版本信息
Elasticsearch 7.5.1、java version 1.8.0_101、Red Hat 7.5
漏洞名称
Elasticsearch 未授权访问
漏洞描述
通常情况下Elasticsearch 未对敏感信息进行过滤,通过curl IP:PORT的方式导致任意用户可读取敏感信息。
修复方案
添加用户认证,提高信息安全性。
修复步骤
cd /home/shsnc/snc_product/elasticsearch
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
elastic-certificates.p12 elastic-stack-ca.p12
mv elastic-* config/certs
scp -r config/certs xxx.xxx.xxx.106:/home/shsnc/snc_product/elasticsearch/config
scp -r config/certs xxx.xxx.xxx.107:/home/shsnc/snc_product/elasticsearch/config
2. 开启X-pack验证
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
cd /home/shsnc/snc_product/elasticsearch/
sh elasticsearch.sh restart
/home/shsnc/snc_product/elasticsearch/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
cd /home/shsnc/snc_product/product/base-resource-center/config
# 编辑配置文件application.properties,修改下面的密码行即可:
resource.elasticsearch.username=elastic #认证用户名
resource.elasticsearch.password=123456 #用户密码
cd /home/shsnc/snc_product/product/
sh jar.sh -restart base-resource-center
{"error":{"root_cause":[{"type":"security_exception","reason":"missing
authentication credentials for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm="security" charset="UTF-
8""}}],"type":"security_exception","reason":"missing
authentication credentials for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm="security" charset="UTF-8""}},"status":401}
#curl --user 用户:密码 IP:端口
curl --user elastic:123456 xxx.xxx.xxx.106:9200
{
"name" : "es_node0",
"cluster_name" : "xxxxx",
"cluster_uuid" : "RZXFBcnYSSe9lF5Wc-J2bB",
"version" : {
"number" : "7.5.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "3ad9ty3a93c95vb0cdc024651cf95d67e1e18d36",
"build_date" : "2020-12-16T22:57:37.835892Z",
"build_snapshot" : false,
"lucene_version" : "8.3.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
结 语
END
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/129674.html
摘要:大会上,研发经理还将现场即将发布的中容器的功能及使用还有等的现场交流。点击了解详情及在线报名啦年月日,发布了全新版本,该版本修复了近期发现的两个安全漏洞和,项目级别的监控功能也在此版本回归,还有一系列功能与优化。 6月20日,北京,由Rancher Labs主办的【2019企业容器创新大会】限免报名已开启!全天18场演讲,特邀中国人寿、中国联通、平安科技、新东方、阿里云、百度云等著名企...
阅读 1235·2023-01-11 13:20
阅读 1542·2023-01-11 13:20
阅读 994·2023-01-11 13:20
阅读 1650·2023-01-11 13:20
阅读 3958·2023-01-11 13:20
阅读 2456·2023-01-11 13:20
阅读 1288·2023-01-11 13:20
阅读 3450·2023-01-11 13:20