Openssh-7.9p1-Openssl1.0.2q-zlib-1.2.11升級+系統調優

Last login: Tue Nov 27 00:55:36 2018

[root@localhost ~]#

[root@localhost ~]# mkdir -p /soft

[root@localhost ~]#

[root@localhost ~]# cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

[root@localhost ~]#

關閉防火牆

[root@localhost ~]# systemctl stop firewalld.service

[root@localhost ~]#

[root@localhost ~]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

檢視防火牆

[root@localhost ~]#

[root@localhost ~]# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

Active: inactive (dead)

Docs: man:firewalld(1)

Nov 27 00:52:26 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...

Nov 27 00:52:26 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.

Nov 27 00:52:27 localhost.localdomain firewalld[828]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

Nov 27 01:15:45 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...

Nov 27 01:15:47 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.

[root@localhost ~]#

配置YUM源

[root@localhost ~]# vi /etc/yum.conf

[centosdvd]

name=centosdvd

baseurl=file:///mnt

enabled=1

gpgcheck=0

[main]

cachedir=/var/cache/yum/$basearch/$releasever

keepcache=0

debuglevel=2

logfile=/var/log/yum.log

exactarch=1

obsoletes=1

gpgcheck=1

plugins=1

installonly_limit=5

bugtracker_url=

distroverpkg=centos-release

# This is the default, if you make this bigger yum won't see if the metadata

# is newer on the remote and so you'll "gain" the bandwidth of not having to

# download the new metadata and "pay" for it by yum not having correct

# information.

# It is esp. important, to have correct metadata, for distributions like

# Fedora which don't keep old packages around. If you don't like this checking

# interupting your command line usage, it's much better to have something

# manually check the metadata once an hour (yum-updatesd will do this).

# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo

# in /etc/yum.repos.d

備份系統自帶YUM

[root@localhost ~]#

yum/ yum.conf yum.repos.d/

[root@localhost ~]# mkdir -p /etc/yum.repos.d/bak20181127

[root@localhost ~]#

[root@localhost ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak20181127/

[root@localhost ~]#

[root@localhost ~]# ls -l /etc/yum.repos.d/

total 0

drwxr-xr-x. 2 root root 187 Nov 27 01:17 bak20181127

[root@localhost ~]#

掛接系統映象檔案

[root@localhost ~]# mkdir -p /mnt

[root@localhost ~]#

[root@localhost ~]# mount -o loop /soft/CentOS-7.4-x86_64-Everything-1708.iso /mnt/

mount: /dev/loop0 is write-protected, mounting read-only

[root@localhost ~]#

清除YUM快取

[root@localhost ~]# yum clean all

Loaded plugins: fastestmirror

Cleaning repos: centosdvd

Cleaning up everything

Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos

[root@localhost ~]#

製作YUM快取

[root@localhost ~]# yum makecache

Loaded plugins: fastestmirror

centosdvd | 3.6 kB 00:00:00

(1/4): centosdvd/group_gz | 156 kB 00:00:00

(2/4): centosdvd/primary_db | 5.7 MB 00:00:00

(3/4): centosdvd/filelists_db | 6.7 MB 00:00:00

(4/4): centosdvd/other_db | 2.5 MB 00:00:00

Determining fastest mirrors

Metadata Cache Created

[root@localhost ~]#

檢視YUM

[root@localhost ~]# yum list

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Installed Packages

GeoIP.x86_64 1.5.0-11.el7 @anaconda

NetworkManager.x86_64 1:1.8.0-9.el7 @anaconda

NetworkManager-libnm.x86_64 1:1.8.0-9.el7 @anaconda

NetworkManager-team.x86_64 1:1.8.0-9.el7 @anaconda

NetworkManager-tui.x86_64 1:1.8.0-9.el7 @anaconda

NetworkManager-wifi.x86_64 1:1.8.0-9.el7 @anaconda

acl.x86_64 2.2.51-12.el7 @anaconda

aic94xx-firmware.noarch 30-6.el7 @anaconda

alsa-firmware.noarch 1.0.28-2.el7 @anaconda

alsa-lib.x86_64 1.1.3-3.el7 @anaconda

alsa-tools-firmware.x86_64 1.1.0-1.el7 @anaconda

audit.x86_64 2.7.6-3.el7 @anaconda

audit-libs.x86_64 2.7.6-3.el7 @anaconda

authconfig.x86_64 6.2.8-30.el7 @anaconda

basesystem.noarch 10.0-7.el7.centos @anaconda

bash.x86_64 4.2.46-28.el7 @anaconda

bind-libs-lite.x86_64 32:9.9.4-50.el7 @anaconda

bind-license.noarch 32:9.9.4-50.el7 @anaconda

binutils.x86_64 2.25.1-31.base.el7 @anaconda

biosdevname.x86_64 0.7.2-2.el7 @anaconda

…………………………………………………………省略…………………………………………………………………………………………………

zsh-html.x86_64 5.0.2-28.el7 centosdvd

zziplib.i686 0.13.62-5.el7 centosdvd

zziplib.x86_64 0.13.62-5.el7 centosdvd

zziplib-devel.i686 0.13.62-5.el7 centosdvd

zziplib-devel.x86_64 0.13.62-5.el7 centosdvd

zziplib-utils.x86_64 0.13.62-5.el7 centosdvd

[root@localhost ~]#

[root@localhost ~]# ifconfig -a

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.95.11 netmask 255.255.255.0 broadcast 192.168.95.255

inet6 fe80::56ae:158f:89dd:b662 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:df:9e:6b txqueuelen 1000 (Ethernet)

RX packets 37952144 bytes 11893770589 (11.0 GiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 11114198 bytes 790613626 (753.9 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 1 (Local Loopback)

RX packets 448 bytes 38976 (38.0 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 448 bytes 38976 (38.0 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

