From de96f2a5d19fba0597c8c407abd5a85808aa31df Mon Sep 17 00:00:00 2001 From: Holger Date: Sun, 12 Dec 2021 00:06:18 +0800 Subject: [PATCH] Add warning for log4j CVE-2021-44228 (#905) --- content/en/admin/optional/elasticsearch.md | 4 ++++ content/zh-cn/admin/optional/elasticsearch.md | 3 +++ 2 files changed, 7 insertions(+) diff --git a/content/en/admin/optional/elasticsearch.md b/content/en/admin/optional/elasticsearch.md index 5f42755f..2802dd31 100644 --- a/content/en/admin/optional/elasticsearch.md +++ b/content/en/admin/optional/elasticsearch.md @@ -35,6 +35,10 @@ apt install elasticsearch **Security warning:** By default, ElasticSearch is supposed to bind to localhost only, i.e. be inaccessible from the outside network. You can check which address ElasticSearch binds to by looking at `network.host` within `/etc/elasticsearch/elasticsearch.yml`. Consider that anyone who can access ElasticSearch can access and modify any data within it, as there is no authentication layer. So it’s really important that the access is secured. Having a firewall that only exposes the 22, 80 and 443 ports is advisable, as outlined in the [main installation instructions](../../prerequisites/#install-a-firewall-and-only-whitelist-ssh-http-and-https-ports). If you have a multi-host setup, you must know how to secure internal traffic. {{< /hint >}} +{{< hint style="danger" >}} +**Security warning:** Due to the recently disclosed [exploit](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) found in `log4j` lib used by ElasticSearch, some versions of ES may be affected by this issue(Check if your ES instance used `log4j` version between `2.0` and `2.14.1`). If affcted, please refer to [this issue](https://github.com/elastic/elasticsearch/issues/81618#issuecomment-991000240) for a temporary mitigation. +{{< /hint >}} + To start ElasticSearch: ```bash diff --git a/content/zh-cn/admin/optional/elasticsearch.md b/content/zh-cn/admin/optional/elasticsearch.md index 72752581..140ec46c 100644 --- a/content/zh-cn/admin/optional/elasticsearch.md +++ b/content/zh-cn/admin/optional/elasticsearch.md @@ -34,6 +34,9 @@ apt install elasticsearch {{< hint style="warning" >}} **安全警告:** 默认情况下,ElasticSearch仅绑定于localhost,即无法从外部网络访问。你可以通过查看 `/etc/elasticsearch/elasticsearch.yml` 中的 `network.host` 来检查 ElasticSearch 绑定了哪些地址。考虑到由于缺乏认证层,任何能访问 ElasticSearch 的人都可以读取或修改里面的数据。因此,确保访问安全非常重要。如[主要安装说明](../../prerequisites/#install-a-firewall-and-only-whitelist-ssh-http-and-https-ports)中所述,防火墙建议仅暴露了22、80、443端口。如果你是一个多主机配置,你必须知道如何保证内部流量安全。 {{< /hint >}} +{{< hint style="danger" >}} +**安全警告:** 由于近期ElasticSearch所使用的`log4j`库被披露出[安全漏洞](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228),使用了旧版本`log4j`(`2.0`到`2.14.1`)的ES可能会受到影响。如果使用了这些版本的`log4j`,请参阅 [此 issue](https://github.com/elastic/elasticsearch/issues/81618#issuecomment-991000240) 来暂时缓解此问题。 +{{< /hint >}} 启动 ElasticSearch: