In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail about the Openssh-7.9p1 upgrade and system tuning in the sky environment. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.
Openssh-7.9p1-Openssl1.0.2q-zlib-1.2.11 upgrade + system tuning
Last login: Tue Nov 27 00:55:36 2018
[root@localhost ~] #
[root@localhost] # mkdir-p / soft
[root@localhost ~] #
[root@localhost ~] #
[root@localhost ~] # cat / etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@localhost ~] #
Turn off the firewall
[root@localhost ~] # systemctl stop firewalld.service
[root@localhost ~] #
[root@localhost ~] # systemctl disable firewalld.service
Removed symlink / etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink / etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
View the firewall
[root@localhost ~] #
[root@localhost ~] # systemctl status firewalld.service
● firewalld.service-firewalld-dynamic firewall daemon
Loaded: loaded (/ usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld (1)
Nov 27 00:52:26 localhost.localdomain systemd [1]: Starting firewalld-dynamic firewall daemon...
Nov 27 00:52:26 localhost.localdomain systemd [1]: Started firewalld-dynamic firewall daemon.
Nov 27 00:52:27 localhost.localdomain firewalld: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld [828]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 00:52:27 localhost.localdomain firewalld: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld [828]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 00:52:27 localhost.localdomain firewalld: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Nov 27 00:52:27 localhost.localdomain firewalld [828]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Nov 27 01:15:45 localhost.localdomain systemd [1]: Stopping firewalld-dynamic firewall daemon...
Nov 27 01:15:47 localhost.localdomain systemd [1]: Stopped firewalld-dynamic firewall daemon.
[root@localhost ~] #
[root@localhost ~] #
Configure YUM Feed
[root@localhost ~] # vi / etc/yum.conf
[centosdvd]
Name=centosdvd
Baseurl= file:///mnt
Enabled=1
Gpgcheck=0
[main]
Cachedir=/var/cache/yum/$basearch/$releasever
Keepcache=0
Debuglevel=2
Logfile=/var/log/yum.log
Exactarch=1
Obsoletes=1
Gpgcheck=1
Plugins=1
Installonly_limit=5
Bugtracker_url= http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
Distroverpkg=centos-release
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. Important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in / etc/yum.repos.d
Backup system comes with YUM
[root@localhost ~] #
[root@localhost ~] #
Yum/ yum.conf yum.repos.d/
[root@localhost] # mkdir-p / etc/yum.repos.d/bak20181127
[root@localhost ~] #
[root@localhost ~] # mv / etc/yum.repos.d/*.repo / etc/yum.repos.d/bak20181127/
[root@localhost ~] #
[root@localhost ~] # ls-l / etc/yum.repos.d/
Total 0
Drwxr-xr-x. 2 root root 187 Nov 27 01:17 bak20181127
[root@localhost ~] #
Hook up the system image file
[root@localhost] # mkdir-p / mnt
[root@localhost ~] #
[root@localhost] # mount-o loop / soft/CentOS-7.4-x86_64-Everything-1708.iso / mnt/
Mount: / dev/loop0 is write-protected, mounting read-only
[root@localhost ~] #
Clear the YUM cache
[root@localhost ~] # yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centosdvd
Cleaning up everything
Maybe you want: rm-rf / var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
[root@localhost ~] #
Make YUM cache
[root@localhost ~] # yum makecache
Loaded plugins: fastestmirror
Centosdvd | 3.6 kB 00:00:00
(1go 4): centosdvd/group_gz | 156 kB 00:00:00
(2ap4): centosdvd/primary_db | 5.7 MB 00:00:00
(3x4): centosdvd/filelists_db | 6.7 MB 00:00:00
(4ache 4): centosdvd/other_db | 2.5 MB 00:00:00
Determining fastest mirrors
Metadata Cache Created
[root@localhost ~] #
View YUM
[root@localhost ~] # yum list
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
GeoIP.x86_64 1.5.0-11.el7 @ anaconda
NetworkManager.x86_64 1anaconda 1.8.0-9.el7 @ anaconda
NetworkManager-libnm.x86_64 1anaconda 1.8.0-9.el7 @ anaconda
NetworkManager-team.x86_64 1anaconda 1.8.0-9.el7 @ anaconda
NetworkManager-tui.x86_64 1anaconda 1.8.0-9.el7 @ anaconda
NetworkManager-wifi.x86_64 1anaconda 1.8.0-9.el7 @ anaconda
Acl.x86_64 2.2.51-12.el7 @ anaconda
Aic94xx-firmware.noarch 30-6.el7 @ anaconda
Alsa-firmware.noarch 1.0.28-2.el7 @ anaconda
Alsa-lib.x86_64 1.1.3-3.el7 @ anaconda
Alsa-tools-firmware.x86_64 1.1.0-1.el7 @ anaconda
Audit.x86_64 2.7.6-3.el7 @ anaconda
Audit-libs.x86_64 2.7.6-3.el7 @ anaconda
Authconfig.x86_64 6.2.8-30.el7 @ anaconda
Basesystem.noarch 10.0-7.el7.centos @ anaconda
Bash.x86_64 4.2.46-28.el7 @ anaconda
Bind-libs-lite.x86_64 32 anaconda 9.9.4-50.el7 @ anaconda
Bind-license.noarch 32 anaconda 9.9.4-50.el7 @ anaconda
Binutils.x86_64 2.25.1-31.base.el7 @ anaconda
Biosdevname.x86_64 0.7.2-2.el7 @ anaconda
. Omit.
Zsh-html.x86_64 5.0.2-28.el7 centosdvd
Zziplib.i686 0.13.62-5.el7 centosdvd
Zziplib.x86_64 0.13.62-5.el7 centosdvd
Zziplib-devel.i686 0.13.62-5.el7 centosdvd
Zziplib-devel.x86_64 0.13.62-5.el7 centosdvd
Zziplib-utils.x86_64 0.13.62-5.el7 centosdvd
[root@localhost ~] #
[root@localhost] # ifconfig-a
Ens33: flags=4163 mtu 1500
Inet 192.168.95.11 netmask 255.255.255.0 broadcast 192.168.95.255
Inet6 fe80::56ae:158f:89dd:b662 prefixlen 64 scopeid 0x20
Ether 00:0c:29:df:9e:6b txqueuelen 1000 (Ethernet)
RX packets 37952144 bytes 11893770589 (11.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11114198 bytes 790613626 (753.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Lo: flags=73 mtu 65536
Inet 127.0.0.1 netmask 255.0.0.0
Inet6:: 1 prefixlen 128 scopeid 0x10
Loop txqueuelen 1 (Local Loopback)
RX packets 448 bytes 38976 (38.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 448 bytes 38976 (38.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Install the telnet service and enable
Because the existing OpenSSH needs to be uninstalled during the OpenSSH upgrade process, in order to keep the server's remote connection available, you need to
To enable the telnet service instead, if there is a problem with the upgrade, you can also log in to the server through telnet for fallback.