安裝telnet服務並啟用

因升級OpenSSH過程中需要解除安裝現有OpenSSH, 因此為了保持伺服器的遠端連線可用，需

要啟用telnet服務作為替代，如升級出現問題，也可透過telnet登入伺服器進行回退。

同時安裝telnet守護程式：xinetd

安裝telnet服務

[root@localhost ~]#

[root@localhost ~]# yum install telnet* xinetd y

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Resolving Dependencies

--> Running transaction check

---> Package telnet.x86_64 1:0.17-64.el7 will be installed

---> Package xinetd.x86_64 2:2.3.15-13.el7 will be installed

---> Package telnet-server.x86_64 1:0.17-64.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================

Package Arch Version Repository Size

================================================================================================================================================================

Installing:

telnet-server x86_64 1:0.17-64.el7 centosdvd 41 k

Dependencies Resolved

================================================================================================================================================================

Package Arch Version Repository Size

================================================================================================================================================================

Installing:

telnet x86_64 1:0.17-64.el7 centosdvd 64 k

xinetd x86_64 2:2.3.15-13.el7 centosdvd 128 k

Transaction Summary

================================================================================================================================================================

Install 3 Packages

Total download size: 192 k

Installed size: 374 k

Is this ok [y/d/N]: y

Downloading packages:

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 1.5 MB/s | 192 kB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : 2:xinetd-2.3.15-13.el7.x86_64 1/2

Installing : 1:telnet-0.17-64.el7.x86_64

Installing : 3:telnet-server-0.17-64.el7.x86_64 1/1

Verifying : 3:telnet-server-0.17-64.el7.x86_64 2/2

Verifying : 1:telnet-0.17-64.el7.x86_64 1/2

Verifying : 2:xinetd-2.3.15-13.el7.x86_64 2/2

Installed:

telnet.x86_64 1:0.17-64.el7 xinetd.x86_64 2:2.3.15-13.el7

Complete!

[root@localhost ~]#

[root@localhost ~]# rpm -qa|grep telnet

telnet-0.17-64.el7.x86_64

[root@localhost ~]#

[root@localhost ~]# rpm -qa|grep xinetd

xinetd-2.3.15-13.el7.x86_64

[root@localhost ~]#

將xinetd服務加入開機自啟動

[root@localhost ~]# systemctl enable xinetd.service

[root@localhost ~]#

將telnet服務加入開機自啟動

[root@localhost ~]# systemctl enable telnet.socket

Created symlink from /etc/systemd/system/sockets.target.wants/telnet.socket to /usr/lib/systemd/system/telnet.socket.

[root@localhost ~]#

重啟服務：

由於telnet服務也是由xinetd守護的，所以安裝完telnet-server，要啟動telnet服務就必須重新啟動xinetd

[root@localhost ~]#

[root@localhost ~]# systemctl restart telnet.socket

[root@localhost ~]#

[root@localhost ~]# systemctl restart xinetd

[root@localhost ~]#

配置telnet root使用者訪問

linux預設情況下root使用者使用telnet是登入不了的，需要修改/etc/secrueety檔案末尾加入pts/1、pts/2、pts/3或者可以把secrueety檔案重新命名均可；

[root@localhost ~]# vi /etc/securetty

console

vc/1

vc/2

vc/3

vc/4

vc/5

vc/6

vc/7

vc/8

vc/9

vc/10

vc/11

tty1

tty2

tty3

tty4

tty5

tty6

tty7

tty8

tty9

tty10

tty11

ttyS0

ttysclp0

sclp_line0

3270/tty1

hvc0

hvc1

hvc2

hvc3

hvc4

hvc5

hvc6

hvc7

hvsi0

hvsi1

hvsi2

xvc0

pts/1

pts/2

pts/3

"/etc/securetty" 43L, 245C written

[root@localhost ~]#

[root@localhost ~]# telnet 192.168.95.11 23

Trying 192.168.95.11...

Connected to 192.168.95.11.

Escape character is '^]'.

Kernel 3.10.0-693.el7.x86_64 on an x86_64

localhost login: root

Password:

Last login: Tue Nov 27 01:04:04 from 192.168.95.1

[root@localhost ~]#

[root@localhost ~]# exit

logout

Connection closed by foreign host.

[root@localhost ~]#

關閉Selinux

[root@localhost ~]#

[root@localhost ~]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

#SELINUX=enforcing

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

[root@localhost ~]#

[root@localhost ~]# setenforce 0

[root@localhost ~]#

安裝編譯所需工具包

[root@localhost ~]#

[root@localhost ~]# yum -y install gcc pamdevel zlibdevel perl

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Resolving Dependencies

--> Running transaction check

---> Package gcc.x86_64 0:4.8.5-16.el7 will be installed

--> Processing Dependency: cpp = 4.8.5-16.el7 for package: gcc-4.8.5-16.el7.x86_64

--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-16.el7.x86_64

--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-16.el7.x86_64

--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-16.el7.x86_64

---> Package perl.x86_64 4:5.16.3-292.el7 will be installed

--> Processing Dependency: perl-libs = 4:5.16.3-292.el7 for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl-macros for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl-libs for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Getopt::Long) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-292.el7.x86_64

--> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.16.3-292.el7.x86_64

--> Running transaction check

---> Package cpp.x86_64 0:4.8.5-16.el7 will be installed

---> Package glibc-devel.x86_64 0:2.17-196.el7 will be installed

--> Processing Dependency: glibc-headers = 2.17-196.el7 for package: glibc-devel-2.17-196.el7.x86_64

--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-196.el7.x86_64

---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed

---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed

---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed

---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed

---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed

---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed

---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed

---> Package perl-Getopt-Long.noarch 0:2.40-2.el7 will be installed

--> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-2.el7.noarch

--> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-2.el7.noarch

---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed

---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed

--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch

--> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch

---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed

---> Package perl-Socket.x86_64 0:2.010-4.el7 will be installed

---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed

---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed

---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed

---> Package perl-constant.noarch 0:1.27-2.el7 will be installed

---> Package perl-libs.x86_64 4:5.16.3-292.el7 will be installed

---> Package perl-macros.x86_64 4:5.16.3-292.el7 will be installed

---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed

---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed

--> Running transaction check

---> Package glibc-headers.x86_64 0:2.17-196.el7 will be installed

--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-196.el7.x86_64

--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-196.el7.x86_64

---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed

---> Package perl-Pod-Escapes.noarch 1:1.04-292.el7 will be installed

---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed

--> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch

--> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch

---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed

--> Running transaction check

---> Package kernel-headers.x86_64 0:3.10.0-693.el7 will be installed

---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed

--> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch

--> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch

---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed

--> Running transaction check

---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed

---> Package perl-parent.noarch 1:0.225-244.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================

