前言
Atlassian Confluence是Atlassian公司出品的专业的企业知识管理与协同软件,可用于构建企业文库等。
2021年8月26日Atlassian官方发布公告,披露了CVE-2021-26084 Atlassian Confluence 远程代码执行漏洞。
影响的版本:
Atlassian Confluence Server/Data Center < 6.13.23
Atlassian Confluence Server/Data Center < 7.4.11
Atlassian Confluence Server/Data Center < 7.11.6
Atlassian Confluence Server/Data Center < 7.12.5
Atlassian Confluence Server/Data Center < 7.13.0
安全的版本:
Atlassian Confluence Server/Data Center 6.13.23
Atlassian Confluence Server/Data Center 7.4.11
Atlassian Confluence Server/Data Center 7.11.6
Atlassian Confluence Server/Data Center 7.12.5
Atlassian Confluence Server/Data Center 7.13.0
本文的Confluence为6.13.23版本。
一、配置数据库
1.1 部署MySQL
官网下载rpm包:https://downloads.mysql.com/archives/community/,下载如下rpm包。
下载并安装MySQL:
[root@atlassian ~]# ll -h
total 190M
-rw-------. 1 root root 1.5K Dec 4 17:38 anaconda-ks.cfg
-rw-r--r-- 1 root root 24M Apr 3 2021 mysql-community-client-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 272K Apr 3 2021 mysql-community-common-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2.2M Mar 28 12:29 mysql-community-libs-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2.1M Mar 28 12:29 mysql-community-libs-compat-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 162M Apr 3 2021 mysql-community-server-5.7.17-1.el7.x86_64.rpm
[root@atlassian ~]# yum install -y mysql-community-*
[root@atlassian ~]# systemctl start mysqld
[root@atlassian ~]# systemctl enable mysqld
MySQL数据库从5.7的版本开始对密码进行了严格的限制,要求所有用户的密码必须同时包括大小写字母、数字和特殊字符。
在/etc/my.cnf文件中定义validate_password=off,关闭validate_password插件,然后重启MySQL服务,即可取消限制。
MySQL随机密码:
[root@atlassian ~]# grep password /var/log/mysqld.log
2022-03-28T07:15:11.658594Z 1 [Note] A temporary password is generated for root@localhost: hd2wy*#qpfmQ
2022-03-28T07:22:45.420001Z 0 [Note] Shutting down plugin 'validate_password'
2022-03-28T07:22:46.654053Z 0 [Note] Shutting down plugin 'sha256_password'
2022-03-28T07:22:46.654062Z 0 [Note] Shutting down plugin 'mysql_native_password'
2022-03-28T07:23:34.702914Z 0 [Note] Shutting down plugin 'validate_password'
2022-03-28T07:23:36.538064Z 0 [Note] Shutting down plugin 'sha256_password'
2022-03-28T07:23:36.538070Z 0 [Note] Shutting down plugin 'mysql_native_password'
2022-03-28T07:23:37.603834Z 0 [Note] Plugin 'validate_password' is disabled.
MySQL安全配置:
[root@atlassian ~]# mysql_secure_installation
MySQL配置文件:
[root@atlassian ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
validate_password=off
symbolic-links=0
default-character-set=utf8
character-set-server=utf8
collation-server=utf8_bin
default-storage-engine=INNODB
max_allowed_packet=32M
sql_mode=NO_AUTO_VALUE_NO_ZERO
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
1.2 创建Confluence数据库
[root@atlassian ~]# mysql -uroot -p
Enter password:
mysql> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 1 row affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceUser'@'localhost' IDENTIFIED BY 'Unlimax';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> EXIT
Bye
字符集也可以设置为utf8mb4,utf8mb4是utf8的超集,有更好的兼容性。
二、部署Confluence
2.1 获取Confluence
官网下载Confluence v6.13.23的Linux版本,
下载MySQL驱动包,
https://cdn.mysql.com/archives/mysql-connector-java-5.1/mysql-connector-java-5.1.30.tar.gz
2.2 安装Confluence
[root@atlassian ~]# chmod +x atlassian-confluence-6.13.23-x64.bin
[root@atlassian ~]# ll -h
total 618M
-rw-------. 1 root root 1.5K Dec 4 17:38 anaconda-ks.cfg
-rwxr-xr-x 1 root root 618M Mar 28 00:51 atlassian-confluence-6.13.23-x64.bin
-rw-r--r-- 1 root root 932K Mar 11 2014 mysql-connector-java-5.1.30-bin.jar
[root@atlassian ~]# ./atlassian-confluence-6.13.23-x64.bin
安装时会提示安装或升级、默认端口、默认路径等选项,按需操作就可以了。
完成后,访问localhost:8090,语言选择中文。
若是生产使用,就踏踏实实地购买服务吧!
2.3 破解Confluence
下载破解包至windows或macos,https://files-cdn.cnblogs.com/files/blogs/719684/confluence_crack.zip
将atlassian-extras-decoder-v2-3.4.1.jar移出,并重命名为atlassian-extras-2.4.jar,下载至破解包目录。
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# pwd
/opt/atlassian/confluence/confluence/WEB-INF/lib
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# mv atlassian-extras-decoder-v2-3.4.1.jar ~/atlassian-extras-2.4.jar
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# sz ~/atlassian-extras-2.4.jar
执行破解程序,需要配置java环境,atlassian-extras-2.4.jar做为patch文件,
执行完后,破解包目录中会生成新的atlassian-extras-2.4.jar文件,原文件自动备份。
将新生成的atlassian-extras-2.4.jar文件传回服务器,改回原来的名字,放回原来的位置。
[root@atlassian ~]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring atlassian-extras-2.4.jar...
100% 6 KB 6 KB/sec 00:00:01 0 Errors
[root@atlassian ~]# mv atlassian-extras-2.4.jar atlassian-extras-decoder-v2-3.4.1.jar
[root@atlassian ~]# mv atlassian-extras-decoder-v2-3.4.1.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
上传MySQL驱动jar包至/opt/atlassian/confluence/confluence/WEB-INF/lib/目录,
[root@atlassian ~]# mv mysql-connector-java-5.1.30-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
重启confluence服务,
[root@atlassian ~]# /opt/atlassian/confluence/bin/stop-confluence.sh
[root@atlassian ~]# /opt/atlassian/confluence/bin/start-confluence.sh
登录Web页面,localhost:8090,复制授权码,
Confluence要求设置事务级别为READ-COMMITTED,
设置事务级别,
mysql> set global tx_isolation='READ-COMMITTED';
Query OK, 0 rows affected (0.00 sec)
测试连接成功,
选择空白站点,
配置管理员账户,
至此,Confluence已经破解并运行成功了,之后就是你自己去熟悉这个项目了。