ELK 7.16.1 fixes log4j vulns.

2025-04-20 06:02:24 +00:00 · 2021-12-13 15:59:48 +00:00 · 2021-12-13 15:59:48 +00:00 · a98b447556
commit a98b447556
parent b4c1805551
4 changed files with 8 additions and 12 deletions
--- a/docker/elk/elasticsearch/Dockerfile
+++ b/docker/elk/elasticsearch/Dockerfile
@ -1,7 +1,7 @@
 FROM alpine:3.14
 #
 # VARS
-ENV ES_VER=7.15.1 \
+ENV ES_VER=7.16.1 \
    ES_JAVA_HOME=/usr/lib/jvm/java-16-openjdk

 # Include dist
@ -47,5 +47,4 @@ HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:9200/_cat/health'
 #
 # Start ELK
 USER elasticsearch:elasticsearch
-#CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
-CMD export ES_JAVA_OPTS="$ES_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" && exec "/usr/share/elasticsearch/bin/elasticsearch"
+CMD ["/usr/share/elasticsearch/bin/elasticsearch"]
--- a/docker/elk/kibana/Dockerfile
+++ b/docker/elk/kibana/Dockerfile
@ -1,7 +1,7 @@
-FROM node:14.17.6-alpine3.14
+FROM node:16.13.0-alpine3.14
 #
 # VARS
-ENV KB_VER=7.15.1
+ENV KB_VER=7.16.1
 # 
 # Include dist
 ADD dist/ /root/dist/
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -1,7 +1,7 @@
 FROM alpine:3.14
 #
 # VARS
-ENV LS_VER=7.15.1
+ENV LS_VER=7.16.1
 # Include dist
 ADD dist/ /root/dist/
 #
@ -14,8 +14,7 @@ RUN apk -U --no-cache add \
 	     curl \
             libc6-compat \
             libzmq \
-             nss \
-             zip && \
+             nss && \
    apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community openjdk16-jre && \
 #
 # Get and install packages
@ -36,8 +35,6 @@ RUN apk -U --no-cache add \
    /usr/share/logstash/bin/logstash-plugin install logstash-output-gelf && \
    /usr/share/logstash/bin/logstash-plugin install logstash-output-http && \
    /usr/share/logstash/bin/logstash-plugin install logstash-output-syslog && \
-    # Remove log4j (https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476)
-    zip -d /usr/share/logstash/logstash-core/lib/jars/log4j-core-2.* org/apache/logging/log4j/core/lookup/JndiLookup.class && \
 #
 # Add and move files
    cd /root/dist/ && \
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@ -649,12 +649,12 @@ if "_jsonparsefailure" in [tags] { drop {} }
    geoip {
      cache_size => 10000
      source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-City.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-City.mmdb"
    }
    geoip {
      cache_size => 10000
      source => "src_ip"
-      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.3-java/vendor/GeoLite2-ASN.mmdb"
+      database => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-7.2.6-java/vendor/GeoLite2-ASN.mmdb"
    }
    translate {
      refresh_interval => 86400