Package Arch Version Repository Size

================================================================================================================================================================

Installing:

gcc x86_64 4.8.5-16.el7 centosdvd 16 M

perl x86_64 4:5.16.3-292.el7 centosdvd …………………………………………………………………………省略………………………………………………………………………………………………

Installed:

gcc.x86_64 0:4.8.5-16.el7 perl.x86_64 4:5.16.3-292.el7

Dependency Installed:

cpp.x86_64 0:4.8.5-16.el7 glibc-devel.x86_64 0:2.17-196.el7 glibc-headers.x86_64 0:2.17-196.el7

kernel-headers.x86_64 0:3.10.0-693.el7 libmpc.x86_64 0:1.0.1-3.el7 mpfr.x86_64 0:3.1.1-4.el7

perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7

perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7

perl-Getopt-Long.noarch 0:2.40-2.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7

perl-Pod-Escapes.noarch 1:1.04-292.el7 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7

perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-4.el7

perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7

perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-292.el7

perl-macros.x86_64 4:5.16.3-292.el7 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7

perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7

Complete!

[root@localhost ~]#

升級ZLIB

解壓zlib_1.2.11原始碼

[root@localhost ~]# cd /soft/

[root@localhost soft]# ls

CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11.tar.gz

[root@localhost soft]# tar -xvzf zlib-1.2.11.tar.gz

zlib配置檢查

[root@localhost soft]#

[root@localhost soft]# cd zlib-1.2.11

[root@localhost zlib-1.2.11]# ls

adler32.c configure deflate.h gzguts.h infback.c inflate.h make_vms.com qnx trees.h zconf.h.cmakein zlib.h zutil.h

amiga contrib doc gzlib.c inffast.c inftrees.c msdos README uncompr.c zconf.h.in zlib.map

ChangeLog crc32.c examples gzread.c inffast.h inftrees.h nintendods test watcom zlib2ansi zlib.pc.cmakein

CMakeLists.txt crc32.h FAQ gzwrite.c inffixed.h Makefile old treebuild.xml win32 zlib.3 zlib.pc.in

compress.c deflate.c gzclose.c INDEX inflate.c Makefile.in os400 trees.c zconf.h zlib.3.pdf zutil.c

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ./configure --prefix=/usr

Checking for gcc...

Checking for shared library support...

Building shared library libz.so.1.2.11 with gcc.

Checking for size_t... Yes.

Checking for off64_t... Yes.

Checking for fseeko... Yes.

Checking for strerror... Yes.

Checking for unistd.h... Yes.

Checking for stdarg.h... Yes.

Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf().

Checking for vsnprintf() in stdio.h... Yes.

Checking for return value of vsnprintf()... Yes.

Checking for attribute(visibility) support... Yes.

[root@localhost zlib-1.2.11]#

編譯zlib庫

[root@localhost zlib-1.2.11]# make

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o example.o test/example.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o adler32.o adler32.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o crc32.o crc32.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o deflate.o deflate.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o infback.o infback.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inffast.o inffast.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inflate.o inflate.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o inftrees.o inftrees.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o trees.o trees.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o zutil.o zutil.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o compress.o compress.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o uncompr.o uncompr.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzclose.o gzclose.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzlib.o gzlib.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzread.o gzread.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -c -o gzwrite.o gzwrite.c

ar rc libz.a adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example example.o -L. libz.a

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o minigzip.o test/minigzip.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip minigzip.o -L. libz.a

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/adler32.o adler32.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/crc32.o crc32.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/deflate.o deflate.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/infback.o infback.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inffast.o inffast.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inflate.o inflate.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/inftrees.o inftrees.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/trees.o trees.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/zutil.o zutil.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/compress.o compress.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/uncompr.o uncompr.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzclose.o gzclose.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzlib.o gzlib.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzread.o gzread.c

gcc -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -DPIC -c -o objs/gzwrite.o gzwrite.c

gcc -shared -Wl,-soname,libz.so.1,--version-script,zlib.map -O3 -fPIC -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o libz.so.1.2.11 adler32.lo crc32.lo deflate.lo infback.lo inffast.lo inflate.lo inftrees.lo trees.lo zutil.lo compress.lo uncompr.lo gzclose.lo gzlib.lo gzread.lo gzwrite.lo -lc

rm -f libz.so libz.so.1

ln -s libz.so.1.2.11 libz.so

ln -s libz.so.1.2.11 libz.so.1

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o examplesh example.o -L. libz.so.1.2.11

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzipsh minigzip.o -L. libz.so.1.2.11

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o example64.o test/example.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o example64 example64.o -L. libz.a

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -D_FILE_OFFSET_BITS=64 -c -o minigzip64.o test/minigzip.c

gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -o minigzip64 minigzip64.o -L. libz.a

[root@localhost zlib-1.2.11]#

解除安裝當前zlib

注意：此步驟必須在步驟A執行完畢後再執行，否則先解除安裝zlib後，/lib64/目錄下的zlib相

關庫檔案會被刪除，步驟A編譯zlib會失敗。（補救措施：從其他相同系統的伺服器上覆

制/lib64、/usr/lib和/usr/lib64目錄下的libcrypto.so.10、libssl.so.10、libz.so.1、libz.so.1.2.3

