转载前请联系我,联系方式请见我博客 https://blog.wyue.site/
最近学校的服务器被信息中心检测出来有很多高危漏洞,给了个通知限期整改。
主要修改了
openssh
vnc
apache
mysql
记录如下:
openssh
wget https://mirrors.syringanetworks.net/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz
cd openssh-7.5p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd
make
make install
一些辅助工作
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.5p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.5p1
cp -p contrib/RedHat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
修改 ssh的配置
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
或者直接进去修改
vim /etc/ssh/sshd_config
启动和开机启动
service sshd restart
chkconfig --add sshd
chkconfig sshd on
chkconfig --list |grep sshd
大功告成
vnc
关闭就ok了
service vncserver stop
apache httpd
将旧版本的httpd 升级到2.4.33
wget http://ftp.tsukuba.wide.ad.jp/software/apache//apr/apr-1.6.3.tar.gz
wget http://ftp.yz.yamagata-u.ac.jp/pub/network/apache//apr/apr-util-1.6.1.tar.gz
tar xzvf apr-1.6.3.tar.gz
mv apr-1.6.3 httpd-2.4.33/srclib/apr
tar xzvf apr-util-1.6.1.tar.gz
mv apr-util-1.6.1 httpd-2.4.33/srclib/apr-util
cd httpd-2.4.33
./configure --prefix=/usr/local/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make
make install
cp /usr/local/httpd24/bin/apachectl /etc/init.d/httpd24
service httpd24 restart
设置开机启动
vim 打开 /etc/init.d/httpd24 , 然后再第二行加上下面这两行
# chkconfig: 2345 90 10
# description: myservice
之后
chkconfig --add httpd24
chkconfig httpd24 on
chkconfig --list
遇到的坑
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
在安装目录下找到httpd.conf(我这里就是/usr/local/httpd24/conf/httpd.conf ),把ServerName www.example.com:80 前面的#去掉再重启就ok了。
mysql
将旧版本的mysql升级到8.0版本,参照该处
yum localinstall https://dev.mysql.com/get/mysql57-community-release-el6-11.noarch.rpm
yum --enablerepo=mysql80-community install mysql-community-server
service mysqld start
chkconfig --levels 235 mysqld on
之后就是配置mysql数据库了,注意到在执行 service mysqld start 的时候。屏幕上会显示出一个临时的root 密码
A temporary password is generated for root@localhost: V9R.Blr:baQH
用这个密码登录后执行
ALTER USER 'root'@'localhost' IDENTIFIED BY 'root123'
如果出现
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
说明密码太简单不符合要求,设置一本复杂的就行。如果实在嫌麻烦,先修改后,输入这样的代码先查看进行密码检查的变量,再根据需要修改这些变量。
SHOW VARIABLES LIKE 'validate_password%';
set global validate_password_length=3;