Openssh-7.9p1升級+系統調優
Openssh-7.9p1-Openssl1.0.2q-zlib-1.2.11升級+系統調優
Last login: Tue Nov 27 00:55:36 2018
[root@localhost ~]#
[root@localhost ~]# mkdir -p /soft
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@localhost ~]#
關閉防火牆
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]#
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
檢視防火牆
[root@localhost ~]#
[root@localhost ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Nov 27 00:52:26 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 27 00:52:26 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 01:15:45 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Nov 27 01:15:47 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost ~]#
[root@localhost ~]#
配置YUM源
[root@localhost ~]# vi /etc/yum.conf
[centosdvd]
name=centosdvd
baseurl=file:///mnt
enabled=1
gpgcheck=0
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=
distroverpkg=centos-release
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
備份系統自帶YUM
[root@localhost ~]#
[root@localhost ~]#
yum/ yum.conf yum.repos.d/
[root@localhost ~]# mkdir -p /etc/yum.repos.d/bak20181127
[root@localhost ~]#
[root@localhost ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak20181127/
[root@localhost ~]#
[root@localhost ~]# ls -l /etc/yum.repos.d/
total 0
drwxr-xr-x. 2 root root 187 Nov 27 01:17 bak20181127
[root@localhost ~]#
掛接系統映象檔案
[root@localhost ~]# mkdir -p /mnt
[root@localhost ~]#
[root@localhost ~]# mount -o loop /soft/CentOS-7.4-x86_64-Everything-1708.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@localhost ~]#
清除YUM快取
[root@localhost ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centosdvd
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
[root@localhost ~]#
製作YUM快取
[root@localhost ~]# yum makecache
Loaded plugins: fastestmirror
centosdvd | 3.6 kB 00:00:00
(1/4): centosdvd/group_gz | 156 kB 00:00:00
(2/4): centosdvd/primary_db | 5.7 MB 00:00:00
(3/4): centosdvd/filelists_db | 6.7 MB 00:00:00
(4/4): centosdvd/other_db | 2.5 MB 00:00:00
Determining fastest mirrors
Metadata Cache Created
[root@localhost ~]#
檢視YUM
[root@localhost ~]# yum list
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
GeoIP.x86_64 1.5.0-11.el7 @anaconda
NetworkManager.x86_64 1:1.8.0-9.el7 @anaconda
NetworkManager-libnm.x86_64 1:1.8.0-9.el7 @anaconda
NetworkManager-team.x86_64 1:1.8.0-9.el7 @anaconda
NetworkManager-tui.x86_64 1:1.8.0-9.el7 @anaconda
NetworkManager-wifi.x86_64 1:1.8.0-9.el7 @anaconda
acl.x86_64 2.2.51-12.el7 @anaconda
aic94xx-firmware.noarch 30-6.el7 @anaconda
alsa-firmware.noarch 1.0.28-2.el7 @anaconda
alsa-lib.x86_64 1.1.3-3.el7 @anaconda
alsa-tools-firmware.x86_64 1.1.0-1.el7 @anaconda
audit.x86_64 2.7.6-3.el7 @anaconda
audit-libs.x86_64 2.7.6-3.el7 @anaconda
authconfig.x86_64 6.2.8-30.el7 @anaconda
basesystem.noarch 10.0-7.el7.centos @anaconda
bash.x86_64 4.2.46-28.el7 @anaconda
bind-libs-lite.x86_64 32:9.9.4-50.el7 @anaconda
bind-license.noarch 32:9.9.4-50.el7 @anaconda
binutils.x86_64 2.25.1-31.base.el7 @anaconda
biosdevname.x86_64 0.7.2-2.el7 @anaconda
…………………………………………………………省略…………………………………………………………………………………………………
zsh-html.x86_64 5.0.2-28.el7 centosdvd
zziplib.i686 0.13.62-5.el7 centosdvd
zziplib.x86_64 0.13.62-5.el7 centosdvd
zziplib-devel.i686 0.13.62-5.el7 centosdvd
zziplib-devel.x86_64 0.13.62-5.el7 centosdvd
zziplib-utils.x86_64 0.13.62-5.el7 centosdvd
[root@localhost ~]#
[root@localhost ~]# ifconfig -a
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.95.11 netmask 255.255.255.0 broadcast 192.168.95.255
inet6 fe80::56ae:158f:89dd:b662 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:df:9e:6b txqueuelen 1000 (Ethernet)
RX packets 37952144 bytes 11893770589 (11.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11114198 bytes 790613626 (753.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 448 bytes 38976 (38.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 448 bytes 38976 (38.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
安裝telnet服務並啟用
因升級OpenSSH過程中需要解除安裝現有OpenSSH, 因此為了保持伺服器的遠端連線可用,需
要啟用telnet服務作為替代,如升級出現問題,也可透過telnet登入伺服器進行回退。
同時安裝telnet守護程式:xinetd
安裝telnet服務
[root@localhost ~]#
[root@localhost ~]# yum install telnet* xinetd y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package telnet.x86_64 1:0.17-64.el7 will be installed
---> Package xinetd.x86_64 2:2.3.15-13.el7 will be installed
---> Package telnet-server.x86_64 1:0.17-64.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================
Installing:
telnet-server x86_64 1:0.17-64.el7 centosdvd 41 k
Dependencies Resolved
================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================
Installing:
telnet x86_64 1:0.17-64.el7 centosdvd 64 k
xinetd x86_64 2:2.3.15-13.el7 centosdvd 128 k
Transaction Summary
================================================================================================================================================================
Install 3 Packages
Total download size: 192 k
Installed size: 374 k
Is this ok [y/d/N]: y
Downloading packages:
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.5 MB/s | 192 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:xinetd-2.3.15-13.el7.x86_64 1/2
Installing : 1:telnet-0.17-64.el7.x86_64
Installing : 3:telnet-server-0.17-64.el7.x86_64 1/1
Verifying : 3:telnet-server-0.17-64.el7.x86_64 2/2
Verifying : 1:telnet-0.17-64.el7.x86_64 1/2
Verifying : 2:xinetd-2.3.15-13.el7.x86_64 2/2
Installed:
telnet.x86_64 1:0.17-64.el7 xinetd.x86_64 2:2.3.15-13.el7
Complete!
