page contents

zookeeper未授权漏洞

  • 时间:1年前
  • 浏览:1627次

[APPuser@xxx bin]$ ./zkCli.sh -server 120.xx.xx.221:2181

Connecting to 120.xx.xx.221:2181

2018-05-03 14:33:17,463 [myid:] - INFO  [main:Environment@100] - Client environment:zookeeper.version=3.4.5-1392090, built on 09/30/2012 17:52 GMT

2018-05-03 14:33:17,467 [myid:] - INFO  [main:Environment@100] - Client environment:host.name=iZ23xuh7nv7Z

2018-05-03 14:33:17,468 [myid:] - INFO  [main:Environment@100] - Client environment:java.version=……

2018-05-03 14:33:17,468 [myid:] - INFO  [main:Environment@100] - Client environment:java.vendor=Sun Microsystems Inc.

2018-05-03 14:33:17,469 [myid:] - INFO  [main:Environment@100] - Client environment:java.home=……

2018-05-03 14:33:17,469 [myid:] - INFO  [main:Environment@100] - Client environment:java.class.path=……

2018-05-03 14:33:17,470 [myid:] - INFO  [main:Environment@100] - Client environment:java.library.path=……

2018-05-03 14:33:17,470 [myid:] - INFO  [main:Environment@100] - Client environment:java.io.tmpdir=/tmp

2018-05-03 14:33:17,471 [myid:] - INFO  [main:Environment@100] - Client environment:java.compiler=<NA>

2018-05-03 14:33:17,471 [myid:] - INFO  [main:Environment@100] - Client environment:os.name=linux

2018-05-03 14:33:17,471 [myid:] - INFO  [main:Environment@100] - Client environment:os.arch=amd64

2018-05-03 14:33:17,472 [myid:] - INFO  [main:Environment@100] - Client environment:os.version=2.6.18-164.el5

2018-05-03 14:33:17,472 [myid:] - INFO  [main:Environment@100] - Client environment:user.name=appuser

2018-05-03 14:33:17,473 [myid:] - INFO  [main:Environment@100] - Client environment:user.home=……/jboss/server

2018-05-03 14:33:17,473 [myid:] - INFO  [main:Environment@100] - Client environment:user.dir=……/zookeeper-3.4.5/bin

2018-05-03 14:33:17,475 [myid:] - INFO  [main:ZooKeeper@438] - Initiating client connection, connectString=120.xx.xx.221:2181 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@4d61f10f

Welcome to ZooKeeper!

2018-05-03 14:33:17,515 [myid:] - INFO  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@966] - Opening socket connection to server 120.xx.xx.221/120..xx.xx..221:2181. Will Not attempt to authenticate using SASL (无法定位登录配置)

JLine support is enabled

2018-05-03 14:33:17,522 [myid:] - INFO  [main-SendThread(120..xx.xx.221:2181):ClientCnxn$SendThread@849] - Socket connection established to 120.xx.xx.221/120.xx.xx.221:2181, initiating session

2018-05-03 14:33:17,532 [myid:] - INFO  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@1207] - Session establishment complete on server 120.xx.xx.221/120.xx.xx.221:2181, sessionid = 0x162a3ccb96b00f0, negotiated timeout = 30000


WATCHER::


Watchedevent state:SYNcConnected type:None path:null

[zk: 120.xx.xx.221:2181(CONNECTED) 0] 

[zk: 120.xx.xx.221:2181(CONNECTED) 0] help

ZooKeeper -server host:port cmd args

connect host:port

get path [watch]

ls path [watch]

set path data [version]

rmr path

delquota [-n|-b] path

quit 

printwatches on|off

create [-s] [-e] path data acl

stat path [watch]

close 

ls2 path [watch]

history 

listquota path

setAcl path acl

getAcl path

sync path

redo cmdno

addauth scheme auth

delete path [version]

setquota -n|-b val path

[zk: 120.27.192.221:2181(CONNECTED) 1] 


iptables -A INPUT -p TCP -s 0.0.0.0/0 --dport 2181 -j REJECT


[appuser@xxx bin]$ ./zkCli.sh -server 120.xx.xx.221:2181

Connecting to 120.xx.xx.221:2181

2018-05-03 14:36:07,432 [myid:] - INFO  [main:Environment@100] - Client environment:zookeeper.version=3.4.5-1392090, built on 09/30/2012 17:52 GMT

