How to test if your Linux server is vulnerable to Log4j

Log4j is a serious vulnerability that has swept across the IT landscape quickly. Here's a single command you can run to test and see if you have any vulnerable packages installed.

The Log4j vulnerability is serious business. This zero-day flaw affects the Log4j library and can allow an attacker to execute arbitrary code on a system that depends on Log4j to write log messages.

This vulnerability has the highest CVSS score of 10.0, so you need to pay attention. One of the big problems is knowing if you're vulnerable. This is complicated by the many ways Log4j can be deployed. Are you using it as part of a Java project, is it rolled into a container, did you install it with your distribution package manager, and (if so) which log4j packages did you install? Or did you install it from source? Because of this, you might not even know if your server is vulnerable.