linux系统安全加固-升级glibc/bash
来源:互联网 发布:网络视频广告表现形式 编辑:程序博客网 时间:2024/06/05 04:17
一、升级glibc
1、升级前查看是否有漏洞
[root@egwg-54-129 service]# ./test.sh
Vulnerable glibc version <= 2.17-54
Vulnerable glibc version <= 2.5-122
Vulnerable glibc version <= 2.12-1.148
Detected glibc version 2.12 revision 107
This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
Update the glibc and ncsd packages on your system using the packages released with the following:
yum install glibc
2、登录https://access.redhat.com/security/cve/CVE-2015-0235,查看需升级的版本号
3、下载加固包
http://mirrors.aliyun.com/centos/6/os/x86_64/Packages/ (redhat6)
执行:
rpm -Uvh glibc-2.12-1.149.el6.i686.rpm glibc-2.12-1.149.el6.x86_64.rpm glibc-common-2.12-1.149.el6.x86_64.rpm glibc-devel-2.12-1.149.el6.x86_64.rpm glibc-headers-2.12-1.149.el6.x86_64.rpm glibc-utils-2.12-1.149.el6.x86_64.rpm nscd-2.12-1.149.el6.x86_64.rpm
4、升级后:[root@egwg-54-128 glibc]# ./test.sh
Vulnerable glibc version <= 2.17-54
Vulnerable glibc version <= 2.5-122
Vulnerable glibc version <= 2.12-1.148
Detected glibc version 2.12 revision 149
Not Vulnerable.
漏洞检测脚本:
将脚本拷贝到test.sh文件中
#!/bin/bash
vercomp () {
if [[ $1 == $2 ]]
then
return 0
fi
local IFS=.
local i ver1=($1) ver2=($2)
# fill empty fields in ver1 with zeros
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++))
do
ver1[i]=0
done
for ((i=0; i<${#ver1[@]}; i++))
do
if [[ -z ${ver2[i]} ]]
then
# fill empty fields in ver2 with zeros
ver2[i]=0
fi
if ((10#${ver1[i]} > 10#${ver2[i]}))
then
return 1
fi
if ((10#${ver1[i]} < 10#${ver2[i]}))
then
return 2
fi
done
return 0
}
glibc_vulnerable_version=2.17
glibc_vulnerable_revision=54
glibc_vulnerable_version2=2.5
glibc_vulnerable_revision2=122
glibc_vulnerable_version3=2.12
glibc_vulnerable_revision3=148
echo "Vulnerable glibc version <=" $glibc_vulnerable_version"-"$glibc_vulnerable_revision
echo "Vulnerable glibc version <=" $glibc_vulnerable_version2"-"$glibc_vulnerable_revision2
echo "Vulnerable glibc version <=" $glibc_vulnerable_version3"-1."$glibc_vulnerable_revision3
glibc_version=$(rpm -q glibc | awk -F"[-.]" '{print $2"."$3}' | sort -u)
if [[ $glibc_version == $glibc_vulnerable_version3 ]]
then
glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $5}' | sort -u)
else
glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $4}' | sort -u)
fi
echo "Detected glibc version" $glibc_version" revision "$glibc_revision
vulnerable_text=$"This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
Update the glibc and ncsd packages on your system using the packages released with the following:
yum install glibc"
if [[ $glibc_version == $glibc_vulnerable_version ]]
then
vercomp $glibc_vulnerable_revision $glibc_revision
elif [[ $glibc_version == $glibc_vulnerable_version2 ]]
then
vercomp $glibc_vulnerable_revision2 $glibc_revision
elif [[ $glibc_version == $glibc_vulnerable_version3 ]]
then
vercomp $glibc_vulnerable_revision3 $glibc_revision
else
vercomp $glibc_vulnerable_version $glibc_version
fi
case $? in
0) echo "$vulnerable_text";;
1) echo "$vulnerable_text";;
2) echo "Not Vulnerable.";;
esac
二、升级bash
1、检查是否有漏洞:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
有漏洞:
[root@localhost ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
2、下载加固包
http://mirrors.aliyun.com/centos/6/os/x86_64/Packages/
下载bash-4.1.2-29.el6.x86_64(根据实际版本来升级)
3、查询当前版本
rpm -qa | grep bash
4、下载老版本
rpm -e bash-4.1.2-14.el6.x86_64
5、升级安装
rpm -ivh --force bash-4.1.2-29.el6.x86_64.rpm --force --nodeps
0 0
- linux系统安全加固-升级glibc/bash
- linux系统安全加固
- Linux系统安全加固浅谈
- suse linux操作系统安全加固
- 利用sudo加固Linux系统安全
- Linux系统安全加固(一)
- 通过Linux系统伪装方法加固系统安全
- 通过Linux系统伪装方法加固系统安全
- 通过Linux系统伪装方法加固系统安全
- Linux系统安全加固设置详细教程
- LINUX系统安装及系统安全加固
- linux升级 glibc
- linux下glibc库升级
- Windows 系统安全加固
- 升级linux bash
- CentOS7 系统安全加固实施方案介绍
- linux升级glibc基本库的步骤
- Linux系统直接升级GLIBC版本
- void指针的转换(2)
- cocos2dx触摸事件的添加问题,触摸事件不起作用
- 日语语法总结-8 md version
- android camera(三):camera V4L2 FIMC
- java网页验证码代码
- linux系统安全加固-升级glibc/bash
- SSH框架总结(框架分析+环境搭建+实例源码下载)
- 不借助变量交换两个数
- Android设备的密度和尺寸
- shell中${ } 的功能
- PLSQL collection 示例 之 index-by table
- js中调用父页面的方法
- [LeetCode]Remove Duplicates from Sorted Array
- wget 下载服务器文件