Zookeeper 四字白名单防止信息泄露

四字白名单默认是开启的

#默认
4lw.commands.whitelist=*

测试获取服务信息

[root@localhost zookeeper-3.4.10]# echo stat |ncat 127.0.0.1 2181
Zookeeper version: 3.4.10-39d3a4f269333c922ed3db283be479f9deacaa0f, built on 03/23/2017 10:13 GMT
Clients:
 /127.0.0.1:34004[0](queued=0,recved=1,sent=0)

Latency min/avg/max: 0/0/0
Received: 5
Sent: 4
Connections: 1
Outstanding: 0
Zxid: 0x0
Mode: standalone
Node count: 4

[root@localhost zookeeper-3.4.10]# echo envi |ncat 127.0.0.1 2181
Environment:
zookeeper.version=3.4.10-39d3a4f269333c922ed3db283be479f9deacaa0f, built on 03/23/2017 10:13 GMT
host.name=localhost
java.version=1.8.0_05
java.vendor=Oracle Corporation
java.home=/zywa/jdk/jre
java.class.path=/zywa/zookeeper-3.4.10/bin/../build/classes:/zywa/zookeeper-3.4.10/bin/../build/lib/*.jar:/zywa/zookeeper-3.4.10/bin/../lib/slf4j-log4j12-1.6.1.jar:/zywa/zookeeper-3.4.10/bin/../lib/slf4j-api-1.6.1.jar:/zywa/zookeeper-3.4.10/bin/../lib/netty-3.10.5.Final.jar:/zywa/zookeeper-3.4.10/bin/../lib/log4j-1.2.16.jar:/zywa/zookeeper-3.4.10/bin/../lib/jline-0.9.94.jar:/zywa/zookeeper-3.4.10/bin/../zookeeper-3.4.10.jar:/zywa/zookeeper-3.4.10/bin/../src/java/lib/*.jar:/zywa/zookeeper-3.4.10/bin/../conf:
java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.io.tmpdir=/tmp
java.compiler=
os.name=Linux
os.arch=amd64
os.version=3.10.0-229.el7.x86_64
user.name=root
user.home=/root
user.dir=/zywa/zookeeper-3.4.10

关闭四字白名单

4lw.commands.whitelist=

测试获取服务信息

[root@localhost zookeeper-3.4.10]# echo stat |ncat 127.0.0.1 2181
stat is not executed because it is not in the whitelist.
[root@localhost zookeeper-3.4.10]# echo envi |ncat 127.0.0.1 2181
envi is not executed because it is not in the whitelist.

开启部分四字命令

4lw.commands.whitelist=envi

测试获取服务信息

[root@localhost zookeeper-3.4.10]# echo stat |ncat 127.0.0.1 2181
stat is not executed because it is not in the whitelist.
[root@localhost zookeeper-3.4.10]# echo envi |ncat 127.0.0.1 2181
Environment:
zookeeper.version=3.4.10-39d3a4f269333c922ed3db283be479f9deacaa0f, built on 03/23/2017 10:13 GMT
host.name=localhost
java.version=1.8.0_05
java.vendor=Oracle Corporation
java.home=/zywa/jdk/jre
java.class.path=/zywa/zookeeper-3.4.10/bin/../build/classes:/zywa/zookeeper-3.4.10/bin/../build/lib/*.jar:/zywa/zookeeper-3.4.10/bin/../lib/slf4j-log4j12-1.6.1.jar:/zywa/zookeeper-3.4.10/bin/../lib/slf4j-api-1.6.1.jar:/zywa/zookeeper-3.4.10/bin/../lib/netty-3.10.5.Final.jar:/zywa/zookeeper-3.4.10/bin/../lib/log4j-1.2.16.jar:/zywa/zookeeper-3.4.10/bin/../lib/jline-0.9.94.jar:/zywa/zookeeper-3.4.10/bin/../zookeeper-3.4.10.jar:/zywa/zookeeper-3.4.10/bin/../src/java/lib/*.jar:/zywa/zookeeper-3.4.10/bin/../conf:
java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.io.tmpdir=/tmp
java.compiler=
os.name=Linux
os.arch=amd64
os.version=3.10.0-229.el7.x86_64
user.name=root
user.home=/root
user.dir=/zywa/zookeeper-3.4.10

所有的四字命令

4lw.commands.whitelist=conf, cons, crst, dirs, dump, envi, gtmk, ruok, stmk, srst, srvr, stat, wchc, wchp, wchs, mntr, isro, telnet close