[Server security] Upgrade OpenSSH, OpenSSL, disable NTP, and opensshntp

[Server security] Upgrade OpenSSH, OpenSSL, disable NTP, and opensshntp

The company's old live video server uses CentOS 6.7, and many software packages were generated several years ago. Recently, many security-related news flood the it circle. First, Intel chips have major security vulnerabilities, followed by MacOS security vulnerabilities. Therefore, security issues cannot be underestimated.

In the next task, we had some related experience in the previous Huawei core network project, most of which were nothing more than configuring or upgrading the software package. After a morning of hard work, we finally completed the preparation of the upgrade package. Linux is convenient.

Update. sh:

#!/bin/bash#stop ntpservice ntpd stopchkconfig --list ntpdchkconfig ntpd off#install openssl-flipsudo tar xzvf openssl-fips-2.0.16.tar.gzcd openssl-fips-2.0.16sudo ./configsudo makesudo make installcd ..#install sslsudo tar xzvf openssl-1.0.2n.tar.gzcd openssl-1.0.2nsudo ./config fips --sharedsudo makesudo make installsudo mv /usr/bin/openssl /usr/bin/openssl.OFFsudo mv /usr/include/openssl /usr/include/openssl.OFFsudo ln -s /usr/local/ssl/bin/openssl /usr/bin/opensslsudo ln -s /usr/local/ssl/include/openssl /usr/include/opensslsudo echo "/usr/local/ssl/lib" >>/etc/ld.so.confsudo /sbin/ldconfig -vsudo openssl version -acd ..#update sshsudo tar xzvf openssh-7.6p1.tar.gz cd openssh-7.6p1sudo ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/mansudo makesudo make installsudo sed -i 's/#Protocol 2,1/Protocol 2,1/g' /etc/ssh/sshd_configsudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_configsudo sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_configsudo sed -i 's/#StrictModes yes/StrictModes yes/g' /etc/ssh/sshd_configsudo service sshd restart