漏洞修复--Apache Log4j 远程代码执行漏洞(CVE-2021-44228、CVE-2021-45046)

原创手机用户7791 2022-04-27

1275

漏洞信息如下：

危险程度：危急

漏洞名称：Apache Log4j 远程代码执行漏洞(CVE-2021-44228、CVE-2021-45046)

漏洞类型：代码执行

远程利用：是

存在EXP：是

漏洞描述：Apache Log4j是一个功能强大的日志组件，提供方便的日志记录。

Apache Log4j2存在远程代码执行漏洞，由于Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。

修复建议：

1.Java 6 将 log4j 升级到 2.3.1 版本，Java 7 将 log4j 升级到 2.12.3 版本，Java 8 或更高版本将 log4j 升级到 2.17.0 版本，下载地址：https://logging.apache.org/log4j/2.x/download.html

2.若暂时无法升级，删除jar包中漏洞相关的JndiLookup.class文件：

zip -q -d log4j-core-xxx.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

修复影响：服务重启

验证信息：

POC检测原理：|POC检测结果：- log4j-core

当前安装版本：2.11.1

应用相关信息:

- 应用路径：/es/elasticsearch-7.12.1/lib/log4j-core-2.11.1.jar

该主机存在此漏洞

影响应用：log4j

受影响应用版本:Apache Log4j 2.0 < 2.3.1，2.4 < 2.12.2， 2.13.0< 2.16.0

漏洞利用链接:https://www.exploit-db.com/exploits/50590

https://www.exploit-db.com/exploits/50592

方案一：

1，配置yum源，安装zip：yum install -y zip

2，删除易受攻击的类

cd /es/elasticsearch-7.12.1 && zip -d log4j-core-2.11.1.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

报错如下：经过网上百度查询，此报错可忽略

zip warning: Local Version Needed To Extract does not match CD: org/apache/logging/log4j/core/util/Loader.class

zip warning: Local Version Needed To Extract does not match CD: org/apache/logging/log4j/core/util/Patterns.class

zip warning: Local Version Needed To Extract does not match CD: org/apache/logging/log4j/core/util/SystemClock.class

zip warning: Local Version Needed To Extract does not match CD: org/apache/logging/log4j/core/util/SystemMillisClock.class

zip warning: Local Version Needed To Extract does not match CD: org/apache/logging/log4j/core/util/WatchManager$WatchRunnable.class

3，核实zip删除结果：

[root@host-173-16-184-44 lib]# /es/elasticsearch-7.12.1/jdk/bin/jar tvf log4j-core-2.11.1.jar |grep -i Jndi

4891 Sun Jul 22 20:45:20 CST 2018 org/apache/logging/log4j/core/net/JndiManager.class

252 Sun Jul 22 20:45:20 CST 2018 org/apache/logging/log4j/core/net/JndiManager$1.class

5073 Sun Jul 22 20:45:22 CST 2018 org/apache/logging/log4j/core/selector/JndiContextSelector.class

800 Sun Jul 22 20:45:22 CST 2018 org/apache/logging/log4j/core/util/JndiCloser.class

1893 Sun Jul 22 20:45:20 CST 2018 org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class

[root@host-173-16-184-44 lib]# /es/elasticsearch-7.12.1/jdk/bin/jar tvf log4j-core-2.11.1.jar |grep -i JndiLookup

[root@host-173-16-184-44 lib]# netstat -antp|grep java

tcp6 0 0 :::9200 :::* LISTEN 1864/java

tcp6 0 0 :::9300 :::* LISTEN 1864/java

tcp6 0 0 173.16.184.44:9200 173.16.184.112:40072 ESTABLISHED 1864/java

tcp6 0 0 173.16.184.44:9200 173.16.184.112:40112 ESTABLISHED 1864/java

tcp6 0 0 173.16.184.44:9200 173.16.184.140:43064 ESTABLISHED 1864/java

4，重启es进程：

[root@host-173-16-184-44 ~]# su - es

[es@host-173-16-184-44 ~]$ ps -ef|grep java

es 1864 1 0 Feb10 ? 04:37:05 /es/elasticsearch-7.12.1/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-15576011396495023968 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms3910m -Xmx3910m -XX:MaxDirectMemorySize=2049966080 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/es/elasticsearch-7.12.1 -Des.path.conf=/es/elasticsearch-7.12.1/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /es/elasticsearch-7.12.1/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

