一年碘、升級SSL

openssl 1.0.2n升級

yum install gcc pam-devel zlib-devel -y

cd openssl-1.0.2n

./config shared zlib-dynamic

echo $?

make && make install

echo $?

ls /usr/local/ssl/

echo "/usr/local/ssl/lib">>/etc/ld.so.conf

mv /usr/bin/openssl /usr/bin/openssl.bak

mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/include/openssl /usr/include/openssl

ldconfig -v

openssl version

二鳄袍、升級SSH

cp -raf /usr/bin/ssh /usr/bin/ssh_bak

cp -raf /usr/sbin/sshd /usr/sbin/sshd_bak

cp -raf /etc/ssh /etc/ssh.bak

cp -raf /etc/init.d/sshd /etc/init.d/sshd.bak

cp -raf /root/.ssh/ /root/.ssh.bak

tar -xf /root/openssh-7.8p1.tar.gz

cd /root/openssh-7.8p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/empty/sshd --with-ssl-dir=/usr/local/ssl/--with-pam--without-hardening

echo $?

make&&make install

echo $?

sed -i 's/GSSAPIAuthentication yes/#GSSAPIAuthentication yes/g' /etc/ssh/sshd_config

sed -i 's/GSSAPICleanupCredentials yes/#GSSAPICleanupCredentials yes/g' /etc/ssh/sshd_config

service sshd restart

ssh -V

報錯

Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.1.0.0: failed to map segment from shared object: Permission denied

檢查selinx

setenforce 0?? ?? ? #清空規(guī)則

vim /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#???????enforcing - SELinux security policy is enforced.

#???????permissive - SELinux prints warnings instead of enforcing.

#???????disabled - SELinux is fully disabled.

SELINUX=enforcing?? ?? ? #修改成?disabled

# SELINUXTYPE= type of policy in use. Possible values are:

#???????targeted - Only targeted network daemons are protected.

#???????strict - Full SELinux protection.

SELINUXTYPE=targeted

報錯

Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.1.0.0: failed to map segment from shared object: Permission denied

檢查selinx

setenforce 0?? ?? ? #清空規(guī)則

vim /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#???????enforcing - SELinux security policy is enforced.

#???????permissive - SELinux prints warnings instead of enforcing.

#???????disabled - SELinux is fully disabled.

SELINUX=enforcing?? ?? ? #修改成?disabled

# SELINUXTYPE= type of policy in use. Possible values are:

#???????targeted - Only targeted network daemons are protected.

#???????strict - Full SELinux protection.

SELINUXTYPE=targeted