最近openssl 漏洞搞得互联网 人人自危,前几天弄的更新 一直很忙没来的急更新博文
今天更新下博文和脚本。
发现好多服务器 的openssl 版本不对(好几台服务器都不对,得赶紧更新新版本)
|
1
2
3
4
5
6
7
8
|
[root@ceshi ~]
# openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Dec 18 19:40:59 UTC 2013
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR:
"/etc/pki/tls"
engines: dynamic
|
vi ab.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#!/bin/bash
#下载安装最新openssl
wget http:
//www
.openssl.org
/source/openssl-1
.0.1g.
tar
.gz
tar
xzvf openssl-1.0.1g.
tar
.gz
cd
openssl-1.0.1g
.
/config
shared zlib
make
&&
make
install
cd
/usr/local/ssl/
.
/bin/openssl
version -a
#替换旧版openssl
mv
/usr/bin/openssl
/usr/bin/openssl
.old
mv
/usr/include/openssl
/usr/include/openssl
.old
ln
-s
/usr/local/ssl/bin/openssl
/usr/bin/openssl
ln
-s
/usr/local/ssl/include/openssl/
/usr/include/openssl
#配置库文件搜索路径
echo
"/usr/local/ssl/lib"
>>
/etc/ld
.so.conf
ldconfig
#测试新版是否正常
openssl version -a
|
安装中
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
正在连接 www.openssl.org|185.9.166.106|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:4509047 (4.3M) [application
/x-gzip
]
正在保存至: “openssl-1.0.1g.
tar
.gz”
9% [==> ] 409,093 133K
/s
eta(英国中部时 11% [===> ] 512,185 146K
/s
eta(英国中部时 11% [===> ] 526,705 134K
/s
eta(英国中部时 15% [=====> ] 703,849 162K
/s
eta(英国中部时 17% [=====> ] 789,517 165K
/s
eta(英国中部时 19% [======> ] 880,993 169K
/s
eta(英国中部时 21% [=======> ] 957,949 170K
/s
eta(英国中部时 23% [=======> ] 1,039,261 171K
/s
eta(英国中部时 25% [========> ] 1,153,969 178K
/s
eta(英国中部时 28% [=========> ] 1,271,581 184K
/s
eta(英国中部时间) 1730% [===========> ] 1,390,645 189K
/s
eta(英国中部时间) 1733% [============> M_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o obj_dat.o obj_dat.c
gcc -I.. -I../.. -I..
/modes
-I..
/asn1
-I..
/evp
-I../..
/include
-fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o obj_lib.o obj_lib.c
gcc -I.. -I../.. -I..
/modes
-I..
/asn1
-I..
/evp
-I../..
/include
-fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o obj_err.o obj_err.c
gcc -I.. -I../.. -I..
/modes
-I..
/asn1
-I..
/evp
-I../..
/include
-fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o obj_xref.o obj_xref.c
OpenSSL shared libraries have been installed
in
:
/usr/local/ssl
If this directory is not
in
a standard system path
for
dynamic
/shared
libraries,
then
you will have problems linking and executing
applications that use OpenSSL libraries UNLESS:
* you link with static (archive) libraries. If you are truly
paranoid about security, you should use static libraries.
* you use the GNU libtool code during linking
(http:
//www
.gnu.org
/software/libtool/libtool
.html)
* you use pkg-config during linking (this requires that
PKG_CONFIG_PATH includes the path to the OpenSSL shared
library directory), and
make
use of -R or -rpath.
(http:
//www
.freedesktop.org
/software/pkgconfig/
)
* you specify the system-wide link path via a
command
such
as crle(1) on Solaris systems.
* you add the OpenSSL shared library directory to
/etc/ld
.so.conf
and run ldconfig(8) on Linux systems.
* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
environment variable and add the OpenSSL shared library
directory to it.
One common tool to check the dynamic dependencies of an executable
or dynamic library is ldd(1) on most UNIX systems.
See any operating system documentation and manpages about shared
libraries
for
your version of UNIX. The following manpages may be
helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
chatr(1) [HP].
cp
libcrypto.pc
/usr/local/ssl/lib/pkgconfig
chmod
644
/usr/local/ssl/lib/pkgconfig/libcrypto
.pc
cp
libssl.pc
/usr/local/ssl/lib/pkgconfig
chmod
644
/usr/local/ssl/lib/pkgconfig/libssl
.pc
cp
openssl.pc
/usr/local/ssl/lib/pkgconfig
chmod
644
/usr/local/ssl/lib/pkgconfig/openssl
.pc
OPENSSLDIR:
"/usr/local/ssl"
OpenSSL 1.0.1g 7 Apr 2014
built on: Tue Apr 22 13:48:05 CST 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR:
"/usr/local/ssl"
|
本文转自 cs312779641 51CTO博客,原文链接:http://blog.51cto.com/chenhao6/1400484
