绿盟扫描到服务器nginx有漏洞,这个漏洞在nginx的1.20版本之前都有存在,要不打补丁修复,要不升级nginx到1.20版本。
补丁升级有点麻烦,我选择直接从官方下载nginx.1.21源码包。
http://nginx.org/en/download.html
下载安装包后,将源码包上传至/root下。
#编译包与安装脚本需放在/root下
#判断系统类型是否为centos
#---------------------------------------环境检查-------------------------------------
check(){
SERVER_NAME='CentOS'
OS_SERVER_NAME=$(hostnamectl | awk 'NR==7 {print $3}')
echo "$OS_SERVER_NAME"
[ "$SERVER_NAME" != "$OS_SERVER_NAME" ] && echo "系统不是centos" && exit 1
}
#---------------------------------------准备工作--------------------------------------
ready(){
if id -u nginx >/dev/null 2>&1; then
echo "用户已存在"
else
useradd -r -s /sbin/nologin nginx
echo "用户已创建"
fi
if [ -d /data/apps/nginx ];then
echo "目录已存在"
else
mkdir -p /data/apps/nginx
echo "目录已创建"
fi
yum install gcc pcre-devel openssl-devel zlib-devel wget -y &>/dev/null
[ $? -ne 0 ] && echo "无法安装依赖" && exit 2
cd /root
if [ -e /root/nginx-1.21.1.tar.gz ]; then
echo "安装文件已存在"
else
wget http://nginx.org/download/nginx-1.21.1.tar.gz &>/dev/null
if [ $? -eq 0 ]; then
echo "软件包已下载至/root文件夹中"
else
echo "软件包下载失败,请确认网络是否正常"
fi
fi
if [ -d /data/nginx-1.21.1 ]; then
rm -rf /data/nginx-1.21.1
tar zxf /root/nginx-1.21.1.tar.gz -C /data/
echo "软件已经解压至/data目录下"
else
tar zxf /root/nginx-1.21.1.tar.gz -C /data/
echo "软件已经解压至/data目录下"
fi
}
#---------------------------------------编译安装--------------------------------------
make_nginx(){
path=/data/apps/nginx
cd /data/nginx-1.21.1/
./configure --prefix=$path \
--user=nginx \
--group=nginx \
--with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
make && make install
}
#-------------------------------------------创建启动脚本---------------------------------------
initd_nginx(){
cat >> nginx << eof
case \$1 in
'stop'|'STOP')
/data/apps/nginx/sbin/nginx -s stop
;;
'start'|'START')
/data/apps/nginx/sbin/nginx
;;
'restart'|'RESTART')
/data/apps/nginx/sbin/nginx -s stop
/data/apps/nginx/sbin/nginx
;;
'reload'|'RELOAD')
/data/apps/nginx/sbin/nginx -s reload
;;
*)
echo 'Usage:service nginx stop|restart|start|reload'
esac
eof
echo "启动脚本已创建"
chmod +x nginx
mv nginx /etc/init.d/nginx
}
#---------------------------------------------拷贝命令----------------------------------
link(){
if [ -e /usr/sbin/nginx ]; then
rm -rf /usr/sbin/nginx
ln -s /data/apps/nginx/sbin/nginx /usr/sbin/
echo "命令已创建"
else
ln -s /data/apps/nginx/sbin/nginx /usr/sbin/
echo "命令已创建"
fi
}
#---------------------------------------------调用函数---------------------------------------
check
ready
make_nginx
initd_nginx
link
echo "nginx已经安装成功"
service nginx start
[ $? -eq 0 ] && echo "nginx已经启动"
nginx -v
对你有起到帮助,还请帮忙一键三联呀!