升级ssl和ssh

#/bin/bash#需要手动修改的变量
version="ssh_8.6p1" #定义版本号
soft_dir=$(cd "$(dirname "$0")"; pwd)  # 上传安装包的目录
ssl_media="openssl-1.1.1k.tar.gz"  #ssl软件包名
ssh_media="openssh-8.6p1.tar.gz" # ssh软件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
OS_version=$(cat /etc/redhat-release | awk '{ if(match($0,"release ")) {print substr($0,RSTART+RLENGTH)}}' | awk -F '.' '{print $1}')
#
#if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then# soft_dir="/$soft_dir/$version" # 定义工作目录#mkdir -p $soft_dir
#else# echo "`date +%H:%M:%S`--install media is not exist" |tee -a $soft_dir/check_point.log#echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log#exit;
#fi#安装升级所需依赖包
function InstallDeploy(){echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $soft_dir/check_point.logyum -y install gcc pam-devel zlib-devel perl openssl-develecho "`date +%H:%M:%S`--install completed " |tee -a $soft_dir/check_point.log}#
function Unpack(){echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $soft_dir/check_point.logcd $soft_dirtar xvf $ssl_softtar xvf $ssh_softecho "`date +%H:%M:%S`--Unpack completed " |tee -a $soft_dir/check_point.log
}function Backup(){echo "`date +%H:%M:%S`--Backup important files..." |tee -a $soft_dir/check_point.log\cp -af  /usr/lib64/openssl /usr/lib64/openssl.old\cp -af  /usr/bin/openssl  /usr/bin/openssl.old\cp -af /usr/include/openssl /usr/include/openssl.old\cp -af  /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old\cp -af  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old\cp -af  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old\mv /usr/bin/openssl /usr/bin/openssl.bak\mv /usr/include/openssl /usr/include/openssl.bak	\cp -arf /etc/ssh/ /etc/ssh_`date +%F`	echo "`date +%H:%M:%S`--Backup completed " |tee -a $soft_dir/check_point.log}function Installopenssl(){echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssl*/echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $soft_dir/check_point.log./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlibmake dependmake && make install # 加载动态库ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/opensslecho "/usr/local/lib64/" >> /etc/ld.so.confecho "/usr/local/ssl/lib" >> /etc/ld.so.confldconfig ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/openssl version -aecho "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--version: `openssl version`" |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--Installopenssl completed " |tee -a $soft_dir/check_point.log
}function Installopenssh(){echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $soft_dir/check_point.log	cd $soft_dir/openssh*/echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $soft_dir/check_point.log./configure \--prefix=/usr \--sysconfdir=/etc/ssh \--with-md5-passwords \--with-pam \--with-tcp-wrappers \--with-ssl-dir=/usr/local/openssl \--with-zlib=/usr/local/lib64 \--without-hardeningmake && chmod 600 /etc/ssh/ssh_host*make install &&echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $soft_dir/check_point.log
}function Configssh(){echo "`date +%H:%M:%S`--Config ssh...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssh*/if test -e  /usr/lib/systemd/system/sshd.servicethenmv  /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bk fi#mv  /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bk cp contrib/redhat/sshd.init /etc/init.d/sshdchmod a+x /etc/init.d/sshd cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pamchkconfig --add sshdchkconfig sshd onif [ "a$OS_version" == "a7" ]thensystemctl enable sshdfiecho "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_configecho "PermitRootLogin no" >> /etc/ssh/sshd_configsed -i 's/GSSAPICleanupCredentials no/#&/' /etc/ssh/sshd_configsed -i 's/GSSAPIAuthentication yes/#&/' /etc/ssh/sshd_configecho "`date +%H:%M:%S`--Config ssh...."  |tee -a ./check_point.logecho "`date +%H:%M:%S`--Restart ssh service...." |tee -a $soft_dir/check_point.logif [ "a$OS_version" == "a7" ]thensystemctl restart sshdelseservice sshd restartfiecho "`date +%H:%M:%S`--Restart ssh completed " |tee -a $soft_dir/check_point.log}function start(){#InstallDeployUnpackBackupInstallopensslInstallopensshConfigsshopenssl version -assh -V}start


