因服务器安全扫描检测漏洞报告显示目前Apache服务器版本已到生命周期尽头且存在拒绝服务漏洞,建议更新到2.3.3版或更高版本。下面是具体的服务器HTTPD漏洞处理过程,采用重新安装新的版本2.4.43。
一.查看系统信息
[root@web02 ~]# cat /etc/redhat-release
RedHatEnterpriseLinuxServer release 6.5(Santiago)
[root@web02 ~]# httpd -v
Server version: Apache/2.2.15(Unix)
Server built: Aug2201308:02:15
[root@web02 ~]#
二.下载最新版本并进行安装
1.下载最新版tar压缩包httpd-2.4.43.tar.gz
[root@web02 /]#wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.43.tar.gz
[root@web02 /]# tar zxvf httpd-2.4.23.tar.gz
[root@web02 ~]# cd httpd-2.4.43
[root@web02 httpd-2.4.43]# pwd
/root/httpd-2.4.43
[root@web02 httpd-2.4.43]#
2.检查环境及错误处理
[root@web02 httpd-2.4.43]# ./configure --prefix=/usr/local/httpd-2.4.43
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and-e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure:
configure: ConfiguringApachePortableRuntime library...
configure:
checking for APR... no
configure: error: APR not found. Please read the documentation.
[root@web02 httpd-2.4.43]#
出现上面错误提示,没有找到apr包。下载apr对应软件包,下载以下2个包
https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz
https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
将apr及apr-util的包解压到httpd解压之后的目录中,放到srclib目录下
[root@web02 srclib]# pwd
/root/httpd-2.4.43/srclib
[root@web02 srclib]# ls
apr apr-1.7.0.tar.gz apr-util apr-util-1.6.1.tar.gz MakefileMakefile.in
[root@web02 srclib]#
然后重新检查httpd配置
[root@web02 httpd-2.4.43]# ./configure --prefix=/usr/local/httpd-2.4.43
提示,缺少pcre开发包
直接yum安装
[root@web02 httpd-2.4.43]#yum install pcre-devel
3.编译安装
再次检查无问题后,进行编译安装
[root@web02 httpd-2.4.43]#make && make install
4.关闭原有httpd服务,启动新服务
[root@web02 httpd-2.4.43]service httpd stop
启动后查看版本,升级成功
[root@web02 bin]# ./apachectl
AH00558: httpd: Couldnot reliably determine the server's fully qualified domain name, using 192.168.150.74. Set the 'ServerName' directive globally to suppress this message
[root@web02 bin]#
[root@web02 /]# /usr/local/httpd-2.4.43/bin/apachectl -v
Server version: Apache/2.4.43(Unix)
Server built: Aug5202015:25:29
[root@web02 /]#
学习|生活|分享|积累|永不停步
请留下你指尖的温度
让太阳拥抱你
微信ID:haopython