pprof漏洞
访问node-exporter, IP:9100/debug/pprof
node-exporter版本,1.8.2
出现下边的页面就说明有漏洞
重新编译生成可执行文件
Bash
git clone [https://github.com/prometheus/node_exporter.git](https://github.com/prometheus/node_exporter.git)
cd node_exporter
git checkout v1.8.2
vim node_exporter.go
make build
替换
然后会在当前目录下生成 node_exporter,替换原先二进制文件,再重启服务即可
ansible批量替换
[root@deye-ops-monitor-test-001 node-exporter]# tree .
.
├── deploy.yml
└── file
├── node-exporter
└── node-exporter.service
bash
# deploy.yml
- name: Deploy node-exporter
hosts: "*:!win"
tasks:
- name: Copy node-exporter binary
copy:
src: ./file/node-exporter
dest: /opt/node-exporter
mode: 0755
- name: Copy node-exporter service file
copy:
src: ./file/node-exporter.service
dest: /usr/lib/systemd/system/node-exporter.service
- name: Reload systemd daemon
shell: systemctl daemon-reload
- name: Start and enable node-exporter service
service:
name: node-exporter
state: restarted
enabled: yes
bash
# vim file/node-exporter.service
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/opt/node-exporter --web.listen-address=:9100 --collector.supervisord --collector.supervisord.url=unix:///var/run/supervisor/supervisor.sock
KillMode=process
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.targetfile/node-exporter 就是放到新编译的,然后执行即可
bash
ansible-playbook deploy.yml恢复
