本地部署扫描linux系统漏洞如下:
需要升级nginx1.18.0到最新版nginx1.19.9。
首先查看现在环境nginx的版本为1.18.0,没有指定安装路径,默认/usr/local/nginx
[root@localhost sbin]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
configure arguments:
下载nginx1.19.9版本,解压并进入解压后的目录
#进入nginx安装目录 /usr/local/nginx下
[root@localhost nginx]# wget http://nginx.org/download/nginx-1.19.9.tar.gz
tar -zxvf nginx-1.19.9.tar.gz
[root@localhost nginx]# cd nginx-1.19.9/
#执行如下命令,指定安装目录,指定ssl
[root@localhost nginx-1.19.9]# ./configure --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module
编译安装后可以echo $?查看是否成功,成功后只需要执行make,不需要make install;
[root@localhost nginx-1.19.9]# echo $?
0
[root@localhost nginx-1.19.9]# make
平滑移走,先移走现有nginx二进制文件
[root@localhost nginx-1.19.9]# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
拷贝新生成的nginx二进制文件到指定目录
[root@localhost nginx-1.19.9]# cp objs/nginx /usr/local/nginx/sbin/
执行升级命令
[root@localhost nginx-1.19.9]# make upgrade
/usr/local/nginx//sbin/nginx -t
nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx//conf/nginx.conf test is successful
kill -USR2 `cat /usr/local/nginx//logs/nginx.pid`
sleep 1
test -f /usr/local/nginx//logs/nginx.pid.oldbin
kill -QUIT `cat /usr/local/nginx//logs/nginx.pid.oldbin`
查看版本信息
[root@localhost nginx-1.19.9]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.19.9
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/ --with-http_stub_status_module --with-http_ssl_module
[root@localhost nginx-1.19.9]#
nginx版本平滑升级结束;