CDH平台:ZooKeeper 未授权访问【原理扫描】漏洞修复

修复过程

cd /opt/cloudera/parcels/CDH/bin
./zookeeper-client -server 127.0.0.1:2181
[zk: 127.0.0.1:2181(CONNECTED) 1] getAcl /
'world,'anyone
: cdrwa
[zk: 127.0.0.1:2181(CONNECTED) 2] get /

cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x50004a798
cversion = 1388398
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 0
numChildren = 2
[zk: 127.0.0.1:2181(CONNECTED) 3] ls /
[hive_zookeeper_namespace_hive, zookeeper]
[zk: 127.0.0.1:2181(CONNECTED) 4] setAcl / ip:192.168.70.86:cdrwa,ip:192.168.70.87:cdrwa,ip:192.168.70.88:cdrwa,ip:127.0.0.1:cdrwa
 does not have the form scheme:id:perm
cZxid = 0x0
ctime = Thu Jan 01 08:00:00 CST 1970
mZxid = 0x0
mtime = Thu Jan 01 08:00:00 CST 1970
pZxid = 0x50004a7a8
cversion = 1388400
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 0
numChildren = 2
[zk: 127.0.0.1:2181(CONNECTED) 6] ls /
[hive_zookeeper_namespace_hive, zookeeper, cloudera_manager_zookeeper_canary]
[zk: 127.0.0.1:2181(CONNECTED) 7] getAcl /
'ip,'192.168.70.86
: cdrwa
'ip,'192.168.70.87
: cdrwa
'ip,'192.168.70.88
: cdrwa
'ip,'127.0.0.1
: cdrwa

[zk: 127.0.0.1:2181(CONNECTED) 9] ls /
[hive_zookeeper_namespace_hive, zookeeper]
[zk: 127.0.0.1:2181(CONNECTED) 10]
posted @ 2021-08-21 11:00  bugbeta  阅读(1751)  评论(0编辑  收藏  举报