6、MVEL漏洞

build.sh

#!/bin/bash
# 构建镜像
imageName=mveldemo
version=v1.0
level=i
echo "imageName: $imageName"
echo "=========开始构建Dockerfile==========="
docker build -f Dockerfile -t $imageName:$version .
echo "=========构建完成Dockerfile==========="

echo "=========开始 tag Dockerfile==========="
docker tag $imageName:$version seccraft.hub.com/quality_and_operations/$imageName\_$level:$version  
echo "=========结束 tag Dockerfile==========="

echo "=========开始 推送镜像到仓库==========="
docker push seccraft.hub.com/quality_and_operations/$imageName\_$level:$version
echo "=========结束 推送镜像到仓库==========="

docker-compose

version: '3'
services:
  # web服务只要暴露端口即可
  target_machine:
    image: seccraft.hub.com/quality_and_operations/mveldemo_i:v1.0
    stdin_open: true
    restart: always
    container_name: mveldemo
    ports:
      - "9300:9300"
    deploy:
      resources:
        limits:
          memory: 500M

docker-entrypoint.sh

#!/bin/bash

set -e

# Add elasticsearch as command if needed
if [ "${1:0:1}" = '-' ]; then
    set -- elasticsearch "$@"
fi

# As argument is not related to elasticsearch,
# then assume that user wants to run his own process,
# for example a `bash` shell to explore this image
exec "$@"

Dockerfile

FROM openjdk:8-jdk-alpine

RUN rm -rf /usr/share/elasticsearch
RUN mkdir -p /usr/share/elasticsearch
COPY logging.yml ./config/logging.yml
COPY docker-entrypoint.sh /
COPY elasticsearch-1.1.1.tar.gz /usr/share/elasticsearch
RUN tar -zxvf /usr/share/elasticsearch/elasticsearch-1.1.1.tar.gz \
     --strip-components 1 -C /usr/share/elasticsearch
RUN set -ex \
    && chmod +x /docker-entrypoint.sh

ENV PATH /usr/share/elasticsearch/bin:$PATH
WORKDIR /usr/share/elasticsearch
EXPOSE 9300

ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["elasticsearch"]

logging.yml

# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console
logger:
  # log action execution errors for easier debugging
  action: DEBUG
  # reduce the logging for aws, too much is logged under the default INFO
  com.amazonaws: WARN

appender:
  console:
    type: console
    layout:
      type: consolePattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

下载elasticsearch

https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.1.1.tar.gz

posted @ 2024-07-28 15:07  Adom_ye  阅读(1)  评论(0编辑  收藏  举报