升级ssl和ssh
#/bin/bash#需要手動修改的變量
version="ssh_8.6p1" #定義版本號
soft_dir=$(cd "$(dirname "$0")"; pwd) # 上傳安裝包的目錄
ssl_media="openssl-1.1.1k.tar.gz" #ssl軟件包名
ssh_media="openssh-8.6p1.tar.gz" # ssh軟件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
OS_version=$(cat /etc/redhat-release | awk '{ if(match($0,"release ")) {print substr($0,RSTART+RLENGTH)}}' | awk -F '.' '{print $1}')
#
#if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then# soft_dir="/$soft_dir/$version" # 定義工作目錄#mkdir -p $soft_dir
#else# echo "`date +%H:%M:%S`--install media is not exist" |tee -a $soft_dir/check_point.log#echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log#exit;
#fi#安裝升級所需依賴包
function InstallDeploy(){echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $soft_dir/check_point.logyum -y install gcc pam-devel zlib-devel perl openssl-develecho "`date +%H:%M:%S`--install completed " |tee -a $soft_dir/check_point.log}#
function Unpack(){echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $soft_dir/check_point.logcd $soft_dirtar xvf $ssl_softtar xvf $ssh_softecho "`date +%H:%M:%S`--Unpack completed " |tee -a $soft_dir/check_point.log
}function Backup(){echo "`date +%H:%M:%S`--Backup important files..." |tee -a $soft_dir/check_point.log\cp -af /usr/lib64/openssl /usr/lib64/openssl.old\cp -af /usr/bin/openssl /usr/bin/openssl.old\cp -af /usr/include/openssl /usr/include/openssl.old\cp -af /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old\cp -af /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old\cp -af /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old\mv /usr/bin/openssl /usr/bin/openssl.bak\mv /usr/include/openssl /usr/include/openssl.bak \cp -arf /etc/ssh/ /etc/ssh_`date +%F` echo "`date +%H:%M:%S`--Backup completed " |tee -a $soft_dir/check_point.log}function Installopenssl(){echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssl*/echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $soft_dir/check_point.log./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlibmake dependmake && make install # 加載動態庫ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/opensslecho "/usr/local/lib64/" >> /etc/ld.so.confecho "/usr/local/ssl/lib" >> /etc/ld.so.confldconfig ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/openssl version -aecho "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--version: `openssl version`" |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--Installopenssl completed " |tee -a $soft_dir/check_point.log
}function Installopenssh(){echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $soft_dir/check_point.log cd $soft_dir/openssh*/echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $soft_dir/check_point.log./configure \--prefix=/usr \--sysconfdir=/etc/ssh \--with-md5-passwords \--with-pam \--with-tcp-wrappers \--with-ssl-dir=/usr/local/openssl \--with-zlib=/usr/local/lib64 \--without-hardeningmake && chmod 600 /etc/ssh/ssh_host*make install &&echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $soft_dir/check_point.log
}function Configssh(){echo "`date +%H:%M:%S`--Config ssh...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssh*/if test -e /usr/lib/systemd/system/sshd.servicethenmv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk fi#mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk cp contrib/redhat/sshd.init /etc/init.d/sshdchmod a+x /etc/init.d/sshd cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pamchkconfig --add sshdchkconfig sshd onif [ "a$OS_version" == "a7" ]thensystemctl enable sshdfiecho "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_configecho "PermitRootLogin no" >> /etc/ssh/sshd_configsed -i 's/GSSAPICleanupCredentials no/#&/' /etc/ssh/sshd_configsed -i 's/GSSAPIAuthentication yes/#&/' /etc/ssh/sshd_configecho "`date +%H:%M:%S`--Config ssh...." |tee -a ./check_point.logecho "`date +%H:%M:%S`--Restart ssh service...." |tee -a $soft_dir/check_point.logif [ "a$OS_version" == "a7" ]thensystemctl restart sshdelseservice sshd restartfiecho "`date +%H:%M:%S`--Restart ssh completed " |tee -a $soft_dir/check_point.log}function start(){#InstallDeployUnpackBackupInstallopensslInstallopensshConfigsshopenssl version -assh -V}start
#/bin/bash
#!/bin/bash
# author:wangxinyu
# company:lx
# version: v8.4
# date: Fri Oct 16 18:16:23 CST 2020
# state: Continuously updated
#
# 使用前提 :
# 1. 配置好yum源
# 2. 防止斷連,開啟telnet服務
# 3. 上傳最新版的軟件包#
#需要手動修改的變量