es 8638 8566 0 11:53 pts/0 00:00:00 grep --color=auto java

[es@host-173-16-184-44 ~]$

[es@host-173-16-184-44 ~]$ export TMOUT=0

[es@host-173-16-184-44 ~]$

[es@host-173-16-184-44 ~]$ kill -9 1864

[es@host-173-16-184-44 ~]$ cd /es/elasticsearch-7.12.1/bin

[es@host-173-16-184-44 bin]$ ls

elasticsearch elasticsearch-croneval elasticsearch-migrate elasticsearch-setup-passwords elasticsearch-syskeygen x-pack-security-env

elasticsearch-certgen elasticsearch-env elasticsearch-node elasticsearch-shard elasticsearch-users x-pack-watcher-env

elasticsearch-certutil elasticsearch-env-from-file elasticsearch-plugin elasticsearch-sql-cli nohup.out

elasticsearch-cli elasticsearch-keystore elasticsearch-saml-metadata elasticsearch-sql-cli-7.12.1.jar x-pack-env

[es@host-173-16-184-44 bin]$ ./elasticsearch -d

[es@host-173-16-184-44 bin]$

[es@host-173-16-184-44 bin]$ ps -ef|grep java

es 9450 1 99 11:54 pts/0 00:00:07 /es/elasticsearch-7.12.1/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-13734428434078678155 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms3910m -Xmx3910m -XX:MaxDirectMemorySize=2049966080 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/es/elasticsearch-7.12.1 -Des.path.conf=/es/elasticsearch-7.12.1/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /es/elasticsearch-7.12.1/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

es 9482 8566 0 11:54 pts/0 00:00:00 grep --color=auto java

5，核实重启结果：

(Not all processes could be identified, non-owned process info

will not be shown, you would have to be root to see it all.)

tcp6 0 0 :::9200 :::* LISTEN 9450/java

tcp6 0 0 :::9300 :::* LISTEN 9450/java

[es@host-173-16-184-44 lib]$

6，涉及es业务验证。

方案二：

1，根据漏洞信息获取新版本组件包下载地址并下载最新版本的组件：https://logging.apache.org/log4j/2.x/download.html

2，进入es用户，备份原有log4j-core组件，查看文件

[es@host-173-16-184-44 lib]$ mv log4j-core-2.11.1.jar{,.20220427.mod.bak}

[es@host-173-16-184-44 lib]$ ls -ltr

-rw-r--r-- 1 root root 1589223 Apr 27 11:48 log4j-core-2.11.1.jar.20220427.mod.bak

3，root用户安装lrzsz

[root@host-173-16-184-44 ~]# yum install - y lrzsz

###############注：安装不成功会生成yum事务数据/tmp/yum_save_tx.2022-04-27.12-15.0a1yUN.yumtx

原因：Exiting on user command

[root@host-173-16-184-44 ~]# yum install - y lrzsz

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

No package y available.

Resolving Dependencies

--> Running transaction check

---> Package lrzsz.x86_64 0:0.12.20-36.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================

Package Arch Version Repository Size

=====================================================================================================================================================================

Installing:

lrzsz x86_64 0.12.20-36.el7 CentOS7 78 k

Transaction Summary

=====================================================================================================================================================================

Install 1 Package

Total download size: 78 k

Installed size: 181 k

Is this ok [y/d/N]:

Exiting on user command

Your transaction was saved, rerun it with:

yum load-transaction /tmp/yum_save_tx.2022-04-27.12-15.0a1yUN.yumtx

###############注：安装不成功会生成yum事务数据/tmp/yum_save_tx.2022-04-27.12-15.0a1yUN.yumtx-end

4，切换到es用户，并进入到es安装目录

[root@host-173-16-184-44 ~]# su - es

Last login: Wed Apr 27 12:15:32 CST 2022 on pts/0

[es@host-173-16-184-44 ~]$ cd /es/elasticsearch-7.12.1

5，通过rz上传最新log4j-core组件

[es@host-173-16-184-44 lib]$ rz -E

rz waiting to receive.