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# rpm -qa|grep telnet
telnet-0.17-64.el7.x86_64
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# rpm -qa|grep xinetd
xinetd-2.3.15-13.el7.x86_64
[root@localhost ~]#
將xinetd服務加入開機自啟動
[root@localhost ~]# systemctl enable xinetd.service
[root@localhost ~]#
將telnet服務加入開機自啟動
[root@localhost ~]# systemctl enable telnet.socket
Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.
[root@localhost ~]#
重啟服務:
由於telnet服務也是由xinetd守護的,所以安裝完telnet-server,要啟動telnet服務就必須重新啟動xinetd
[root@localhost ~]#
[root@localhost ~]# systemctl restart telnet.socket
[root@localhost ~]#
[root@localhost ~]# systemctl restart xinetd
[root@localhost ~]#
[root@localhost ~]#
配置telnet root使用者訪問
linux預設情況下root使用者使用telnet是登入不了的,需要修改/etc/secrueety檔案末尾加入pts/1、pts/2、pts/3或者可以把secrueety檔案重新命名均可;
[root@localhost ~]# vi /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS0
ttysclp0
sclp_line0
3270/tty1
hvc0
hvc1
hvc2
hvc3
hvc4
hvc5
hvc6
hvc7
hvsi0
hvsi1
hvsi2
xvc0
pts/1
pts/2
pts/3
"/etc/securetty" 43L, 245C written
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# telnet 192.168.95.11 23
Trying 192.168.95.11...
Connected to 192.168.95.11.
Escape character is '^]'.
Kernel 3.10.0-693.el7.x86_64 on an x86_64
localhost login: root
Password:
Last login: Tue Nov 27 01:04:04 from 192.168.95.1
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# exit
logout
Connection closed by foreign host.
[root@localhost ~]#
關閉Selinux
[root@localhost ~]#
[root@localhost ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]#
[root@localhost ~]# setenforce 0
[root@localhost ~]#
[root@localhost ~]#
安裝編譯所需工具包
[root@localhost ~]#
[root@localhost ~]# yum -y install gcc pamdevel zlibdevel perl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-16.el7 will be installed
--> Processing Dependency: cpp = 4.8.5-16.el7 for package: gcc-4.8.5-16.el7.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-16.el7.x86_64
--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-16.el7.x86_64
--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-16.el7.x86_64
---> Package perl.x86_64 4:5.16.3-292.el7 will be installed
--> Processing Dependency: perl-libs = 4:5.16.3-292.el7 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl-macros for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl-libs for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Getopt::Long) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-292.el7.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.16.3-292.el7.x86_64
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-16.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-196.el7 will be installed
--> Processing Dependency: glibc-headers = 2.17-196.el7 for package: glibc-devel-2.17-196.el7.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-196.el7.x86_64
---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed
---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed
---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed
---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed
---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed
---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed
---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed
---> Package perl-Getopt-Long.noarch 0:2.40-2.el7 will be installed
--> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-2.el7.noarch
--> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-2.el7.noarch
---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed
---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
--> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed
---> Package perl-Socket.x86_64 0:2.010-4.el7 will be installed
---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed
---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed
---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed
---> Package perl-constant.noarch 0:1.27-2.el7 will be installed
---> Package perl-libs.x86_64 4:5.16.3-292.el7 will be installed
---> Package perl-macros.x86_64 4:5.16.3-292.el7 will be installed
---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed
---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.17-196.el7 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-196.el7.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-196.el7.x86_64
---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed
---> Package perl-Pod-Escapes.noarch 1:1.04-292.el7 will be installed
---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed
--> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch
--> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch
---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.10.0-693.el7 will be installed
---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed
--> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
--> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed
--> Running transaction check
---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed
---> Package perl-parent.noarch 1:0.225-244.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================
Installing:
gcc x86_64 4.8.5-16.el7 centosdvd 16 M
perl x86_64 4:5.16.3-292.el7 centosdvd …………………………………………………………………………省略………………………………………………………………………………………………
Installed:
gcc.x86_64 0:4.8.5-16.el7 perl.x86_64 4:5.16.3-292.el7
Dependency Installed:
cpp.x86_64 0:4.8.5-16.el7 glibc-devel.x86_64 0:2.17-196.el7 glibc-headers.x86_64 0:2.17-196.el7
kernel-headers.x86_64 0:3.10.0-693.el7 libmpc.x86_64 0:1.0.1-3.el7 mpfr.x86_64 0:3.1.1-4.el7
perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7
perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7
perl-Getopt-Long.noarch 0:2.40-2.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7
perl-Pod-Escapes.noarch 1:1.04-292.el7 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7
perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-4.el7
perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7
perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-292.el7
perl-macros.x86_64 4:5.16.3-292.el7 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7
Complete!