四個檔案到相應目錄即可。可透過whereis、locate或find命令找到這些檔案的位置）

[root@localhost zlib-1.2.11]# rpm -qa|grep zlib

zlib-1.2.7-17.el7.x86_64

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# rpm -e --nodeps zlib

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# rpm -qa|grep zlib

rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory

[root@localhost zlib-1.2.11]#

安裝之前編譯好的zlib

[root@localhost zlib-1.2.11]# make install

rm -f /usr/lib/libz.a

cp libz.a /usr/lib

chmod 644 /usr/lib/libz.a

cp libz.so.1.2.11 /usr/lib

chmod 755 /usr/lib/libz.so.1.2.11

rm -f /usr/share/man/man3/zlib.3

cp zlib.3 /usr/share/man/man3

chmod 644 /usr/share/man/man3/zlib.3

rm -f /usr/lib/pkgconfig/zlib.pc

cp zlib.pc /usr/lib/pkgconfig

chmod 644 /usr/lib/pkgconfig/zlib.pc

rm -f /usr/include/zlib.h /usr/include/zconf.h

cp zlib.h zconf.h /usr/include

chmod 644 /usr/include/zlib.h /usr/include/zconf.h

[root@localhost zlib-1.2.11]#

共享庫註冊

zlib安裝完成後，會在/usr/lib目錄中生產zlib相關庫檔案，需要將這些共享庫檔案註冊到系統

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# echo '/usr/lib' >> /etc/ld.so.conf

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ll /etc/ld.so.conf

-rw-r--r--. 1 root root 37 Nov 27 01:38 /etc/ld.so.conf

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# cat /etc/ld.so.conf

include ld.so.conf.d/*.conf

/usr/lib

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so.1

lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so.1 -> libz.so.1.2.11

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so

lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so -> libz.so.1.2.11

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ll /usr/lib/libz.so.1

lrwxrwxrwx. 1 root root 14 Nov 27 01:38 /usr/lib/libz.so.1 -> libz.so.1.2.11

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# ldconfig

[root@localhost zlib-1.2.11]#

升級OpenSSL

官方升級文件

備份當前openssl

[root@localhost zlib-1.2.11]# find / -name openssl

/etc/pki/ca-trust/extracted/openssl

/usr/bin/openssl

/usr/lib64/openssl

[root@localhost zlib-1.2.11]# mv /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.20181127.old

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# mv /usr/bin/openssl /usr/bin/openssl.20181127.old

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# mv /usr/lib64/openssl /usr/lib64/openssl.20181127.old

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# cp /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.20181127.old

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# cp /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.20181127.old

[root@localhost zlib-1.2.11]#

解除安裝當前openssl

[root@localhost zlib-1.2.11]# rpm -qa|grep openssl |xargs

openssl-1.0.2k-8.el7.x86_64 xmlsec1-openssl-1.2.20-5.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}

warning: file /usr/bin/openssl: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory

warning: file /usr/lib64/openssl/engines: remove failed: No such file or directory

warning: file /usr/lib64/openssl: remove failed: No such file or directory

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# rpm -qa|grep openssl|xargs -i rpm -e --nodeps {}

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# rpm -qa|grep openssl |xargs

解壓openssl-1.0.2q.tar.gz原始碼

[root@localhost zlib-1.2.11]#

[root@localhost zlib-1.2.11]# cd ..

[root@localhost soft]# ls

CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz

[root@localhost soft]# tar -xvzf openssl-1.0.2q.tar.gz

[root@localhost soft]#

openssl配置檢查

[root@localhost soft]# cd openssl-1.0.2q

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# ls

ACKNOWLEDGMENTS CHANGES crypto e_os.h INSTALL INSTALL.OS2 LICENSE Makefile.shared openssl.doxy README.ASN1 tools

apps CHANGES.SSLeay demos FAQ install.com INSTALL.VMS MacOS makevms.com openssl.spec README.ENGINE util

appveyor.yml config doc GitConfigure INSTALL.DJGPP INSTALL.W32 Makefile ms os2 shlib VMS

bugs Configure engines GitMake INSTALL.MacOS INSTALL.W64 Makefile.bak Netware PROBLEMS ssl

certs CONTRIBUTING e_os2.h include INSTALL.NW INSTALL.WCE Makefile.org NEWS README test

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# ./config --prefix=/usr --openssldir=/etc/ssl --shared zlib

Operating system: x86_64-whatever-linux2

Configuring for linux-x86_64

…………………………………………………………………………省略…………………………………………………………………………………………

generating dummy tests (if needed)...

make[1]: Entering directory `/soft/openssl-1.0.2q/test'

md2test.c => dummytest.c

rc5test.c => dummytest.c

jpaketest.c => dummytest.c

make[1]: Leaving directory `/soft/openssl-1.0.2q/test'

Configured for linux-x86_64.

[root@localhost openssl-1.0.2q]#

openssl原始碼編譯

[root@localhost openssl-1.0.2q]# make

making all in crypto...

make[1]: Entering directory `/soft/openssl-1.0.2q/crypto'

/usr/bin/perl ../util/mkbuildinf.pl "gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM" "linux-x86_64" >buildinf.h

………………………………………………………………………………省略…………………………………………………………………………………………

gcc -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o dummytest.o dummytest.c

make[2]: Entering directory `/soft/openssl-1.0.2q/test'

make[2]: Leaving directory `/soft/openssl-1.0.2q/test'

make[1]: Leaving directory `/soft/openssl-1.0.2q/test'

making all in tools...

make[1]: Entering directory `/soft/openssl-1.0.2q/tools'

make[1]: Nothing to be done for `all'.

make[1]: Leaving directory `/soft/openssl-1.0.2q/tools'

[root@localhost openssl-1.0.2q]#

Openssl測試

[root@localhost openssl-1.0.2q]# make test

testing...

make[1]: Entering directory `/soft/openssl-1.0.2q/test'

make[2]: Entering directory `/soft/openssl-1.0.2q'

making all in apps...

make[3]: Entering directory `/soft/openssl-1.0.2q/apps'

make[3]: Nothing to be done for `all'.

make[3]: Leaving directory `/soft/openssl-1.0.2q/apps'

make[2]: Leaving directory `/soft/openssl-1.0.2q'

../util/shlib_wrap.sh ./destest

…………………………………………………………………………………省略……………………………………………………………………………………

ALL OCSP TESTS SUCCESSFUL

Test X509v3_check_*

../util/shlib_wrap.sh ./v3nametest

../util/shlib_wrap.sh ./heartbeat_test

Test constant time utilites

../util/shlib_wrap.sh ./constant_time_test

Testing constant time operations...