Also install the telnet daemon: xinetd
Install the telnet service
[root@localhost ~] #
[root@localhost ~] # yum install telnet* xinetd y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
-> Running transaction check
-> Package telnet.x86_64 1RU 0.17-64.el7 will be installed
-> Package xinetd.x86_64 2 2.3.15-13.el7 will be installed
-> Package telnet-server.x86_64 1RU 0.17-64.el7 will be installed
-> Finished Dependency Resolution
Dependencies Resolved
=
Package Arch Version Repository Size
=
Installing:
Telnet-server x86x 64 1 0.17-64.el7 centosdvd 41k
Dependencies Resolved
=
Package Arch Version Repository Size
=
Installing:
Telnet x86x 64 1purl 0.17-64.el7 centosdvd 64k
Xinetd x86'64 2purl 2.3.15-13.el7 centosdvd 128k
Transaction Summary
=
Install 3 Packages
Total download size: 192 k
Installed size: 374 k
Is this ok [y/d/N]: y
Downloading packages:
- -
Total 1.5 MB/s | 192 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing: 2:xinetd-2.3.15-13.el7.x86_64 1 Compact 2
Installing: 1:telnet-0.17-64.el7.x86_64
Installing: 3:telnet-server-0.17-64.el7.x86_64 1 Compact 1
Verifying: 3:telnet-server-0.17-64.el7.x86_64 2 Compact 2
Verifying: 1:telnet-0.17-64.el7.x86_64 1 Compact 2
Verifying: 2:xinetd-2.3.15-13.el7.x86_64 2 Compact 2
Installed:
Telnet.x86_64 1RO 0.17-64.el7 xinetd.x86_64 2RO 2.3.15-13.el7
Complete!
[root@localhost ~] #
[root@localhost ~] #
[root@localhost ~] # rpm-qa | grep telnet
Telnet-0.17-64.el7.x86_64
[root@localhost ~] #
[root@localhost ~] #
[root@localhost ~] # rpm-qa | grep xinetd
Xinetd-2.3.15-13.el7.x86_64
[root@localhost ~] #
Add xinetd service to boot self-startup
[root@localhost ~] # systemctl enable xinetd.service
[root@localhost ~] #
Add telnet service to boot self-startup
[root@localhost ~] # systemctl enable telnet.socket
Created symlink from / etc/systemd/system/sockets.target.wants/telnet.socket to / usr/lib/systemd/system/telnet.socket.
[root@localhost ~] #
Restart the service:
Since the telnet service is also guarded by xinetd, after installing telnet-server, to start the telnet service, you must restart xinetd
[root@localhost ~] #
[root@localhost ~] # systemctl restart telnet.socket
[root@localhost ~] #
[root@localhost ~] # systemctl restart xinetd
[root@localhost ~] #
[root@localhost ~] #
Configure telnet root user access
Linux by default, root users cannot log in using telnet. You need to modify the end of / etc/secrueety file to add pts/1, pts/2, pts/3 or rename the secrueety file.
[root@localhost ~] # vi / etc/securetty
Console
Vc/1
Vc/2
Vc/3
Vc/4
Vc/5
Vc/6
Vc/7
Vc/8
Vc/9
Vc/10
Vc/11
Tty1
Tty2
Tty3
Tty4
Tty5
Tty6
Tty7
Tty8
Tty9
Tty10
Tty11
TtyS0
Ttysclp0
Sclp_line0
3270/tty1
Hvc0
Hvc1
Hvc2
Hvc3
Hvc4
Hvc5
Hvc6
Hvc7
Hvsi0
Hvsi1
Hvsi2
Xvc0
Pts/1
Pts/2
Pts/3
"/ etc/securetty" 43L, 245C written
[root@localhost ~] #
[root@localhost ~] #
[root@localhost] # telnet 192.168.95.11 23
Trying 192.168.95.11...
Connected to 192.168.95.11.
Escape character is'^]'.
Kernel 3.10.0-693.el7.x86_64 on an x861464
Localhost login: root
Password:
Last login: Tue Nov 27 01:04:04 from 192.168.95.1
[root@localhost ~] #
[root@localhost ~] #
[root@localhost ~] # exit
Logout
Connection closed by foreign host.
[root@localhost ~] #
Close Selinux
[root@localhost ~] #
[root@localhost ~] # vi / etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing-SELinux security policy is enforced.
# permissive-SELinux prints warnings instead of enforcing.
# disabled-No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted-Targeted processes are protected
# minimum-Modification of targeted policy. Only selected processes are protected.
# mls-Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~] #
[root@localhost ~] # setenforce 0
[root@localhost ~] #
[root@localhost ~] #
Install the toolkit required for compilation
[root@localhost ~] #
[root@localhost ~] # yum-y install gcc pam devel zlib devel perl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
-> Running transaction check
-> Package gcc.x86_64 0RU 4.8.5-16.el7 will be installed
-- > Processing Dependency: cpp = 4.8.5-16.el7 for package: gcc-4.8.5-16.el7.x86_64
-- > Processing Dependency: glibc-devel > = 2.2.90-12 for package: gcc-4.8.5-16.el7.x86_64
-> Processing Dependency: libmpfr.so.4 () (64bit) for package: gcc-4.8.5-16.el7.x86_64
-> Processing Dependency: libmpc.so.3 () (64bit) for package: gcc-4.8.5-16.el7.x86_64
-> Package perl.x86_64 4VR 5.16.3-292.el7 will be installed
-- > Processing Dependency: perl-libs = 4VR 5.16.3-292.el7 for package: 4:perl-5.16.3-292.el7.x86_64
-- > Processing Dependency: perl (Socket) > = 1.3for package: 4:perl-5.16.3-292.el7.x86_64
-- > Processing Dependency: perl (Scalar::Util) > = 1.10 for package: 4:perl-5.16.3-292.el7.x86_64
-- > Processing Dependency: perl-macros for package: 4:perl-5.16.3-292.el7.x86_64
-- > Processing Dependency: perl-libs for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (threads::shared) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (threads) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (constant) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Time::Local) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Time::HiRes) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Storable) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Socket) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Scalar::Util) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Pod::Simple::XHTML) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Pod::Simple::Search) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Getopt::Long) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Filter::Util::Call) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (File::Temp) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (File::Spec::Unix) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (File::Spec::Functions) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (File::Spec) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (File::Path) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Exporter) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Cwd) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: perl (Carp) for package: 4:perl-5.16.3-292.el7.x86_64
-> Processing Dependency: libperl.so () (64bit) for package: 4:perl-5.16.3-292.el7.x86_64
-> Running transaction check
