Rpa 6501 号会员
  •  0 回帖  •  1.2K 浏览  •  2021-05-28 11:05:34

Logstash7.6.1 中 jackson-databind 升级到 2.13.3 说明文档

1 准备工作

本文档仅适用与 logstash 7.6.1 版本,为做过修改的 logstash 中的 jackson 漏洞处理。

logstash-jackson-2.13.3- 升级包.zip

本升级步骤,按照标准版安装进行操作。
事件情况,找到 logstash 主目录即可。

一、备份
备份整个 logstash 目录
cd /isearch
tar -zcvf logstash-7.6.1.tar.gz logstash-7.6.1

二、替换 jar 包
1、停止 logstash
logstash.sh stop

2、删除原来的 jar 包
cd /isearch/logstash-7.6.1/logstash-core/lib/jars
rm -rf jackson-annotations-2.9.10.jar
rm -rf jackson-core-2.9.10.jar
rm -rf jackson-databind-2.9.10.1.jar
rm -rf jackson-dataformat-cbor-2.9.10.jar

rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/*

rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-annotations/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-core/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/*
rm -rf /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/*

3、创建目录
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.13.3

mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-core/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.13.3
mkdir -p /isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.13.3

3、上传新 jar 包
3.1、以下 jar 包上传到 /isearch/logstash-7.6.1/logstash-core/lib/jars 目录
jackson-annotations-2.13.3.jar
jackson-core-2.13.3.jar
jackson-databind-2.13.3.jar
jackson-dataformat-cbor-2.13.3.jar

3.2、以下 4 个 jar 包分别放后续目录
jackson-annotations-2.13.3.jar
放到以下两个目录, 每个目录都要放一个
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.13.3
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-annotations/2.13.3

jackson-core-2.13.3.jar
放到以下两个目录, 每个目录都要放一个
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.13.3
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-core/2.13.3

jackson-databind-2.13.3.jar
放到以下两个目录, 每个目录都要放一个
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.13.3
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/core/jackson-databind/2.13.3

jackson-module-afterburner-2.13.3.jar
放到以下两个目录, 每个目录都要放一个
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.13.3
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib/com/fasterxml/jackson/module/jackson-module-afterburner/2.13.3

4、更新 jar 包引用关系
4.1、jrjackson-0.4.11-java 目录下的 jrjackson_jars.rb 文件 上传到如下目录:
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/jrjackson-0.4.11-java/lib

4.2、logstash-input-beats-6.0.8-java 目录下的 logstash-input-beats_jars.rb 文件 上传到如下目录:
/isearch/logstash-7.6.1/vendor/bundle/jruby/2.5.0/gems/logstash-input-beats-6.0.8-java/lib

5、启动 logstash
logstash.sh start

6、查看 logstash 启动情况
tail -f /isearch/isa/logs/logstash/logstash.stdout
日志最终出现以下日志,说明启动成功
[INFO] 2022-07-13 14:52:00.814 [[main]-pipeline-manager] javapipeline - Pipeline started {“pipeline.id”=>“main”}
[INFO] 2022-07-13 14:52:00.920 [[main]<http] http - Starting http input listener {:address=>“0.0.0.0:6004”, :ssl=>“false”}
[INFO] 2022-07-13 14:52:00.945 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

[INFO] 2022-07-13 14:52:01.755 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>6600}

7、查看 logstash 使用有效性
登录平台页面,调度一次一个流程。任务列表中,看到有日志记录数量,即说明 logstash 升级成功。
注:验证流程一定要会产生日志才行。别因为流程运行本身没有日志,导致验证一直感觉没通过。

三、回退
1、停止 logstash
logstash.sh stop
2、删除现有 jars
rm -rf /isearch/logstash-7.6.1/logstash-core/lib/jars
3、还原备份的 jars
cd /isearch/logstash-7.6.1/logstash-core/lib/
cp -rf /isearch/bak/logstash-7.6.1-lib-jars.tar.gz .
tar -zxvf logstash-7.6.1-lib-jars.tar.gz
解压后,判断下 jars 目录出现并且和初始目录结构一致。
4、启动 logstash
logstash.sh start