Perfect upgrade of openssl1.0.1 to 1.0.1g script 01/16 Update SLTechnology News&Howtos

Perfect upgrade of openssl1.0.1 to 1.0.1g script

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Recently, the openssl loophole has made everyone worried on the Internet. The update made a few days ago has been very busy. I have not come to update the blog post urgently.

Update your blog posts and scripts today.

Found that many servers have the wrong openssl version (several servers are wrong, so you have to update the new version as soon as possible)

[root@ceshi] # openssl version-aOpenSSL 1.0.1e-fips 11 Feb 2013built on: Wed Dec 18 19:40:59 UTC 2013platform: linux-x86_64options: bn (64 md2) md2 (int) rc4 (16x idx,cisc,16,int) des (idx,cisc,16,int) idea (int) blowfish (idx) compiler: gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-DKRB5_MIT-M64-DL_ENDIAN-DTERMIO-Wall-O2-g-pipe-Wall-Wp -D_FORTIFY_SOURCE=2-fexceptions-fstack-protector-- param=ssp-buffer-size=4-M64-mtune=generic-Wa,--noexecstack-DPURIFY-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASMOPENSSLDIR: "/ etc/pki/tls" engines: dynamic

Vi ab.sh

#! / bin/bash# download and install the latest opensslwget http://www.openssl.org/source/openssl-1.0.1g.tar.gztar xzvf openssl-1.0.1g.tar.gzcd openssl-1.0.1g./config shared zlibmake & & make installcd / usr/local/ssl/./bin/openssl version-a # to replace the old version opensslmv / usr/bin/openssl / usr/bin/openssl.oldmv / usr/include/openssl / usr/include/openssl.oldln-s / usr/local / ssl/bin/openssl / usr/bin/opensslln-s / usr/local/ssl/include/openssl/ / usr/include/openssl# configuration library file search path echo "/ usr/local/ssl/lib" > > / etc/ld.so.confldconfig# test whether the new version is normal openssl version-a

Under installation

Connecting www.openssl.org | 185.9.166.106 |: 80. Connected. A HTTP request has been issued Waiting for a response. 200 OK length: 4509047 (4.3m) [application/x-gzip] is being saved to: "openssl-1.0.1g.tar.gz" 9% [= >] 409093 133K/s eta (11% [= >] 512185 146K/s eta in the middle of the UK 11% [= >] 526705 134K/s eta in the middle of the country (15% [>] 703849 162K/s eta in the middle of the UK (17% [>] 789517 165K/s eta in the middle of the UK 19% [= >] 880993 169K/s eta (21% [= >] 957949 170K/s eta in the middle of England (23% [= >] 1039261 171K/s eta in the middle of England) ] 1153969 178K/s eta (28% central UK [= >] 1271581 184K/s eta (central UK time) 1730% [= >] 1390645 189K/s eta (central UK time) 1733% [= > M_MONT5-DOPENSSL_BN _ ASM_GF2m-DSHA1_ASM-DSHA256_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-c-o obj_dat.o obj_dat.cgcc-I.. -I... Dot... -I../modes-I../asn1-I../evp-I../../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-DTERMIO-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-c-o obj_lib.o obj_lib.cgcc-I.. -I... Dot... -I../modes-I../asn1-I../evp-I../../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-DTERMIO-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-c-o obj_err.o obj_err.cgcc-I.. -I... Dot... -I../modes-I../asn1-I../evp-I../../include-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-DTERMIO-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASM-c-o obj_xref.o obj_xref.cOpenSSL sharedlibraries have been installed in: / usr/local/sslIf this directory is not in a standard system path for dynamic/sharedlibraries Then you will have problems linking and executingapplications that use OpenSSL libraries UNLESS:* you link with static (archive) libraries. If you are truly paranoid about security, you should use static libraries.* you use the GNU libtool code during linking (http://www.gnu.org/software/libtool/libtool.html)* you use pkg-config during linking (this requires that PKG_CONFIG_PATH includes the path to the OpenSSL shared library directory), and make use of-R or-rpath. (http://www.freedesktop.org/software/pkgconfig/)* you specify the system-wide link path via a command such as crle (1) on Solaris systems.* you add the OpenSSL shared library directory to / etc/ld.so.conf and run ldconfig (8) on Linux systems.* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP) DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP) environment variable and add the OpenSSL shared library directory to it.One common tool to check the dynamic dependencies of an executableor dynamic library is ldd (1) on most UNIX systems.See any operating system documentation and manpages about sharedlibraries for your version of UNIX. The following manpages may behelpful: ld (1), ld.so (1), ld.so.1 (1) [Solaris], dld.sl (1) [HP], ldd (1), crle (1) [Solaris], pldd (1) [Solaris], ldconfig (8) [Linux] Chatr (1) [HP]. Cp libcrypto.pc / usr/local/ssl/lib/pkgconfigchmod 644 / usr/local/ssl/lib/pkgconfig/libcrypto.pccp libssl.pc / usr/local/ssl/lib/pkgconfigchmod 644 / usr/local/ssl/lib/pkgconfig/libssl.pccp openssl.pc / usr/local/ssl/lib/pkgconfigchmod 644 / usr/local/ssl/lib/pkgconfig/openssl.pcOPENSSLDIR: "/ usr/local/ssl" OpenSSL 1.0.1 g 7 Apr 2014built on: Tue Apr 22 13: 48:05 CST 2014platform: linux-x86_64options: bn (64 rc4 64) rc4 (16x Int) des (idx,cisc,16,int) idea (int) blowfish (idx) compiler: gcc-fPIC-DOPENSSL_PIC-DZLIB-DOPENSSL_THREADS-D_REENTRANT-DDSO_DLFCN-DHAVE_DLFCN_H-Wa -- noexecstack-M64-DL_ENDIAN-DTERMIO-O3-Wall-DOPENSSL_IA32_SSE2-DOPENSSL_BN_ASM_MONT-DOPENSSL_BN_ASM_MONT5-DOPENSSL_BN_ASM_GF2m-DSHA1_ASM-DSHA512_ASM-DMD5_ASM-DAES_ASM-DVPAES_ASM-DBSAES_ASM-DWHIRLPOOL_ASM-DGHASH_ASMOPENSSLDIR: "/ usr/local/ssl"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.