漏洞情况
漏洞利用方法见:Log4j 高危漏洞 (补充视频)
ES 官方评论:Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
ES 修复方法
- 去https://mvnrepository.com/artifact/org.apache.logging.log4j下载
log4j-core,log4j-api,log4j-1.2-api的 2.15.0 版本 - 在部署 ES 的机器上执行以下脚本
#!/bin/bash
OLD_VERSION=2.11.1
NEW_VERSION=2.15.0
cd /data/elasticsearch
echo "-Dlog4j2.formatMsgNoLookups=true" >> /data/elasticsearch/config/jvm.options
for file in "log4j-core" "log4j-api" "log4j-1.2-api"; do
docker exec elasticsearch rm -rf /usr/share/elasticsearch/lib/$file-$OLD_VERSION.jar
docker cp $file-$NEW_VERSION.jar elasticsearch:/usr/share/elasticsearch/lib/$file-$NEW_VERSION.jar
docker exec elasticsearch chown elasticsearch /usr/share/elasticsearch/lib/$file-$NEW_VERSION.jar
echo "replace $file-$OLD_VERSION.jar by $file-$NEW_VERSION.jar"
done
docker-compose restart elasticsearch
上述脚本 1)添加 ES 运行的 jvm 配置,2)更新 log4j 的 jar 包