ELK集群存在 ZooKeeper 未授权访问【原理扫描】
10.xx.xx.115;
10.xx.xx.98;
10.xx.xx.110;
10.xx.xx.6;
10.xx.xx.95;
1、启动firewalld服务并设置开机自动启动,下面的命令必须在防火墙开启的状态下才可用,由于firewalld默认不是放行所有端口,所以启动firewalld会造成该机器的某些端口无法访问。
systemctl enable firewalld
systemctl start firewalld
2、更改防火墙默认区域为trusted,默认放行所有连接请求
firewall-cmd --set-default-zone=trusted
3.新建一个zone,将想要访问本机2181端口的ip,如:192.168.1.123 ,添加的这个zone中,同时在这个zone中放行2181端口。
firewall-cmd --permanent --new-zone=newzone
firewall-cmd --permanent --zone=newzone --add-rich-rule="rule family="ipv4" source address="10.xx.xx.110" port protocol="tcp" port="2181" accept"
firewall-cmd --permanent --zone=newzone --add-rich-rule="rule family="ipv4" source address="10.xx.xx.6" port protocol="tcp" port="2181" accept"
firewall-cmd --permanent --zone=newzone --add-rich-rule="rule family="ipv4" source address="10.xx.xx.95" port protocol="tcp" port="2181" accept"
firewall-cmd --permanent --zone=newzone --add-rich-rule="rule family="ipv4" source address="10.xx.xx.115" port protocol="tcp" port="2181" accept"
firewall-cmd --permanent --zone=newzone --add-rich-rule="rule family="ipv4" source address="10.xx.xx.98" port protocol="tcp" port="2181" accept"
4.除192.168.1.123这个ip以外的地址访问本机时会使用当前默认的trusted这个zone里的规则,即禁止访问本机的2181端口。
firewall-cmd --permanent --zone=trusted --add-rich-rule="rule family="ipv4" port protocol="tcp" port="2181" drop"
5.重启防火墙
systemctl restart firewalld
firewall-cmd --reload
6.登录ELK,检查能否正常访问,并能正常收到日志
有问题直接关防火墙
systemctl disable firewalld
systemctl stop firewalld