-> Package cpp.x86_64 0RU 4.8.5-16.el7 will be installed
-> Package glibc-devel.x86_64 0RU 2.17-196.el7 will be installed
-- > Processing Dependency: glibc-headers = 2.17-196.el7 for package: glibc-devel-2.17-196.el7.x86_64
-- > Processing Dependency: glibc-headers for package: glibc-devel-2.17-196.el7.x86_64
-> Package libmpc.x86_64 0RU 1.0.1-3.el7 will be installed
-> Package mpfr.x86_64 0RU 3.1.1-4.el7 will be installed
-> Package perl-Carp.noarch 0RU 1.26-244.el7 will be installed
-> Package perl-Exporter.noarch 0RU 5.68-3.el7 will be installed
-> Package perl-File-Path.noarch 0RU 2.09-2.el7 will be installed
-> Package perl-File-Temp.noarch 00.23.01-3.el7 will be installed
-> Package perl-Filter.x86_64 0RU 1.49-3.el7 will be installed
-> Package perl-Getopt-Long.noarch 0RU 2.40-2.el7 will be installed
-- > Processing Dependency: perl (Pod::Usage) > = 1.14 for package: perl-Getopt-Long-2.40-2.el7.noarch
-> Processing Dependency: perl (Text::ParseWords) for package: perl-Getopt-Long-2.40-2.el7.noarch
-> Package perl-PathTools.x86_64 0RU 3.40-5.el7 will be installed
-> Package perl-Pod-Simple.noarch 1RU 3.28-4.el7 will be installed
-- > Processing Dependency: perl (Pod::Escapes) > = 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
-> Processing Dependency: perl (Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
-> Package perl-Scalar-List-Utils.x86_64 0RU 1.27-248.el7 will be installed
-> Package perl-Socket.x86_64 0RU 2.010-4.el7 will be installed
-> Package perl-Storable.x86_64 0RU 2.45-3.el7 will be installed
-> Package perl-Time-HiRes.x86_64 4vl 1.9725-3.el7 will be installed
-> Package perl-Time-Local.noarch 0RU 1.2300-2.el7 will be installed
-> Package perl-constant.noarch 0RU 1.27-2.el7 will be installed
-> Package perl-libs.x86_64 4VR 5.16.3-292.el7 will be installed
-> Package perl-macros.x86_64 4VR 5.16.3-292.el7 will be installed
-> Package perl-threads.x86_64 0RU 1.87-4.el7 will be installed
-> Package perl-threads-shared.x86_64 0RU 1.43-6.el7 will be installed
-> Running transaction check
-> Package glibc-headers.x86_64 0RU 2.17-196.el7 will be installed
-- > Processing Dependency: kernel-headers > = 2.2.1 for package: glibc-headers-2.17-196.el7.x86_64
-- > Processing Dependency: kernel-headers for package: glibc-headers-2.17-196.el7.x86_64
-> Package perl-Encode.x86_64 0RU 2.51-7.el7 will be installed
-> Package perl-Pod-Escapes.noarch 1purl 1.04-292.el7 will be installed
-> Package perl-Pod-Usage.noarch 0RU 1.63-3.el7 will be installed
-- > Processing Dependency: perl (Pod::Text) > = 3.15for package: perl-Pod-Usage-1.63-3.el7.noarch
-- > Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch
-> Package perl-Text-ParseWords.noarch 0RU 3.29-4.el7 will be installed
-> Running transaction check
-> Package kernel-headers.x86_64 0RU 3.10.0-693.el7 will be installed
-> Package perl-Pod-Perldoc.noarch 0RU 3.20-4.el7 will be installed
-> Processing Dependency: perl (parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
-> Processing Dependency: perl (HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
-> Package perl-podlators.noarch 0RU 2.5.1-3.el7 will be installed
-> Running transaction check
-> Package perl-HTTP-Tiny.noarch 0 0.033-3.el7 will be installed
-> Package perl-parent.noarch 1RU 0.225-244.el7 will be installed
-> Finished Dependency Resolution
Dependencies Resolved
=
Package Arch Version Repository Size
=
Installing:
Gcc x8631 64 4.8.5-16.el7 centosdvd 16m
Perl x86x 64 4 5.16.3-292.el7 centosdvd. Omit.
Installed:
Gcc.x86_64 0RO 4.8.5-16.el7 perl.x86_64 4RU 5.16.3-292.el7
Dependency Installed:
Cpp.x86_64 0RO 4.8.5-16.el7 glibc-devel.x86_64 0RU 2.17-196.el7 glibc-headers.x86_64 0RU 2.17-196.el7
Kernel-headers.x86_64 0VOR 3.10.0-693.el7 libmpc.x86_64 0RU 1.0.1-3.el7 mpfr.x86_64 0RU 3.1.1-4.el7
Perl-Carp.noarch 0VOR 1.26-244.el7 perl-Encode.x86_64 0RU 2.51-7.el7 perl-Exporter.noarch 0RU 5.68-3.el7
Perl-File-Path.noarch 0VOR 2.09-2.el7 perl-File-Temp.noarch 0RU 0.23.01-3.el7 perl-Filter.x86_64 0RU 1.49-3.el7
Perl-Getopt-Long.noarch 0VOR 2.40-2.el7 perl-HTTP-Tiny.noarch 0RU 0.033-3.el7 perl-PathTools.x86_64 0RU 3.40-5.el7
Perl-Pod-Escapes.noarch 1VOR 1.04-292.el7 perl-Pod-Perldoc.noarch 0RU 3.20-4.el7 perl-Pod-Simple.noarch 1RU 3.28-4.el7
Perl-Pod-Usage.noarch 0VOR 1.63-3.el7 perl-Scalar-List-Utils.x86_64 0RU 1.27-248.el7 perl-Socket.x86_64 0RU 2.010-4.el7
Perl-Storable.x86_64 0VOR 2.45-3.el7 perl-Text-ParseWords.noarch 0RU 3.29-4.el7 perl-Time-HiRes.x86_64 4RO 1.9725-3.el7
Perl-Time-Local.noarch 0VOR 1.2300-2.el7 perl-constant.noarch 0RU 1.27-2.el7 perl-libs.x86_64 4RU 5.16.3-292.el7
Perl-macros.x86_64 4RV 5.16.3-292.el7 perl-parent.noarch 1RU 0.225-244.el7 perl-podlators.noarch 0RV 2.5.1-3.el7
Perl-threads.x86_64 0VOR 1.87-4.el7 perl-threads-shared.x86_64 0RU 1.43-6.el7
Complete!
[root@localhost ~] #
[root@localhost ~] #
Upgrade ZLIB
Decompress the zlib_1.2.11 source code
[root@localhost ~] # cd / soft/
[root@localhost soft] # ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11.tar.gz
[root@localhost soft] # tar-xvzf zlib-1.2.11.tar.gz
Zlib configuration check
[root@localhost soft] #
[root@localhost soft] # cd zlib-1.2.11
[root@localhost zlib-1.2.11] # ls
Adler32.c configure deflate.h gzguts.h infback.c inflate.h make_vms.com qnx trees.h zconf.h.cmakein zlib.h zutil.h
Amiga contrib doc gzlib.c inffast.c inftrees.c msdos README uncompr.c zconf.h.in zlib.map
ChangeLog crc32.c examples gzread.c inffast.h inftrees.h nintendods test watcom zlib2ansi zlib.pc.cmakein
CMakeLists.txt crc32.h FAQ gzwrite.c inffixed.h Makefile old treebuild.xml win32 zlib.3 zlib.pc.in
Compress.c deflate.c gzclose.c INDEX inflate.c Makefile.in os400 trees.c zconf.h zlib.3.pdf zutil.c
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #. / configure-prefix=/usr
Checking for gcc...
Checking for shared library support...
Building shared library libz.so.1.2.11 with gcc.
Checking for size_t... Yes.
Checking for off64_t... Yes.
Checking for fseeko... Yes.
Checking for strerror... Yes.
Checking for unistd.h... Yes.
Checking for stdarg.h... Yes.
Checking whether to use vs [n] printf () or s [n] printf (). Using vs [n] printf ().
Checking for vsnprintf () in stdio.h... Yes.
Checking for return value of vsnprintf (). Yes.
Checking for attribute (visibility) support... Yes.
