We removed a number of files to prevent problems with log4j.
Now when I run a file integrity check, the missing files are showing up as "missing". Since we know we removed them, I would like to have the file integrity check skip those files.
How do I do this?
Hi @jcauhape,
it wasn't a good idea, because in this way you mined the stability of the system.
Splunk gave many information about this bug and an immediate solution:
https://www.splunk.com/en_us/surge/log4shell-log4j-response-overview.html
You can also use Splunk to detect this vulnerability: https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html
The best solution, as @richgalloway hinted, is migration to a new version without Log4j issue.
It's possible to bypass the Integrity Check deleting the deleted files from the $SPLUNK_HOME/manifest but I don't lie this solution because the deleted files had a purpose and in this way you have an incomplete and probably inconsistent system.
Ciao.
Giuseppe
You could upgrade to a version that fixes the log4j issue or remove the file names from the manifest file.