ELK 6.2.2 版本下xpack破解
1、下載xpack
先下載最新版本的 x-pack,里面包含了 es,kibana,logstash 新版本的x-pack 下載地址:https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.2.zip
2、安裝xpack
之后到es目錄執行 # ./bin/elasticsearch-plugin install file:///soft/x-pack-6.2.2.zip 或者: # bin/elasticsearch-plugin install x-pack 安裝過程需要同意下協議 回車 輸入y 回車 會提示安裝成功
3、破解xpack
在windows環境下,解壓 x-pack-6.2.2.zip文件,進入x-pack-6.2.2\elasticsearch\core\找到文件x-pack-core-6.2.2.jar 找到兩個class文件,分別為 org.elasticsearch.license.LicenseVerifier.class org.elasticsearch.xpack.core.XPackBuild.class 反編譯出文件,保存為.java格式
4、修改class內容
1)修改 LicenseVerifier.java文件 LicenseVerifier 中有兩個靜態方法,這就是驗證授權文件是否有效的方法,我們把它修改為全部返回true. package org.elasticsearch.license; import java.nio.*; import java.util.*; import java.security.*; import org.elasticsearch.common.xcontent.*; import org.apache.lucene.util.*; import org.elasticsearch.common.io.*; import java.io.*; public class LicenseVerifier { #清空原來的代碼,粘貼 ####### public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) { return true; } public static boolean verifyLicense(final License license) { return true; } ####### } 2)修改XPackBuild.java文件 XPackBuild 中 最后一個靜態代碼塊中 try的部分全部刪除,這部分會驗證jar包是否被修改 package org.elasticsearch.xpack.core; import org.elasticsearch.common.io.*; import java.net.*; import org.elasticsearch.common.*; import java.nio.file.*; import java.io.*; import java.util.jar.*; public class XPackBuild { public static final XPackBuild CURRENT; private String shortHash; private String date; @SuppressForbidden(reason = "looks up path of xpack.jar directly") static Path getElasticsearchCodebase() { final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation(); try { return PathUtils.get(url.toURI()); } catch (URISyntaxException bogus) { throw new RuntimeException(bogus); } } XPackBuild(final String shortHash, final String date) { this.shortHash = shortHash; this.date = date; } public String shortHash() { return this.shortHash; } public String date() { return this.date; } static { final Path path = getElasticsearchCodebase(); String shortHash = null; String date = null; Label_0157: { shortHash = "Unknown"; date = "Unknown"; } CURRENT = new XPackBuild(shortHash, date); } }
5、重新編譯
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-6.2.2.jar:/usr/share/elasticsearch/lib/lucene-core-7.2.1.jar:/usr/share/elasticsearch/plugins/x-pack/x-pack-core/x-pack-core-6.2.2.jar:/usr/share/elasticsearch/lib/elasticsearch-core-6.2.2.jar" XPackBuild.java javac -cp "/usr/share/elasticsearch/lib/elasticsearch-6.2.2.jar:/usr/share/elasticsearch/lib/lucene-core-7.2.1.jar:/usr/share/elasticsearch/plugins/x-pack/x-pack-core/x-pack-core-6.2.2.jar" LicenseVerifier.java
6、重新壓縮x-pack-core-6.2.2.jar
使用壓縮軟件winrar打開x-pack-core-6.2.2.jar,將重新編譯得到的XPackBuild.class和LicenseVerifier.class文件 拖到原先位置。
7、替換破解后的文件
將文件上傳到 目錄/elasticsearch-6.2.2/plugins/x-pack/x-pack-core/下 替換原來的x-pack-core-6.2.2.jar文件
8、重置密碼 (可選)
初次安裝需要重置默認的帳號密碼 # ./bin/x-pack/setup-passwords interactive 這樣破解的x-pack就安裝好了
9、修改授權文件
{ "license": { "uid": "aa", "type": "platinum", #修改授權 "issue_date_in_millis": 1519689600000, "expiry_date_in_millis": 2524579200999, #修改到期時間 "max_nodes": 1000, #按需要修改 "issued_to": "aa", "issuer": "Web Form", "signature": "AAAAAwAAAA019", "start_date_in_millis": 1519689600000 } }
#我們將過期時間寫到2050年,type改為platinum 白金版,這樣我們就會擁有全部的x-pack功能
10、導入授權文件
curl -u elastic:IjJ2Em8ZKybhvAPoI1iZ -XPUT 'http://192.168.23.35:9200/_xpack/license' -H "Content-Type: application/json" -d @/soft/license.json #注意:集群中的每台 Elasticsearch 都是需要安裝授權,同時記得文件前面的 @ 符號