[root@localhost zlib-1.2.11] #
Compile the zlib library
[root@localhost zlib-1.2.11] # make
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -c-o example.o test/example.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o adler32.o adler32.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o crc32.o crc32.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o deflate.o deflate.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o infback.o infback.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o inffast.o inffast.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o inflate.o inflate.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o inftrees.o inftrees.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o trees.o trees.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o zutil.o zutil.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o compress.o compress.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o uncompr.o uncompr.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o gzclose.o gzclose.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o gzlib.o gzlib.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o gzread.o gzread.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-c-o gzwrite.o gzwrite.c
Ar rc libz.an adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o example example.o-L. Libz.a
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -c-o minigzip.o test/minigzip.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzip minigzip.o-L. Libz.a
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/adler32.o adler32.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/crc32.o crc32.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/deflate.o deflate.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/infback.o infback.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/inffast.o inffast.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/inflate.o inflate.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/inftrees.o inftrees.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/trees.o trees.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/zutil.o zutil.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/compress.o compress.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/uncompr.o uncompr.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/gzclose.o gzclose.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/gzlib.o gzlib.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/gzread.o gzread.c
Gcc-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-DPIC-c-o objs/gzwrite.o gzwrite.c
Gcc-shared-Wl,-soname,libz.so.1,--version-script,zlib.map-O3-fPIC-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o libz.so.1.2.11 adler32.lo crc32.lo deflate.lo infback.lo inffast.lo inflate.lo inftrees.lo trees.lo zutil.lo compress.lo uncompr.lo gzclose.lo gzlib.lo gzread.lo gzwrite.lo-lc
Rm-f libz.so libz.so.1
Ln-s libz.so.1.2.11 libz.so
Ln-s libz.so.1.2.11 libz.so.1
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o examplesh example.o-L. Libz.so.1.2.11
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzipsh minigzip.o-L. Libz.so.1.2.11
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o example64.o test/example.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o example64 example64.o-L. Libz.a
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-I. -D_FILE_OFFSET_BITS=64-c-o minigzip64.o test/minigzip.c
Gcc-O3-D_LARGEFILE64_SOURCE=1-DHAVE_HIDDEN-o minigzip64 minigzip64.o-L. Libz.a
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
Uninstall the current zlib
Note: this step must be performed after the execution of step A, otherwise, after uninstalling zlib, the zlib phase in the / lib64/ directory
The closed library file will be deleted and the compilation of zlib in step A will fail. (remedy: reply from other servers on the same system
Libcrypto.so.10, libssl.so.10, libz.so.1, libz.so.1.2.3 under / lib64, / usr/lib and / usr/lib64 directories
Four files can be sent to the corresponding directory. The location of these files can be found through the whereis, locate, or find command)
[root@localhost zlib-1.2.11] # rpm-qa | grep zlib
Zlib-1.2.7-17.el7.x86_64
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # rpm-e-nodeps zlib
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # rpm-qa | grep zlib
Rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
[root@localhost zlib-1.2.11] #
Install the compiled zlib before installation
[root@localhost zlib-1.2.11] # make install
Rm-f / usr/lib/libz.a
Cp libz.a / usr/lib
Chmod 644 / usr/lib/libz.a
Cp libz.so.1.2.11 / usr/lib
Chmod 755 / usr/lib/libz.so.1.2.11
Rm-f / usr/share/man/man3/zlib.3
Cp zlib.3 / usr/share/man/man3
Chmod 644 / usr/share/man/man3/zlib.3
Rm-f / usr/lib/pkgconfig/zlib.pc
Cp zlib.pc / usr/lib/pkgconfig
Chmod 644 / usr/lib/pkgconfig/zlib.pc
Rm-f / usr/include/zlib.h / usr/include/zconf.h
Cp zlib.h zconf.h / usr/include
Chmod 644 / usr/include/zlib.h / usr/include/zconf.h
[root@localhost zlib-1.2.11] #
Shared library registration
After zlib installation is completed, zlib related library files are produced in the / usr/lib directory, and these shared library files need to be registered with the system.
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # echo'/ usr/lib' > > / etc/ld.so.conf
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # ll / etc/ld.so.conf
-rw-r--r--. 1 root root 37 Nov 27 01:38 / etc/ld.so.conf
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # cat / etc/ld.so.conf
Include ld.so.conf.d/*.conf
/ usr/lib
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # ll / usr/lib/libz.so.1
Lrwxrwxrwx. 1 root root 14 Nov 27 01:38 / usr/lib/libz.so.1-> libz.so.1.2.11
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # ll / usr/lib/libz.so
Lrwxrwxrwx. 1 root root 14 Nov 27 01:38 / usr/lib/libz.so-> libz.so.1.2.11
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # ll / usr/lib/libz.so.1
Lrwxrwxrwx. 1 root root 14 Nov 27 01:38 / usr/lib/libz.so.1-> libz.so.1.2.11
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # ldconfig
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
Upgrade OpenSSL
Official upgrade documentation
Http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/openssl.html
Back up the current openssl
[root@localhost zlib-1.2.11] # find /-name openssl
/ etc/pki/ca-trust/extracted/openssl
/ usr/bin/openssl
/ usr/lib64/openssl
[root@localhost zlib-1.2.11] # mv / etc/pki/ca-trust/extracted/openssl / etc/pki/ca-trust/extracted/openssl.20181127.old
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # mv / usr/bin/openssl / usr/bin/openssl.20181127.old
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # mv / usr/lib64/openssl / usr/lib64/openssl.20181127.old
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # cp / usr/lib64/libcrypto.so.10 / usr/lib64/libcrypto.so.10.20181127.old
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # cp / usr/lib64/libssl.so.10 / usr/lib64/libssl.so.10.20181127.old
[root@localhost zlib-1.2.11] #
Uninstall the current openssl
[root@localhost zlib-1.2.11] # rpm-qa | grep openssl | xargs
Openssl-1.0.2k-8.el7.x86_64 xmlsec1-openssl-1.2.20-5.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}
Warning: file / usr/bin/openssl: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libubsec.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libsureware.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libpadlock.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libnuron.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libgmp.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libcswift.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libchil.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libcapi.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libatalla.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/libaep.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines/lib4758cca.so: remove failed: No such file or directory
Warning: file / usr/lib64/openssl/engines: remove failed: No such file or directory
Warning: file / usr/lib64/openssl: remove failed: No such file or directory
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # rpm-qa | grep openssl | xargs-I rpm-e-- nodeps {}
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # rpm-qa | grep openssl | xargs
Decompress the openssl-1.0.2q.tar.gz source code
[root@localhost zlib-1.2.11] #
[root@localhost zlib-1.2.11] # cd..
[root@localhost soft] # ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz
[root@localhost soft] # tar-xvzf openssl-1.0.2q.tar.gz
[root@localhost soft] #
Openssl configuration check
[root@localhost soft] # cd openssl-1.0.2q
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # ls
ACKNOWLEDGMENTS CHANGES crypto e_os.h INSTALL INSTALL.OS2 LICENSE Makefile.shared openssl.doxy README.ASN1 tools
Apps CHANGES.SSLeay demos FAQ install.com INSTALL.VMS MacOS makevms.com openssl.spec README.ENGINE util
Appveyor.yml config doc GitConfigure INSTALL.DJGPP INSTALL.W32 Makefile ms os2 shlib VMS
Bugs Configure engines GitMake INSTALL.MacOS INSTALL.W64 Makefile.bak Netware PROBLEMS ssl
Certs CONTRIBUTING e_os2.h include INSTALL.NW INSTALL.WCE Makefile.org NEWS README test
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # / config-- prefix=/usr-- openssldir=/etc/ssl-- shared zlib
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
. Omit.
Generating dummy tests (if needed)...
Make [1]: Entering directory `/ soft/openssl-1.0.2q/test'
Md2test.c = > dummytest.c
Rc5test.c = > dummytest.c
Jpaketest.c = > dummytest.c
Make [1]: Leaving directory `/ soft/openssl-1.0.2q/test'
Configured for linux-x86_64.
[root@localhost openssl-1.0.2q] #
Openssl source code compilation
[root@localhost openssl-1.0.2q] # make
Making all in crypto...
Make [1]: Entering directory `/ soft/openssl-1.0.2q/crypto'
/ usr/bin/perl.. / util/mkbuildinf.pl "gcc-I. -I.. -I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DRC4_ASM-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASM "linux-x86_64" > buildinf.h
. Omit.
