0


CDH 端口未授权访问:hdfs-50070, yarn-8088, jetty漏洞修复

文章目录

0,Cloudera 管理页面相关debug端口

  • CDH 管理页面相关端口: Cloudera Management Service 配置 --> 相关debug端口:8087,8084,8091,8086)在这里插入图片描述

1,Hadoop端口未授权访问

#配置修改:搜索auth
hadoop.security.authorization   ==>true(勾选)
hadoop.http.authentication.type ==> simple  

#配置修改:搜索core-site.xml,选择【core-site.xml 的群集范围高级配置代码段(安全阀)】,添加如下配置
hadoop.http.filter.initializers   ==> org.apache.hadoop.security.AuthenticationFilterInitializer
hadoop.http.authentication.simple.anonymous.allowed  ==>false#设置--仅某用户可访问(可选): /opt/cloudera/hadoop-http-auth-signature-secret   ==> /opt/cloudera/hadoop-http-auth-signature-secret# [root@c73 ~]# cat /opt/cloudera/hadoop-http-auth-signature-secret# hdfsadmin

访问hadoop web页面

  • hdfs-50070 (正确访问方式:http://ip:50070?user.name=hdfs)在这里插入图片描述
  • yarn-8088 (正确访问方式:http://ip:8088/cluster?user.name=hdfs)在这里插入图片描述

2,检测Jetty版本漏洞

  • CVE-2019-10247:Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older
  • CVE-2022-2048: Jetty 9.4.46及之前版本、10.0.9 及之前版本、11.0.9及之前版本
  • CVE-2017-7657: Jetty versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x

临时修复办法:直接修改jetty版本号

[root@c73 ~]# ls  /opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty*  |awk '{print "vim ",$0}' > /tmp/1.sh[root@c73 ~]# cat /tmp/1.shvim  /opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty-6.1.26.jar
vim  /opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty-annotations-9.3.25.v20180904.jar
vim  /opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty-client-9.3.25.v20180904.jar
...
vim  /opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty-xml-9.3.25.v20180904.jar
[root@c73 ~]# sh /tmp/1.sh
Manifest-Version: 1.0
Created-By: Apache Maven Bundle Plugin
Built-By: jesse
Build-Jdk: 9.0.4
Implementation-Vendor: Eclipse.org - Jetty
Implementation-Version: 9.4.49.v20220914
url: http://www.eclipse.org/jetty
Bnd-LastModified: 1536096335442
Bundle-Classpath: .
Bundle-Copyright: Copyright (c)2008-2017 Mort Bay Consulting Pty. Ltd
 ....
/opt/cloudera/parcels/CDH-6.3.2-1.cdh6.3.2.p0.1605554/jars/jetty-annotations-9.3.25.v20180904.jar [RO]5,13%

:%s @[email protected]@g
标签: hdfs jetty hadoop

本文转载自: https://blog.csdn.net/eyeofeagle/article/details/127173021
版权归原作者 根哥的博客 所有, 如有侵权,请联系我们删除。

“CDH 端口未授权访问:hdfs-50070, yarn-8088, jetty漏洞修复”的评论:

还没有评论