elasticsearch修补log4j漏洞
2021-12-15 本文已影响0人
爱吃松子的小玉米
- 此次实验的elasticsearch版本为7.5.1和7.10.1
下载log4j最新版jar包
# wget https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar
# wget https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/log4j-core-2.15.0.jar
rpm包安装的es7修补log4j漏洞过程
- 备份es原有log4j包
# mdir /opt/log4j
# cp /usr/share/elasticsearch/lib/log4j-*.jar /opt/log4j
- 替换es的log4j包到最新版本
# cp log4j-*.jar /usr/share/elasticsearch/lib/
# rm -f /usr/share/elasticsearch/lib/log4j-*2.11.1.jar
- 在es的jvm.options文件末尾添加 -Dlog4j2.formatMsgNoLookups=true
# vim /etc/elasticsearch/jvm.options
-Dlog4j2.formatMsgNoLookups=true
- 重启es服务并测试
# systemctl restart elasticsearch
# curl -XGET localhost:9200
源码包安装的es7修补log4j漏洞过程
- 备份es原有log4j包
# mkdir /opt/log4j
# cp /usr/local/elasticsearch-7.5.1/lib/log4j-*.jar /opt/log4j/
# ls /opt/log4j/
- 替换es的log4j包到最新版本(源码安装的es不能用root启动,需要创建子用户,我创建的子用户名称为:user-es)
# cp log4j-*.jar /usr/local/elasticsearch-7.5.1/lib/
# rm -f /usr/local/elasticsearch-7.5.1/lib/log4j-*2.11.1.jar
# chown user-es: /usr/local/elasticsearch-7.5.1/lib/*
- 在es的jvm.options文件末尾添加 -Dlog4j2.formatMsgNoLookups=true
# vim /usr/local/elasticsearch-7.5.1/config/jvm.options
-Dlog4j2.formatMsgNoLookups=true
- 重启es服务
# su - user-es
$ ps aux|grep elastic
user-es 7093 2.5 19.8 6609416 1584568 pts/0 Sl 15:25 4:49 /usr/local/elasticsearch-7.5.1/jdk/bin/java...
$ kill 7093
$ ps aux|grep elastic
user-es 29541 0.0 0.0 115924 1000 pts/0 S+ 18:33 0:00 grep --color=auto elastic
$ /usr/local/elasticsearch-7.5.1/bin/elasticsearch -d
$ ps aux|grep elastic
- 查看es状态
# curl -XGET localhost:9200
