小生博客:http://xsboke.blog.51cto.com-------谢谢您的参考,如有疑问,欢迎交流 目录
- 破解流程.
- 使用docker启动elk.
- 重新编译和生成文件:LicenseVerifier.class、XPackBuild.class.
- 替换旧的x-pack-core-6.6.1.jar.
- 修改elastcsearch.yml,然后重启elk,否则上传不了证书.
- 申请、修改、上传证书.
- 开启ES的登录功能.
- 验证.
需求
shell 开启elk的认证功能. 环境
shell 使用docker运行的6.6.1版本的elk容器. 破解流程
shell[list=1]
[*]重新编译并且替换x-pack-core-6.6.1.jar中的文件LicenseVerifier.class 和 XPackBuild.class.
[*]申请基础许可证书,修改内容成为白金许可证书.
[*]上传证书并且开启ES的登录功能.
[/list] 使用docker启动elk
shell
[b]版本使用的是6.6.1[/b]
docker run -d --name elk --restart=always -e "LANG=C.UTF-8" -p 5601:5601 -p 9200:9200 -p 9300:9300 -p 5044:5044 -it sebp/elk:661 重新编译和生成文件:LicenseVerifier.class、XPackBuild.class
下载x-pack-core-6.6.1.jar使用winrar打开,找到文件LicenseVerifier.class和XPackBuild.class
shell
[b]/opt/elasticsearch/modules/x-pack-core/x-pack-core-6.6.1.jar[/b]
[list=1]
[*]x-pack-core-6.6.1.jar\org\elasticsearch\license\LicenseVerifier.class
[*]x-pack-core-6.6.1.jar\org\elasticsearch\xpack\core\XPackBuild.class
[/list] 下载luyten反编译软件,反编译两个文件,然后参考下方的两个文件去修改
shell 反编译软件下载地址:
https://github.com/deathmarine/Luyten/releases/tag/v0.5.4_Rebuilt_with_Latest_depenencies
java /[i] LicenseVerifier.java [/i]/
package org.elasticsearch.license;
import java.nio.*;
import org.elasticsearch.common.bytes.[i];
import java.security.[/i];
import java.util.*;
import org.elasticsearch.common.xcontent.[i];
import org.apache.lucene.util.[/i];
import org.elasticsearch.core.internal.io.*;
import java.io.[i];
public class LicenseVerifier
{ public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
byte[] signedContent = null;
byte[] publicKeyFingerprint = null;
return true;
}
public static boolean verifyLicense(final License license) {
return true;
} } java / XPackBuild.java */
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.;
import java.net.;
import org.elasticsearch.common.*;
import java.nio.file.;
import java.io.;
import java.util.jar.*;
public class XPackBuild
{ public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0109: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
} }
[b]将两个java文件重新打包成class文件[/b] shell
javac -cp "/opt/elasticsearch/lib/elasticsearch-6.6.1.jar:/opt/elasticsearch/lib/elasticsearch-core-6.6.1.jar:/opt/elasticsearch/lib/lucene-core-7.6.0.jar:/opt/elasticsearch/modules/x-pack-core/x-pack-core-6.6.1.jar" LicenseVerifier.java
javac -cp "/opt/elasticsearch/lib/elasticsearch-6.6.1.jar:/opt/elasticsearch/lib/elasticsearch-core-6.6.1.jar:/opt/elasticsearch/lib/lucene-core-7.6.0.jar:/opt/elasticsearch/modules/x-pack-core/x-pack-core-6.6.1.jar" XPackBuild.java
[b]将两个新的class文件放入到x-pack-core-6.6.1.jar中[/b] shell
- x-pack-core-6.6.1.jar\org\elasticsearch\license\LicenseVerifier.class
- x-pack-core-6.6.1.jar\org\elasticsearch\xpack\core\XPackBuild.class
[b]替换旧的x-pack-core-6.6.1.jar[/b] shell
mv x-pack-core-6.6.1.jar /opt/elasticsearch/modules/x-pack-core/
[b]修改elastcsearch.yml,然后重启elk,否则上传不了证书[/b] shell
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: false
docker restart elk
[b]申请、修改、上传证书[/b] shell https://license.elastic.co/registration
主要修改:
证书类型修改为 "type":"platinum"
到期时间修改为 "expiry_date_in_millis":2524579200999
cat license.json
{"license":{"uid":"......","type":"platinum","issue_date_in_millis":1625097600000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"xxx xxx (xxx)","issuer":"Web Form","signature":"......","start_date_in_millis":1625097600000}}
访问:http://:5601/app/kibana#/management/elasticsearch/license_management/home.
点击:Upload license,然后将证书文件放入即可.
[b]开启ES的登录功能[/b] shell
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
docker restart elk
- 设置密码,根据提示输入Y,和密码,此例密码为:mA&m39jizV
/opt/elasticsearch/bin/elasticsearch-setup-passwords interactive
cat /opt/kibana/config/kibana.yml
i18n.locale: "zh-CN"
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "mA&m39jizV"
cat /opt/logstash/config/logstash.yml
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: mA&m39jizV
cat /etc/logstash/conf.d/02-beats-input.conf
cat /etc/logstash/conf.d/02-beats-input.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-beats.crt"
ssl_key => "/etc/pki/tls/private/logstash-beats.key"
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "ruizhi-log-%{+YYYY.MM.dd}"
user => "elastic"
password => "mA&m39jizV"
}
}
cat /etc/logstash/conf.d/30-output.conf
output {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "mA&m39jizV"
}
}
docker restart elk
[b]验证[/b] shell
访问kibana,输入用户名:elastic,密码:mA&m39jizV,登陆成功,可以看到当前许可版本和过期时间.
|