x-pack破解及安裝
背景
X-Pack是一個Elastic Stack的擴展,將安全,警報,監視,報告和圖形功能包含在一個易於安裝的軟件包中,使用是收費的,本地自己搭建elk的話,可以使用破解的x-pack
試用期一個月,license會過期導致無法登陸(或者你可以選擇無密碼登陸)
目標
- 主要是替換x-pack-5.0.0.zip包中的LicenseVerifier.class(x-pack-5.0.0.zip裏面的x-pack-5.0.0.jar裏面的LicenseVerifier.class文件,位置:org.elasticsearch/license/目錄下)
破解步驟(建議所有操作全部放在linux上執行)
- 下載對應版本的x-pack包,我使用的是x-pack-5.0.0,下載的是x-pack-5.0.0.zip
wget ‘https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.0.0.zip’
- 準備LicenseVerifier.java文件,內容如下(可以直接複製的):
package org.elasticsearch.license;
public class LicenseVerifier {
public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(License license) {
return true;
}
}
上面的代碼是爲了方便我們替換license.json文件,所以全部返回true
- 把準備好的LicenseVerifier.java文件上傳至/usr/local/elk/目錄下
- 編譯LicenseVerifier.java文件:
cd /usr/local/elk
javac -cp "/usr/local/elk/elasticsearch-5.0.0/lib/elasticsearch-5.0.0.jar:/usr/local/elk/elasticsearch-5.0.0/lib/lucene-core-6.4.1.jar:/usr/local/elk/elasticsearch-5.0.0/plugins/x-pack/x-pack-5.0.0.jar" LicenseVerifier.java
正常情況,我們可能需要對這個項目編譯,其實javac命令也可以對單個文件進行編譯,只需要進入相應的類路徑就可以啦
我的elasticsearch安裝目錄在/usr/local/elk/elasticsearch-5.0.0
編譯完成會生成LicenseVerifier.class文件
準備臨時目錄test,將x-pack-5.0.0.zip在本地解壓,解壓後在elasticsearch目錄中找到x-pack-5.0.0.jar,將x-pack-5.0.0.jar上傳至test目錄下,依次執行如下命令:
# 進入目錄
cd /usr/local/elk/test
# 解壓
jar -xvf x-pack-5.0.0.jar
# 刪除
rm -rf x-pack-5.0.0.jar
# 刪除原文件
rm -rf org/elasticsearch/license/LicenseVerifier.class
# 拷貝新的LicenseVerifier.class到指定目錄
cp /usr/local/elk/LicenseVerifier.class org/elasticsearch/license/
# 重新打包
jar -cvf x-pack-5.0.0.jar ./*
此時生成的x-pack-5.0.0.jar一定要保存好
cd ../
rm -rf test
- 將新生成的x-pack-5.0.0.jar替換x-pack-5.0.0.zip中舊的x-pack-5.0.0.jar
安裝步驟(elasticsearch和kibana都需要安裝)
- 準備破解後的x-pack-5.0.0.zip,放置/usr/local/elk/目錄下
- kibana安裝x-pack,root用戶:
cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin
./kibana-plugin install file:///usr//local/elk/x-pack-5.0.0.zip
返回:
Attempting to transfer from file:///usr//local/elk/x-pack-5.0.0.zip
Transferring 72364732 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete
- elasticsearch安裝x-pack, elk-weifan用戶:
cd /usr/local/elk/elasticsearch-5.0.0/bin
./elasticsearch-plugin install file:///usr//local/elk/x-pack-5.0.0.zip
返回:
-> Downloading file:///usr//local/elk/x-pack-5.0.0.zip
[************************************************=] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
-> Installed x-pack
cd /usr/local/elk/elasticsearch-5.0.0/bin/x-pack
# 生成祕鑰
./syskeygen
返回:
[elk-weifan@iZ2ze2lelgjwuyib5l73eaZ x-pack]$ ./syskeygen
Storing generated key in [/usr/local/elk/elasticsearch-5.0.0/config/x-pack/system_key]...
