因现场ssh版本较低,扫描出来很多漏洞,所以要求升级ssh版本,现场的版本是
是OpenSSH_6.7p1, OpenSSL 1.0.1e-fips,编写了一个脚本去自动执行,脚本内容如下
#!/bin/bash
cd /tmp
[ -f openssh-7.2p2.tar.gz -a -f openssl-1.0.2g.tar.gz ]||{
echo "openssh and openssl packages does not exist"
exit 1
}
openssl(){
echo -e "\e[1;32m pls waiting for a moment openssl update... \e[0m"
cd /tmp
tar xf openssl-1.0.2g.tar.gz
cd openssl-1.0.2g
./config --prefix=/usr --shared >/dev/null 2>&1
make depend >/dev/null 2>&1
make >/dev/null 2>&1
make install >/dev/null 2>&1
RETVAL1=$?
if [ $RETVAL1 -eq 0 ];then
echo "openssl update succefull"
else
echo "openssl update failed"
return 2
fi
}
openssh(){
echo -e "\e[1;32m pls waiting for a moment openssh update... \e[0m"
cd /tmp
/bin/mv /etc/ssh/ /etc/ssh.ori
/bin/mv /etc/init.d/sshd /etc/init.d/sshd.ori
tar xf openssh-7.2p2.tar.gz
cd openssh-7.2p2
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords >/dev/null 2>&1
make >/dev/null 2>&1
make install >/dev/null 2>&1
RETVAL2=$?
if [ $RETVAL2 -eq 0 ];then
echo "openssh update succefull"
else
echo "openssh update failed"
return 3
fi
########inittal sshd#######
/bin/cp /tmp/openssh-7.2p2/contrib/redhat/sshd.init /etc/init.d/sshd
/bin/chmod +x /etc/init.d/sshd
sed -i s/"#PermitRootLogin prohibit-password"/"PermitRootLogin no"/g /etc/ssh/sshd_config
sed -i s/"#Port 22"/"Port 49721"/g /etc/ssh/sshd_config
/etc/init.d/sshd start
/etc/init.d/sshd reload
chkconfig --add sshd
A=`ps -ef|grep sshd|grep -v grep|wc -l`
B=`netstat -lantpu|grep sshd|grep LISTEN|wc -l`
if [ $A -gt 1 -a $B -gt 1 ];then
echo "sshd inittal succefull"
else
echo "sshd inittal failed"
return 4
fi
}
openssl
openssh
我们来看看脚本执行的实际效果
时间: 2024-10-11 00:59:35