Apache Log4j2 远程代码执行漏--洞 和 2.16的新曝出问题
(https://mp.weixin.qq.com/s/vxQoXrYgallQMmA-3tbfog) DOS 拒绝服务攻--击漏--洞
elasticsearch 7.3和 elasticsearch6.1
下载安装包: https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.tar.gz
阿里云盘: https://www.aliyundrive.com/s/NnXWALWs1qN
elasticsearch 7.3
cd /data/soft
wget https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.tar.gz
tar xf apache-log4j-2.17.0-bin.tar.gz
cd /usr/share/elasticsearch/lib
mv log4i-* /data/soft && rm #备份之前的log4j版本
cp /data/soft/apache-log4j-2.17.0-bin/{log4j-api-2.17.0.jar,log4j-core-2.17.0.jar} ./ #复制最新的log4j包
chmod -R 644 ./log4j-* #授权
systemctl restart elasticsearch #重启elasticsearch
elasticsearch6.1 和elasticsearch 7.3差不多(多复制一个包)
cd /data/soft
wget https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.tar.gz
tar xf apache-log4j-2.17.0-bin.tar.gz
cd /usr/share/elasticsearch/lib
mv log4i-* /data/soft && rm #备份之前的log4j版本
cp /data/soft/apache-log4j-2.17.0-bin/{log4j-1.2-api-2.17.0.jar,log4j-api-2.17.0.jar,log4j-core-2.17.0.jar} ./ #复制最新的log4j包
chmod -R 644 ./log4j-* #授权
systemctl restart elasticsearch #重启elasticsearch