[root@localhost ~]#
[root@localhost ~]#
升級ZLIB
解壓zlib_1.2.11原始碼
[root@localhost ~]# cd /soft/
[root@localhost soft]# ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11.tar.gz
[root@localhost soft]# tar -xvzf zlib-1.2.11.tar.gz
zlib配置檢查
[root@localhost soft]#
[root@localhost soft]# cd zlib-1.2.11
[root@localhost zlib-1.2.11]# ls
adler32.c configure deflate.h gzguts.h infback.c inflate.h make_vms.com qnx trees.h zconf.h.cmakein zlib.h zutil.h
amiga contrib doc gzlib.c inffast.c inftrees.c msdos README uncompr.c zconf.h.in zlib.map
ChangeLog crc32.c examples gzread.c inffast.h inftrees.h nintendods test watcom zlib2ansi zlib.pc.cmakein
CMakeLists.txt crc32.h FAQ gzwrite.c inffixed.h Makefile old treebuild.xml win32 zlib.3 zlib.pc.in
compress.c deflate.c gzclose.c INDEX inflate.c Makefile.in os400 trees.c zconf.h zlib.3.pdf zutil.c
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ./configure --prefix=/usr
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.11 with gcc.
Checking for size_t... Yes.
Checking for off64_t... Yes.
Checking for fseeko... Yes.
Checking for strerror... Yes.
Checking for unistd.h... Yes.
Checking for stdarg.h... Yes.
Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf().
Checking for vsnprintf() in stdio.h... Yes.
Checking for return value of vsnprintf()... Yes.
Checking for attribute(visibility) support... Yes.
[root@localhost zlib-1.2.11]#
編譯zlib庫
[root@localhost zlib-1.2.11]# make
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o example.o test/example.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o adler32.o adler32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o crc32.o crc32.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o deflate.o deflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o infback.o infback.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inffast.o inffast.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inflate.o inflate.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inftrees.o inftrees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o trees.o trees.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o zutil.o zutil.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o compress.o compress.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o uncompr.o uncompr.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzclose.o gzclose.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzlib.o gzlib.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzread.o gzread.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzwrite.o gzwrite.c
ar rc libz.a adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example example.o -L. libz.a
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o minigzip.o test/minigzip.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip minigzip.o -L. libz.a
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/adler32.o adler32.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/crc32.o crc32.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/deflate.o deflate.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/infback.o infback.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inffast.o inffast.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inflate.o inflate.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inftrees.o inftrees.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/trees.o trees.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/zutil.o zutil.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/compress.o compress.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/uncompr.o uncompr.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzclose.o gzclose.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzlib.o gzlib.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzread.o gzread.c
gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzwrite.o gzwrite.c
gcc -shared -Wl,-soname,libz.so.1,--version-script,zlib.map -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o libz.so.1.2.11 adler32.lo crc32.lo deflate.lo infback.lo inffast.lo inflate.lo inftrees.lo trees.lo zutil.lo compress.lo uncompr.lo gzclose.lo gzlib.lo gzread.lo gzwrite.lo -lc
rm -f libz.so libz.so.1
ln -s libz.so.1.2.11 libz.so
ln -s libz.so.1.2.11 libz.so.1
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o examplesh example.o -L. libz.so.1.2.11
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzipsh minigzip.o -L. libz.so.1.2.11
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o example64.o test/example.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example64 example64.o -L. libz.a
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o minigzip64.o test/minigzip.c
gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip64 minigzip64.o -L. libz.a
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
解除安裝當前zlib
注意:此步驟必須在步驟A執行完畢後再執行,否則先解除安裝zlib後,/lib64/目錄下的zlib相
關庫檔案會被刪除,步驟A編譯zlib會失敗。(補救措施:從其他相同系統的伺服器上覆
制/lib64、/usr/lib和/usr/lib64目錄下的libcrypto.so.10、libssl.so.10、libz.so.1、libz.so.1.2.3
四個檔案到相應目錄即可。可透過whereis、locate或find命令找到這些檔案的位置)
[root@localhost zlib-1.2.11]# rpm -qa|grep zlib
zlib-1.2.7-17.el7.x86_64
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# rpm -e --nodeps zlib
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# rpm -qa|grep zlib
rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
[root@localhost zlib-1.2.11]#
安裝之前編譯好的zlib
[root@localhost zlib-1.2.11]# make install
rm -f /usr/lib/libz.a
cp libz.a /usr/lib
chmod 644 /usr/lib/libz.a
cp libz.so.1.2.11 /usr/lib
chmod 755 /usr/lib/libz.so.1.2.11
rm -f /usr/share/man/man3/zlib.3
cp zlib.3 /usr/share/man/man3
chmod 644 /usr/share/man/man3/zlib.3
rm -f /usr/lib/pkgconfig/zlib.pc
cp zlib.pc /usr/lib/pkgconfig
chmod 644 /usr/lib/pkgconfig/zlib.pc
rm -f /usr/include/zlib.h /usr/include/zconf.h
cp zlib.h zconf.h /usr/include
chmod 644 /usr/include/zlib.h /usr/include/zconf.h
[root@localhost zlib-1.2.11]#
共享庫註冊
zlib安裝完成後,會在/usr/lib目錄中生產zlib相關庫檔案,需要將這些共享庫檔案註冊到系統
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# echo '/usr/lib' >> /etc/ld.so.conf
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ll /etc/ld.so.conf
-rw-r--r--. 1 root root 37 Nov 27 01:38 /etc/ld.so.conf
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# cat /etc/ld.so.conf
include ld.so.conf.d/*.conf
/usr/lib
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so.1
lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so.1 -> libz.so.1.2.11
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so
lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so -> libz.so.1.2.11
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so.1
lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so.1 -> libz.so.1.2.11
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# ldconfig
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
升級OpenSSL
官方升級文件
備份當前openssl
[root@localhost zlib-1.2.11]# find / -name openssl
/etc/pki/ca-trust/extracted/openssl
/usr/bin/openssl
/usr/lib64/openssl
[root@localhost zlib-1.2.11]# mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.20181127.old
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# mv /usr/bin/openssl /usr/bin/openssl.20181127.old
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# mv /usr/lib64/openssl /usr/lib64/openssl.20181127.old
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.20181127.old
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.20181127.old
[root@localhost zlib-1.2.11]#
解除安裝當前openssl
[root@localhost zlib-1.2.11]# rpm -qa|grep openssl |xargs
openssl-1.0.2k-8.el7.x86_64 xmlsec1-openssl-1.2.20-5.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}
warning: file /usr/bin/openssl: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory
warning: file /usr/lib64/openssl/engines: remove failed: No such file or directory
warning: file /usr/lib64/openssl: remove failed: No such file or directory
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# rpm -qa|grep openssl |xargs
解壓openssl-1.0.2q.tar.gz原始碼
[root@localhost zlib-1.2.11]#
[root@localhost zlib-1.2.11]# cd ..
