x-pack破解及安装

x-pack破解及安装

背景

  • X-Pack是一个Elastic Stack的扩展,将安全,警报,监视,报告和图形功能包含在一个易于安装的软件包中,使用是收费的,本地自己搭建elk的话,可以使用破解的x-pack

  • 试用期一个月,license会过期导致无法登陆(或者你可以选择无密码登陆)

目标

  • 主要是替换x-pack-5.0.0.zip包中的LicenseVerifier.class(x-pack-5.0.0.zip里面的x-pack-5.0.0.jar里面的LicenseVerifier.class文件,位置:org.elasticsearch/license/目录下

破解步骤(建议所有操作全部放在linux上执行

  • 下载对应版本的x-pack包,我使用的是x-pack-5.0.0,下载的是x-pack-5.0.0.zip

wget ‘https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.0.0.zip’

  • 准备LicenseVerifier.java文件,内容如下(可以直接复制的):
package org.elasticsearch.license;

public class LicenseVerifier {
    public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData) {
        return true;
    }

    public static boolean verifyLicense(License license) {
        return true;
    }
}

上面的代码是为了方便我们替换license.json文件,所以全部返回true

  • 把准备好的LicenseVerifier.java文件上传至/usr/local/elk/目录下
  • 编译LicenseVerifier.java文件:
cd /usr/local/elk

javac -cp "/usr/local/elk/elasticsearch-5.0.0/lib/elasticsearch-5.0.0.jar:/usr/local/elk/elasticsearch-5.0.0/lib/lucene-core-6.4.1.jar:/usr/local/elk/elasticsearch-5.0.0/plugins/x-pack/x-pack-5.0.0.jar"  LicenseVerifier.java

正常情况,我们可能需要对这个项目编译,其实javac命令也可以对单个文件进行编译,只需要进入相应的类路径就可以啦

我的elasticsearch安装目录在/usr/local/elk/elasticsearch-5.0.0

  • 编译完成会生成LicenseVerifier.class文件

  • 准备临时目录test,将x-pack-5.0.0.zip在本地解压,解压后在elasticsearch目录中找到x-pack-5.0.0.jar,将x-pack-5.0.0.jar上传至test目录下,依次执行如下命令:

# 进入目录
cd /usr/local/elk/test

# 解压
jar -xvf x-pack-5.0.0.jar

# 删除
rm -rf x-pack-5.0.0.jar

# 删除原文件
rm -rf org/elasticsearch/license/LicenseVerifier.class

# 拷贝新的LicenseVerifier.class到指定目录
cp /usr/local/elk/LicenseVerifier.class org/elasticsearch/license/

# 重新打包
jar -cvf x-pack-5.0.0.jar ./*

此时生成的x-pack-5.0.0.jar一定要保存好

cd ../

rm -rf test
  • 将新生成的x-pack-5.0.0.jar替换x-pack-5.0.0.zip中旧的x-pack-5.0.0.jar

安装步骤(elasticsearch和kibana都需要安装

  • 准备破解后的x-pack-5.0.0.zip,放置/usr/local/elk/目录下
  • kibana安装x-pack,root用户:
cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin

./kibana-plugin install file:///usr//local/elk/x-pack-5.0.0.zip

返回:

Attempting to transfer from file:///usr//local/elk/x-pack-5.0.0.zip
Transferring 72364732 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete
  • elasticsearch安装x-pack, elk-weifan用户:
cd /usr/local/elk/elasticsearch-5.0.0/bin

./elasticsearch-plugin install file:///usr//local/elk/x-pack-5.0.0.zip 

返回:
-> Downloading file:///usr//local/elk/x-pack-5.0.0.zip
[************************************************=] 100%   
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
-> Installed x-pack


cd /usr/local/elk/elasticsearch-5.0.0/bin/x-pack

# 生成秘钥
./syskeygen

返回:
[elk-weifan@iZ2ze2lelgjwuyib5l73eaZ x-pack]$ ./syskeygen
Storing generated key in [/usr/local/elk/elasticsearch-5.0.0/config/x-pack/system_key]...
Ensure the generated key can be read by the user that Elasticsearch runs as, permissions are set to owner read/write only

