Log4j2漏洞修复

2022.08.01，我司某系统 elasticsearch 7.10.1 默认使用了低版本的 Log4j 2.11.1 而收到了 Log4j2疑似存在严重漏洞修复通报 邮件，下面是修复过程（建议升级到：Log4j 2.18），仅供参考。

漏洞主题：Apache Log4j2 远程代码执行漏洞
漏洞公告：https://help.aliyun.com/document_detail/368470.html
影响版本：Apache Log4j 2.x <= 2.14.1
新版下载：https://logging.apache.org/log4j/2.x/download.html

• 确认过程：确认要替换的jar包（只用替换lib目录下的jar包）

[root@localhost]# find /data/elasticsearch_9200/lib -name log4j*.jar
/data/elasticsearch_9200/lib/log4j-api-2.11.1.jar
/data/elasticsearch_9200/lib/log4j-core-2.11.1.jar

• 修复过程：替换新版jar包

cd /opt/
wget -c https://www.apache.org/dyn/closer.lua/logging/log4j/2.18.0/apache-log4j-2.18.0-bin.zip
unzip apache-log4j-2.18.0-bin.zip

ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
mkdir -p /data/es_bak_20220801
mv /data/elasticsearch_9200/lib/log4j-api-2.11.1.jar /data/es_bak_20220801/log4j-api-2.11.1.jar
mv /data/elasticsearch_9200/lib/log4j-core-2.11.1.jar /data/es_bak_20220801/log4j-core-2.11.1.jar
\cp /opt/apache-log4j-2.18.0-bin/log4j-api-2.18.0.jar /data/elasticsearch_9200/lib/log4j-api-2.18.0.jar
\cp /opt/apache-log4j-2.18.0-bin/log4j-core-2.18.0.jar /data/elasticsearch_9200/lib/log4j-core-2.18.0.jar

ulimit -n 65536
chown -R esuser.esuser /data/elasticsearch_9200
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 10 && netstat -lnpt | egrep "(9200|9300)"