Gcc-I.. -I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DRC4_ASM-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASM-c-o dummytest.o dummytest.c
Make [2]: Entering directory `/ soft/openssl-1.0.2q/test'
Make [2]: Leaving directory `/ soft/openssl-1.0.2q/test'
Make [1]: Leaving directory `/ soft/openssl-1.0.2q/test'
Making all in tools...
Make [1]: Entering directory `/ soft/openssl-1.0.2q/tools'
Make [1]: Nothing to be done for `all'.
Make [1]: Leaving directory `/ soft/openssl-1.0.2q/tools'
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
Openssl test
[root@localhost openssl-1.0.2q] # make test
Testing...
Make [1]: Entering directory `/ soft/openssl-1.0.2q/test'
Make [2]: Entering directory `/ soft/openssl-1.0.2q'
Making all in apps...
Make [3]: Entering directory `/ soft/openssl-1.0.2q/apps'
Make [3]: Nothing to be done for `all'.
Make [3]: Leaving directory `/ soft/openssl-1.0.2q/apps'
Make [2]: Leaving directory `/ soft/openssl-1.0.2q'
.. / util/shlib_wrap.sh. / destest
. Omit.
ALL OCSP TESTS SUCCESSFUL
Test X509v3 checking *
.. / util/shlib_wrap.sh. / v3nametest
.. / util/shlib_wrap.sh. / heartbeat_test
Test constant time utilites
.. / util/shlib_wrap.sh. / constant_time_test
Testing constant time operations...
Ok (ran 1908 tests)
Test_verify_extra
.. / util/shlib_wrap.sh. / verify_extra_test
PASS
Test_clienthello
.. / util/shlib_wrap.sh. / clienthellotest
Test_sslv2conftest
. Omit.
*
*-START OF RECORD
* * Record Content-type: 22
* * Record Version: fefd
* * Record Epoch: 1
* * Record Sequence: 000000000000
* * Record Length: 64
* *-START OF HANDSHAKE MESSAGE FRAGMENT-
* *-HANDSHAKE MESSAGE FRAGMENT ENCRYPTED-
*-END OF RECORD
-END OF PACKET
PASS
Test_bad_dtls
.. / util/shlib_wrap.sh. / bad_dtls_test
Test_fatalerr
.. / util/shlib_wrap.sh. / fatalerrtest.. / apps/server.pem.. / apps/server.pem
SSL_accept () failed-1,1
140342688954048:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:
Test_x509_time
.. / util/shlib_wrap.sh. / x509_time_test
PASS
Make [1]: Leaving directory `/ soft/openssl-1.0.2q/test'
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version-a
OpenSSL 1.0.2q 20 Nov 2018
Built on: reproducible build, date unspecified
Platform: linux-x86_64
Options: bn (64) rc4 (16x) des (idx,cisc,16,int) idea (int) blowfish (idx)
Compiler: gcc-I. -I.. -I../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa,--noexecstack-M64-DL_ENDIAN-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DRC4_ASM-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-DECP_NISTZ256_ASM
OPENSSLDIR: "/ etc/ssl"
[root@localhost openssl-1.0.2q] #
Openssl installation
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # make install
Making all in crypto...
Make [1]: Entering directory `/ soft/openssl-1.0.2q/crypto'
Making all in crypto/objects...
. Omit.
Installing libcrypto.a
Installing libssl.a
Installing libcrypto.so.1.0.0
Installing libssl.so.1.0.0
Make [1]: Entering directory `/ usr/lib64'
Make [2]: Entering directory `/ usr/lib64'
Make [2]: Leaving directory `/ usr/lib64'
Make [2]: Entering directory `/ usr/lib64'
Make [2]: Leaving directory `/ usr/lib64'
Make [1]: Leaving directory `/ usr/lib64'
Cp libcrypto.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/libcrypto.pc
Cp libssl.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/libssl.pc
Cp openssl.pc / usr/lib64/pkgconfig
Chmod 644 / usr/lib64/pkgconfig/openssl.pc
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
Verify that the Openssl upgrade is successful
[root@localhost openssl-1.0.2q] # openssl version
OpenSSL 1.0.2q 20 Nov 2018
[root@localhost openssl-1.0.2q] #
Restore a shared library
Because OpenSSL_1.0.2q does not provide libcrypto.so.10 and libssl.so.10 libraries, and yum, wget and other tools rely on this library, you need to restore these two libraries that were previously backed up, and other libraries can be restored depending on the situation.
[root@localhost openssl-1.0.2q] # mv / usr/lib64/libcrypto.so.10.20181127.old / usr/lib64/libcrypto.so.10
Mv: overwrite'/ usr/lib64/libcrypto.so.10'? Y
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # mv / usr/lib64/libssl.so.10.20181127.old / usr/lib64/libssl.so.10
Mv: overwrite'/ usr/lib64/libssl.so.10'? Y
[root@localhost openssl-1.0.2q] #
Pre-installation environment configuration for Openssh
[root@localhost openssl-1.0.2q] # mv / etc/ssh / etc/ssh.old
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # rpm-qa | grep openssh
Openssh-server-7.4p1-11.el7.x86_64
Openssh-clients-7.4p1-11.el7.x86_64
Openssh-7.4p1-11.el7.x86_64
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}
Warning: file / etc/ssh/sshd_config: remove failed: No such file or directory
Warning: file / etc/ssh/ssh_config: remove failed: No such file or directory
Warning: file / etc/ssh/moduli: remove failed: No such file or directory
Warning: file / etc/ssh: remove failed: No such file or directory
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # rpm-qa | grep openssh | xargs-I rpm-e-- nodeps {}
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # rpm-qa | grep openssh | xargs
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # install-v-m700-d / var/lib/sshd
Install: creating directory'/ var/lib/sshd'
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # chown-v root:sys / var/lib/sshd
Changed ownership of'/ var/lib/sshd' from root:root to root:sys
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # groupadd-g 50 sshd
Groupadd: group 'sshd' already exists
[root@localhost openssl-1.0.2q] #
[root@localhost openssl-1.0.2q] # useradd-c 'sshd PrivSep'-d / var/lib/sshd-g sshd-s / bin/false-u 50 sshd
Useradd: user 'sshd' already exists
[root@localhost openssl-1.0.2q] #
Decompress the openssh 7.6p1.tar.gz source code
[root@localhost openssl-1.0.2q] # cd..