ok (ran 1908 tests)

test_verify_extra

../util/shlib_wrap.sh ./verify_extra_test

PASS

test_clienthello

../util/shlib_wrap.sh ./clienthellotest

test_sslv2conftest

……………………………………………………………………………………省略…………………………………………………………………………………

*

*---- START OF RECORD ----

** Record Content-type: 22

** Record Version: fefd

** Record Epoch: 1

** Record Sequence: 000000000000

** Record Length: 64

**---- START OF HANDSHAKE MESSAGE FRAGMENT ----

**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----

*---- END OF RECORD ----

---- END OF PACKET ----

PASS

test_bad_dtls

../util/shlib_wrap.sh ./bad_dtls_test

test_fatalerr

../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem

SSL_accept() failed -1, 1

140342688954048:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:

test_x509_time

../util/shlib_wrap.sh ./x509_time_test

PASS

make[1]: Leaving directory `/soft/openssl-1.0.2q/test'

OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a

OpenSSL 1.0.2q 20 Nov 2018

built on: reproducible build, date unspecified

platform: linux-x86_64

options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)

compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM

OPENSSLDIR: "/etc/ssl"

[root@localhost openssl-1.0.2q]#

Openssl安裝

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# make install

making all in crypto...

make[1]: Entering directory `/soft/openssl-1.0.2q/crypto'

making all in crypto/objects...

……………………………………………………………………………………省略………………………………………………………………………………

installing libcrypto.a

installing libssl.a

installing libcrypto.so.1.0.0

installing libssl.so.1.0.0

make[1]: Entering directory `/usr/lib64'

make[2]: Entering directory `/usr/lib64'

make[2]: Leaving directory `/usr/lib64'

make[2]: Entering directory `/usr/lib64'

make[2]: Leaving directory `/usr/lib64'

make[1]: Leaving directory `/usr/lib64'

cp libcrypto.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/libcrypto.pc

cp libssl.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/libssl.pc

cp openssl.pc /usr/lib64/pkgconfig

chmod 644 /usr/lib64/pkgconfig/openssl.pc

[root@localhost openssl-1.0.2q]#

驗證Openssl升級是否成功

[root@localhost openssl-1.0.2q]# openssl version

OpenSSL 1.0.2q 20 Nov 2018

[root@localhost openssl-1.0.2q]#

恢復共享庫

由於OpenSSL_1.0.2q不提供libcrypto.so.10和libssl.so.10這兩個庫，而yum、wget等工具又依賴此庫，因此需要將先前備份的這兩個庫進行恢復，其他的可視情況考慮是否恢復。

[root@localhost openssl-1.0.2q]# mv /usr/lib64/libcrypto.so.10.20181127.old /usr/lib64/libcrypto.so.10

mv: overwrite ‘/usr/lib64/libcrypto.so.10’? y

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# mv /usr/lib64/libssl.so.10.20181127.old /usr/lib64/libssl.so.10

mv: overwrite ‘/usr/lib64/libssl.so.10’? y

[root@localhost openssl-1.0.2q]#

Openssh安裝前環境配置

[root@localhost openssl-1.0.2q]# mv /etc/ssh /etc/ssh.old

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# rpm -qa|grep openssh

openssh-server-7.4p1-11.el7.x86_64

openssh-clients-7.4p1-11.el7.x86_64

openssh-7.4p1-11.el7.x86_64

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

warning: file /etc/ssh/sshd_config: remove failed: No such file or directory

warning: file /etc/ssh/ssh_config: remove failed: No such file or directory

warning: file /etc/ssh/moduli: remove failed: No such file or directory

warning: file /etc/ssh: remove failed: No such file or directory

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs -i rpm -e --nodeps {}

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# rpm -qa |grep openssh|xargs

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# install -v -m700 -d /var/lib/sshd

install: creating directory ‘/var/lib/sshd’

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# chown -v root:sys /var/lib/sshd

changed ownership of ‘/var/lib/sshd’ from root:root to root:sys

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# groupadd -g 50 sshd

groupadd: group 'sshd' already exists

[root@localhost openssl-1.0.2q]#

[root@localhost openssl-1.0.2q]# useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

useradd: user 'sshd' already exists

[root@localhost openssl-1.0.2q]#

解壓openssh7.6p1.tar.gz原始碼

[root@localhost openssl-1.0.2q]# cd ..

[root@localhost soft]# ls

CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz

[root@localhost soft]# tar -xvzf openssh-7.9p1.tar.gz

[root@localhost soft]#

[root@localhost soft]# cd openssh-7.9p1

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# ls

aclocal.m4 cipher-aesctr.c gss-genr.c moduli.0 README.dns ssh-add.1 sshlogin.c

addrmatch.c cipher-aesctr.h gss-serv.c moduli.5 README.platform ssh-add.c sshlogin.h

atomicio.c cipher.c gss-serv-krb5.c moduli.c README.privsep ssh-agent.0 ssh-pkcs11.c

atomicio.h cipher-chachapoly.c hash.c monitor.c README.tun ssh-agent.1 ssh-pkcs11-client.c

audit-bsm.c cipher-chachapoly.h hmac.c monitor_fdpass.c readpass.c ssh-agent.c ssh-pkcs11.h

audit.c cipher-ctr.c hmac.h monitor_fdpass.h regress ssh_api.c ssh-pkcs11-helper.0

audit.h cipher.h hostfile.c monitor.h rijndael.c ssh_api.h ssh-pkcs11-helper.8

audit-linux.c cleanup.c hostfile.h monitor_wrap.c rijndael.h sshbuf.c ssh-pkcs11-helper.c

auth2.c clientloop.c includes.h monitor_wrap.h sandbox-capsicum.c sshbuf-getput-basic.c sshpty.c

auth2-chall.c clientloop.h INSTALL msg.c sandbox-darwin.c sshbuf-getput-crypto.c sshpty.h

