实例分析对于历史Linux镜像的问题进行修复处理
历史Linux镜像的问题修复方案
历史Linux镜像创建的ECS云服务器,可能存在NTP没有配置,YUM没有配置,还可能存在最近暴漏较高的安全漏洞,请按照以下步骤进行修复,可以让您的云服务器更加安全,还可以使用阿里云提供的YUM服务进行安装软件,可以使用免费的阿里云提供的NTP进行时间同步。
1.配置NTP
不区分发行版,先备份/etc/ntp.conf,然后将其内容替换为如下:
#ntp.conf # #ntpdconfigforaliyunecs. # #6LAN+6LAN+3WAN #shijun.cao@alibaba-inc.com #2014.8.11 # driftfile/var/lib/ntp/drift pidfile/var/run/ntpd.pid logfile/var/log/ntp.log #AccessControlSupport restrictdefaultignore restrict-6defaultignore restrict127.0.0.1 restrict192.168.0.0mask255.255.0.0nomodifynotrapnopeernoquery restrict172.16.0.0mask255.240.0.0nomodifynotrapnopeernoquery restrict100.64.0.0mask255.192.0.0nomodifynotrapnopeernoquery restrict10.0.0.0mask255.0.0.0nomodifynotrapnopeernoquery restrictntp1.aliyun.comnomodifynotrapnopeernoquery restrictntp2.aliyun.comnomodifynotrapnopeernoquery restrictntp3.aliyun.comnomodifynotrapnopeernoquery restrictntp4.aliyun.comnomodifynotrapnopeernoquery restrictntp5.aliyun.comnomodifynotrapnopeernoquery restrictntp6.aliyun.comnomodifynotrapnopeernoquery #localclock server127.127.1.0 fudge127.127.1.0stratum10 #publicntpserver serverntp1.aliyun.comiburstminpoll4maxpoll10 serverntp2.aliyun.comiburstminpoll4maxpoll10 serverntp3.aliyun.comiburstminpoll4maxpoll10 serverntp4.aliyun.comiburstminpoll4maxpoll10 serverntp5.aliyun.comiburstminpoll4maxpoll10 serverntp6.aliyun.comiburstminpoll4maxpoll10 #Privatentpserver serverntp1.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp2.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp3.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp4.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp5.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp6.cloud.aliyuncs.comiburstminpoll4maxpoll10 #Newprivatentpserver serverntp7.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp8.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp9.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp10.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp11.cloud.aliyuncs.comiburstminpoll4maxpoll10 serverntp12.cloud.aliyuncs.comiburstminpoll4maxpoll10
2.更新软件源
0.先确认镜像当前的Linux系统发行版和版本号。
如果有lsb_release命令,执行:
lsb_release-a
否则执行
cat/etc/issue
1.对于CentOS,备份/etc/yum.repos.d/下的CentOS-Base.repo和epel.repo文件,根据CentOS版本,执行如下相应的命令:
CentOS5:
wget-qO/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-5.repo wget-qO/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-5.repo CentOS6: wget-qO/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-6.repo wget-qO/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-6.repo CentOS7: wget-qO/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo wget-qO/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-7.repo
repo文件下载完成后,执行:
yummakecache
2.对于Aliyun5.7,备份/etc/yum.repos.d/CentOS-Base.repo,然后执行:
wget-qO/etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/aliyun-5.repo
repo文件下载完成后,执行:
yummakecache
3.对于Ubuntu,备份/etc/apt/sources.list文件,根据发行版版本,执行命令:
ubuntu12.04: wget-qO/etc/apt/sources.listhttp://mirrors.aliyun.com/repo/ubuntu1204-lts.list ubuntu14.04: wget-qO/etc/apt/sources.listhttp://mirrors.aliyun.com/repo/ubuntu1404-lts.list
然后执行:
apt-getupdate
4.对于Debian,备份/etc/apt/sources.list文件,根据发行版版本,执行命令:
debian6: wget-qO/etc/apt/sources.listhttp://mirrors.aliyun.com/repo/debian6-lts.list debian7: wget-qO/etc/apt/sources.listhttp://mirrors.aliyun.com/repo/debian7-lts.list
然后执行:
apt-getupdate
3.安全漏洞修复补丁
主要修复目前已知的重大安全漏洞,需要升级的软件包括:bash、glibc、openssl、wget、ntp。
在执行如下命令之前,需要确保系统当前的软件源已经设置正确。
1.对于CentOS和AliyunLinux,执行:
yumupdatebashglibcopensslwgetntp
2.对于Ubuntu和Debian,执行:
apt-getinstallbashlibc6libc-binopensslwgetntp