telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

ELK 7.16.1 fixes log4j vulns.

Browse Source
This commit is contained in:
t3chn0m4g3
2021-12-13 15:59:48 +00:00
parent b4c1805551
commit a98b447556
4 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docker/elk/elasticsearch/Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:3.14 FROM alpine:3.14
# #
# VARS # VARS
ENV ES_VER=7.15.1 \ ENV ES_VER=7.16.1 \
ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk
# Include dist # Include dist
@ -47,5 +47,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
# #
# Start ELK # Start ELK
USER elasticsearch:elasticsearch USER elasticsearch:elasticsearch
#CMD ["/usr/share/elasticsearch/bin/elasticsearch"] CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
CMD export ES_JAVA_OPTS="$ES_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" && exec "/usr/share/elasticsearch/bin/elasticsearch"

4
docker/elk/kibana/Dockerfile
View File

@ -1,7 +1,7 @@
FROM node:14.17.6-alpine3.14 FROM node:16.13.0-alpine3.14
# #
# VARS # VARS
ENV KB_VER=7.15.1 ENV KB_VER=7.16.1
# #
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/

7
docker/elk/logstash/Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:3.14 FROM alpine:3.14
# #
# VARS # VARS
ENV LS_VER=7.15.1 ENV LS_VER=7.16.1
# Include dist # Include dist
ADD dist/ /root/dist/ ADD dist/ /root/dist/
# #
@ -14,8 +14,7 @@ RUN apk -U --no-cache add \
curl \ curl \
libc6-compat \ libc6-compat \
libzmq \ libzmq \
nss \ nss && \
zip && \
apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community openjdk16-jre && \ apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community openjdk16-jre && \
# #
# Get and install packages # Get and install packages
@ -36,8 +35,6 @@ RUN apk -U --no-cache add \
/usr/share/logstash/bin/logstash-plugin install logstash-output-gelf && \ /usr/share/logstash/bin/logstash-plugin install logstash-output-gelf && \
/usr/share/logstash/bin/logstash-plugin install logstash-output-http && \ /usr/share/logstash/bin/logstash-plugin install logstash-output-http && \
/usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \ /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
# Remove log4j (https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476)
zip -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.* org/apache/logging/log4j/core/lookup/JndiLookup.class && \
# #
# Add and move files # Add and move files
cd /root/dist/ && \ cd /root/dist/ && \

4
docker/elk/logstash/dist/logstash.conf vendored
View File

@ -649,12 +649,12 @@ if "_jsonparsefailure" in [tags] { drop {} }
geoip { geoip {
cache_size => 10000 cache_size => 10000
source => "src_ip" source => "src_ip"
database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-City.mmdb" database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-City.mmdb"
} }
geoip { geoip {
cache_size => 10000 cache_size => 10000
source => "src_ip" source => "src_ip"
database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-ASN.mmdb" database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-ASN.mmdb"
} }
translate { translate {
refresh_interval => 86400 refresh_interval => 86400