auth2-gss.c compat.c install-sh msg.h sandbox-null.c sshbuf.h ssh-rsa.c

auth2-hostbased.c compat.h kex.c mux.c sandbox-pledge.c sshbuf-misc.c ssh-sandbox.h

auth2-kbdint.c config.guess kexc25519.c myproposal.h sandbox-rlimit.c ssh.c sshtty.c

auth2-none.c config.h.in kexc25519c.c nchan2.ms sandbox-seccomp-filter.c ssh_config ssh-xmss.c

auth2-passwd.c config.sub kexc25519s.c nchan.c sandbox-solaris.c ssh_config.0 survey.sh.in

auth2-pubkey.c configure kexdh.c nchan.ms sandbox-systrace.c ssh_config.5 TODO

auth-bsdauth.c configure.ac kexdhc.c opacket.c sc25519.c sshconnect2.c ttymodes.c

auth.c contrib kexdhs.c opacket.h sc25519.h sshconnect.c ttymodes.h

authfd.c crc32.c kexecdh.c openbsd-compat scp.0 sshconnect.h uidswap.c

authfd.h crc32.h kexecdhc.c opensshd.init.in scp.1 sshd.0 uidswap.h

authfile.c CREDITS kexecdhs.c openssh.xml.in scp.c sshd.8 umac128.c

authfile.h crypto_api.h kexgex.c OVERVIEW servconf.c sshd.c umac.c

auth.h defines.h kexgexc.c packet.c servconf.h sshd_config umac.h

auth-krb5.c dh.c kexgexs.c packet.h serverloop.c sshd_config.0 utf8.c

auth-options.c dh.h kex.h pathnames.h serverloop.h sshd_config.5 utf8.h

auth-options.h digest.h krl.c pkcs11.h session.c ssh-dss.c uuencode.c

auth-pam.c digest-libc.c krl.h platform.c session.h ssh-ecdsa.c uuencode.h

auth-pam.h digest-openssl.c LICENCE platform.h sftp.0 ssh-ed25519.c verify.c

auth-passwd.c dispatch.c log.c platform-misc.c sftp.1 ssherr.c version.h

auth-rhosts.c dispatch.h log.h platform-pledge.c sftp.c ssherr.h xmalloc.c

auth-shadow.c dns.c loginrec.c platform-tracing.c sftp-client.c ssh-gss.h xmalloc.h

auth-sia.c dns.h loginrec.h poly1305.c sftp-client.h ssh.h xmss_commons.c

auth-sia.h ed25519.c logintest.c poly1305.h sftp-common.c sshkey.c xmss_commons.h

auth-skey.c entropy.c mac.c progressmeter.c sftp-common.h ssh-keygen.0 xmss_fast.c

bitmap.c entropy.h mac.h progressmeter.h sftp-glob.c ssh-keygen.1 xmss_fast.h

bitmap.h fatal.c Makefile.in PROTOCOL sftp.h ssh-keygen.c xmss_hash_address.c

buildpkg.sh.in fe25519.c match.c PROTOCOL.agent sftp-server.0 sshkey.h xmss_hash_address.h

canohost.c fe25519.h match.h PROTOCOL.certkeys sftp-server.8 ssh-keyscan.0 xmss_hash.c

canohost.h fixalgorithms md5crypt.c PROTOCOL.chacha20poly1305 sftp-server.c ssh-keyscan.1 xmss_hash.h

chacha.c fixpaths md5crypt.h PROTOCOL.key sftp-server-main.c ssh-keyscan.c xmss_wots.c

chacha.h ge25519_base.data mdoc2man.awk PROTOCOL.krl smult_curve25519_ref.c ssh-keysign.0 xmss_wots.h

ChangeLog ge25519.c misc.c PROTOCOL.mux ssh.0 ssh-keysign.8

channels.c ge25519.h misc.h readconf.c ssh.1 ssh-keysign.c

channels.h groupaccess.c mkinstalldirs readconf.h ssh2.h sshkey-xmss.c

cipher-aes.c groupaccess.h moduli README ssh-add.0 sshkey-xmss.h

[root@localhost openssh-7.9p1]#

Openssh配置檢查

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam--with-zlib --with-openssl-includes=/usr --with-privsep-path=/var/lib/sshd

configure: WARNING: unrecognized options: --with-pam--with-zlib, --with-openssl-includes

checking for gcc... gcc

checking whether the C compiler works... yes

checking for C compiler default output file name... a.out

checking for suffix of executables...

…………………………………………………………………………省略…………………………………………………………………………………………

configure: WARNING: unrecognized options: --with-pam--with-zlib, --with-openssl-includes

OpenSSH has been configured with the following options:

User binaries: /usr/bin

System binaries: /usr/sbin

Configuration files: /etc/ssh

Askpass program: /usr/libexec/ssh-askpass

Manual pages: /usr/share/man/manX

PID file: /var/run

Privilege separation chroot path: /var/lib/sshd

sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin

Manpage format: doc

PAM support: no

OSF SIA support: no

KerberosV support: no

SELinux support: no

MD5 password support: yes

libedit support: no

libldns support: no

Solaris process contract support: no

Solaris project support: no

Solaris privilege support: no

IP address in $DISPLAY hack: no

Translate v4 in v6 hack: yes

BSD Auth support: no

Random number source: OpenSSL internal ONLY

Privsep sandbox style: seccomp_filter

Host: x86_64-pc-linux-gnu

Compiler: gcc

Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE

Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie

Libraries: -lcrypto -ldl -lutil -lz -lcrypt -lresolv

編譯Openssh

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# make

conffile=`echo sshd_config.out | sed 's/.out$//'`; \

/usr/bin/sed -e 's|/etc/ssh/ssh_config|/etc/ssh/ssh_config|g' -e 's|/etc/ssh/ssh_known_hosts|/etc/ssh/ssh_known_hosts|g' -e 's|/etc/ssh/sshd_config|/etc/ssh/sshd_config|g' -e 's|/usr/libexec|/usr/libexec|g' -e 's|/etc/shosts.equiv|/etc/ssh/shosts.equiv|g' -e 's|/etc/ssh/ssh_host_key|/etc/ssh/ssh_host_key|g' -e 's|/etc/ssh/ssh_host_ecdsa_key|/etc/ssh/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/etc/ssh/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/etc/ssh/ssh_host_rsa_key|g' -e 's|/etc/ssh/ssh_host_ed25519_key|/etc/ssh/ssh_host_ed25519_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/etc/ssh/moduli|g' -e 's|/etc/ssh/moduli|/etc/ssh/moduli|g' -e 's|/etc/ssh/sshrc|/etc/ssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|undefined|g' -e 's|/var/empty|/var/lib/sshd|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin|g' ./${conffile} > sshd_config.out

