X-pack 为 Elasticsearch 安全保驾护航
Elasticsearch 自己不提供任何用户认证与受权方面的操做(甚至其中压根没有 “用户” 的概念),此方面工做的责任被让给了开发者与管理员。某些观点看来,这并不是功能缺失,而被视为一种设计理念(相似的Solr 产品也一样如此,虽然它提供了更多的一些相关插件)。将安全访问控制留给了用户,个中理由是"认证受权功能大都是与应用领域紧密耦合的" 。java
另外,Elastic Co. 自己致力于围绕 Elasticsearch 打造产品生态圈,这其中就包含了旧称 Shield,现称Security(已被包含在X-Pack产品包中)的软件。无论是之前的 Shield,仍是当今的Security,其目的都是为Elasticsearch提供安全访问管理方案,它们都是闭源的商业软件。node
本文介绍了一种Crack X-Pack 的方法,为 elasticsearch 安全保驾护航。web
Crack x-pack
下载 x-pack
Elasticsearch 6.3.x 以后的版本已经自带了 x-pack 插件,无需单独下载;apache
此版本以前的 Elasticsearch 须要单独安装版本号一致对应的 x-pack 插件,以 Elasticsearch-5.4.3 为例,须要安装 x-pack-5.4.3 插件;json
x-pack-5.4.3 的下载地址 https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.4.3.zipwindows
无需解压,直接以压缩包安装:api
./elasticsearch-plugin install file:///home/weijie/elasticsearch-5.4.3-security/x-pack-5.4.3.zip安全
安装完成后,重启 elasticsearch,访问 es 的 9200 端口,发现已经被 x-pack 保护起来了,须要登陆才能访问.app
默认用户名:elastic
默认密码:changemecurl
然 x-pack 是须要付费的,试用版 license 只有一个月:
curl -X GET -u elastic:changeme localhost:9200/_license
Crack x-pack
crack x-pack.jar
-
建立文件 LicenseVerifier.java
内容以下:
package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.*; public class LicenseVerifier { public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) { return true; } public static boolean verifyLicense(final License license) { return true; } }
-
编译 LicenseVerifier.java
javac -cp "/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/lib/elasticsearch-5.4.3.jar:/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/lib/lucene-core-6.5.1.jar:/home/weijie/elasticsearch-5.4.3-security/elasticsearch-5.4.3/plugins/x-pack/x-pack-5.4.3.jar" LicenseVerifier.java获得
LicenseVerifier.class -
替换 LicenseVerifier.class
替换
LicenseVerifier.class到plugins/x-pack/x-pack-5.4.3.jar,此处切忌使用 windows 系统的压缩软件作 class 文件替换! -
新建临时文件夹 temp
mkdir temp -
将 /plugins/x-pack/x-pack-5.4.3.jar 移动到 temp 文件夹
mv elasticsearch-5.4.3/plugins/x-pack/x-pack-5.4.3.jar temp/cd temp -
解开 x-pack-5.4.3.jar
jar -xvf x-pack-5.4.3.jarrm -rf x-pack-5.4.3.jar -
删除原 LicenseVerifier.class 文件,将新编译的 LicenseVerifier.class 拷贝到该位置
rm -rf org/elasticsearch/license/LicenseVerifier.classcp ../LicenseVerifier.class org/elasticsearch/license/ -
从新打包
jar -cvf x-pack-5.4.3.jar ./* -
将新包 x-pack-5.4.3.jar 移动到 /plugins/x-pack/
mv x-pack-5.4.3.jar ../elasticsearch-5.4.3/plugins/x-pack/
更新 license
-
获取 license
在此注册 https://license.elastic.co/registration
根据收到的邮件前往下载 license,格式化后内容以下:
{ "license": { "uid": "b48c21d4-2b00-44fa-a456-dc40b0cdb649", "type": "basic", "issue_date_in_millis": 1592870400000, "expiry_date_in_millis": 1624492799999, "max_nodes": 100, "issued_to": "jack jie (tencent)", "issuer": "Web Form", "signature": "AAAAAwAAAA3b8VQtxztAV9mDLDSbAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCFcV581PDqxjAM9m5CJkzBVnBM71leWkrvLyeSf6vSpFuLK+LFc2QThP6utxLJOmNdvDk8mUiEOkSEAIPseH0KaXR2w3BJ60P37Ryq7txE1P2D4De9Iz04hf8wrbqZK5Go3r95b2rcKTTO9+iNrRr3X69U5MtZ8V1JjXFcUC0Ppq3ryg+oPN2kafWmkjgtUBqwpz5aeMZlk/I6dQpn4TY2OtIT5E2HUxqpycVyXAcyTIkkdeQGhtKOC64GbExRvNQrQ9Xbc+ZSv/ofvXkv8fQq7oj6koqBslOLmXRmn7os/fNWuM5QO3TrlLYdDcNcP2uI4xJxGgEOKVXZ0qh19OAX", "start_date_in_millis": 1592870400000 } }
-
篡改 license
主要改动级别
type和过时时间expiry_date_in_millis两处,将 type 改成platinum即白金版,过时时间你改成2050年,注意这个license.json 不要格式化,写在一行就好。license.json
