logstash的6.8版本的jackson-databind漏洞修复
1. 首先下载新版本的jackson包,由于网上的要编译我这从其他的logstash版本下直接拷贝的,可以参考我的方法
2. 这里安装的是7.17.9版本,到指定目录拷贝jackson-databind出来
cd /usr/share/logstash/logstash-core/lib/jars/
3. 只需要下载jackson-databind-2.9.10.8.jar即可
4. 下面进行logstash的jackson-databind升级,我这里面用的是rpm包安装,如果是其他方式安装请修改对应的路径,这里升级的是logstash6.8的jackson-databind
#备份对应jar
mv /usr/share/logstash/logstash-core/lib/jars/jackson-databind-2.9.10.1.jar /usr/share/logstash/logstash-core/lib/jars/jackson-databind-2.9.10.1.jar.bak
上传刚才下载的jar包至 /usr/share/logstash/logstash-core/lib/jars/
5. 备份原来目录,创建版本目录
mkdir /opt/logstash/
mv /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/ /opt/logstash/
mkdir /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/
上传刚才下载的jar包至 /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/
6. 修改为logstash权限
chown logstash:logstash -R /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.9.10.8
chown logstash:logstash -R /usr/share/logstash/logstash-core/lib/jars/
7. 创建一个测试文件touch /root/logstash.conf
input{
beats{
port => 5050
codec => json
}
}
output {
stdout {
codec => "rubydebug"
}
}
8. 启动测试正常
/usr/share/logstash/bin/logstash -f /root/logstash.conf
root/logstash.conf