ICode9

精准搜索请尝试: 精确搜索
首页 > 其他分享> 文章详细

log4j2漏洞升级

2021-12-17 17:30:12  阅读:521  来源: 互联网

标签:opt vendor jar logstash 升级 漏洞 api log4j2 log4j


一、影响范围:

Apache Log4j 2.x <= 2.15.0-rc1

二、可能受影响的应用不限于以下内容:

Spring-Boot-strater-log4j2

Apache Struts2

Apache Solr

Apache Druid

Apache Flink

ElasticSearch

Flume

Dubbo

Jedis

Logstash

Kafka

Apache Storm

三、解决办法:

1、等待官方升级 log4j2 版本。

2、自己升级 log4j2 版本至 >= 2.15.0,目前最新 2.16.0

四、部分组件实施步骤:

1、logstash

1.1、从 官网 下载新版 6.8.21 or 7.16.1,修复此问题。

1.2、自己升级  log4j2 版本

查找漏洞包

find / -name "log4j-api*.jar"
find / -name "log4j-api*.jar"

根据包名替换为下载的新包

[logstash核心类库更新]
mv /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/logstash-core/lib/jars/


[logstash插件更新]
-- logstash-input-kafka-8.0.6 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/

-- logstash-input-kafka-8.0.6 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar.bak

-- logstash-input-beats-5.0.13-java 修改依赖(需要修改rb)
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mkdir -p /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
vim /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/lib/logstash-input-beats_jars.rb
[log4j-api 2.6.2 版本改为 2.15.0]

-- logstash-output-kafka-7.0.10 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar.bak
cp /home/log4j/log4j-1.2-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/

-- logstash-output-kafka-7.0.10 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar.bak

说明:

(1) 对于依赖类库,如果类库文件有被插件使用,则需要修改 [plugin-name]/lib/*.rb 文件,只需查看 rb 文件则可知道是否有被使用。

 (2)修改时,出了需要查找 log4j-core、log4j-api 文件,还需关注目录下是否存在相关版本的其他 log4j 包,如 log4j-slf4j-impl、log4j-1.2-api 等,如果版本号相同,也都要替换。

2、storm

[停止 storm Topology]

mv $storm/lib/log4j-api-2.8.2.jar $storm/lib/log4j-api-2.8.2.jar.bak

mv $storm/lib/log4j-core-2.8.2.jar $storm/lib/log4j-core-2.8.2.jar.bak

mv $storm/lib/log4j-slf4j-impl-2.8.2.jar $storm/lib/log4j-slf4j-impl-2.8.2.jar.bak

cp /home/log4j/log4j-api-2.15.0.jar $storm/lib/

cp /home/log4j/log4j-core-2.15.0.jar $storm/lib/

cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $storm/lib/

重启 storm server

[提交 storm Topology]

说明:

(1)对于低版本 storm,如 v1.1.1,启动 nibus 时,会出现如下异常:

Exception in thread "main" java.lang.NoSuchMethodError: com.lmax.disruptor.dsl.Disruptor.<init>(Lcom/lmax/disruptor/EventFactory;ILjava/util/concurrent/ThreadFactory;Lcom/lmax/disruptor/dsl/ProducerType;Lcom/lmax/disruptor/WaitStrategy;)V
 at org.apache.logging.log4j.core.async.AsyncLoggerDisruptor.start(AsyncLoggerDisruptor.java:108)
 at org.apache.logging.log4j.core.async.AsyncLoggerContext.start(AsyncLoggerContext.java:75)
 at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:155)
 at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
 at org.apache.logging.log4j.LogManager.getContext(LogManager.java:196)

对于这种问题,还需升级 disruptor 包

mv $storm/lib/disruptor-3.3.2.jar $storm/lib/disruptor-3.3.2.jar.bak

cp /home/logstash $storm/lib/

3、elasticsearch

mv $elasticsearch_home/lib/log4j-api-2.11.1.jar $elasticsearch_home/lib/log4j-api-2.11.1.jar.bak
mv $elasticsearch_home/lib/log4j-core-2.11.1.jar $elasticsearch_home/lib/log4j-core-2.11.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar $elasticsearch_home/lib/
cp /home/log4j/log4j-core-2.15.0.jar $elasticsearch_home/lib/

mv $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar.bak

mv $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar.bak

cp /home/log4j/log4j-1.2-api-2.15.0.jar $elasticsearch_home/modules/x-pack-core/

cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $elasticsearch_home/modules/x-pack-security/

[停止 sink es 业务]

[重启 es server]

[启动 sink es 业务]

其他组件升级,后续更新...

标签:opt,vendor,jar,logstash,升级,漏洞,api,log4j2,log4j
来源: https://blog.csdn.net/magic_kid_2010/article/details/121999745

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有