[root@localhost soft]# ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz
[root@localhost soft]# tar -xvzf openssl-1.0.2q.tar.gz
[root@localhost soft]#
openssl配置檢查
[root@localhost soft]# cd openssl-1.0.2q
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# ls
ACKNOWLEDGMENTS CHANGES crypto e_os.h INSTALL INSTALL.OS2 LICENSE Makefile.shared openssl.doxy README.ASN1 tools
apps CHANGES.SSLeay demos FAQ install.com INSTALL.VMS MacOS makevms.com openssl.spec README.ENGINE util
appveyor.yml config doc GitConfigure INSTALL.DJGPP INSTALL.W32 Makefile ms os2 shlib VMS
bugs Configure engines GitMake INSTALL.MacOS INSTALL.W64 Makefile.bak Netware PROBLEMS ssl
certs CONTRIBUTING e_os2.h include INSTALL.NW INSTALL.WCE Makefile.org NEWS README test
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
…………………………………………………………………………省略…………………………………………………………………………………………
generating dummy tests (if needed)...
make[1]: Entering directory `/soft/openssl-1.0.2q/test'
md2test.c => dummytest.c
rc5test.c => dummytest.c
jpaketest.c => dummytest.c
make[1]: Leaving directory `/soft/openssl-1.0.2q/test'
Configured for linux-x86_64.
[root@localhost openssl-1.0.2q]#
openssl原始碼編譯
[root@localhost openssl-1.0.2q]# make
making all in crypto...
make[1]: Entering directory `/soft/openssl-1.0.2q/crypto'
/usr/bin/perl ../util/mkbuildinf.pl "gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM" "linux-x86_64" >buildinf.h
………………………………………………………………………………省略…………………………………………………………………………………………
gcc -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o dummytest.o dummytest.c
make[2]: Entering directory `/soft/openssl-1.0.2q/test'
make[2]: Leaving directory `/soft/openssl-1.0.2q/test'
make[1]: Leaving directory `/soft/openssl-1.0.2q/test'
making all in tools...
make[1]: Entering directory `/soft/openssl-1.0.2q/tools'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/soft/openssl-1.0.2q/tools'
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
Openssl測試
[root@localhost openssl-1.0.2q]# make test
testing...
make[1]: Entering directory `/soft/openssl-1.0.2q/test'
make[2]: Entering directory `/soft/openssl-1.0.2q'
making all in apps...
make[3]: Entering directory `/soft/openssl-1.0.2q/apps'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/soft/openssl-1.0.2q/apps'
make[2]: Leaving directory `/soft/openssl-1.0.2q'
../util/shlib_wrap.sh ./destest
…………………………………………………………………………………省略……………………………………………………………………………………
ALL OCSP TESTS SUCCESSFUL
Test X509v3_check_*
../util/shlib_wrap.sh ./v3nametest
../util/shlib_wrap.sh ./heartbeat_test
Test constant time utilites
../util/shlib_wrap.sh ./constant_time_test
Testing constant time operations...
ok (ran 1908 tests)
test_verify_extra
../util/shlib_wrap.sh ./verify_extra_test
PASS
test_clienthello
../util/shlib_wrap.sh ./clienthellotest
test_sslv2conftest
……………………………………………………………………………………省略…………………………………………………………………………………
*
*---- START OF RECORD ----
** Record Content-type: 22
** Record Version: fefd
** Record Epoch: 1
** Record Sequence: 000000000000
** Record Length: 64
**---- START OF HANDSHAKE MESSAGE FRAGMENT ----
**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----
*---- END OF RECORD ----
---- END OF PACKET ----
PASS
test_bad_dtls
../util/shlib_wrap.sh ./bad_dtls_test
test_fatalerr
../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
SSL_accept() failed -1, 1
140342688954048:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:
test_x509_time
../util/shlib_wrap.sh ./x509_time_test
PASS
make[1]: Leaving directory `/soft/openssl-1.0.2q/test'
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
OpenSSL 1.0.2q 20 Nov 2018
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/ssl"
[root@localhost openssl-1.0.2q]#
Openssl安裝
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# make install
making all in crypto...
make[1]: Entering directory `/soft/openssl-1.0.2q/crypto'
making all in crypto/objects...
