0
点赞
收藏
分享

微信扫一扫

elasticsearch log4j升级

1、背景:

软件:log4j-core(jar) 2.8.2 漏洞

命中:["log4j-core(jar) version less than 2.12.2","log4j-core(jar) extendField.jndi_class_not_exist equals false","log4j-core(jar) version more than equals 2.4"]

2、查找log4j文件:

路径:/data/elasticsearch/lib/log4j-core-2.8.2.jar , 需要到 安装的路径下搜索, 

[root@kafka-03 lib]# ll |grep log4j

-rwxrwxrwx 1 es es   228154 Nov 21  2017 log4j-api-2.8.2.jar

-rwxrwxrwx 1 es es  1407853 Nov 21  2017 log4j-core-2.8.2.jar


3、下载 替换,及重启。

​​https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.16.0/ 目录下载​​

#mkdir -pv /opt/softwar  && cd /opt/softwar

###wget ​​https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.16.0/log4j-api-2.16.0.jar​​

​​https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/ 目录下载​​

wget ​​https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-core/2.16.0/log4j-core-2.16.0.jar​​



注:如docker 安装,需要Dockerfile 

FROM   xxxx镜像来源

USER  root 

COPY  log4j-core-2.16.0.jar  elasticsearch路径/lib/

COPY  log4j-api-2.16.0.jar  elasticsearch路径/lib/

RUN rm -rf  elasticsearch路径/lib/log4j-api-2.8.2.jar  && rm -rf  elasticsearch路径/lib/log4j-core-2.8.2.jar

运行打包 

docker build . -t 仓库/xxx:vxx




举报

相关推荐

0 条评论