………………………………………………………………………………………省略………………………………………………………………………………

gcc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz -lcrypt -lresolv

[root@localhost openssh-7.9p1]#

安裝Openssh

[root@localhost openssh-7.9p1]# make install

(cd openbsd-compat && make)

make[1]: Entering directory `/soft/openssh-7.9p1/openbsd-compat'

make[1]: Nothing to be done for `all'.

make[1]: Leaving directory `/soft/openssh-7.9p1/openbsd-compat'

/usr/bin/mkdir -p /usr/bin

/usr/bin/mkdir -p /usr/sbin

/usr/bin/mkdir -p /usr/share/man/man1

/usr/bin/mkdir -p /usr/share/man/man5

/usr/bin/mkdir -p /usr/share/man/man8

/usr/bin/mkdir -p /usr/libexec

/usr/bin/mkdir -p -m 0755 /var/lib/sshd

/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh

/usr/bin/install -c -m 0755 -s scp /usr/bin/scp

/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add

/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent

/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen

/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan

/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd

/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign

/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper

/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp

/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server

/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1

/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1

/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1

/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1

/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1

/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1

/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5

/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5

/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5

/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8

/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1

/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8

/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8

/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8

/usr/bin/mkdir -p /etc/ssh

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519

/usr/sbin/sshd -t -f /etc/ssh/sshd_config

[root@localhost openssh-7.9p1]#

Openssh安裝後環境配置

# 在openssh編譯目錄執行如下命令

[root@localhost openssh-7.9p1]# install -v -m755 contrib/ssh-copy-id /usr/bin

‘contrib/ssh-copy-id’ -> ‘/usr/bin/ssh-copy-id’

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1

‘contrib/ssh-copy-id.1’ -> ‘/usr/share/man/man1/ssh-copy-id.1’

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# install -v -m755 -d /usr/share/doc/openssh-7.9p1

install: creating directory ‘/usr/share/doc/openssh-7.9p1’

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1

‘INSTALL’ -> ‘/usr/share/doc/openssh-7.9p1/INSTALL’

‘LICENCE’ -> ‘/usr/share/doc/openssh-7.9p1/LICENCE’

‘OVERVIEW’ -> ‘/usr/share/doc/openssh-7.9p1/OVERVIEW’

‘README’ -> ‘/usr/share/doc/openssh-7.9p1/README’

‘README.dns’ -> ‘/usr/share/doc/openssh-7.9p1/README.dns’

‘README.platform’ -> ‘/usr/share/doc/openssh-7.9p1/README.platform’

‘README.privsep’ -> ‘/usr/share/doc/openssh-7.9p1/README.privsep’

‘README.tun’ -> ‘/usr/share/doc/openssh-7.9p1/README.tun’

[root@localhost openssh-7.9p1]#

驗證Openssh是否升級成功

[root@localhost openssh-7.9p1]# ssh -V

OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018

[root@localhost openssh-7.9p1]#

啟用OpenSSH服務

[root@localhost openssh-7.9p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# chmod +x /etc/init.d/sshd

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# chkconfig --add sshd

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# chkconfig sshd on

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# chkconfig --list sshd

Note: This output shows SysV services only and does not include native

systemd services. SysV configuration data might be overridden by native

systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.

To see services enabled on particular target use

'systemctl list-dependencies [target]'.

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@localhost openssh-7.9p1]#

7版本命令檢視

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# systemctl status sshd

● sshd.service - SYSV: OpenSSH server daemon

Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

Active: inactive (dead)

Docs: man:systemd-sysv-generator(8)

Nov 27 01:04:34 localhost.localdomain sshd[11784]: Accepted password for root from 192.168.95.1 port 63419 ssh2

Nov 27 01:04:45 localhost.localdomain sshd[11793]: Accepted password for root from 192.168.95.1 port 63420 ssh2

Nov 27 01:04:49 localhost.localdomain sshd[11802]: Accepted password for root from 192.168.95.1 port 63421 ssh2

Nov 27 01:11:05 localhost.localdomain sshd[11873]: Accepted password for root from 192.168.95.1 port 63468 ssh2

Nov 27 01:13:10 localhost.localdomain sshd[11884]: Accepted password for root from 192.168.95.1 port 51001 ssh2

Nov 27 01:13:10 localhost.localdomain sshd[11886]: Accepted password for root from 192.168.95.1 port 51002 ssh2

Nov 27 01:23:00 localhost.localdomain sshd[12053]: Accepted password for root from 192.168.95.1 port 52076 ssh2

Nov 27 01:53:53 localhost.localdomain systemd[1]: Stopping OpenSSH server daemon...

Nov 27 01:53:53 localhost.localdomain sshd[1108]: Received signal 15; terminating.

Nov 27 01:53:53 localhost.localdomain systemd[1]: Stopped OpenSSH server daemon.

[root@localhost openssh-7.9p1]#

重啟sshd服務

[root@localhost openssh-7.9p1]# systemctl restart sshd

[root@localhost openssh-7.9p1]#

[root@localhost openssh-7.9p1]# reboot

方法二：

systemctl status sshd.service

啟動服務：

systemctl start sshd.service

重啟服務：

systemctl restart sshd.service

開機自啟：

systemctl enable sshd.service

重啟作業系統生效

reboot

檢視Openssh、Openssl升級情況

[root@localhost ~]#

[root@localhost ~]# ssh -V

OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018

[root@localhost ~]#

解除安裝telnet

[root@localhost ~]# yum remove telnet* xinetd y

檢視SSH啟動狀態

[root@localhost ~]# systemctl status sshd.service

● sshd.service - SYSV: OpenSSH server daemon

Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)

Active: active (running) since Tue 2018-11-27 02:03:23 EST; 11min ago

Docs: man:systemd-sysv-generator(8)

Process: 1009 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)

Main PID: 1072 (sshd)

CGroup: /system.slice/sshd.service

├─1072 /usr/sbin/sshd

├─1326 sshd: root@pts/0

├─1328 -bash

└─1360 systemctl status sshd.service

Nov 27 02:03:23 localhost.localdomain systemd[1]: Starting SYSV: OpenSSH server daemon...