如果es是一个集群,请将生成的密钥复制到集群的其他节点

  • 修改elasticsearch配置文件
vi /usr/local/elk/elasticsearch-5.0.0/config/elasticsearch.yml

# 添加内容
xpack.security.audit.enabled: true
  • 检查kibana配置文件:
vi /usr/local/elk/kibana-5.0.0-linux-x86_64/config/kibana.yml

elasticsearch.url: "http://39.106.136.84:9200"
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"

拓展

  • elasticsearch安装x-pack之后,X-pack提供以下几个级别保护elastic集群

    • 用户验证
    • 授权和基于角色的访问控制
    • 节点/客户端认证和信道加密
    • 审计
    • 启动消息身份验证,验证消息在传输的过程中未被篡改或者修改

测试

  • 分别启动elasticsearch和kibana(非后台启动,后台启动可以使用nohup)
cd /usr/local/elk/elasticsearch-5.0.0/bin/

./elasticsearch

cd /usr/local/elk/kibana-5.0.0-linux-x86_64/bin/

./kibana
  • 查看license过期时间
curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'

返回:

{
  "license" : {
    "status" : "active",
    "uid" : "742848f8-dd85-46fa-bb5d-2e06ff985fca",
    "type" : "trial",  测试的意思
    "issue_date" : "2018-04-19T02:22:52.491Z",
    "issue_date_in_millis" : 1524104572491,
    "expiry_date" : "2018-05-19T02:22:52.491Z", 一个月过期时间
    "expiry_date_in_millis" : 1526696572491,
    "max_nodes" : 1000,
    "issued_to" : "elasticsearch",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}
  • 准备license.json文件,内容如下,上传至/usr/local/elk/目录下
{"license":{"uid":"ba9ae270-28ee-4051-810f-09469dfd4aa4","type":"platinum","issue_date_in_millis":1498694400000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"yu tao (shanghai)","issuer":"Web Form","signature":"AAAAAwAAAA0d3SXUL/5bRSxB/OU4AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCBFriH7K2dVFXmsQLHDvpY0Ppda0FHGTDSjAmnCcplQWaNKHtX+DR6znV+vOiokhQ8s/Yz5PmI5GFhsqkLEWXl975x1/8GHaDgb7aMv7UzciFw2duWsrH8mKTGGr2wHUKMVW7pUx2Kcr5WkH0G3ax3gynsvnYTApqWiyWdkdPX/jR/T1UhfjEqpCKCQryj+aNLxy2GP+4wF/wH4NvmDF0aWALFCKDAWhuDMCNmm+oKrLrgcIXyQERk7JBf5rZG5Xm7ViiyQ8aFf8X4CN7hA8xxrPmT57jtTrX9d4Q3Kf4jEBVeUnk/qa1Doj0/Ezn2G0vVE2oRQOXmUp9nwo0JTAHj","start_date_in_millis":1498694400000}}

主要修改:”type”:”platinum” “expiry_date_in_millis”:2524579200999

license由来:申请license(访问网站:https://license.elastic.co/registration), 此处为了方便,直接复制粘贴license内容即可使用。

  • 修改licecse:
cd /usr/local/elk

curl -XPUT -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license' -d @license.json

返回:
{"acknowledged":true,"license_status":"valid"}

curl -XGET -u elastic:changeme 'http://39.106.136.84:9200/_xpack/license'

返回:
{
  "license" : {
    "status" : "active",
    "uid" : "ba9ae270-28ee-4051-810f-09469dfd4aa4",
    "type" : "platinum", 白金会员,应该足够了
    "issue_date" : "2017-06-29T00:00:00.000Z",
    "issue_date_in_millis" : 1498694400000,
    "expiry_date" : "2049-12-31T16:00:00.999Z",过期时间是我自己设置的50"expiry_date_in_millis" : 2524579200999,
    "max_nodes" : 100,
    "issued_to" : "yu tao (shanghai)",
    "issuer" : "Web Form",
    "start_date_in_millis" : 1498694400000
  }
}
  • 到此完成x-pack的破解与安装,重启elasticsearch和kibana。通过访问http://39.106.136.84:5601/进行登录

你可能感兴趣的:(日志,ELK,ELK)