log4j2漏洞升级
一、影响范围:
Apache Log4j 2.x <= 2.15.0-rc1
二、可能受影响的应用不限于以下内容:
Spring-Boot-strater-log4j2
Apache Struts2
Apache Solr
Apache Druid
Apache Flink
ElasticSearch
Flume
Dubbo
Jedis
Logstash
Kafka
Apache Storm
三、解决办法:
1、等待官方升级 log4j2 版本。
2、自己升级 log4j2 版本至 >= 2.15.0,目前最新 2.16.0
四、部分组件实施步骤:
1、logstash
1.1、从 官网 下载新版 6.8.21 or 7.16.1,修复此问题。
1.2、自己升级 log4j2 版本
查找漏洞包
find / -name "log4j-api*.jar"
find / -name "log4j-api*.jar"
根据包名替换为下载的新包
[logstash核心类库更新]
mv /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar.bak
mv /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar /opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/logstash-core/lib/jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/logstash-core/lib/jars/[logstash插件更新]
-- logstash-input-kafka-8.0.6 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-api-2.8.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/log4j-slf4j-impl-2.8.2.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/vendor/jar-dependencies/runtime-jars/-- logstash-input-kafka-8.0.6 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-kafka-8.0.6/lib/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar.bak-- logstash-input-beats-5.0.13-java 修改依赖(需要修改rb)
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mkdir -p /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/
vim /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-beats-5.0.13-java/lib/logstash-input-beats_jars.rb
[log4j-api 2.6.2 版本改为 2.15.0]-- logstash-output-kafka-7.0.10 修改运行类库
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-1.2-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/log4j-core-2.6.2.jar.bak
cp /home/log4j/log4j-1.2-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-api-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/
cp /home/log4j/log4j-core-2.15.0.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/vendor/jar-dependencies/runtime-jars/-- logstash-output-kafka-7.0.10 修改依赖
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar.bak
mv /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar /opt/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-kafka-7.0.10/lib/org/apache/logging/log4j/log4j-core/2.6.2/log4j-core-2.6.2.jar.bak
说明:
(1) 对于依赖类库,如果类库文件有被插件使用,则需要修改 [plugin-name]/lib/*.rb 文件,只需查看 rb 文件则可知道是否有被使用。
(2)修改时,出了需要查找 log4j-core、log4j-api 文件,还需关注目录下是否存在相关版本的其他 log4j 包,如 log4j-slf4j-impl、log4j-1.2-api 等,如果版本号相同,也都要替换。
2、storm
[停止 storm Topology]
mv $storm/lib/log4j-api-2.8.2.jar $storm/lib/log4j-api-2.8.2.jar.bak
mv $storm/lib/log4j-core-2.8.2.jar $storm/lib/log4j-core-2.8.2.jar.bak
mv $storm/lib/log4j-slf4j-impl-2.8.2.jar $storm/lib/log4j-slf4j-impl-2.8.2.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar $storm/lib/
cp /home/log4j/log4j-core-2.15.0.jar $storm/lib/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $storm/lib/
重启 storm server
[提交 storm Topology]
说明:
(1)对于低版本 storm,如 v1.1.1,启动 nibus 时,会出现如下异常:
Exception in thread "main" java.lang.NoSuchMethodError: com.lmax.disruptor.dsl.Disruptor.<init>(Lcom/lmax/disruptor/EventFactory;ILjava/util/concurrent/ThreadFactory;Lcom/lmax/disruptor/dsl/ProducerType;Lcom/lmax/disruptor/WaitStrategy;)V
at org.apache.logging.log4j.core.async.AsyncLoggerDisruptor.start(AsyncLoggerDisruptor.java:108)
at org.apache.logging.log4j.core.async.AsyncLoggerContext.start(AsyncLoggerContext.java:75)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:155)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
at org.apache.logging.log4j.LogManager.getContext(LogManager.java:196)
对于这种问题,还需升级 disruptor 包
mv $storm/lib/disruptor-3.3.2.jar $storm/lib/disruptor-3.3.2.jar.bak
cp /home/logstash $storm/lib/
3、elasticsearch
mv $elasticsearch_home/lib/log4j-api-2.11.1.jar $elasticsearch_home/lib/log4j-api-2.11.1.jar.bak
mv $elasticsearch_home/lib/log4j-core-2.11.1.jar $elasticsearch_home/lib/log4j-core-2.11.1.jar.bak
cp /home/log4j/log4j-api-2.15.0.jar $elasticsearch_home/lib/
cp /home/log4j/log4j-core-2.15.0.jar $elasticsearch_home/lib/mv $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar $elasticsearch_home/modules/x-pack-core/log4j-1.2-api-2.11.1.jar.bak
mv $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar $elasticsearch_home/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar.bak
cp /home/log4j/log4j-1.2-api-2.15.0.jar $elasticsearch_home/modules/x-pack-core/
cp /home/log4j/log4j-slf4j-impl-2.15.0.jar $elasticsearch_home/modules/x-pack-security/
[停止 sink es 业务]
[重启 es server]
[启动 sink es 业务]
其他组件升级,后续更新...
log4j2漏洞升级相关推荐
- 解决log4j2漏洞遭到挖矿、僵尸进程病毒攻击
1.前因 在2019年12月份,爆出来的log4j2漏洞,当时可谓满城风雨.当时自己的一个框架刚好从log4j升级到log4j2.按照当时的方案,临时做了修复,但终究还是抵不过残酷的现实,该来的始终还 ...
