https://blog.coinidea.com/tags/centos/Recent content in CentOS on Coinidea的博客Hugo -- gohugo.ioen-usThu, 23 Nov 2017 08:05:04 +0000https://blog.coinidea.com/%E7%B3%BB%E7%BB%9F%E8%BD%AF%E4%BB%B6-1265.htmlThu, 23 Nov 2017 08:05:04 +0000https://blog.coinidea.com/%E7%B3%BB%E7%BB%9F%E8%BD%AF%E4%BB%B6-1265.html<h2 id="升级-openssh-到-74-版本以上">升级 OpenSSH 到 7.4 版本以上 </h2><h3 id="背景">背景 </h3><p>目前来讲，Linux 下 OpenSSH 7.4 版本以下的，都有一些高危漏洞，需要将 OpenSSH 升级到 7.4 版本以上。在一台不能上外网的机器上（yum），是比较麻烦的事儿。网上大家都先建议备份好 ssh 和安装 telnet 防止，升级失败可以 telnet 进去。</p> <h3 id="常见问题及解决方案">常见问题及解决方案 </h3><h4 id="1-找不到-zlibh">1. 找不到 <code>zlib.h</code> </h4><p>参考链接：<a class="link" href="http://www.linuxidc.com/Linux/2012-10/72036.htm" target="_blank" rel="noopener" >http://www.linuxidc.com/Linux/2012-10/72036.htm</a></p> <h4 id="2-zlib-下载地址">2. zlib 下载地址 </h4><ul> <li><a class="link" href="http://www.zlib.net/" target="_blank" rel="noopener" >http://www.zlib.net/</a></li> </ul> <h4 id="3-zlib-安装">3. zlib 安装 </h4><p>参考链接：<a class="link" href="http://www.360doc.com/content/13/0124/17/1200324_262179628.shtml" target="_blank" rel="noopener" >http://www.360doc.com/content/13/0124/17/1200324_262179628.shtml</a></p> <h4 id="4-手动编译生成安装-openssh-需要的依赖">4. 手动编译生成安装 OpenSSH 需要的依赖 </h4><ul> <li><code>zlib</code></li> <li><code>pam</code></li> <li><code>pam-devel</code></li> </ul> <p>如果报错 <code>configure: error: PAM headers not found</code>，可以下载 <code>pam-devel</code>：</p> <ul> <li><a class="link" href="http://rpm.pbone.net/index.php3?stat=26&amp;dist=74&amp;size=208492&amp;name=pam-devel-1.1.1-17.el6.x86_64.rpm" target="_blank" rel="noopener" >http://rpm.pbone.net/index.php3?stat=26&amp;dist=74&amp;size=208492&amp;name=pam-devel-1.1.1-17.el6.x86_64.rpm</a></li> </ul> <h4 id="5-openssl-下载">5. OpenSSL 下载 </h4><ul> <li><a class="link" href="ftp://ftp.openssl.org/source/" >ftp://ftp.openssl.org/source/</a></li> </ul> <h4 id="6-安装-openssl">6. 安装 OpenSSL </h4><p>参考链接：</p> <ul> <li><a class="link" href="http://blog.csdn.net/ikownyou/article/details/53021686" target="_blank" rel="noopener" >http://blog.csdn.net/ikownyou/article/details/53021686</a></li> <li><a class="link" href="http://www.linuxidc.com/Linux/2011-10/45738.htm" target="_blank" rel="noopener" >http://www.linuxidc.com/Linux/2011-10/45738.htm</a></li> </ul> <h3 id="注意事项">注意事项 </h3><p>如果 OpenSSH 升级后 SecureCRT 不能登录，可能是因为 SecureCRT 版本太低不支持一些加密协议：</p> <p>参考链接：<a class="link" href="http://blog.csdn.net/yangg1991/article/details/51755562" target="_blank" rel="noopener" >http://blog.csdn.net/yangg1991/article/details/51755562</a></p> <h3 id="升级-openssh-的步骤">升级 OpenSSH 的步骤 </h3><p>参考链接：<a class="link" href="http://blog.csdn.net/u011080082/article/details/64503534" target="_blank" rel="noopener" >http://blog.csdn.net/u011080082/article/details/64503534</a></p> <h2 id="升级-vsftpd-从-222-到-234">升级 vsftpd 从 2.2.2 到 2.3.4 </h2><p>下载 <code>vsftpd-2.3.4.tar.gz</code> 包，64 位注意：</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/lib\/lib64\/g&#39;</span> vsf_findlibs.sh </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/lib\//lib64\//g&#39;</span> vsf_findlibs.sh </span></span></code></pre></td></tr></table> </div> </div><h3 id="配置-vsftpd">配置 vsftpd </h3><p>使用主动模式：</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">vsftpd /etc/vsftpd/vsftpd.conf <span class="p">&amp;</span> </span></span></code></pre></td></tr></table> </div> </div><p><code>standard_alone</code> 启动下，需要将下列两行代码，加入配置文件头部：</p> <p>参考链接：<a class="link" href="http://wingjang.blog.163.com/blog/static/47913442200811113104509/" target="_blank" rel="noopener" >http://wingjang.blog.163.com/blog/static/47913442200811113104509/</a></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nv">listen</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">listen_port</span><span class="o">=</span><span class="m">21</span> </span></span></code></pre></td></tr></table> </div> </div><p>安装之后默认只允许匿名用户登录，所以需要修改一下：</p> <p>参考链接：<a class="link" href="http://blog.sina.com.cn/s/blog_7e16680c01018ox1.html" target="_blank" rel="noopener" >http://blog.sina.com.cn/s/blog_7e16680c01018ox1.html</a></p> <h3 id="处理-tcp_wrapper-问题">处理 TCP_Wrapper 问题 </h3><p>如果有问题，注意删除空格，也可以去掉：</p> <p>参考链接：</p> <ul> <li><a class="link" href="http://blog.csdn.net/u010098331/article/details/50699914" target="_blank" rel="noopener" >http://blog.csdn.net/u010098331/article/details/50699914</a></li> <li><a class="link" href="http://blog.csdn.net/yylklshmyt20090217/article/details/8500608" target="_blank" rel="noopener" >http://blog.csdn.net/yylklshmyt20090217/article/details/8500608</a></li> </ul> <h3 id="vsftpd-下载">vsftpd 下载 </h3><ul> <li><a class="link" href="http://pkgs.fedoraproject.org/repo/pkgs/vsftpd/" target="_blank" rel="noopener" >http://pkgs.fedoraproject.org/repo/pkgs/vsftpd/</a></li> </ul>