[root@localhost soft] # ls
CentOS-7.4-x86_64-Everything-1708.iso openssh-7.9p1.tar.gz openssl-1.0.2q openssl-1.0.2q.tar.gz zlib-1.2.11 zlib-1.2.11.tar.gz
[root@localhost soft] # tar-xvzf openssh-7.9p1.tar.gz
[root@localhost soft] #
[root@localhost soft] # cd openssh-7.9p1
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # ls
Aclocal.m4 cipher-aesctr.c gss-genr.c moduli.0 README.dns ssh-add.1 sshlogin.c
Addrmatch.c cipher-aesctr.h gss-serv.c moduli.5 README.platform ssh-add.c sshlogin.h
Atomicio.c cipher.c gss-serv-krb5.c moduli.c README.privsep ssh-agent.0 ssh-pkcs11.c
Atomicio.h cipher-chachapoly.c hash.c monitor.c README.tun ssh-agent.1 ssh-pkcs11-client.c
Audit-bsm.c cipher-chachapoly.h hmac.c monitor_fdpass.c readpass.c ssh-agent.c ssh-pkcs11.h
Audit.c cipher-ctr.c hmac.h monitor_fdpass.h regress ssh_api.c ssh-pkcs11-helper.0
Audit.h cipher.h hostfile.c monitor.h rijndael.c ssh_api.h ssh-pkcs11-helper.8
Audit-linux.c cleanup.c hostfile.h monitor_wrap.c rijndael.h sshbuf.c ssh-pkcs11-helper.c
Auth3.c clientloop.c includes.h monitor_wrap.h sandbox-capsicum.c sshbuf-getput-basic.c sshpty.c
Auth3-chall.c clientloop.h INSTALL msg.c sandbox-darwin.c sshbuf-getput-crypto.c sshpty.h
Auth3-gss.c compat.c install-sh msg.h sandbox-null.c sshbuf.h ssh-rsa.c
Auth3-hostbased.c compat.h kex.c mux.c sandbox-pledge.c sshbuf-misc.c ssh-sandbox.h
Auth3-kbdint.c config.guess kexc25519.c myproposal.h sandbox-rlimit.c ssh.c sshtty.c
Auth3-none.c config.h.in kexc25519c.c nchan2.ms sandbox-seccomp-filter.c ssh_config ssh-xmss.c
Auth3-passwd.c config.sub kexc25519s.c nchan.c sandbox-solaris.c ssh_config.0 survey.sh.in
Auth3-pubkey.c configure kexdh.c nchan.ms sandbox-systrace.c ssh_config.5 TODO
Auth-bsdauth.c configure.ac kexdhc.c opacket.c sc25519.c sshconnect2.c ttymodes.c
Auth.c contrib kexdhs.c opacket.h sc25519.h sshconnect.c ttymodes.h
Authfd.c crc32.c kexecdh.c openbsd-compat scp.0 sshconnect.h uidswap.c
Authfd.h crc32.h kexecdhc.c opensshd.init.in scp.1 sshd.0 uidswap.h
Authfile.c CREDITS kexecdhs.c openssh.xml.in scp.c sshd.8 umac128.c
Authfile.h crypto_api.h kexgex.c OVERVIEW servconf.c sshd.c umac.c
Auth.h defines.h kexgexc.c packet.c servconf.h sshd_config umac.h
Auth-krb5.c dh.c kexgexs.c packet.h serverloop.c sshd_config.0 utf8.c
Auth-options.c dh.h kex.h pathnames.h serverloop.h sshd_config.5 utf8.h
Auth-options.h digest.h krl.c pkcs11.h session.c ssh-dss.c uuencode.c
Auth-pam.c digest-libc.c krl.h platform.c session.h ssh-ecdsa.c uuencode.h
Auth-pam.h digest-openssl.c LICENCE platform.h sftp.0 ssh-ed25519.c verify.c
Auth-passwd.c dispatch.c log.c platform-misc.c sftp.1 ssherr.c version.h
Auth-rhosts.c dispatch.h log.h platform-pledge.c sftp.c ssherr.h xmalloc.c
Auth-shadow.c dns.c loginrec.c platform-tracing.c sftp-client.c ssh-gss.h xmalloc.h
Auth-sia.c dns.h loginrec.h poly1305.c sftp-client.h ssh.h xmss_commons.c
Auth-sia.h ed25519.c logintest.c poly1305.h sftp-common.c sshkey.c xmss_commons.h
Auth-skey.c entropy.c mac.c progressmeter.c sftp-common.h ssh-keygen.0 xmss_fast.c
Bitmap.c entropy.h mac.h progressmeter.h sftp-glob.c ssh-keygen.1 xmss_fast.h
Bitmap.h fatal.c Makefile.in PROTOCOL sftp.h ssh-keygen.c xmss_hash_address.c
Buildpkg.sh.in fe25519.c match.c PROTOCOL.agent sftp-server.0 sshkey.h xmss_hash_address.h
Canohost.c fe25519.h match.h PROTOCOL.certkeys sftp-server.8 ssh-keyscan.0 xmss_hash.c
Canohost.h fixalgorithms md5crypt.c PROTOCOL.chacha20poly1305 sftp-server.c ssh-keyscan.1 xmss_hash.h
Chacha.c fixpaths md5crypt.h PROTOCOL.key sftp-server-main.c ssh-keyscan.c xmss_wots.c
Chacha.h ge25519_base.data mdoc2man.awk PROTOCOL.krl smult_curve25519_ref.c ssh-keysign.0 xmss_wots.h
ChangeLog ge25519.c misc.c PROTOCOL.mux ssh.0 ssh-keysign.8
Channels.c ge25519.h misc.h readconf.c ssh.1 ssh-keysign.c
Channels.h groupaccess.c mkinstalldirs readconf.h ssh3.h sshkey-xmss.c
Cipher-aes.c groupaccess.h moduli README ssh-add.0 sshkey-xmss.h
[root@localhost openssh-7.9p1] #
Openssh configuration check
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # / configure-- prefix=/usr-- sysconfdir=/etc/ssh-- with-md5-passwords-- with-pam--with-zlib-- with-openssl-includes=/usr-- with-privsep-path=/var/lib/sshd
Configure: WARNING: unrecognized options:-with-pam--with-zlib,-with-openssl-includes
Checking for gcc... Gcc
Checking whether the C compiler works... Yes
Checking for C compiler default output file name... A.out
Checking for suffix of executables...
. Omit.
Configure: WARNING: unrecognized options:-with-pam--with-zlib,-with-openssl-includes
OpenSSH has been configured with the following options:
User binaries: / usr/bin
System binaries: / usr/sbin
Configuration files: / etc/ssh
Askpass program: / usr/libexec/ssh-askpass
Manual pages: / usr/share/man/manX
PID file: / var/run
Privilege separation chroot path: / var/lib/sshd
Sshd default user PATH: / usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
MD5 password support: yes
Libedit support: no
Libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-pc-linux-gnu
Compiler: gcc
Compiler flags:-g-O2-pipe-Wall-Wpointer-arith-Wuninitialized-Wsign-compare-Wformat-security-Wsizeof-pointer-memaccess-Wno-pointer-sign-Wno-unused-result-fno-strict-aliasing-D_FORTIFY_SOURCE=2-ftrapv-fno-builtin-memset-fstack-protector-strong-fPIE
Preprocessor flags:-D_XOPEN_SOURCE=600-D_BSD_SOURCE-D_DEFAULT_SOURCE
Linker flags:-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie
Libraries:-lcrypto-ldl-lutil-lz-lcrypt-lresolv
Compile Openssh
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # make
Conffile= `echo sshd_config.out | sed's Uniq.outdated Universe Universe'`;\
/ usr/bin/sed-e's | / etc/ssh/ssh_config | / etc/ssh/ssh_config | g'- e's | / etc/ssh/ssh_known_hosts | / etc/ssh/ssh_known_hosts | g'- e's | / etc/ssh/sshd_config | / etc/ssh/sshd_config | g'- e's | / usr/libexec | / usr/libexec | g'- e's | / etc/shosts.equiv | / etc/ssh/shosts.equiv | g'- e's | / etc/ssh/ssh _ host_key | / etc/ssh/ssh_host_key | g'- e's | / etc/ssh/ssh_host_ecdsa_key | / etc/ssh/ssh_host_ecdsa_key | g'- e's | / etc/ssh/ssh_host_dsa_key | / etc/ssh/ssh_host_dsa_key | g'- e's | / etc/ssh/ssh_host_rsa_key | / etc/ssh/ssh_host_rsa_key | g'- e's | / etc/ssh/ssh_host_ed25519 _ key | / etc/ssh/ssh_host_ed25519_key | g'- e's | / var/run/sshd.pid | / var/run/sshd.pid | g'- e's | / etc/moduli | / etc/ssh/moduli | g'- e's | / etc/ssh/moduli | / etc/ssh/moduli | g'- e's | / etc/ssh/sshrc | / etc/ssh/sshrc | g'- e's | / usr/X11R6/bin/xauth | undefined | g'- e's | / var/empty | / var/lib/sshd | g' -e's | / usr/bin:/bin:/usr/sbin:/sbin | / usr/bin:/bin:/usr/sbin:/sbin | g'. / ${conffile} > sshd_config.out
. Omit.