- Log4j2漏洞发展历程及解决方案
背景 最近互联网技术圈最火的一件事莫过于Log4j2的漏洞了.同时也涌现出了各类分析文章,关于漏洞的版本.漏洞的原因.漏洞的修复.程序员因此加班等等. 经常看我文章的朋友都知道,面对这样热门有意思的技 ...
- 再严重的 Log4j2 漏洞也伤害不了 Java
点击上方"程序猿技术大咖",关注并选择"设为星标" 回复"加群"获取入群讨论资格! 作者丨Erik Costlow 译者丨核子可乐李冬梅 来 ...
- 一问三不知之log4j2漏洞简析
1.log4j2漏洞介绍 1.1简介 Apache Log4j 2是对Log4j的升级,它比其前身Log4j 1.x提供了重大改进,并提供了Logback中可用的许多改进,同时修复了Logback架构 ...
- log4j2漏洞简单复现
文章目录 0x1 log4j2漏洞简介 0x2 log4j2漏洞验证判断 0x3log4j2漏洞复现利用 0x04 log4j2漏洞修复方式 0x1 log4j2漏洞简介 log4j2原理: log4 ...
- 阿里云被工信部暂停合作,惹事的Log4j2漏洞该如何解决?
近日,一众开发和维护人员正马不停蹄地开始修补 Log4j2 漏洞,但要真正修复完毕,还有很多工作要做. 最近几天,各家互联网大厂的程序员朋友们,都快被 Log4j2 漏洞折磨疯了,纷纷启动自家软件的漏 ...
- 关于 CVE-2021-44228 Log4j2 漏洞的相关应对汇总说明(包含中英文客户公告)
微软产品团队和安全团队正在积极的调查本次事件,以下是截止到目前的最新信息: 在微软产品方面,目前尚未发现有产品受到本次漏洞的影响,包括(Azure Application Gateway, Azure ...
- Log4j2漏洞复现(CVE-2021-44228)
引言 Apache Log4j是一个基于Java的日志记录组件,通过重写Log4j引入了丰富的功能特性,该日志组件被广泛应用于业务系统开发,用以记录程序输入输出日志信息.Apache Log4j2存在 ...
- 第14篇:Struts2框架下Log4j2漏洞检测方法分析与总结
Part1 前言 Log4j2漏洞出现有大半年的时间了,这个核弹级别的漏洞危害很大,但是这个漏洞检测起来却很麻烦,因为黑盒测试无法预判网站哪个应用功能在后台调用了log4j2记录日志功能.目前通用 ...
- Log4j2漏洞修复
文章目录 一.漏洞 二.修复漏洞 2.1 SpringMVC项目修复 2.2 SpringBoot项目修复 三.如何攻击漏洞 一.漏洞 近期一个 Apache Log4j 远程代码执行漏洞细节被公开, ...
最新文章
- 【MySQL】缩略语PK NN UQ BIN UN ZF AI G、基本操作语句
- 算法竞赛入门第二版解题报告
- 甲骨文正式发布Java 14(Oracle JDK 14),下载下来尝尝鲜~~~
- android4.4.2fragment不显示,Android应用中使用Fragment组件的一些问题及解决方案总结...
- 干货|且看Pyecharts如何制作多个子图
- php ajax 重复提交,ThinkPHP防止重复提交表单的方法实例分析
- 一统江湖的大前端(7)React.js-从开发者到工程师
- 【英语学习】【English L06】U07 Jobs L2 I have my own bakery now
- 腾讯QQ认证空间4月27日已全面开放申请,欲进军自媒体
- I2C(smbus、pmbus)和SPI协议分析
- 机械设计参考CAD零件图纸常用素材资料(300张)
- Presto SQL 时间日期函数
- cad批量打印_「批量打印」CAD图纸批量输出PDF及预览与输出不一致解决办法
- C2:Unity3D制作智能家居设计软件——绘制户型(一)
- html用css美化表格
- win8桌面计算机图标不见,win8桌面图标消失,win8桌面图标设置方法
- Android 常用布局介绍
- 【设计模式】适配器模式:如何巧妙地过滤游戏中的敏感词
- 防火墙的访问控制策略
- 2020搞一个副业项目需要什么技能?