-
增加native 方法hook;
-
插桩模块和算法模块拆分,降低字节码转换频率;
-
linux 系统一键运行
第一步:安装jrasp (复制下面的命令在终端运行)
## 安装包下载
wget https://jrasp-daemon-1254321150.cos.ap-shanghai.myqcloud.com/2022-04-04/v1.0.4/jrasp-1.0.4.tar.gz
tar -xvf jrasp-1.0.4.tar.gz -C /usr/local/
## 配置守护进程
cat << EOF > /usr/lib/systemd/system/jrasp-daemon.service
[Unit]
Description=jrasp-daemon service
[Service]
Type=simple
WorkingDirectory=/usr/local/jrasp/bin
ExecStart=/usr/local/jrasp/bin/startup.sh
ExecStop=/usr/local/jrasp/bin/shutdown.sh
Restart=always
[Install]
WantedBy=multi-user.target
EOF
## 设置开机启动与自动拉起
systemctl daemon-reload;
systemctl enable jrasp-daemon.service;
systemctl stop jrasp-daemon.service;
systemctl start jrasp-daemon.service;
systemctl status jrasp-daemon.service;
第二步:安装filebeat (复制下面的命令在终端运行)
## 日志目录
logDir=/usr/local/jrasp/logs
## fileBeat 安装目录
fileBeatHome=/opt/filebeat
cd /opt/ && yum install wget -y && wget https://repo.huaweicloud.com/filebeat/7.9.1/filebeat-7.9.1-linux-x86_64.tar.gz;
tar -zxvf filebeat-7.9.1-linux-x86_64.tar.gz -C /opt/ && mv filebeat-7.9.1-linux-x86_64 filebeat && rm -rf filebeat-7.9.1-linux-x86_64.tar.gz;
cat << EOF > ${fileBeatHome}/filebeat.yml
filebeat.inputs:
- type: log
fields:
kafka_topic: "jrasp-daemon"
paths:
- ${logDir}/jrasp-daemon.log
- type: log
fields:
kafka_topic: "jrasp-agent"
paths:
- ${logDir}/jrasp-agent.log
- type: log
fields:
kafka_topic: "jrasp-module"
paths:
- ${logDir}/jrasp-module.log
filebeat.config.modules:
path: \${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
output.kafka:
enabled: true
hosts: ["106.14.26.4:9092","47.101.64.183:9092","139.224.220.2:9092"]
topic: '%{[fields.kafka_topic]}'
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
processors:
- decode_json_fields:
fields: ['message']
target: ''
overwrite_keys: true
- drop_fields:
fields: ["host","agent","log","input","ecs","@timestamp"]
logging.level: info
EOF
## systemctl
cat << EOF > /usr/lib/systemd/system/filebeat.service
[Unit]
Description=filebeat
Wants=network-online.target
After=network-online.target
[Service]
User=root
ExecStart=${fileBeatHome}/filebeat -c ${fileBeatHome}/filebeat.yml
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable filebeat.service;
systemctl stop filebeat.service && systemctl start filebeat.service;
systemctl status filebeat.service;