Ensure the generated key can be read by the user that Elasticsearch runs as, permissions are set to owner read/write only
如果es是一個集羣,請將生成的密鑰複製到集羣的其他節點
- 修改elasticsearch配置文件
vi /usr/local/elk/elasticsearch-5.0.0/config/elasticsearch.yml
# 添加內容
xpack.security.audit.enabled: true
- 檢查kibana配置文件:
vi /usr/local/elk/kibana-5.0.0-linux-x86_64/config/kibana.yml
elasticsearch.url: "http://39.106.136.84:9200"
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"
拓展
elasticsearch安裝x-pack之後,X-pack提供以下幾個級別保護elastic集羣
- 用戶驗證
- 授權和基於角色的訪問控制
- 節點/客戶端認證和信道加密
- 審計
- 啓動消息身份驗證,驗證消息在傳輸的過程中未被篡改或者修改
測試
- 分別啓動elasticsearch和kibana(非後臺啓動,後臺啓動可以使用nohup)
cd /usr/local/elk/elasticsearch-5.0.0/bin/
./elasticsearch
cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin/
./kibana
- 查看license過期時間
curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'
返回:
{
"license" : {
"status" : "active",
"uid" : "742848f8-dd85-46fa-bb5d-2e06ff985fca",
"type" : "trial", 測試的意思
"issue_date" : "2018-04-19T02:22:52.491Z",
"issue_date_in_millis" : 1524104572491,
"expiry_date" : "2018-05-19T02:22:52.491Z", 一個月過期時間
"expiry_date_in_millis" : 1526696572491,
"max_nodes" : 1000,
"issued_to" : "elasticsearch",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
- 準備license.json文件,內容如下,上傳至/usr/local/elk/目錄下
{"license":{"uid":"ba9ae270-28ee-4051-810f-09469dfd4aa4","type":"platinum","issue_date_in_millis":1498694400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"yu tao (shanghai)","issuer":"Web Form","signature":"AAAAAwAAAA0d3SXUL/5bRSxB/OU4AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCBFriH7K2dVFXmsQLHDvpY0Ppda0FHGTDSjAmnCcplQWaNKHtX+DR6znV+vOiokhQ8s/Yz5PmI5GFhsqkLEWXl975x1/8GHaDgb7aMv7UzciFw2duWsrH8mKTGGr2wHUKMVW7pUx2Kcr5WkH0G3ax3gynsvnYTApqWiyWdkdPX/jR/T1UhfjEqpCKCQryj+aNLxy2GP+4wF/wH4NvmDF0aWALFCKDAWhuDMCNmm+oKrLrgcIXyQERk7JBf5rZG5Xm7ViiyQ8aFf8X4CN7hA8xxrPmT57jtTrX9d4Q3Kf4jEBVeUnk/qa1Doj0/Ezn2G0vVE2oRQOXmUp9nwo0JTAHj","start_date_in_millis":1498694400000}}
主要修改:”type”:”platinum” “expiry_date_in_millis”:2524579200999
license由來:申請license(訪問網站:https://license.elastic.co/registration), 此處爲了方便,直接複製粘貼license內容即可使用。
- 修改licecse:
cd /usr/local/elk
curl -XPUT -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license' -d @license.json
返回:
{"acknowledged":true,"license_status":"valid"}
curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'
返回:
{
"license" : {
"status" : "active",
"uid" : "ba9ae270-28ee-4051-810f-09469dfd4aa4",
"type" : "platinum", 白金會員,應該足夠了
"issue_date" : "2017-06-29T00:00:00.000Z",
"issue_date_in_millis" : 1498694400000,
"expiry_date" : "2049-12-31T16:00:00.999Z",過期時間是我自己設置的50年
"expiry_date_in_millis" : 2524579200999,
"max_nodes" : 100,
"issued_to" : "yu tao (shanghai)",
"issuer" : "Web Form",
"start_date_in_millis" : 1498694400000
}
}
- 到此完成x-pack的破解與安裝,重啓elasticsearch和kibana。通過訪問http://39.106.136.84:5601/進行登錄