{ "license":{ "uid":"b48c21d4-2b00-44fa-a456-dc40b0cdb649","type":"platinum","issue_date_in_millis":1592870400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"jack jie (tencent)","issuer":"Web Form","signature":"AAAAAwAAAA3b8VQtxztAV9mDLDSbAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCFcV581PDqxjAM9m5CJkzBVnBM71leWkrvLyeSf6vSpFuLK+LFc2QThP6utxLJOmNdvDk8mUiEOkSEAIPseH0KaXR2w3BJ60P37Ryq7txE1P2D4De9Iz04hf8wrbqZK5Go3r95b2rcKTTO9+iNrRr3X69U5MtZ8V1JjXFcUC0Ppq3ryg+oPN2kafWmkjgtUBqwpz5aeMZlk/I6dQpn4TY2OtIT5E2HUxqpycVyXAcyTIkkdeQGhtKOC64GbExRvNQrQ9Xbc+ZSv/ofvXkv8fQq7oj6koqBslOLmXRmn7os/fNWuM5QO3TrlLYdDcNcP2uI4xJxGgEOKVXZ0qh19OAX","start_date_in_millis":1592870400000}}
-
更新 license
curl -u elastic:changeme -X PUT http://localhost:9200/_xpack/license -d @license.json -
再查看 license
curl -u elastic:changeme -X GET http://localhost:9200/_license
到此,x-pack 的crack工做就完成了。咱们尝试将 elastic 用户的密码改成 datainsight:
curl -u elastic:changeme -X PUT http://localhost:9200/_xpack/security/user/elastic/_password -H 'Contentpe: application/json' -d '{"password" : "datainsight"}'
使用 x-pack 建立安全 client
首先在 pom.xml 中引入 x-pack-transport 依赖,版本号与 elasticsearch 一致:
pom.xml
<dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-to-slf4j</artifactId> <version>2.7</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.5</version> </dependency> <dependency> <groupId>org.elasticsearch</groupId> <artifactId>elasticsearch</artifactId> <version>5.4.3</version> </dependency> <!-- add the x-pack jar as a dependency --> <dependency> <groupId>org.elasticsearch.client</groupId> <artifactId>x-pack-transport</artifactId> <version>5.4.3</version> </dependency> </dependencies>
建立安全的 TransportClient 须要对代码作出以下调整:
必定要使用 PreBuiltXPackTransportClient 而不是 PreBuiltTransportClient 建立 client,由于 PreBuiltXPackTransportClient 的 settings 中才包含 xpack.security.user 属性。
完整示例代码:
EsClient.java
package test.xpacktest; import java.net.InetSocketAddress; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.xpack.client.PreBuiltXPackTransportClient; public class EsClient { private static final String CLUSTER_NAME = "cluster.name"; private static final String XPACK_SECURITY_USER = "xpack.security.user"; private static EsClient instance = null; private TransportClient transportClient = null; private String clusterName = "datainsight_cluster"; private String xPackSecurityUser = "elastic:datainsight"; private String esAddress = "192.168.205.132:9300"; private EsClient() { } @SuppressWarnings("unchecked") private boolean init() { try { Settings settings = Settings.builder() .put(CLUSTER_NAME, clusterName) .put(XPACK_SECURITY_USER, xPackSecurityUser) .build(); transportClient = new PreBuiltXPackTransportClient(settings); String[] esAddressArr = esAddress.split(","); for (String addr : esAddressArr) { String[] ipAndPort = addr.split(":"); transportClient.addTransportAddress(new InetSocketTransportAddress( new InetSocketAddress(ipAndPort[0], Integer.valueOf(ipAndPort[1])))); } } catch (Exception e) { return false; } return true; } public static EsClient getInstance() { if (instance == null) { instance = new EsClient(); if (!instance.init()) { instance = null; } } return instance; } public TransportClient getClient() { return transportClient; } }
App.java
package test.xpacktest; import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse; import org.elasticsearch.client.transport.TransportClient; public class App { public static void main( String[] args ) { TransportClient client = EsClient.getInstance().getClient(); ClusterStateResponse response = client .admin() .cluster() .prepareState() .execute() .actionGet(); System.out.println(response.getState()); } }
最后,若是您根据本文的步骤顺利 crack,欢迎您点赞支持, 感激涕零。若是您在哪一个步骤遇到了问题,也欢迎您留言,我会补充完善,一样感激涕零!
参考文献
[1] ES X-Pack 5.4.3 Crack
[2] x-pack安装
[3] elasticsearch之x-pack crack