前言
Atlassian Confluence是Atlassian公司出品的專業的企業知識管理與協同軟件,可用於構建企業文庫等。
2021年8月26日Atlassian官方發布公告,披露了CVE-2021-26084 Atlassian Confluence 遠程代碼執行漏洞。
影響的版本:
Atlassian Confluence Server/Data Center < 6.13.23
Atlassian Confluence Server/Data Center < 7.4.11
Atlassian Confluence Server/Data Center < 7.11.6
Atlassian Confluence Server/Data Center < 7.12.5
Atlassian Confluence Server/Data Center < 7.13.0
安全的版本:
Atlassian Confluence Server/Data Center 6.13.23
Atlassian Confluence Server/Data Center 7.4.11
Atlassian Confluence Server/Data Center 7.11.6
Atlassian Confluence Server/Data Center 7.12.5
Atlassian Confluence Server/Data Center 7.13.0
本文的Confluence為6.13.23版本。
一、配置數據庫
1.1 部署MySQL
官網下載rpm包:https://downloads.mysql.com/archives/community/,下載如下rpm包。
下載並安裝MySQL:
[root@atlassian ~]# ll -h
total 190M
-rw-------. 1 root root 1.5K Dec 4 17:38 anaconda-ks.cfg
-rw-r--r-- 1 root root 24M Apr 3 2021 mysql-community-client-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 272K Apr 3 2021 mysql-community-common-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2.2M Mar 28 12:29 mysql-community-libs-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 2.1M Mar 28 12:29 mysql-community-libs-compat-5.7.17-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 162M Apr 3 2021 mysql-community-server-5.7.17-1.el7.x86_64.rpm
[root@atlassian ~]# yum install -y mysql-community-*
[root@atlassian ~]# systemctl start mysqld
[root@atlassian ~]# systemctl enable mysqld
MySQL數據庫從5.7的版本開始對密碼進行了嚴格的限制,要求所有用戶的密碼必須同時包括大小寫字母、數字和特殊字符。
在/etc/my.cnf文件中定義validate_password=off,關閉validate_password插件,然后重啟MySQL服務,即可取消限制。
MySQL隨機密碼:
[root@atlassian ~]# grep password /var/log/mysqld.log
2022-03-28T07:15:11.658594Z 1 [Note] A temporary password is generated for root@localhost: hd2wy*#qpfmQ
2022-03-28T07:22:45.420001Z 0 [Note] Shutting down plugin 'validate_password'
2022-03-28T07:22:46.654053Z 0 [Note] Shutting down plugin 'sha256_password'
2022-03-28T07:22:46.654062Z 0 [Note] Shutting down plugin 'mysql_native_password'
2022-03-28T07:23:34.702914Z 0 [Note] Shutting down plugin 'validate_password'
2022-03-28T07:23:36.538064Z 0 [Note] Shutting down plugin 'sha256_password'
2022-03-28T07:23:36.538070Z 0 [Note] Shutting down plugin 'mysql_native_password'
2022-03-28T07:23:37.603834Z 0 [Note] Plugin 'validate_password' is disabled.
MySQL安全配置:
[root@atlassian ~]# mysql_secure_installation
MySQL配置文件:
[root@atlassian ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
validate_password=off
symbolic-links=0
default-character-set=utf8
character-set-server=utf8
collation-server=utf8_bin
default-storage-engine=INNODB
max_allowed_packet=32M
sql_mode=NO_AUTO_VALUE_NO_ZERO
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
1.2 創建Confluence數據庫
[root@atlassian ~]# mysql -uroot -p
Enter password:
mysql> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
Query OK, 1 row affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceUser'@'localhost' IDENTIFIED BY 'Unlimax';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> EXIT
Bye
字符集也可以設置為utf8mb4,utf8mb4是utf8的超集,有更好的兼容性。
二、部署Confluence
2.1 獲取Confluence
官網下載Confluence v6.13.23的Linux版本,
下載MySQL驅動包,
https://cdn.mysql.com/archives/mysql-connector-java-5.1/mysql-connector-java-5.1.30.tar.gz
2.2 安裝Confluence
[root@atlassian ~]# chmod +x atlassian-confluence-6.13.23-x64.bin
[root@atlassian ~]# ll -h
total 618M
-rw-------. 1 root root 1.5K Dec 4 17:38 anaconda-ks.cfg
-rwxr-xr-x 1 root root 618M Mar 28 00:51 atlassian-confluence-6.13.23-x64.bin
-rw-r--r-- 1 root root 932K Mar 11 2014 mysql-connector-java-5.1.30-bin.jar
[root@atlassian ~]# ./atlassian-confluence-6.13.23-x64.bin
安裝時會提示安裝或升級、默認端口、默認路徑等選項,按需操作就可以了。
完成后,訪問localhost:8090,語言選擇中文。
若是生產使用,就踏踏實實地購買服務吧!
2.3 破解Confluence
下載破解包至windows或macos,https://files-cdn.cnblogs.com/files/blogs/719684/confluence_crack.zip
將atlassian-extras-decoder-v2-3.4.1.jar移出,並重命名為atlassian-extras-2.4.jar,下載至破解包目錄。
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# pwd
/opt/atlassian/confluence/confluence/WEB-INF/lib
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# mv atlassian-extras-decoder-v2-3.4.1.jar ~/atlassian-extras-2.4.jar
[root@atlassian /opt/atlassian/confluence/confluence/WEB-INF/lib]# sz ~/atlassian-extras-2.4.jar
執行破解程序,需要配置java環境,atlassian-extras-2.4.jar做為patch文件,
執行完后,破解包目錄中會生成新的atlassian-extras-2.4.jar文件,原文件自動備份。
將新生成的atlassian-extras-2.4.jar文件傳回服務器,改回原來的名字,放回原來的位置。
[root@atlassian ~]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring atlassian-extras-2.4.jar...
100% 6 KB 6 KB/sec 00:00:01 0 Errors
[root@atlassian ~]# mv atlassian-extras-2.4.jar atlassian-extras-decoder-v2-3.4.1.jar
[root@atlassian ~]# mv atlassian-extras-decoder-v2-3.4.1.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
上傳MySQL驅動jar包至/opt/atlassian/confluence/confluence/WEB-INF/lib/目錄,
[root@atlassian ~]# mv mysql-connector-java-5.1.30-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
重啟confluence服務,
[root@atlassian ~]# /opt/atlassian/confluence/bin/stop-confluence.sh
[root@atlassian ~]# /opt/atlassian/confluence/bin/start-confluence.sh
登錄Web頁面,localhost:8090,復制授權碼,
Confluence要求設置事務級別為READ-COMMITTED,
設置事務級別,
mysql> set global tx_isolation='READ-COMMITTED';
Query OK, 0 rows affected (0.00 sec)
測試連接成功,
選擇空白站點,
配置管理員賬戶,
至此,Confluence已經破解並運行成功了,之后就是你自己去熟悉這個項目了。