Upgrade Elastic to latest 7.16 due to log4shell

[fastlorenzo]

In order to mitigate potential impact from Log4shell, Elastic packages needs to be upgraded to version 7.16.1.
This will also bring several fixes and performance improvements, as well as better support for ECS format.

More information: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Bumped the following to version 7.16.1:

• filebeat on redirs
• filebeat on c2servers
• elkserver/elasticsearch
• elkserver/kibana
• elkserver/logstash

Things left to do or research:

• Check if neo4j docker image should be updated It's at 4.2 atm. Vendor info: https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856/2 - Couldnt hurt to update to 4.4 anyway.
• Check if Kibana app in elkserver/kibana should be updated. It makes use of an explicit version 7.10 atm.
• Check if jupyter/scipy-notebook docker image is vulnerable. It is using docker image version 4a112c0f11eb atm. Couldn't hurt to update to latest anyway.
• Overall testing

[MarcOverIP]

Working on this in branch #stack-version-upgrade

Bumped the following to version 7.16.1:

• filebeat on redirs
• filebeat on c2servers
• elkserver/elasticsearch
• elkserver/kibana
• elkserver/logstash

Things left to do or research:

• Check if neo4j docker image should be updated It's at 4.2 atm. Vendor info: https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856/2 - Couldnt hurt to update to 4.4 anyway.
• Check if Kibana app in elkserver/kibana should be updated. It makes use of an explicit version 7.10 atm.
• Check if jupyter/scipy-notebook docker image is vulnerable. It is using docker image version 4a112c0f11eb atm. Couldn't hurt to update to latest anyway.
• Overall testing

[fastlorenzo]

Update to 7.16.2

[MarcOverIP]

Update on neo4j image:
According to https://neo4j.com/security/log4j/ we should update. We are running 4.2, which is vulnerable. We should update to:

• 4.2.13 - preferred as within same minor version
• 4.3.9
• 4.4.2

Done in commit # 281621b

[MarcOverIP]

Jupyter says they are not using Log4j in their core product. However, some plugins such as spark do use Log4j. Source: https://twitter.com/ProjectJupyter/status/1471034970386878466

I propose we update to latest docker image anyway. Done in commit # 71131c7

[MarcOverIP]

Did full testing of new deployment with a haproxy redir and cs teamserver. Seems te work perfectly!

There is one issue with the Kibana app: because it is not installed atm, yet Kibana's default entry path is /app/redelk/, you need to manually browse to a path that does exist. For example, browse to $RedELKURL/app/discover/ and you are good to go.

So, all that is left to do is update the Kibana app. This is all you @fastlorenzo

[fastlorenzo]

Thanks @MarcOverIP, I'll check this out early next week