error to stop execution.
} else {
check.message = "JVM configuration already in place - no need to continue.";
}
} else {
check.message = "Unable to open config file at " + configFileLocation;
check.status = WARNING;
}