2018-05-03 14:36:07,436 [myid:] - INFO  [main:Environment@100] - Client environment:host.name=xxx

2018-05-03 14:36:07,437 [myid:] - INFO  [main:Environment@100] - Client environment:java.version=1.6.0_29

2018-05-03 14:36:07,437 [myid:] - INFO  [main:Environment@100] - Client environment:java.vendor=Sun Microsystems Inc.

2018-05-03 14:36:07,437 [myid:] - INFO  [main:Environment@100] - Client environment:java.home=……

2018-05-03 14:36:07,438 [myid:] - INFO  [main:Environment@100] - Client environment:java.class.path=……

2018-05-03 14:36:07,438 [myid:] - INFO  [main:Environment@100] - Client environment:java.library.path=……

2018-05-03 14:36:07,439 [myid:] - INFO  [main:Environment@100] - Client environment:java.io.tmpdir=/tmp

2018-05-03 14:36:07,439 [myid:] - INFO  [main:Environment@100] - Client environment:java.compiler=<NA>

2018-05-03 14:36:07,440 [myid:] - INFO  [main:Environment@100] - Client environment:os.name=Linux

2018-05-03 14:36:07,440 [myid:] - INFO  [main:Environment@100] - Client environment:os.arch=amd64

2018-05-03 14:36:07,440 [myid:] - INFO  [main:Environment@100] - Client environment:os.version=2.6.18-164.el5

2018-05-03 14:36:07,441 [myid:] - INFO  [main:Environment@100] - Client environment:user.name=appuser

2018-05-03 14:36:07,441 [myid:] - INFO  [main:Environment@100] - Client environment:user.home=……

2018-05-03 14:36:07,442 [myid:] - INFO  [main:Environment@100] - Client environment:user.dir=……

2018-05-03 14:36:07,444 [myid:] - INFO  [main:ZooKeeper@438] - Initiating client connection, connectString=120.xx.xx.221:2181 sessionTimeout=30000 watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@59193779

Welcome to ZooKeeper!

2018-05-03 14:36:07,481 [myid:] - INFO  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@966] - Opening socket connection to server 120.xx.xx.221/120.xx.xx.221:2181. Will not attempt to authenticate using SASL (无法定位登录配置)

JLine support is enabled

2018-05-03 14:36:07,489 [myid:] - WARN  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@1089] - Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect

java.net.Connectexception: Connection refused

at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)

at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:567)

at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:350)

at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1068)

[zk: 120.xx.xx.221:2181(CONNECTING) 0] 2018-05-03 14:36:08,597 [myid:] - INFO  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@966] - Opening socket connection to server 120.xx.xx.221/120.xx.xx.221:2181. Will not attempt to authenticate using SASL (无法定位登录配置)

2018-05-03 14:36:08,599 [myid:] - WARN  [main-SendThread(120.xx.xx.221:2181):ClientCnxn$SendThread@1089] - Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect

会一直输出连接被拒绝的日志,s防火墙先全部拒绝,再有选择的放开,注意顺序,这里自下而上的起作用

iptables -A INPUT -p TCP -s 0.0.0.0/0 --dport 2181 -j REJECT

iptables -A INPUT -p TCP -s ip --dport 2181 -j ACCEPT

iptables -A INPUT -p TCP -s ip  --dport 2181 -j ACCEPT

iptables -A INPUT -p TCP -s ip  --dport 2181 -j ACCEPT


zookeeper未授权漏洞 安全

留言反馈

Copyright ©刘相涛 powered by zblog 加入我们| 网站地图| 业务合作
歌曲 - 歌手
0:00