版本信息
Elasticsearch 7.5.1、java version 1.8.0_101、Red Hat 7.5
漏洞名稱
Elasticsearch 未授權訪問
漏洞描述
通常情況下Elasticsearch 未對敏感信息進行過濾,通過curl IP:PORT的方式導致任意用戶可讀取敏感信息。
修復方案
添加用戶認證,提高信息安全性。
修復步驟
cd /home/shsnc/snc_product/elasticsearch
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
elastic-certificates.p12 elastic-stack-ca.p12
mv elastic-* config/certs
scp -r config/certs xxx.xxx.xxx.106:/home/shsnc/snc_product/elasticsearch/config
scp -r config/certs xxx.xxx.xxx.107:/home/shsnc/snc_product/elasticsearch/config
2. 開啟X-pack驗證
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
cd /home/shsnc/snc_product/elasticsearch/
sh elasticsearch.sh restart
/home/shsnc/snc_product/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
cd /home/shsnc/snc_product/product/base-resource-center/config
# 編輯配置文件application.properties,修改下面的密碼行即可:
resource.elasticsearch.username=elastic #認證用戶名
resource.elasticsearch.password=123456 #用戶密碼
cd /home/shsnc/snc_product/product/
sh jar.sh -restart base-resource-center
{"error":{"root_cause":[{"type":"security_exception","reason":"missing
authentication credentials for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm="security" charset="UTF-
8""}}],"type":"security_exception","reason":"missing
authentication credentials for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm="security" charset="UTF-8""}},"status":401}
#curl --user 用戶:密碼 IP:端口
curl --user elastic:123456 xxx.xxx.xxx.106:9200
{
"name" : "es_node0",
"cluster_name" : "xxxxx",
"cluster_uuid" : "RZXFBcnYSSe9lF5Wc-J2bB",
"version" : {
"number" : "7.5.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "3ad9ty3a93c95vb0cdc024651cf95d67e1e18d36",
"build_date" : "2020-12-16T22:57:37.835892Z",
"build_snapshot" : false,
"lucene_version" : "8.3.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
結 語
END
文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規行為,您可以聯系管理員刪除。
轉載請注明本文地址:http://specialneedsforspecialkids.com/yun/129674.html
摘要:大會上,研發經理還將現場即將發布的中容器的功能及使用還有等的現場交流。點擊了解詳情及在線報名啦年月日,發布了全新版本,該版本修復了近期發現的兩個安全漏洞和,項目級別的監控功能也在此版本回歸,還有一系列功能與優化。 6月20日,北京,由Rancher Labs主辦的【2019企業容器創新大會】限免報名已開啟!全天18場演講,特邀中國人壽、中國聯通、平安科技、新東方、阿里云、百度云等著名企...
閱讀 1347·2023-01-11 13:20
閱讀 1685·2023-01-11 13:20
閱讀 1133·2023-01-11 13:20
閱讀 1860·2023-01-11 13:20
閱讀 4101·2023-01-11 13:20
閱讀 2705·2023-01-11 13:20
閱讀 1386·2023-01-11 13:20
閱讀 3598·2023-01-11 13:20