Centos6.7 Openssh漏洞升级 8.2

说明:在执行脚本前需要将CentOS-6.7-x86_64-bin-DVD1.iso、openssh-8.2p1.tar.gz、openssl-1.1.1f.tar.gz、perl-5.30.1.tar.gz、zlib-1.2.11.tar.gz上传至/media目录
安装完成重新启动操作系统

提取码:链接:https://pan.baidu.com/s/1z729NUalHHRf8_lIYJj8aA 
提取码:jytx

#!/bin/bash
Tar_dir1=/etc/yum.repos.d/backup
Tar_dir2=/etc/yum.repos.d
#######配置本地yum源###########
mount -o loop /media/CentOS-6.7-x86_64-bin-DVD1.iso /mnt
if [ ! -d "$Tar_dir1" ];then
    mkdir $Tar_dir1
fi
mv $Tar_dir2/CentOS-* $Tar_dir1
if [ ! -f "$Tar_dir2/centos6.repo" ];then
    touch $Tar_dir2/centos6.repo
fi
echo "[centos6]" > $Tar_dir2/centos6.repo
echo "name=centos6" >> $Tar_dir2/centos6.repo
echo "baseurl=file:///mnt" >> $Tar_dir2/centos6.repo
echo "enabled=1" >> $Tar_dir2/centos6.repo
echo "gpgcheck=0" >> $Tar_dir2/centos6.repo
##################创建用户##########################
id_jxj=`cat /etc/passwd|grep jxj|awk -F ':' '{print $1}'`
if [ "$id_jxj" != "jxj" ];then
    groupadd -g 600 jxj
    useradd -u 600 jxj -g jxj 
    echo "c*0uF7N*N#YqZlyX3_" | passwd --stdin jxj
fi
#######################安装依赖包###########################
yum clean all
yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel vim
yum -y install telnet-server*
service iptables stop
chkconfig iptables off
sed -i 's/yes/no/g' /etc/xinetd.d/telnet
mv /etc/securetty /etc/securetty.old
/etc/init.d/xinetd start
chkconfig xinetd on
########################安装perl###############
tar -xvf /media/perl-5.30.1.tar.gz -C /media > /dev/null 2>&1
cd /media/perl-5.30.1
./Configure -des -Dprefix=/usr/local/perl -Dusethreads -Uversiononly
if [ $? -ne 0 ]
    then
        echo "command faild"
        exit 0
        else
        make && make install
fi

mv /usr/bin/perl /usr/bin/perl.bak

ln -s /usr/local/perl/bin/perl /usr/bin/perl

#####################升级zlib############################
cp /lib64/libz.so.1 /lib64/libz.so.1.bak
tar -xvf /media/zlib-1.2.11.tar.gz -C /media > /dev/null 2>&1
cd /media/zlib-1.2.11
./configure --prefix=/usr
if [ $? -ne 0 ]
    then
        echo "command faild"
        exit 0
    else
        make && rpm -e --nodeps zlib && make install
fi
echo ‘/usr/lib‘ >> /etc/ld.so.conf
ldconfig

##########################升级openssl##########################
mv /usr/lib64/openssl/ /usr/lib64/openssl.old
mv /usr/bin/openssl /usr/bin/openssl.old
mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old
cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old
cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old
rpm -qa |grep openssl|xargs -i rpm -e --nodeps {}
tar -xvf /media/openssl-1.1.1f.tar.gz -C /media > /dev/null 2>&1
cd /media/openssl-1.1.1f
./config --prefix=/usr/local/ssl --openssldir=/etc/ssl --shared zlib
if [ $? -ne 0 ]
    then
        echo "command faild"
        exit 0
    else
        make && make test && make install
fi
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v

mv  /usr/lib64/libcrypto.so.10.old  /usr/lib64/libcrypto.so.10
mv  /usr/lib64/libssl.so.10.old  /usr/lib64/libssl.so.10
########################升级openssh#####################
rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
install  -v -m700 -d /var/lib/sshd
chown  -v root:sys /var/lib/sshd

tar -xvf /media/openssh-8.2p1.tar.gz -C /media > /dev/null 2>&1
cd /media/openssh-8.2p1
./configure --prefix=/usr  --sysconfdir=/etc/ssh  --with-md5-passwords  --with-pam  --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
if [ $? -ne 0 ]
    then
        echo "command faild"
        exit 0
    else
        make && make install
fi

install -v -m755    contrib/ssh-copy-id /usr/bi
install -v -m644    contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.2p1
install -v -m644    INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.2p1

echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig  --add  sshd
chkconfig sshd on
 

 

 

参考文章:http://www.mamicode.com/info-detail-2099492.html?__cf_chl_jschl_tk__=92feecf5ad99fe10e441f37c87703778a9fece5a-1589970989-0-AcDCzWRnqfUDUm8kRqVN8mGOLn6c-LnM8l0KfBflM8QUlEPWOUCrDJofeZSX0FXwCsxAc8dDUfQCdHRpQ3JgcEA-E9xHfGqLG4rs3b0qA2-DaVcCu_RMsDVEW47snxJrePHbYhU8lW-9wlNNwPA52K3epCoSsUrlprGdLwZZqbT9fR-RtN6nmP3DTWgJQRagsVWpJzcWgv6Aj3hUmNKy-1nVtErw7TOEEbUqFo3cVq7Xreh3ODX9F45qCZGVbjHzo5NxjLA0VbeiD1f0IuOrtFGoeIQ9csHukfI418d1_zTnwG_zaKznTtQS9m1nFluugA

https://blog.csdn.net/zhbzhbzhbbaby/article/details/80759845

已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页