6，核实是否上传成功

[es@host-173-16-184-44 lib]$ ls -ltr log4j-core*

-rw-r--r-- 1 es es 1811090 Jan 1 17:00 log4j-core-2.17.2.jar

-rw-r--r-- 1 root root 1589223 Apr 27 11:48 log4j-core-2.11.1.jar.20220427.mod.bak

7，找到运行es的进程号并kill es进程，核实是否kill成功

[es@host-173-16-184-44 lib]$ ps -ef|grep es

root 1 0 0 2021 ? 01:25:13 /usr/lib/systemd/systemd --switched-root --system --deserialize 22

dbus 654 1 0 2021 ? 00:45:30 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

es 9450 1 3 11:54 pts/0 00:00:42 /es/elasticsearch-7.12.1/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMesages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-13734428434078678155 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms3910m -Xmx3910m -XX:MaxDirectMemorySize=2049966080 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/es/elasticsearch-7.12.1 -Des.path.conf=/es/elasticsearch-7.12.1/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /es/elasticsearch-7.12.1/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

es 9475 9450 0 11:54 pts/0 00:00:00 /es/elasticsearch-7.12.1/modules/x-pack-ml/platform/linux-x86_64/bin/controller

root 17422 1 0 Apr15 ? 00:37:28 /usr/local/qcloud/YunJing/YDEyes/YDService

root 24384 8545 0 12:16 pts/0 00:00:00 su - es

es 24385 24384 0 12:16 pts/0 00:00:00 -bash

es 25369 24385 0 12:17 pts/0 00:00:00 ps -ef

es 25370 24385 0 12:17 pts/0 00:00:00 grep --color=auto es

[es@host-173-16-184-44 lib]$ kill -9 9450

[es@host-173-16-184-44 lib]$ ps -ef|grep es

root 1 0 0 2021 ? 01:25:13 /usr/lib/systemd/systemd --switched-root --system --deserialize 22

dbus 654 1 0 2021 ? 00:45:30 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

root 17422 1 0 Apr15 ? 00:37:28 /usr/local/qcloud/YunJing/YDEyes/YDService

root 24384 8545 0 12:16 pts/0 00:00:00 su - es

es 24385 24384 0 12:16 pts/0 00:00:00 -bash

es 25543 24385 0 12:17 pts/0 00:00:00 ps -ef

es 25544 24385 0 12:17 pts/0 00:00:00 grep --color=auto es

8，使用es用户启动es【含报错处理】

[es@host-173-16-184-44 lib]$ cd ../bin

[es@host-173-16-184-44 bin]$ ls

elasticsearch elasticsearch-croneval elasticsearch-migrate elasticsearch-setup-passwords elasticsearch-syskeygen x-pack-security-env

elasticsearch-certgen elasticsearch-env elasticsearch-node elasticsearch-shard elasticsearch-users x-pack-watcher-env

elasticsearch-certutil elasticsearch-env-from-file elasticsearch-plugin elasticsearch-sql-cli nohup.out

elasticsearch-cli elasticsearch-keystore elasticsearch-saml-metadata elasticsearch-sql-cli-7.12.1.jar x-pack-env

[es@host-173-16-184-44 bin]$ ./elasticsearch -d

报措如下，并核实到进程未重启成功：

Exception in thread "main" java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY

at org.apache.logging.log4j.core.config.ConfigurationSource.<clinit>(ConfigurationSource.java:58)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:189)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:181)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:70)

at org.elasticsearch.common.logging.LogConfigurator.configureStatusLogger(LogConfigurator.java:248)

at org.elasticsearch.common.logging.LogConfigurator.configureWithoutConfig(LogConfigurator.java:95)

at org.elasticsearch.cli.CommandLoggingConfigurator.configureLoggingWithoutConfig(CommandLoggingConfigurator.java:29)

at org.elasticsearch.cli.Command.main(Command.java:76)

at org.elasticsearch.common.settings.KeyStoreCli.main(KeyStoreCli.java:32)

[es@host-173-16-184-44 bin]$ Exception in thread "main" java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY

at org.apache.logging.log4j.core.config.ConfigurationSource.<clinit>(ConfigurationSource.java:58)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:189)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:181)

at org.apache.logging.log4j.core.config.builder.impl.DefaultConfigurationBuilder.build(DefaultConfigurationBuilder.java:70)

at org.elasticsearch.common.logging.LogConfigurator.configureStatusLogger(LogConfigurator.java:248)

at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:157)

at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:118)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:348)

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)

at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)

at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75)

at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116)

at org.elasticsearch.cli.Command.main(Command.java:79)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:81)

