Question: confluence vulnerability exposed to the public network, change the system password to be used by hackers to mention the right, CUP100% after hanging horse, you can not enter the system. And reboot the system will be removed once the system services, reboot failure (system CentOS7.2)
Remedy: Install the latest version of the confluence
Download the latest confluence address: https: //www.atlassian.com/software/confluence/download (the latest version is 6.15.4)
Preparation and installation tips:
prompt:
1, the latest version of incompatible confluence6.15.4 Ali cloud platform CentOS system, there is no problem in front of the installation, when the last one to create an administrator on the system reported error (Ali cloud platform have tried many versions of CentOS system, the giant pit must pay attention)
2. Do not install CentOS comes with OpenJDK
installation steps:
Preparation: Yin Ali cloud platform CentOS systems are not compatible, and ultimately build a CentOS own environment (CentOS7.2, you can minimize installation)
1, the installation JDK
将jdk-8u131-linux-x64.rpm下载到/opt目录下
下载地址:https://pan.baidu.com/s/1pLaAjPp
提取密码:x27s
Run: rpm -ivh jdk-8u131-linux-x64.rpm
vim /etc/profile
Add to:
JAVA_HOME=
/usr/java/jdk1
.8.0_131
JAVA_BIN=
/usr/java/jdk1
.8.0_131
/bin
PATH=
/usr/local/sbin
:
/usr/local/bin
:
/usr/sbin
:
/usr/bin
:
/root/bin
:
/bin
:
/sbin/
CLASSPATH=.:
/lib/dt
.jar:
/lib/tools
.jar
export
JAVA_HOME JAVA_BIN PATH CLASSPATH
运行:java version
出现如下表示安装成功
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
2, the installation environment mysql (here is under MariaDB centos7)
yum -y install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
接下来进行MariaDB的相关简单配置,设置密码,会提示先输入密码,然后都确认即可
mysql_secure_installation
/etc/my
.cnf
[mysqld] ... character-set-server=utf8 collation-server=utf8_bintransaction-isolation=READ-COMMITTE
...
增加数据库并给予权限:
CREATE DATABASE <database-name> CHARACTER SET utf8 COLLATE utf8_bin;
GRANT ALL PRIVILEGES ON <database-name>.* TO '<confluenceuser>'@'localhost' IDENTIFIED BY '<password>';SET GLOBAL tx_isolation = 'READ-COMMITTED '; to
3、安装confluence
1、将下载的atlassian-confluence-6.15.4-x64.bin拷贝到/opt目录下,chmod +x 使其拥有被执行权限,并运行
安装提示进行安装即可;
2、安装完成后打开http://localhost:8090进行配置即可
注意点:
1、选择自行数据库的时候如果使用的是mysql,需要将驱动文件:mysql-connector-java-5.1.31-bin.jar这个文件导入到/opt/atlassian/confluence/confluence/WEB-INF/lib/下,并重启confluence,然后继续访问8090端口进行完成配置即可
驱动文件下载按提示地址跳转过去下载即可
2、如果连接数据库测试时候发现隔离错误表示上面配置文件中的最后一句没有生效,进入mysql使用:
4, moved to the cloud by Ali aliyun this migration system (refer to the specific operation method can help aliyun)
5、其他问题汇总补充:
1, turn off the firewall selinux
the setenforce 0
Vim / etc / sysconfig / selinux
the SELINUX to SELINUX = disabled = enforcing
systemctl stop firewalld
systemctl disable firewalld
2, change the mysql password:
In [mysqld] Add any line behind the "skip-grant-tables" to skip the Password Authentication
MySQL use;
Update the User the SET password = password ( "your new password") where user = "root" ;
2, confluence if you use the cracked version of the proposal should not be exposed to the public network