#/bin/bash
#!/bin/bash
#	author:wangxinyu
#	company:lx
#	version: v8.4
#	date: Fri Oct 16 18:16:23 CST 2020
#	state: Continuously updated
# 
# 使用前提 : 
# 1. 配置好yum源
# 2. 防止断连,开启telnet服务
# 3. 上传最新版的软件包# 
#需要手动修改的变量
version="ssh_8.6p1" #定义版本号
soft_dir=$(cd "$(dirname "$0")"; pwd)  # 上传安装包的目录
ssl_media="openssl-1.1.1k.tar.gz"  #ssl软件包名
ssh_media="openssh-8.6p1.tar.gz" # ssh软件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
OS_version=$(cat /etc/redhat-release | awk '{ if(match($0,"release ")) {print substr($0,RSTART+RLENGTH)}}' | awk -F '.' '{print $1}')
#
#if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then# soft_dir="/$soft_dir/$version" # 定义工作目录#mkdir -p $soft_dir
#else# echo "`date +%H:%M:%S`--install media is not exist" |tee -a $soft_dir/check_point.log#echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log#exit;
#fi#安装升级所需依赖包
function InstallDeploy(){echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $soft_dir/check_point.logyum -y install gcc pam-devel zlib-devel perl openssl-develecho "`date +%H:%M:%S`--install completed " |tee -a $soft_dir/check_point.log}#
function Unpack(){echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $soft_dir/check_point.logcd $soft_dirtar xvf $ssl_softtar xvf $ssh_softecho "`date +%H:%M:%S`--Unpack completed " |tee -a $soft_dir/check_point.log
}function Backup(){echo "`date +%H:%M:%S`--Backup important files..." |tee -a $soft_dir/check_point.log\cp -af  /usr/lib64/openssl /usr/lib64/openssl.old\cp -af  /usr/bin/openssl  /usr/bin/openssl.old\cp -af /usr/include/openssl /usr/include/openssl.old\cp -af  /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old\cp -af  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old\cp -af  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old\mv /usr/bin/openssl /usr/bin/openssl.bak\mv /usr/include/openssl /usr/include/openssl.bak	\cp -arf /etc/ssh/ /etc/ssh_`date +%F`	echo "`date +%H:%M:%S`--Backup completed " |tee -a $soft_dir/check_point.log}function Installopenssl(){echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssl*/echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $soft_dir/check_point.log./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlibmake dependmake && make install # 加载动态库ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/opensslecho "/usr/local/lib64/" >> /etc/ld.so.confecho "/usr/local/ssl/lib" >> /etc/ld.so.confldconfig ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/openssl version -aecho "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--version: `openssl version`" |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--Installopenssl completed " |tee -a $soft_dir/check_point.log
}function Installopenssh(){echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $soft_dir/check_point.log	cd $soft_dir/openssh*/echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $soft_dir/check_point.log./configure \--prefix=/usr \--sysconfdir=/etc/ssh \--with-md5-passwords \--with-pam \--with-tcp-wrappers \--with-ssl-dir=/usr/local/openssl \--with-zlib=/usr/local/lib64 \--without-hardeningmake && chmod 600 /etc/ssh/ssh_host*make install &&echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $soft_dir/check_point.log
}function Configssh(){echo "`date +%H:%M:%S`--Config ssh...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssh*/if test -e  /usr/lib/systemd/system/sshd.servicethenmv  /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bk fi#mv  /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bk cp contrib/redhat/sshd.init /etc/init.d/sshdchmod a+x /etc/init.d/sshd cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pamchkconfig --add sshdchkconfig sshd onif [ "a$OS_version" == "a7" ]thensystemctl enable sshdfiecho "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_configecho "PermitRootLogin no" >> /etc/ssh/sshd_configsed -i 's/GSSAPICleanupCredentials no/#&/' /etc/ssh/sshd_configsed -i 's/GSSAPIAuthentication yes/#&/' /etc/ssh/sshd_configecho "`date +%H:%M:%S`--Config ssh...."  |tee -a ./check_point.logecho "`date +%H:%M:%S`--Restart ssh service...." |tee -a $soft_dir/check_point.logif [ "a$OS_version" == "a7" ]thensystemctl restart sshdelseservice sshd restartfiecho "`date +%H:%M:%S`--Restart ssh completed " |tee -a $soft_dir/check_point.log}function start(){InstallDeployUnpackBackupInstallopensslInstallopensshConfigsshopenssl version -assh -V}start