……………………………………………………………………………………省略………………………………………………………………………………
installing libcrypto.a
installing libssl.a
installing libcrypto.so.1.0.0
installing libssl.so.1.0.0
make[1]: Entering directory `/usr/lib64'
make[2]: Entering directory `/usr/lib64'
make[2]: Leaving directory `/usr/lib64'
make[2]: Entering directory `/usr/lib64'
make[2]: Leaving directory `/usr/lib64'
make[1]: Leaving directory `/usr/lib64'
cp libcrypto.pc /usr/lib64/pkgconfig
chmod 644 /usr/lib64/pkgconfig/libcrypto.pc
cp libssl.pc /usr/lib64/pkgconfig
chmod 644 /usr/lib64/pkgconfig/libssl.pc
cp openssl.pc /usr/lib64/pkgconfig
chmod 644 /usr/lib64/pkgconfig/openssl.pc
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
驗證Openssl升級是否成功
[root@localhost openssl-1.0.2q]# openssl version
OpenSSL 1.0.2q 20 Nov 2018
[root@localhost openssl-1.0.2q]#
恢復共享庫
由於OpenSSL_1.0.2q不提供libcrypto.so.10和libssl.so.10這兩個庫,而yum、wget等工具又依賴此庫,因此需要將先前備份的這兩個庫進行恢復,其他的可視情況考慮是否恢復。
[root@localhost openssl-1.0.2q]# mv /usr/lib64/libcrypto.so.10.20181127.old /usr/lib64/libcrypto.so.10
mv: overwrite ‘/usr/lib64/libcrypto.so.10’? y
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# mv /usr/lib64/libssl.so.10.20181127.old /usr/lib64/libssl.so.10
mv: overwrite ‘/usr/lib64/libssl.so.10’? y
[root@localhost openssl-1.0.2q]#
Openssh安裝前環境配置
[root@localhost openssl-1.0.2q]# mv /etc/ssh /etc/ssh.old
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# rpm -qa|grep openssh
openssh-server-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64
openssh-7.4p1-11.el7.x86_64
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
warning: file /etc/ssh/sshd_config: remove failed: No such file or directory
warning: file /etc/ssh/ssh_config: remove failed: No such file or directory
warning: file /etc/ssh/moduli: remove failed: No such file or directory
warning: file /etc/ssh: remove failed: No such file or directory
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# install -v -m700 -d /var/lib/sshd
install: creating directory ‘/var/lib/sshd’
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# chown -v root:sys /var/lib/sshd
changed ownership of ‘/var/lib/sshd’ from root:root to root:sys
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# groupadd -g 50 sshd
groupadd: group 'sshd' already exists
[root@localhost openssl-1.0.2q]#
[root@localhost openssl-1.0.2q]# useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
useradd: user 'sshd' already exists
[root@localhost openssl-1.0.2q]#
解壓openssh7.6p1.tar.gz原始碼
[root@localhost openssl-1.0.2q]# cd ..
[root@localhost soft]# ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz
[root@localhost soft]# tar -xvzf openssh-7.9p1.tar.gz
[root@localhost soft]#
[root@localhost soft]# cd openssh-7.9p1
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# ls
aclocal.m4 cipher-aesctr.c gss-genr.c moduli.0 README.dns ssh-add.1 sshlogin.c
addrmatch.c cipher-aesctr.h gss-serv.c moduli.5 README.platform ssh-add.c sshlogin.h
atomicio.c cipher.c gss-serv-krb5.c moduli.c README.privsep ssh-agent.0 ssh-pkcs11.c
atomicio.h cipher-chachapoly.c hash.c monitor.c README.tun ssh-agent.1 ssh-pkcs11-client.c
audit-bsm.c cipher-chachapoly.h hmac.c monitor_fdpass.c readpass.c ssh-agent.c ssh-pkcs11.h
audit.c cipher-ctr.c hmac.h monitor_fdpass.h regress ssh_api.c ssh-pkcs11-helper.0
audit.h cipher.h hostfile.c monitor.h rijndael.c ssh_api.h ssh-pkcs11-helper.8
audit-linux.c cleanup.c hostfile.h monitor_wrap.c rijndael.h sshbuf.c ssh-pkcs11-helper.c
auth2.c clientloop.c includes.h monitor_wrap.h sandbox-capsicum.c sshbuf-getput-basic.c sshpty.c
auth2-chall.c clientloop.h INSTALL msg.c sandbox-darwin.c sshbuf-getput-crypto.c sshpty.h
auth2-gss.c compat.c install-sh msg.h sandbox-null.c sshbuf.h ssh-rsa.c
auth2-hostbased.c compat.h kex.c mux.c sandbox-pledge.c sshbuf-misc.c ssh-sandbox.h
auth2-kbdint.c config.guess kexc25519.c myproposal.h sandbox-rlimit.c ssh.c sshtty.c
auth2-none.c config.h.in kexc25519c.c nchan2.ms sandbox-seccomp-filter.c ssh_config ssh-xmss.c
auth2-passwd.c config.sub kexc25519s.c nchan.c sandbox-solaris.c ssh_config.0 survey.sh.in
auth2-pubkey.c configure kexdh.c nchan.ms sandbox-systrace.c ssh_config.5 TODO
auth-bsdauth.c configure.ac kexdhc.c opacket.c sc25519.c sshconnect2.c ttymodes.c
auth.c contrib kexdhs.c opacket.h sc25519.h sshconnect.c ttymodes.h
authfd.c crc32.c kexecdh.c openbsd-compat scp.0 sshconnect.h uidswap.c
authfd.h crc32.h kexecdhc.c opensshd.init.in scp.1 sshd.0 uidswap.h
authfile.c CREDITS kexecdhs.c openssh.xml.in scp.c sshd.8 umac128.c
authfile.h crypto_api.h kexgex.c OVERVIEW servconf.c sshd.c umac.c
auth.h defines.h kexgexc.c packet.c servconf.h sshd_config umac.h
auth-krb5.c dh.c kexgexs.c packet.h serverloop.c sshd_config.0 utf8.c
auth-options.c dh.h kex.h pathnames.h serverloop.h sshd_config.5 utf8.h