[es@host-173-16-184-44 bin]$ ps -ef|grep es

root 1 0 0 2021 ? 01:25:13 /usr/lib/systemd/systemd --switched-root --system --deserialize 22

dbus 654 1 0 2021 ? 00:45:30 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

root 17422 1 0 Apr15 ? 00:37:28 /usr/local/qcloud/YunJing/YDEyes/YDService

root 24384 8545 0 12:16 pts/0 00:00:00 su - es

es 24385 24384 0 12:16 pts/0 00:00:00 -bash

es 27391 24385 0 12:20 pts/0 00:00:00 ps -ef

es 27392 24385 0 12:20 pts/0 00:00:00 grep --color=auto es

9，查看资料：建议log4j2修复漏洞方案为同时升级log4j-core和log4j-api

查看log4j相关组件，并备份log4j-api原组件，上传新版本log4j-api，核实上传结果

[es@host-173-16-184-44 bin]$ cd ../lib

[es@host-173-16-184-44 lib]$ ll -ltr log4j-*

-rw-r--r-- 1 es es 1607947 Jul 3 2019 log4j-core-2.11.1.jar.20220427.bak

-rw-r--r-- 1 es es 264060 Jul 3 2019 log4j-api-2.11.1.jar

-rw-r--r-- 1 es es 1811090 Jan 1 17:00 log4j-core-2.17.2.jar

-rw-r--r-- 1 root root 1589223 Apr 27 11:48 log4j-core-2.11.1.jar.20220427.mod.bak

[es@host-173-16-184-44 lib]$ mv log4j-api-2.11.1.jar{,.20220427.bak}

[es@host-173-16-184-44 lib]$ rz -E

rz waiting to receive.

[es@host-173-16-184-44 lib]$

[es@host-173-16-184-44 lib]$ ls -l log4j-*

-rw-r--r-- 1 es es 264060 Jul 3 2019 log4j-api-2.11.1.jar.20220427.bak

-rw-r--r-- 1 es es 302511 Jan 1 17:00 log4j-api-2.17.2.jar

-rw-r--r-- 1 es es 1607947 Jul 3 2019 log4j-core-2.11.1.jar.20220427.bak

-rw-r--r-- 1 root root 1589223 Apr 27 11:48 log4j-core-2.11.1.jar.20220427.mod.bak

-rw-r--r-- 1 es es 1811090 Jan 1 17:00 log4j-core-2.17.2.jar

10，核实进程未启动，重新启动es，并核实es进程，成功启动

[es@host-173-16-184-44 lib]$ ps -ef|grep java

es 31150 24385 0 12:25 pts/0 00:00:00 grep --color=auto java

[es@host-173-16-184-44 lib]$ cd ../bin/

[es@host-173-16-184-44 bin]$ ./elasticsearch -d

[es@host-173-16-184-44 bin]$

[es@host-173-16-184-44 bin]$ ps -ef|grep java

es 31692 1 99 12:26 pts/0 00:00:32 /es/elasticsearch-7.12.1/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-15947926175566634294 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms3910m -Xmx3910m -XX:MaxDirectMemorySize=2049966080 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/es/elasticsearch-7.12.1 -Des.path.conf=/es/elasticsearch-7.12.1/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /es/elasticsearch-7.12.1/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

[es@host-173-16-184-44 bin]$ ps -ef|grep es

root 1 0 0 2021 ? 01:25:13 /usr/lib/systemd/systemd --switched-root --system --deserialize 22

dbus 654 1 0 2021 ? 00:45:30 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

root 17422 1 0 Apr15 ? 00:37:29 /usr/local/qcloud/YunJing/YDEyes/YDService

root 24384 8545 0 12:16 pts/0 00:00:00 su - es

es 24385 24384 0 12:16 pts/0 00:00:00 -bash

es 31692 1 99 12:26 pts/0 00:00:36 /es/elasticsearch-7.12.1/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMesages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-15947926175566634294 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms3910m -Xmx3910m -XX:MaxDirectMemorySize=2049966080 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/es/elasticsearch-7.12.1 -Des.path.conf=/es/elasticsearch-7.12.1/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /es/elasticsearch-7.12.1/lib/* org.elasticsearch.bootstrap.Elasticsearch -d

es 31757 31692 0 12:26 pts/0 00:00:00 /es/elasticsearch-7.12.1/modules/x-pack-ml/platform/linux-x86_64/bin/controller

es 31992 24385 0 12:26 pts/0 00:00:00 ps -ef

es 31993 24385 0 12:26 pts/0 00:00:00 grep --color=auto es

11，涉及es业务验证。

「喜欢这篇文章，您的关注和赞赏是给作者最好的鼓励」

关注作者

漏洞修复--Apache Log4j 远程代码执行漏洞(CVE-2021-44228、CVE-2021-45046)

评论