version="ssh_8.6p1" #定義版本號
soft_dir=$(cd "$(dirname "$0")"; pwd) # 上傳安裝包的目錄
ssl_media="openssl-1.1.1k.tar.gz" #ssl軟件包名
ssh_media="openssh-8.6p1.tar.gz" # ssh軟件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
OS_version=$(cat /etc/redhat-release | awk '{ if(match($0,"release ")) {print substr($0,RSTART+RLENGTH)}}' | awk -F '.' '{print $1}')
#
#if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then# soft_dir="/$soft_dir/$version" # 定義工作目錄#mkdir -p $soft_dir
#else# echo "`date +%H:%M:%S`--install media is not exist" |tee -a $soft_dir/check_point.log#echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log#exit;
#fi#安裝升級所需依賴包
function InstallDeploy(){echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $soft_dir/check_point.logyum -y install gcc pam-devel zlib-devel perl openssl-develecho "`date +%H:%M:%S`--install completed " |tee -a $soft_dir/check_point.log}#
function Unpack(){echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $soft_dir/check_point.logcd $soft_dirtar xvf $ssl_softtar xvf $ssh_softecho "`date +%H:%M:%S`--Unpack completed " |tee -a $soft_dir/check_point.log
}function Backup(){echo "`date +%H:%M:%S`--Backup important files..." |tee -a $soft_dir/check_point.log\cp -af /usr/lib64/openssl /usr/lib64/openssl.old\cp -af /usr/bin/openssl /usr/bin/openssl.old\cp -af /usr/include/openssl /usr/include/openssl.old\cp -af /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl.old\cp -af /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so.10.old\cp -af /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.10.old\mv /usr/bin/openssl /usr/bin/openssl.bak\mv /usr/include/openssl /usr/include/openssl.bak \cp -arf /etc/ssh/ /etc/ssh_`date +%F` echo "`date +%H:%M:%S`--Backup completed " |tee -a $soft_dir/check_point.log}function Installopenssl(){echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssl*/echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $soft_dir/check_point.log./config --prefix=/usr/local --openssldir=/usr/local/openssl shared zlibmake dependmake && make install # 加載動態庫ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/opensslecho "/usr/local/lib64/" >> /etc/ld.so.confecho "/usr/local/ssl/lib" >> /etc/ld.so.confldconfig ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib/ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib/openssl version -aecho "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--version: `openssl version`" |tee -a $soft_dir/check_point.logecho "`date +%H:%M:%S`--Installopenssl completed " |tee -a $soft_dir/check_point.log
}function Installopenssh(){echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $soft_dir/check_point.log cd $soft_dir/openssh*/echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $soft_dir/check_point.log./configure \--prefix=/usr \--sysconfdir=/etc/ssh \--with-md5-passwords \--with-pam \--with-tcp-wrappers \--with-ssl-dir=/usr/local/openssl \--with-zlib=/usr/local/lib64 \--without-hardeningmake && chmod 600 /etc/ssh/ssh_host*make install &&echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $soft_dir/check_point.log
}function Configssh(){echo "`date +%H:%M:%S`--Config ssh...." |tee -a $soft_dir/check_point.logcd $soft_dir/openssh*/if test -e /usr/lib/systemd/system/sshd.servicethenmv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk fi#mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bk cp contrib/redhat/sshd.init /etc/init.d/sshdchmod a+x /etc/init.d/sshd cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pamchkconfig --add sshdchkconfig sshd onif [ "a$OS_version" == "a7" ]thensystemctl enable sshdfiecho "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_configecho "PermitRootLogin no" >> /etc/ssh/sshd_configsed -i 's/GSSAPICleanupCredentials no/#&/' /etc/ssh/sshd_configsed -i 's/GSSAPIAuthentication yes/#&/' /etc/ssh/sshd_configecho "`date +%H:%M:%S`--Config ssh...." |tee -a ./check_point.logecho "`date +%H:%M:%S`--Restart ssh service...." |tee -a $soft_dir/check_point.logif [ "a$OS_version" == "a7" ]thensystemctl restart sshdelseservice sshd restartfiecho "`date +%H:%M:%S`--Restart ssh completed " |tee -a $soft_dir/check_point.log}function start(){InstallDeployUnpackBackupInstallopensslInstallopensshConfigsshopenssl version -assh -V}start
總結
- 上一篇: bash shell是如何识别特殊符号的
- 下一篇: Java集合:Collection接口