auth-options.h digest.h krl.c pkcs11.h session.c ssh-dss.c uuencode.c
auth-pam.c digest-libc.c krl.h platform.c session.h ssh-ecdsa.c uuencode.h
auth-pam.h digest-openssl.c LICENCE platform.h sftp.0 ssh-ed25519.c verify.c
auth-passwd.c dispatch.c log.c platform-misc.c sftp.1 ssherr.c version.h
auth-rhosts.c dispatch.h log.h platform-pledge.c sftp.c ssherr.h xmalloc.c
auth-shadow.c dns.c loginrec.c platform-tracing.c sftp-client.c ssh-gss.h xmalloc.h
auth-sia.c dns.h loginrec.h poly1305.c sftp-client.h ssh.h xmss_commons.c
auth-sia.h ed25519.c logintest.c poly1305.h sftp-common.c sshkey.c xmss_commons.h
auth-skey.c entropy.c mac.c progressmeter.c sftp-common.h ssh-keygen.0 xmss_fast.c
bitmap.c entropy.h mac.h progressmeter.h sftp-glob.c ssh-keygen.1 xmss_fast.h
bitmap.h fatal.c Makefile.in PROTOCOL sftp.h ssh-keygen.c xmss_hash_address.c
buildpkg.sh.in fe25519.c match.c PROTOCOL.agent sftp-server.0 sshkey.h xmss_hash_address.h
canohost.c fe25519.h match.h PROTOCOL.certkeys sftp-server.8 ssh-keyscan.0 xmss_hash.c
canohost.h fixalgorithms md5crypt.c PROTOCOL.chacha20poly1305 sftp-server.c ssh-keyscan.1 xmss_hash.h
chacha.c fixpaths md5crypt.h PROTOCOL.key sftp-server-main.c ssh-keyscan.c xmss_wots.c
chacha.h ge25519_base.data mdoc2man.awk PROTOCOL.krl smult_curve25519_ref.c ssh-keysign.0 xmss_wots.h
ChangeLog ge25519.c misc.c PROTOCOL.mux ssh.0 ssh-keysign.8
channels.c ge25519.h misc.h readconf.c ssh.1 ssh-keysign.c
channels.h groupaccess.c mkinstalldirs readconf.h ssh2.h sshkey-xmss.c
cipher-aes.c groupaccess.h moduli README ssh-add.0 sshkey-xmss.h
[root@localhost openssh-7.9p1]#
Openssh配置檢查
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam--with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd
configure: WARNING: unrecognized options: --with-pam--with-zlib, --with-openssl-includes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
…………………………………………………………………………省略…………………………………………………………………………………………
configure: WARNING: unrecognized options: --with-pam--with-zlib, --with-openssl-includes
OpenSSH has been configured with the following options:
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc/ssh
Askpass program: /usr/libexec/ssh-askpass
Manual pages: /usr/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/lib/sshd
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
MD5 password support: yes
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
Libraries: -lcrypto -ldl -lutil -lz -lcrypt -lresolv
編譯Openssh
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# make
conffile=`echo sshd_config.out | sed 's/.out$//'`; \
/usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/ssh/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/ssh/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/ssh/moduli|g' -e 's|/etc/ssh/moduli|/etc/ssh/moduli|g' -e 's|/etc/ssh/sshrc|/etc/ssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|undefined|g' -e 's|/var/empty|/var/lib/sshd|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin|g' ./${conffile} > sshd_config.out
………………………………………………………………………………………省略………………………………………………………………………………
gcc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz -lcrypt -lresolv
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
安裝Openssh
[root@localhost openssh-7.9p1]# make install
(cd openbsd-compat && make)
make[1]: Entering directory `/soft/openssh-7.9p1/openbsd-compat'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/soft/openssh-7.9p1/openbsd-compat'
/usr/bin/mkdir -p /usr/bin
/usr/bin/mkdir -p /usr/sbin
/usr/bin/mkdir -p /usr/share/man/man1
/usr/bin/mkdir -p /usr/share/man/man5
/usr/bin/mkdir -p /usr/share/man/man8
/usr/bin/mkdir -p /usr/libexec
/usr/bin/mkdir -p -m 0755 /var/lib/sshd
/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh
/usr/bin/install -c -m 0755 -s scp /usr/bin/scp
/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add
/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent
/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen
/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan
/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd
/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign
/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper
/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp
/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server
/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1
/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1
/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1
/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1
/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1
/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1
/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5
/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5