Gcc-o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o-L. -Lopenbsd-compat/-Wl,-z,relro-Wl,-z,now-Wl,-z,noexecstack-fstack-protector-strong-pie-lssh-lopenbsd-compat-lcrypto-ldl-lutil-lz-lcrypt-lresolv
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
Install Openssh
[root@localhost openssh-7.9p1] # make install
(cd openbsd-compat & & make)
Make [1]: Entering directory `/ soft/openssh-7.9p1/openbsd-compat'
Make [1]: Nothing to be done for `all'.
Make [1]: Leaving directory `/ soft/openssh-7.9p1/openbsd-compat'
/ usr/bin/mkdir-p / usr/bin
/ usr/bin/mkdir-p / usr/sbin
/ usr/bin/mkdir-p / usr/share/man/man1
/ usr/bin/mkdir-p / usr/share/man/man5
/ usr/bin/mkdir-p / usr/share/man/man8
/ usr/bin/mkdir-p / usr/libexec
/ usr/bin/mkdir-p-m 0755 / var/lib/sshd
/ usr/bin/install-c-m 0755-s ssh / usr/bin/ssh
/ usr/bin/install-c-m 0755-s scp / usr/bin/scp
/ usr/bin/install-c-m 0755-s ssh-add / usr/bin/ssh-add
/ usr/bin/install-c-m 0755-s ssh-agent / usr/bin/ssh-agent
/ usr/bin/install-c-m 0755-s ssh-keygen / usr/bin/ssh-keygen
/ usr/bin/install-c-m 0755-s ssh-keyscan / usr/bin/ssh-keyscan
/ usr/bin/install-c-m 0755-s sshd / usr/sbin/sshd
/ usr/bin/install-c-m 4711-s ssh-keysign / usr/libexec/ssh-keysign
/ usr/bin/install-c-m 0755-s ssh-pkcs11-helper / usr/libexec/ssh-pkcs11-helper
/ usr/bin/install-c-m 0755-s sftp / usr/bin/sftp
/ usr/bin/install-c-m 0755-s sftp-server / usr/libexec/sftp-server
/ usr/bin/install-c-m 644 ssh.1.out / usr/share/man/man1/ssh.1
/ usr/bin/install-c-m 644 scp.1.out / usr/share/man/man1/scp.1
/ usr/bin/install-c-m 644 ssh-add.1.out / usr/share/man/man1/ssh-add.1
/ usr/bin/install-c-m 644 ssh-agent.1.out / usr/share/man/man1/ssh-agent.1
/ usr/bin/install-c-m 644 ssh-keygen.1.out / usr/share/man/man1/ssh-keygen.1
/ usr/bin/install-c-m 644 ssh-keyscan.1.out / usr/share/man/man1/ssh-keyscan.1
/ usr/bin/install-c-m 644 moduli.5.out / usr/share/man/man5/moduli.5
/ usr/bin/install-c-m 644 sshd_config.5.out / usr/share/man/man5/sshd_config.5
/ usr/bin/install-c-m 644 ssh_config.5.out / usr/share/man/man5/ssh_config.5
/ usr/bin/install-c-m 644 sshd.8.out / usr/share/man/man8/sshd.8
/ usr/bin/install-c-m 644 sftp.1.out / usr/share/man/man1/sftp.1
/ usr/bin/install-c-m 644 sftp-server.8.out / usr/share/man/man8/sftp-server.8
/ usr/bin/install-c-m 644 ssh-keysign.8.out / usr/share/man/man8/ssh-keysign.8
/ usr/bin/install-c-m 644 ssh-pkcs11-helper.8.out / usr/share/man/man8/ssh-pkcs11-helper.8
/ usr/bin/mkdir-p / etc/ssh
Ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
/ usr/sbin/sshd-t-f / etc/ssh/sshd_config
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
Environment configuration after Openssh installation
# execute the following command in the openssh compilation directory
[root@localhost openssh-7.9p1] # install-v-m755 contrib/ssh-copy-id / usr/bin
'contrib/ssh-copy-id'->' / usr/bin/ssh-copy-id'
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # install-v-m644 contrib/ssh-copy-id.1 / usr/share/man/man1
'contrib/ssh-copy-id.1'->' / usr/share/man/man1/ssh-copy-id.1'
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # install-v-m755-d / usr/share/doc/openssh-7.9p1
Install: creating directory'/ usr/share/doc/openssh-7.9p1'
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # install-v-m644 INSTALL LICENCE OVERVIEW README* / usr/share/doc/openssh-7.9p1
'INSTALL'->' / usr/share/doc/openssh-7.9p1/INSTALL'
'LICENCE'->' / usr/share/doc/openssh-7.9p1/LICENCE'
'OVERVIEW'->' / usr/share/doc/openssh-7.9p1/OVERVIEW'
'README'->' / usr/share/doc/openssh-7.9p1/README'
'README.dns'->' / usr/share/doc/openssh-7.9p1/README.dns'
'README.platform'->' / usr/share/doc/openssh-7.9p1/README.platform'
'README.privsep'->' / usr/share/doc/openssh-7.9p1/README.privsep'
'README.tun'->' / usr/share/doc/openssh-7.9p1/README.tun'
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
Verify that Openssh has been upgraded successfully
[root@localhost openssh-7.9p1] # ssh- V
OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
Enable the OpenSSH service
[root@localhost openssh-7.9p1] # echo 'X11Forwarding yes' > > / etc/ssh/sshd_config
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # echo "PermitRootLogin yes" > > / etc/ssh/sshd_config
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # cp-p contrib/redhat/sshd.init / etc/init.d/sshd
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # chmod + x / etc/init.d/sshd
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # chkconfig-- add sshd
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # chkconfig sshd on
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # chkconfig-- list sshd
Note: This output shows SysV services only and does not include native
Systemd services. SysV configuration data might be overridden by native
Systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
Sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost openssh-7.9p1] #
Version 7 command view
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # systemctl status sshd
● sshd.service-SYSV: OpenSSH server daemon
Loaded: loaded (/ etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator (8)
Nov 27 01:04:34 localhost.localdomain sshd [11784]: Accepted password for root from 192.168.95.1 port 63419 ssh3
Nov 27 01:04:45 localhost.localdomain sshd [11793]: Accepted password for root from 192.168.95.1 port 63420 ssh3
Nov 27 01:04:49 localhost.localdomain sshd [11802]: Accepted password for root from 192.168.95.1 port 63421 ssh3
Nov 27 01:11:05 localhost.localdomain sshd [11873]: Accepted password for root from 192.168.95.1 port 63468 ssh3
Nov 27 01:13:10 localhost.localdomain sshd [11884]: Accepted password for root from 192.168.95.1 port 51001 ssh3
Nov 27 01:13:10 localhost.localdomain sshd [11886]: Accepted password for root from 192.168.95.1 port 51002 ssh3
Nov 27 01:23:00 localhost.localdomain sshd [12053]: Accepted password for root from 192.168.95.1 port 52076 ssh3
Nov 27 01:53:53 localhost.localdomain systemd [1]: Stopping OpenSSH server daemon...