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/535386.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

zabbix5.2安装-linux

zabbix5.2安装-linux

一.编译安装httpd1.删除旧版httprpm -qa | grep httpd rpm -e --nodeps rpm -qa | grep httpd find / -name httpd --delete find / -name httpd -help find / -name httpd -exec rm -rf {} \; 2.安装httpd-2.4.38.tar.gz http://httpd.apache.org/download 安装apr-1.6.2.…
阅读更多...
安装python3.9

安装python3.9

GCC版本 这个版本的编译器不适合编译Python3.9&#xff0c;在编译时会产生如下的错误。我们用这个老版本编译器编译一个新的GCC 9.2版。 Could not import runpy module Traceback (most recent call last):File "Python-3.8.1/Lib/runpy.py", line 15, in <mod…
阅读更多...
备份程序包脚本

备份程序包脚本

#! /bin/bash if [ $# ! 1 ];thenecho "USAGE: sh $0 /路径/包名"exit 1 elsePackage_Path_Full$1Dir_Path${Package_Path_Full%/*}Package_Name${Package_Path_Full##*/}if [ -e $Package_Path_Full ];thenif [ -d $Dir_Path/bak ];thenif [ -d $Dir_Path/bak/date …
阅读更多...
Oracle数据库游标数总结

Oracle数据库游标数总结

各用户的打开游标总数 SELECT A.USER_NAME, COUNT(*) FROM V$OPEN_CURSOR A GROUP BY A.USER_NAME; 查找数据库各用户各个终端的缓存游标数 SELECT AA.USERNAME, AA.MACHINE, SUM(AA.VALUE) FROM ( SELECT A.VALUE, S.MACHINE, S.USERNAME FROM V$SESSTAT A, V$STATNAME B, V…
阅读更多...
获取zabbix监控数据

获取zabbix监控数据

#!/usr/bin/python3 # Date: 2020/8/20 14:16 # Author: zhangcheng # email: 3359957053qq.com # -*- coding: utf-8 -*-import pymysql import time,datetime import math#zabbix数据库信息&#xff1a; zdbhost "192.168.63.141" zdbuser "zabbix" zd…
阅读更多...
logstash安装

logstash安装

下载最新版logstash https://www.elastic.co/cn/downloads/logstash 解压缩 tar zxvf logstash-7.12.1-linux-x86_64.tar.gz 下载jdk1.8 tar zxvf jdk-8u291-linux-x64.tar.gz 编辑启动文件logstash、logstash.lib.sh、logstash-plugin 在首行添加 export JAVA_C…
阅读更多...
[logstash-input-file]插件使用详解

[logstash-input-file]插件使用详解

这个插件可以从指定的目录或者文件读取内容&#xff0c;输入到管道处理&#xff0c;也算是logstash的核心插件了&#xff0c;大多数的使用场景都会用到这个插件&#xff0c;因此这里详细讲述下各个参数的含义与使用 1 path 是必须的选项&#xff0c;每一个file配置&#xff0c…
阅读更多...
[logstash-input-log4j]插件使用

[logstash-input-log4j]插件使用

Log4j插件可以通过log4j.jar获取Java日志&#xff0c;搭配Log4j的SocketAppender和SocketHubAppender使用&#xff0c;常用于简单的集群日志汇总。 最小化的配置 input {log4j {host>"localhost"port>4560} } output {stdout {} } log4j插件配置host以及port就…
阅读更多...
logstash-input-redis插件使用详解

logstash-input-redis插件使用详解

input {#redis {#host> "10.246.187.12"#redis地址#host> "10.246.152.116"#redis地址#port > "6379" #redis端口号#password > "123qwe" #如果有安全认证&#xff0c;此项为密码#key > "logstash:redis"#ty…
阅读更多...
logstash-input-redis源码解析

logstash-input-redis源码解析

首先是程序的自定义&#xff0c;这里设置了redis插件需要的参数&#xff0c;默认值&#xff0c;以及校验等。 然后注册Redis实例需要的信息&#xff0c;比如key的名字或者url等&#xff0c;可以看到默认的data_type是list模式。 程序运行的主要入口&#xff0c;根据不同的dat…
阅读更多...
logstash-filter模块