/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5
/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8
/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1
/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8
/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8
/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8
/usr/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
Openssh安裝後環境配置
# 在openssh編譯目錄執行如下命令
[root@localhost openssh-7.9p1]# install -v -m755 contrib/ssh-copy-id /usr/bin
‘contrib/ssh-copy-id’ -> ‘/usr/bin/ssh-copy-id’
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
‘contrib/ssh-copy-id.1’ -> ‘/usr/share/man/man1/ssh-copy-id.1’
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# install -v -m755 -d /usr/share/doc/openssh-7.9p1
install: creating directory ‘/usr/share/doc/openssh-7.9p1’
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1
‘INSTALL’ -> ‘/usr/share/doc/openssh-7.9p1/INSTALL’
‘LICENCE’ -> ‘/usr/share/doc/openssh-7.9p1/LICENCE’
‘OVERVIEW’ -> ‘/usr/share/doc/openssh-7.9p1/OVERVIEW’
‘README’ -> ‘/usr/share/doc/openssh-7.9p1/README’
‘README.dns’ -> ‘/usr/share/doc/openssh-7.9p1/README.dns’
‘README.platform’ -> ‘/usr/share/doc/openssh-7.9p1/README.platform’
‘README.privsep’ -> ‘/usr/share/doc/openssh-7.9p1/README.privsep’
‘README.tun’ -> ‘/usr/share/doc/openssh-7.9p1/README.tun’
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
驗證Openssh是否升級成功
[root@localhost openssh-7.9p1]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
啟用OpenSSH服務
[root@localhost openssh-7.9p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# chmod +x /etc/init.d/sshd
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# chkconfig --add sshd
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# chkconfig sshd on
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# chkconfig --list sshd
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost openssh-7.9p1]#
7版本命令檢視
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
Nov 27 01:04:34 localhost.localdomain sshd[11784]: Accepted password for root from 192.168.95.1 port 63419 ssh2
Nov 27 01:04:45 localhost.localdomain sshd[11793]: Accepted password for root from 192.168.95.1 port 63420 ssh2
Nov 27 01:04:49 localhost.localdomain sshd[11802]: Accepted password for root from 192.168.95.1 port 63421 ssh2
Nov 27 01:11:05 localhost.localdomain sshd[11873]: Accepted password for root from 192.168.95.1 port 63468 ssh2
Nov 27 01:13:10 localhost.localdomain sshd[11884]: Accepted password for root from 192.168.95.1 port 51001 ssh2
Nov 27 01:13:10 localhost.localdomain sshd[11886]: Accepted password for root from 192.168.95.1 port 51002 ssh2
Nov 27 01:23:00 localhost.localdomain sshd[12053]: Accepted password for root from 192.168.95.1 port 52076 ssh2
Nov 27 01:53:53 localhost.localdomain systemd[1]: Stopping OpenSSH server daemon...
Nov 27 01:53:53 localhost.localdomain sshd[1108]: Received signal 15; terminating.
Nov 27 01:53:53 localhost.localdomain systemd[1]: Stopped OpenSSH server daemon.
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]#
重啟sshd服務
[root@localhost openssh-7.9p1]# systemctl restart sshd
[root@localhost openssh-7.9p1]#
[root@localhost openssh-7.9p1]# reboot
方法二:
systemctl status sshd.service
啟動服務:
systemctl start sshd.service
重啟服務:
systemctl restart sshd.service
開機自啟:
systemctl enable sshd.service
重啟作業系統生效
reboot
檢視Openssh、Openssl升級情況
[root@localhost ~]#
[root@localhost ~]# ssh -V
OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
[root@localhost ~]#
[root@localhost ~]#
解除安裝telnet
[root@localhost ~]# yum remove telnet* xinetd y
檢視SSH啟動狀態
[root@localhost ~]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Tue 2018-11-27 02:03:23 EST; 11min ago
Docs: man:systemd-sysv-generator(8)
Process: 1009 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 1072 (sshd)
CGroup: /system.slice/sshd.service
├─1072 /usr/sbin/sshd
├─1326 sshd: root@pts/0
├─1328 -bash
└─1360 systemctl status sshd.service
Nov 27 02:03:23 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...
Nov 27 02:03:23 localhost.localdomain sshd[1072]: Server listening on 0.0.0.0 port 22.
Nov 27 02:03:23 localhost.localdomain sshd[1072]: Server listening on :: port 22.
Nov 27 02:03:23 localhost.localdomain sshd[1009]: Starting sshd:[ OK ]
Nov 27 02:03:23 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
Nov 27 02:04:05 localhost.localdomain sshd[1326]: Accepted password for root from 192.168.95.1 port 49961 ssh2
[root@localhost ~]#
檢視Bash當前版本
[root@localhost ~]# rpm -qa|grep bash
bash-4.2.46-28.el7.x86_64
[root@localhost ~]#
[root@test soft]# rpm -Uvh bash-4.2.46-29.el7_4.x86_64.rpm
warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bash-4.2.46-29.el7_4 ################################# [ 50%]
Cleaning up / removing...