Nov 27 01:53:53 localhost.localdomain sshd [1108]: Received signal 15; terminating.
Nov 27 01:53:53 localhost.localdomain systemd [1]: Stopped OpenSSH server daemon.
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] #
Restart the sshd service
[root@localhost openssh-7.9p1] # systemctl restart sshd
[root@localhost openssh-7.9p1] #
[root@localhost openssh-7.9p1] # reboot
Method 2:
Systemctl status sshd.service
Start the service:
Systemctl start sshd.service
Restart the service:
Systemctl restart sshd.service
Self-booting:
Systemctl enable sshd.service
Restart the operating system takes effect
Reboot
View Openssh and Openssl upgrades
[root@localhost ~] #
[root@localhost] # ssh-V
OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
[root@localhost ~] #
[root@localhost ~] #
Uninstall telnet
[root@localhost ~] # yum remove telnet* xinetd y
View SSH startup status
[root@localhost ~] # systemctl status sshd.service
● sshd.service-SYSV: OpenSSH server daemon
Loaded: loaded (/ etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Tue 2018-11-27 02:03:23 EST; 11min ago
Docs: man:systemd-sysv-generator (8)
Process: 1009 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 1072 (sshd)
CGroup: / system.slice/sshd.service
├─ 1072 / usr/sbin/sshd
├─ 1326 sshd: root@pts/0
├─ 1328-bash
└─ 1360 systemctl status sshd.service
Nov 27 02:03:23 localhost.localdomain systemd [1]: Starting SYSV: OpenSSH server daemon...
Nov 27 02:03:23 localhost.localdomain sshd [1072]: Server listening on 0.0.0.0 port 22.
Nov 27 02:03:23 localhost.localdomain sshd [1072]: Server listening on:: port 22.
Nov 27 02:03:23 localhost.localdomain sshd [1009]: Starting sshd: [OK]
Nov 27 02:03:23 localhost.localdomain systemd [1]: Started SYSV: OpenSSH server daemon.
Nov 27 02:04:05 localhost.localdomain sshd [1326]: Accepted password for root from 192.168.95.1 port 49961 ssh3
[root@localhost ~] #
View the current version of Bash
[root@localhost ~] # rpm-qa | grep bash
Bash-4.2.46-28.el7.x86_64
[root@localhost ~] #
[root@test soft] # rpm-Uvh bash-4.2.46-29.el7_4.x86_64.rpm
Warning: bash-4.2.46-29.el7_4.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... # # [100%]
Updating / installing...
1:bash-4.2.46-29.el7_4 # # [50%]
Cleaning up / removing...
2:bash-4.2.46-28.el7 # # [100%]
[root@test soft] #
[root@test soft] #
[root@test ~] # rpm-qa | grep bash
Bash-4.2.46-29.el7_4.x86_64
[root@test ~] #
System tuning
Systemctl stop firewalld.service
Systemctl disable firewalld.service
Systemctl status firewalld.service
Systemctl stop NetworkManager.service
Systemctl disable NetworkManager.service
Systemctl status NetworkManager.service
Systemctl stop abrt-ccpp.service
Systemctl disable abrt-ccpp.service
Systemctl status abrt-ccpp.service
Systemctl stop abrtd.service
Systemctl disable abrtd.service
Systemctl status abrtd.service
Systemctl stop atd.service
Systemctl disable atd.service
Systemctl status atd.service
Systemctl stop auditd.service
Systemctl disable auditd.service
Systemctl status auditd.service
Systemctl stop autofs.service
Systemctl disable autofs.service
Systemctl status autofs.service
Systemctl stop blk-availability.service
Systemctl disable blk-availability.service
Systemctl status blk-availability.service
Systemctl stop certmonger.service
Systemctl disable certmonger.service
Systemctl status certmonger.service
Systemctl stop cpus.service
Systemctl disable cpus.service
Systemctl status cpus.service
Systemctl stop irqbalance.service
Systemctl disable irqbalance.service
Systemctl status irqbalance.service
Systemctl stop libvirt-guests.service
Systemctl disable libvirt-guests.service
Systemctl status libvirt-guests.service
Systemctl stop lvm2-monitor.service
Systemctl disable lvm2-monitor.service
Systemctl status lvm2-monitor.service
Systemctl stop mdmonitor.service
Systemctl disable mdmonitor.service
Systemctl status mdmonitor.service
Systemctl stop messagebus.service
Systemctl disable messagebus.service
Systemctl status messagebus.service
Systemctl stop postfix.service
Systemctl disable postfix.service
Systemctl status postfix.service
Systemctl stop rhsmcertd.service
Systemctl disable rhsmcertd.service
Systemctl status rhsmcertd.service
Systemctl stop rpcbind.service
Systemctl disable rpcbind.service
Systemctl status rpcbind.service
Systemctl stop rpcgssd.service
Systemctl disable rpcgssd.service
Systemctl status rpcgssd.service
Systemctl disable cups
Systemctl disable cups.path
Systemctl disable cups.service
Systemctl disable cups.socket
Systemctl disable abrt-ccpp.service
Systemctl disable abrt-oops.service
Systemctl disable abrt-xorg.service
Systemctl disable abrtd.service
Systemctl disable cups.service
Systemctl disable httpd.service
Systemctl disable iscsid.service
Systemctl disable iscsid.socket
Systemctl disable iscsi.service
Systemctl disable iscsi-shutdown.service
Systemctl disable iscsiuio.service
Systemctl disable iscsiuio.socket
Systemctl disable libvirtd.service
Systemctl disable libvirtd.socket
Systemctl disable libvirt-guests.service
Systemctl disable nfs-blkmap.service
Systemctl disable nfs-client.target
Systemctl disable nfs-config.service
Systemctl disable nfs-idmapd.service
Systemctl disable nfs-idmap.service
Systemctl disable nfs-lock.service
Systemctl disable nfslock.service
Systemctl disable nfs-mountd.service
Systemctl disable nfs-secure-server.service
Systemctl disable nfs-secure.service
Systemctl disable nfs-server.service
Systemctl disable nfs.service
Systemctl disable nfs.target.wants
Systemctl disable nfs-utils.service
Systemctl disable smartcard.target
Systemctl disable smartd.service
Systemctl disable vsftpd.service
Systemctl disable vsftpd@.service
Systemctl disable vsftpd.target
Systemctl disable bluetooth.service
Systemctl disable bluetooth.target
RHEL6 version tuning
Chkconfig sendmail off
Chkconfig isdn off
Chkconfig pcmcia off
Chkconfig iptables off
Chkconfig mdmonitor off
Chkconfig rhnsdoff
Chkconfig smartdoff
Chkconfig cupsoff
Chkconfig cups-config-daemon off
Chkconfig iiim off
Chkconfig httpd off
Chkconfig squid off
Chkconfig smb off
Chkconfig ip6tables off
Chkconfig gpm off
Chkconfig xend off
Chkconfig bluetooth off
Chkconfig hidd off
Chkconfig pcscd off
Chkconfig iscsi off
Chkconfig iscsid off
Chkconfig avahi-daemon off
Chkconfig tog-pegasus off
Chkconfig yum-updatesd off
Chkconfig irqbalance off
Chkconfig mcstrans off
Chkconfig NetworkManager off
Chkconfig cpuspeed off
Chkconfig irqbalance off
Chkconfig bmc-watchdog off
On the day environment Openssh-7.9p1 upgrade and system tuning to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