Nov 27 02:03:23 localhost.localdomain sshd[1072]: Server listening on 0.0.0.0 port 22.

Nov 27 02:03:23 localhost.localdomain sshd[1072]: Server listening on :: port 22.

Nov 27 02:03:23 localhost.localdomain sshd[1009]: Starting sshd:[ OK ]

Nov 27 02:03:23 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.

Nov 27 02:04:05 localhost.localdomain sshd[1326]: Accepted password for root from 192.168.95.1 port 49961 ssh2

[root@localhost ~]#

檢視Bash當前版本

[root@localhost ~]# rpm -qa|grep bash

bash-4.2.46-28.el7.x86_64

[root@localhost ~]#

[root@test soft]# rpm -Uvh bash-4.2.46-29.el7_4.x86_64.rpm

warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing... ################################# [100%]

Updating / installing...

1:bash-4.2.46-29.el7_4 ################################# [ 50%]

Cleaning up / removing...

2:bash-4.2.46-28.el7 ################################# [100%]

[root@test soft]#

[root@test ~]# rpm -qa|grep bash

bash-4.2.46-29.el7_4.x86_64

[root@test ~]#

系統調優

systemctl stop firewalld.service

systemctl disable firewalld.service

systemctl status firewalld.service

systemctl stop NetworkManager.service

systemctl disable NetworkManager.service

systemctl status NetworkManager.service

systemctl stop abrt-ccpp.service

systemctl disable abrt-ccpp.service

systemctl status abrt-ccpp.service

systemctl stop abrtd.service

systemctl disable abrtd.service

systemctl status abrtd.service

systemctl stop atd.service

systemctl disable atd.service

systemctl status atd.service

systemctl stop auditd.service

systemctl disable auditd.service

systemctl status auditd.service

systemctl stop autofs.service

systemctl disable autofs.service

systemctl status autofs.service

systemctl stop blk-availability.service

systemctl disable blk-availability.service

systemctl status blk-availability.service

systemctl stop certmonger.service

systemctl disable certmonger.service

systemctl status certmonger.service

systemctl stop cpus.service

systemctl disable cpus.service

systemctl status cpus.service

systemctl stop irqbalance.service

systemctl disable irqbalance.service

systemctl status irqbalance.service

systemctl stop libvirt-guests.service

systemctl disable libvirt-guests.service

systemctl status libvirt-guests.service

systemctl stop lvm2-monitor.service

systemctl disable lvm2-monitor.service

systemctl status lvm2-monitor.service

systemctl stop mdmonitor.service

systemctl disable mdmonitor.service

systemctl status mdmonitor.service

systemctl stop messagebus.service

systemctl disable messagebus.service

systemctl status messagebus.service

systemctl stop postfix.service

systemctl disable postfix.service

systemctl status postfix.service

systemctl stop rhsmcertd.service

systemctl disable rhsmcertd.service

systemctl status rhsmcertd.service

systemctl stop rpcbind.service

systemctl disable rpcbind.service

systemctl status rpcbind.service

systemctl stop rpcgssd.service

systemctl disable rpcgssd.service

systemctl status rpcgssd.service

systemctl disable cups

systemctl disable cups.path

systemctl disable cups.service

systemctl disable cups.socket

systemctl disable abrt-ccpp.service

systemctl disable abrt-oops.service

systemctl disable abrt-xorg.service

systemctl disable abrtd.service

systemctl disable cups.service

systemctl disable httpd.service

systemctl disable iscsid.service

systemctl disable iscsid.socket

systemctl disable iscsi.service

systemctl disable iscsi-shutdown.service

systemctl disable iscsiuio.service

systemctl disable iscsiuio.socket

systemctl disable libvirtd.service

systemctl disable libvirtd.socket

systemctl disable libvirt-guests.service

systemctl disable nfs-blkmap.service

systemctl disable nfs-client.target

systemctl disable nfs-config.service

systemctl disable nfs-idmapd.service

systemctl disable nfs-idmap.service

systemctl disable nfs-lock.service

systemctl disable nfslock.service

systemctl disable nfs-mountd.service

systemctl disable nfs-secure-server.service

systemctl disable nfs-secure.service

systemctl disable nfs-server.service

systemctl disable nfs.service

systemctl disable nfs.target.wants

systemctl disable nfs-utils.service

systemctl disable smartcard.target

systemctl disable smartd.service

systemctl disable vsftpd.service

systemctl disable vsftpd@.service

systemctl disable vsftpd.target

systemctl disable bluetooth.service

systemctl disable bluetooth.target

RHEL6版本調優

chkconfig sendmail off

chkconfig isdn off

chkconfig pcmcia off

chkconfig iptables off

chkconfig mdmonitor off

chkconfig rhnsdoff

chkconfig smartdoff

chkconfig cupsoff

chkconfig cups-config-daemon off

chkconfig iiim off

chkconfig httpd off

chkconfig squid off

chkconfig smb off

chkconfig ip6tables off

chkconfig gpm off

chkconfig xend off

chkconfig bluetooth off

chkconfig hidd off

chkconfig pcscd off

chkconfig iscsi off

chkconfig iscsid off

chkconfig avahi-daemon off

chkconfig tog-pegasus off

chkconfig yum-updatesd off

chkconfig irqbalance off

chkconfig mcstrans off

chkconfig NetworkManager off

chkconfig cpuspeed off

chkconfig irqbalance off

chkconfig bmc-watchdog off

Openssh-7.9p1升級+系統調優

相關文章