Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Elastic to latest 7.16 due to log4shell #217

Closed
8 of 9 tasks
fastlorenzo opened this issue Dec 17, 2021 · 8 comments
Closed
8 of 9 tasks

Upgrade Elastic to latest 7.16 due to log4shell #217

fastlorenzo opened this issue Dec 17, 2021 · 8 comments
Assignees
@fastlorenzo @MarcOverIP
Labels
elkserver Related to RedELK server components enhancement New feature or request

Comments

@fastlorenzo
Copy link
Collaborator

fastlorenzo commented Dec 17, 2021
edited by MarcOverIP
Loading

In order to mitigate potential impact from Log4shell, Elastic packages needs to be upgraded to version 7.16.1.
This will also bring several fixes and performance improvements, as well as better support for ECS format.

More information: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Bumped the following to version 7.16.1:

  • filebeat on redirs
  • filebeat on c2servers
  • elkserver/elasticsearch
  • elkserver/kibana
  • elkserver/logstash

Things left to do or research:

  • Check if neo4j docker image should be updated It's at 4.2 atm. Vendor info: https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856/2 - Couldnt hurt to update to 4.4 anyway.
  • Check if Kibana app in elkserver/kibana should be updated. It makes use of an explicit version 7.10 atm.
  • Check if jupyter/scipy-notebook docker image is vulnerable. It is using docker image version 4a112c0f11eb atm. Couldn't hurt to update to latest anyway.
  • Overall testing
@fastlorenzo fastlorenzo added elkserver Related to RedELK server components enhancement New feature or request labels Dec 17, 2021
@MarcOverIP
Copy link
Member

Working on this in branch #stack-version-upgrade

Bumped the following to version 7.16.1:

  • filebeat on redirs
  • filebeat on c2servers
  • elkserver/elasticsearch
  • elkserver/kibana
  • elkserver/logstash

Things left to do or research:

  • Check if neo4j docker image should be updated It's at 4.2 atm. Vendor info: https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856/2 - Couldnt hurt to update to 4.4 anyway.
  • Check if Kibana app in elkserver/kibana should be updated. It makes use of an explicit version 7.10 atm.
  • Check if jupyter/scipy-notebook docker image is vulnerable. It is using docker image version 4a112c0f11eb atm. Couldn't hurt to update to latest anyway.
  • Overall testing

@fastlorenzo fastlorenzo changed the title Upgrade Elastic to 7.16.1 Upgrade Elastic to 7.16.2 Dec 20, 2021
@fastlorenzo
Copy link
Collaborator Author

Update to 7.16.2

fastlorenzo pushed a commit to fastlorenzo/RedELK that referenced this issue Dec 20, 2021
@MarcOverIP @fastlorenzo
Bump Elastic to 7.16.2 to fix outflanknl#217
8edf8e4 
Signed-off-by: fastlorenzo <[email protected]>
fastlorenzo added a commit to fastlorenzo/RedELK that referenced this issue Dec 20, 2021
@fastlorenzo
Bump Elastic to 7.16.2 to fix outflanknl#217
40d8a37 
Signed-off-by: fastlorenzo <[email protected]>
@MarcOverIP
Copy link
Member

Update on neo4j image:
According to https://neo4j.com/security/log4j/ we should update. We are running 4.2, which is vulnerable. We should update to:

  • 4.2.13 - preferred as within same minor version
  • 4.3.9
  • 4.4.2

Done in commit # 281621b

@MarcOverIP
Copy link
Member

MarcOverIP commented Dec 21, 2021
edited
Loading

Jupyter says they are not using Log4j in their core product. However, some plugins such as spark do use Log4j. Source: https://twitter.com/ProjectJupyter/status/1471034970386878466

I propose we update to latest docker image anyway. Done in commit # 71131c7

@MarcOverIP
Copy link
Member

MarcOverIP commented Dec 24, 2021
edited
Loading

Did full testing of new deployment with a haproxy redir and cs teamserver. Seems te work perfectly!

There is one issue with the Kibana app: because it is not installed atm, yet Kibana's default entry path is /app/redelk/, you need to manually browse to a path that does exist. For example, browse to $RedELKURL/app/discover/ and you are good to go.

So, all that is left to do is update the Kibana app. This is all you @fastlorenzo

@fastlorenzo
Copy link
Collaborator Author

Thanks @MarcOverIP, I'll check this out early next week

@MarcOverIP MarcOverIP changed the title Upgrade Elastic to 7.16.2 Upgrade Elastic to 7.16.3 Jan 14, 2022
@MarcOverIP MarcOverIP changed the title Upgrade Elastic to 7.16.3 Upgrade Elastic to latest 7.16 due to log4shell Jan 14, 2022
@MarcOverIP
Copy link
Member

MarcOverIP commented Jan 14, 2022
edited
Loading

Newer ES version 7.16.3 is out. Ill move the stack to that version as it contains an upgrade to log4j 2.17.1

@MarcOverIP
Copy link
Member

Can't wait any longer on new release. Closing this issue. Creating new issue to cover only the Kibana app issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fastlorenzo fastlorenzo

@MarcOverIP MarcOverIP

Labels
elkserver Related to RedELK server components enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fastlorenzo @MarcOverIP