logstash-filter模块

Fillters 在Logstash处理链中担任中间处理组件。他们经常被组合起来实现一些特定的行为来&#xff0c;处理匹配特定规则的事件流。常见的filters如下&#xff1a; grok&#xff1a;解析无规则的文字并转化为有结构的格式。Grok 是目前最好的方式来将无结构的数据转换为有结构可…
阅读更多...
weblogic启动慢

weblogic启动慢

1.最差的解决办法 执行命令 mv /dev/random /dev/random.ORIG ln /dev/urandom /dev/random   将/dev/random 指向/dev/urandom 2. 较好的解决办法&#xff1a; 在weblogic启动脚本里setDomainEnv.sh: 加入以下内容 JAVA_OPTIONS"${JAVA_OPTIONS}" -Dja…
阅读更多...
SSL双向认证和SSL单向认证的区别

SSL双向认证和SSL单向认证的区别

双向认证 SSL 协议要求服务器和用户双方都有证书。单向认证 SSL 协议不需要客户拥有CA证书&#xff0c;具体的过程相对于上面的步骤&#xff0c;只需将服务器端验证客户证书的过程去掉&#xff0c;以及在协商对称密码方案&#xff0c;对称通话密钥时&#xff0c;服务器发送给客…
阅读更多...
双向认证SSL原理

双向认证SSL原理

文中首先解释了加密解密的一些基础知识和概念&#xff0c;然后通过一个加密通信过程的例子说明了加密算法的作用&#xff0c;以及数字证书的出现所起的作用。接着对数字证书做一个详细的解释&#xff0c;并讨论一下windows中数字证书的管理&#xff0c;最后演示使用makecert生成…
阅读更多...
Xtrabackup备份与恢复

Xtrabackup备份与恢复

一、Xtrabackup介绍 Percona-xtrabackup是 Percona公司开发的一个用于MySQL数据库物理热备的备份工具&#xff0c;支持MySQL、Percona server和MariaDB&#xff0c;开源免费&#xff0c;是目前较为受欢迎的主流备份工具。xtrabackup只能备份innoDB和xtraDB两种数据引擎的表&…
阅读更多...
实时备份工具之inotify+rsync

实时备份工具之inotify+rsync

1.inotify简介 inotify 是一个从 2.6.13 内核开始&#xff0c;对 Linux 文件系统进行高效率、细粒度、异步地监控机制&#xff0c; 用于通知用户空间程序的文件系统变化。可利用它对用户空间进行安全、性能、以及其他方面的监控。Inotify 反应灵敏&#xff0c;用法非常简单&…
阅读更多...
nginx proxy_cache缓存详解

nginx proxy_cache缓存详解

目录 1. 关于缓冲区指令 1.1 proxy_buffer_size1.2 proxy_buffering1.3 proxy_buffers1.4 proxy_busy_buffers_size1.5 proxy_max_temp_file_size1.6 proxy_temp_file_write_size1.7 缓冲区配置实例2. 常用配置项 2.1 proxy_cache_path2.2 proxy_temp_path2.3 proxy_cache2.4 …
阅读更多...
mysql主从延迟

mysql主从延迟

在实际的生产环境中&#xff0c;由单台MySQL作为独立的数据库是完全不能满足实际需求的&#xff0c;无论是在安全性&#xff0c;高可用性以及高并发等各个方面 因此&#xff0c;一般来说都是通过集群主从复制&#xff08;Master-Slave&#xff09;的方式来同步数据&#xff0c…
阅读更多...
16张图带你吃透高性能 Redis 集群

16张图带你吃透高性能 Redis 集群

现如今 Redis 变得越来越流行&#xff0c;几乎在很多项目中都要被用到&#xff0c;不知道你在使用 Redis 时&#xff0c;有没有思考过&#xff0c;Redis 到底是如何稳定、高性能地提供服务的&#xff1f; 你也可以尝试回答一下以下这些问题&#xff1a; 我使用 Redis 的场景很…
阅读更多...
Redis与MySQL双写一致性如何保证

Redis与MySQL双写一致性如何保证

谈谈一致性 一致性就是数据保持一致&#xff0c;在分布式系统中&#xff0c;可以理解为多个节点中数据的值是一致的。 强一致性&#xff1a;这种一致性级别是最符合用户直觉的&#xff0c;它要求系统写入什么&#xff0c;读出来的也会是什么&#xff0c;用户体验好&#xff0c;…
阅读更多...
最新文章

Copyright @ 2022~2023