当hadoop使用yarn.resource.manager默认端口8088时,容易遭受木马入侵。
检测到有恶意程序。如何更改这个端口呢
修改文件 etc/hadoop/yarn-site.xml
添加内容:
<configuration>
<!-- Site specific YARN configuration properties -->
<property>
<name>yarn.resourcemanager.webapp.address</name>
<value>${yarn.resourcemanager.hostname}:20345</value>
</property>
</configuration>
重启之前
重启hadoop
[hadoopuser@hadoop1 sbin]$ ./stop-all.sh
This script is Deprecated. Instead use stop-dfs.sh and stop-yarn.sh
Stopping namenodes on [hadoop1]
hadoop1: #####################################################################
hadoop1: ### AI Cloud! ###
hadoop1: ### Authorized only. All activity will be monitored and reported! ###
hadoop1: #####################################################################
hadoop1: no namenode to stop
localhost: #####################################################################
localhost: ### AI Cloud! ###
localhost: ### Authorized only. All activity will be monitored and reported! ###
localhost: #####################################################################
localhost: no datanode to stop
Stopping secondary namenodes [0.0.0.0]
0.0.0.0: #####################################################################
0.0.0.0: ### AI Cloud! ###
0.0.0.0: ### Authorized only. All activity will be monitored and reported! ###
0.0.0.0: #####################################################################
0.0.0.0: no secondarynamenode to stop
stopping yarn daemons
no resourcemanager to stop
localhost: #####################################################################
localhost: ### AI Cloud! ###
localhost: ### Authorized only. All activity will be monitored and reported! ###
localhost: #####################################################################
localhost: no nodemanager to stop
no proxyserver to stop
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$ ./start-all.sh
This script is Deprecated. Instead use start-dfs.sh and start-yarn.sh
Starting namenodes on [hadoop1]
hadoop1: #####################################################################
hadoop1: ### AI Cloud! ###
hadoop1: ### Authorized only. All activity will be monitored and reported! ###
hadoop1: #####################################################################
hadoop1: starting namenode, logging to /data/apps/hadoop/logs/hadoop-hadoopuser-namenode-hadoop1.out
localhost: #####################################################################
localhost: ### AI Cloud! ###
localhost: ### Authorized only. All activity will be monitored and reported! ###
localhost: #####################################################################
localhost: starting datanode, logging to /data/apps/hadoop/logs/hadoop-hadoopuser-datanode-hadoop1.out
Starting secondary namenodes [0.0.0.0]
0.0.0.0: #####################################################################
0.0.0.0: ### AI Cloud! ###
0.0.0.0: ### Authorized only. All activity will be monitored and reported! ###
0.0.0.0: #####################################################################
0.0.0.0: starting secondarynamenode, logging to /data/apps/hadoop/logs/hadoop-hadoopuser-secondarynamenode-hadoop1.out
starting yarn daemons
starting resourcemanager, logging to /data/apps/hadoop/logs/yarn-hadoopuser-resourcemanager-hadoop1.out
localhost: #####################################################################
localhost: ### AI Cloud! ###
localhost: ### Authorized only. All activity will be monitored and reported! ###
localhost: #####################################################################
localhost: starting nodemanager, logging to /data/apps/hadoop/logs/yarn-hadoopuser-nodemanager-hadoop1.out
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$ jps
9458 Kafka
6098 ResourceManager
11427 Elasticsearch
15444 SecondaryNameNode
18615 HMaster
6425 Jps
18780 HRegionServer
15102 NameNode
15246 DataNode
6222 NodeManager
20719 QuorumPeerMain
[hadoopuser@hadoop1 sbin]$
[hadoopuser@hadoop1 sbin]$ sudo netstat -ntpl | grep 6098
tcp6 0 0 :::20345 :::* LISTEN 6098/java
tcp6 0 0 :::8030 :::* LISTEN 6098/java
tcp6 0 0 :::8031 :::* LISTEN 6098/java
tcp6 0 0 :::8032 :::* LISTEN 6098/java
tcp6 0 0 :::8033 :::* LISTEN 6098/java
[hadoopuser@hadoop1 sbin]$ jps
9458 Kafka
6098 ResourceManager
11427 Elasticsearch
15444 SecondaryNameNode
18615 HMaster
6425 Jps
18780 HRegionServer
15102 NameNode
15246 DataNode
6222 NodeManager
20719 QuorumPeerMain
[hadoopuser@hadoop1 sbin]$ sudo netstat -ntpl | grep 6098
tcp6 0 0 :::20345 :::* LISTEN 6098/java
tcp6 0 0 :::8030 :::* LISTEN 6098/java
tcp6 0 0 :::8031 :::* LISTEN 6098/java
tcp6 0 0 :::8032 :::* LISTEN 6098/java
tcp6 0 0 :::8033 :::* LISTEN 6098/java
这才是正常没有被入侵的页面。