安裝telnet並開啟(防止ssh公升級失敗後無法連線伺服器,可通過telnet方式連線伺服器預設埠是23)
rpm -ivh xinetd-2.3.14-39.el6_4.x86_64.rpm
rpm -ivh telnet-server-0.17-47.el6_3.1.x86_64.rpm
service iptables stop
chkconfig iptables off
將其中disable欄位的yes改為no以啟用telnet服務
sed -i 's/\(.*\)disable\(.*\)/\ \ \ \ \ \ \ \ disable\ \ \ \ \ \ \ \ \ =\ no/g' /etc/xinetd.d/telnet
允許root使用者通過telnet登入
mv /etc/securetty /etc/securetty.old
service xinetd start
chkconfig xinetd on
檢查環境
openssl version
gcc-c++安裝步驟(順序不能顛倒,否則會報錯)
rpm -ivh ppl-0.10.2-11.el6.x86_64.rpm
rpm -ivh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm
rpm -ivh mpfr-2.4.1-6.el6.x86_64.rpm
rpm -ivh cpp-4.4.7-17.el6.x86_64.rpm
rpm -uvh kernel-headers-2.6.32-642.el6.x86_64.rpm
rpm -uvh tzdata-2016c-1.el6.noarch.rpm
rpm -uvh glibc-devel-2.12-1.192.el6.x86_64.rpm glibc-2.12-1.192.el6.x86_64.rpm glibc-2.12-1.192.el6.i686.rpm glibc-headers-2.12-1.192.el6.x86_64.rpm glibc-common-2.12-1.192.el6.x86_64.rpm
rpm -uvh libgcc-4.4.7-17.el6.x86_64.rpm
rpm -uvh libgomp-4.4.7-17.el6.x86_64.rpm
rpm -ivh gcc-4.4.7-17.el6.x86_64.rpm
rpm -uvh libstdc++-4.4.7-17.el6.x86_64.rpm
rpm -ivh libstdc++-devel-4.4.7-17.el6.x86_64.rpm
rpm -ivh gcc-c++-4.4.7-17.el6.x86_64.rpm
zlib安裝步驟
rpm -ivh zlib-devel-1.2.3-29.el6.x86_64.rpm
openssl安裝步驟(順序不能顛倒,否則會報錯)
rpm -uvh keyutils-1.4-5.el6.x86_64.rpm keyutils-libs-1.4-5.el6.x86_64.rpm keyutils-libs-devel-1.4-5.el6.x86_64.rpm
rpm -uvh krb5-libs-1.10.3-57.el6.x86_64.rpm krb5-workstation-1.10.3-57.el6.x86_64.rpm
rpm -uvh libselinux-2.0.94-7.el6.x86_64.rpm libselinux-utils-2.0.94-7.el6.x86_64.rpm libselinux-python-2.0.94-7.el6.x86_64.rpm
rpm -ivh libsepol-devel-2.0.41-4.el6.x86_64.rpm
rpm -ivh libselinux-devel-2.0.94-7.el6.x86_64.rpm
rpm -uvh e2fsprogs-libs-1.41.12-22.el6.x86_64.rpm e2fsprogs-1.41.12-22.el6.x86_64.rpm libss-1.41.12-22.el6.x86_64.rpm libcom_err-1.41.12-22.el6.x86_64.rpm
rpm -ivh krb5-devel-1.10.3-57.el6.x86_64.rpm libcom_err-devel-1.41.12-22.el6.x86_64.rpm
rpm -uvh openssl-devel-1.0.1e-48.el6.x86_64.rpm openssl-1.0.1e-48.el6.x86_64.rpm
pam安裝步驟
rpm -uvh pam-devel-1.1.1-22.el6.x86_64.rpm pam-1.1.1-22.el6.x86_64.rpm
openssl原始碼安裝(暫時不公升級)
tar zxf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config --prefix=/usr/local/openssl --shared
make depend
make
make
test
make
install
備份當前openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
配置使用新版本
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
更新動態鏈結庫資料
echo
"/usr/local/ssl/lib"
>> /etc/ld.so.conf
ldconfig -v
重新檢視版本號
openssl version
原始碼安裝openssh
rpm -qa |
grep openssh
刪除低版本的openssh
rpm -e `rpm -qa |
grep openssh`
--nodeps
cd /usr/local/src/
tar zxvf openssh-7.9p1.tar.gz
cd openssh-7.9p1
make
make
install
手動修改permitrootlogin no 修改為 permitrootlogin yes 允許root遠端登陸
sed -i 's/#permitrootlogin prohibit-password/permitrootlogin\ yes/g' /etc/ssh/sshd_config
禁止空密碼
sed -i 's/#permitemptypasswords\(.*\)/permitemptypasswords\ no/g' /etc/ssh/sshd_config
重點:禁止selinux 否則重啟後會登入失敗
sed -i 's/^selinux\(.*\)/selinux=disabled/g' /etc/selinux/config
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
service sshd start
service sshd restart
chkconfig --list sshd
ssh -v
關閉telnet
禁止root使用者通過telnet登入
mv /etc/securetty.old /etc/securetty
service xinetd stop
chkconfig xinetd off
service iptables start
chkconfig iptables on
將之前的disable欄位的no改為yes
vi /etc/xinetd.d/telnet
隨後再將修改iptables將23埠關閉,並重啟iptables服務
至此,可以再開ssh登入,用ssh -v檢視版本號
通過rpm方式安裝Mysql
一般linux伺服器版都預設安裝有mysql,但是可能不是你要的版本,所以先解除安裝。rpm ev mysql 5.0.77 4.el5 4.2 如果存在依賴包就將依賴的包乙個乙個通過rpm ev解除安裝。然後安裝 rpm ivh mysql server community 5.1.49 1.rh...
Fluentd安裝 通過rpm方式
為了靈活性,fluentd用ruby寫的,其中一些效能敏感的部件使用c寫的。普通的使用者直接安裝和使用ruby程序可能有困難,這樣就把它封裝成fluentd的穩定版本 td agent.直接執行 install redhat td agent2.sh指令碼,就會自動安裝上td agent curl ...
Linux下用rpm方式公升級mysql
因為mysql會被檢測出來漏洞,要通過公升級mysql版本來修復漏洞。而通過tar包方式去安裝公升級有點慢,rpm方式公升級效率特別高。而且通過rpm公升級,mysql的配置檔案,資料庫檔案都不用動,公升級成功後資料還在。公升級之前,先把整個資料庫備份一下,有備無患 備份資料庫,公升級mysql通常...