2:bash-4.2.46-28.el7 ################################# [100%]
[root@test soft]#
[root@test soft]#
[root@test ~]# rpm -qa|grep bash
bash-4.2.46-29.el7_4.x86_64
[root@test ~]#
系統調優
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
systemctl status NetworkManager.service
systemctl stop abrt-ccpp.service
systemctl disable abrt-ccpp.service
systemctl status abrt-ccpp.service
systemctl stop abrtd.service
systemctl disable abrtd.service
systemctl status abrtd.service
systemctl stop atd.service
systemctl disable atd.service
systemctl status atd.service
systemctl stop auditd.service
systemctl disable auditd.service
systemctl status auditd.service
systemctl stop autofs.service
systemctl disable autofs.service
systemctl status autofs.service
systemctl stop blk-availability.service
systemctl disable blk-availability.service
systemctl status blk-availability.service
systemctl stop certmonger.service
systemctl disable certmonger.service
systemctl status certmonger.service
systemctl stop cpus.service
systemctl disable cpus.service
systemctl status cpus.service
systemctl stop irqbalance.service
systemctl disable irqbalance.service
systemctl status irqbalance.service
systemctl stop libvirt-guests.service
systemctl disable libvirt-guests.service
systemctl status libvirt-guests.service
systemctl stop lvm2-monitor.service
systemctl disable lvm2-monitor.service
systemctl status lvm2-monitor.service
systemctl stop mdmonitor.service
systemctl disable mdmonitor.service
systemctl status mdmonitor.service
systemctl stop messagebus.service
systemctl disable messagebus.service
systemctl status messagebus.service
systemctl stop postfix.service
systemctl disable postfix.service
systemctl status postfix.service
systemctl stop rhsmcertd.service
systemctl disable rhsmcertd.service
systemctl status rhsmcertd.service
systemctl stop rpcbind.service
systemctl disable rpcbind.service
systemctl status rpcbind.service
systemctl stop rpcgssd.service
systemctl disable rpcgssd.service
systemctl status rpcgssd.service
systemctl disable cups
systemctl disable cups.path
systemctl disable cups.service
systemctl disable cups.socket
systemctl disable abrt-ccpp.service
systemctl disable abrt-oops.service
systemctl disable abrt-xorg.service
systemctl disable abrtd.service
systemctl disable cups.service
systemctl disable httpd.service
systemctl disable iscsid.service
systemctl disable iscsid.socket
systemctl disable iscsi.service
systemctl disable iscsi-shutdown.service
systemctl disable iscsiuio.service
systemctl disable iscsiuio.socket
systemctl disable libvirtd.service
systemctl disable libvirtd.socket
systemctl disable libvirt-guests.service
systemctl disable nfs-blkmap.service
systemctl disable nfs-client.target
systemctl disable nfs-config.service
systemctl disable nfs-idmapd.service
systemctl disable nfs-idmap.service
systemctl disable nfs-lock.service
systemctl disable nfslock.service
systemctl disable nfs-mountd.service
systemctl disable nfs-secure-server.service
systemctl disable nfs-secure.service
systemctl disable nfs-server.service
systemctl disable nfs.service
systemctl disable nfs.target.wants
systemctl disable nfs-utils.service
systemctl disable smartcard.target
systemctl disable smartd.service
systemctl disable vsftpd.service
systemctl disable vsftpd@.service
systemctl disable vsftpd.target
systemctl disable bluetooth.service
systemctl disable bluetooth.target
RHEL6版本調優
chkconfig sendmail off
chkconfig isdn off
chkconfig pcmcia off
chkconfig iptables off
chkconfig mdmonitor off
chkconfig rhnsdoff
chkconfig smartdoff
chkconfig cupsoff
chkconfig cups-config-daemon off
chkconfig iiim off
chkconfig httpd off
chkconfig squid off
chkconfig smb off
chkconfig ip6tables off
chkconfig gpm off
chkconfig xend off
chkconfig bluetooth off
chkconfig hidd off
chkconfig pcscd off
chkconfig iscsi off
chkconfig iscsid off
chkconfig avahi-daemon off
chkconfig tog-pegasus off
chkconfig yum-updatesd off
chkconfig irqbalance off
chkconfig mcstrans off
chkconfig NetworkManager off
chkconfig cpuspeed off
chkconfig irqbalance off
chkconfig bmc-watchdog off
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/31520497/viewspace-2703087/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Linux系統調優Linux
- ModStartCMS 系統升級指引
- 架構師能力升級:掌握JVM科學調優架構JVM
- 怎麼升級win11系統?升級Win11系統的方法
- win10 系統如何升級_電腦怎麼升級系統win10Win10
- Linux系統效能調優技巧Linux
- Linux系統調優介紹Linux
- Ubuntu 16.04 升級Linux 系統核心UbuntuLinux
- Fedora 30系統的升級方法
- redhat系統升級openssh到7.5Redhat
- 豐田系統,是福特系統的升級版?
- 怎麼升級win10系統 xpwin7系統怎麼升級windows10Win10Win7Windows
- 為什麼SAP ECC系統需要升級?升級路徑有哪些?
- win10系統升級在哪裡_win10如何升級更新Win10
- 如何升級電腦windows版本 windows系統版本升級方法介紹Windows
- window系統下升級node和npmNPM
- windowsxp怎麼升級為windows10 xp系統升級為win10系統方法介紹WindowsWin10
- w7系統怎麼升級w10系統
- 電腦系統怎麼升級到win10?win7升級win10系統操作教程Win10Win7
- hive企業級調優Hive
- OTA升級更新系統預設設定
- Ctyun系統升級OpenSSH 9.3詳細教程
- 視訊會議系統升級改造方案
- 由門禁系統引起的升級改造
- MES系統助力企業轉型升級
- 升級mac Mojave系統,git無法使用MacGit
- Win10 32位系統是否可以直接升級到64位|windows10 32位系統怎麼升級64位系統Win10Windows
- 系統升級Apply LUT外掛不能使用,FCPX如何匯入LUT調色預設APP
- linux系統關於kernel.sem調優Linux
- 32位怎麼升級64位系統 win7win1032系統升級64位方法介紹Win7Win10
- win7系統升級到win10方法_WIN7怎麼升級WIN10系統Win7Win10
- 升級Win10 2004系統卡在61%不動無法升級如何解決Win10
- NAS升級如何恢復系統資料夾?
- Linux系統安裝及升級kangle+EasyPanelLinux
- 電腦win7怎麼升級win10系統 win7怎麼升級win10系統版本Win7Win10
- 怎麼使用360win10升級助手升級win10系統【圖文教程】Win10
- mediacreationtool升級win10操作步驟_mediacreationtool工具怎麼升級win10系統Win10
- 在Linux中,如何進行系統效能調優?Linux