因某项目 系统是 SUSE 11 SP3。 在上线前,甲方在安全检测时,发现有openssh 漏洞一大堆!!,导致项目无法正式上线。故只能将openssh openssl 升级。
本文章只提供自写脚本,方便一键升级。(请先自行安装gcc gcc-c++)
本脚本只在suse 11 sp3 上进行测试。但请先自行测试,若脚本出现生产事故故障,不负任何责任!!!
需要依赖包 upgradeSSH.tar 其实就是 3个包 openssh openssl zlib,将此三个包打包成upgradeSSH.tar 名称。或自行修改脚本
# -*- coding: utf-8 -*-
#!/usr/bin/python
#python: 2.7.x
#organization: China Poka
#Author: Duan Yu
#mail:[email protected] or [email protected]
#Date: 02-01-2019
#version: 0.9
#SUSE 11 SP3
import os
class system:
@staticmethod
def tar():
#sshTarPath ="/opt/safe/"
tmpDir = "/tmp/safe/ssh/tar"
os.system("rm -rf " + tmpDir)
os.system("mkdir -p " + tmpDir)
while True:
sshTarPath = raw_input("input upgradeSSH tar Path:")+"upgradeSSH.tar"
if os.path.exists(sshTarPath):
break
os.system("tar xvf " +sshTarPath + " -C " + tmpDir)
os.system("for i in /tmp/safe/ssh/tar/*.tar.gz; do tar zxvf $i -C /tmp/safe/ssh/ ;done")
@staticmethod
def config():
#zlib
checkZlib =os.system("cd /tmp/safe/ssh/zlib* && ./configure --shared && make && make install")
if 0 != checkZlib:
print("config zlib fault")
os._exit(3)
#openssl
checkOpenssl = os.system("cd /tmp/safe/ssh/openssl* && ./config shared && make && make install")
if 0 != checkOpenssl:
print("config openssl fault")
os._exit(4)
#backup openssl
os.system("mv /usr/bin/openssl /usr/bin/openssl.bak")
os.system("ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl")
os.system("echo /usr/local/ssl/lib >> /etc/ld.so.conf")
os.system("ldconfig")
#openssh
os.system("rpm -e openssh --nodeps && mv /etc/ssh /etc/sshbak")
#hide version
tools.replace("/tmp/safe/ssh/openssh-7.9p1/version.h","OpenSSH_7.9","OpenSSH")
#make
checkOpenssh = os.system("cd /tmp/safe/ssh/openssh*/ && ./configure --prefix=/usr/ --sysconfdir=/etc/ssh "
"--with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords mandir=/usr/share/man "
"&& make && make install")
if 0 != checkOpenssh:
print("config openssh fault")
os._exit(5)
os.system("service sshd stop && mv /etc/init.d/sshd /etc/init.d/sshd.bak")
os.system("cp -p /tmp/safe/ssh/openssh*/contrib/suse/rc.sshd /etc/init.d/sshd")
os.system("chmod +x /etc/init.d/sshd && chkconfig --add sshd")
os.system("cp -f -r /usr/sbin/sshd /usr/sbin/sshd.bak")
os.system("cp -f -r /tmp/safe/ssh/openssh-*/sshd_config /etc/ssh/sshd_config ")
os.system("cp -f -r /tmp/safe/ssh/openssh-*/sshd /usr/sbin/sshd")
os.system("cp -f -r /tmp/safe/ssh/openssh-*/ssh /usr/sbin/ssh")
#root login
tools.replace("/etc/ssh/sshd_config","#PermitRootLogin prohibit-password","PermitRootLogin yes")
class tools:
@staticmethod
def replace(file_path, old_str, new_str):
try:
f = open(file_path,'r+')
all_lines = f.readlines()
f.seek(0)
f.truncate()
for line in all_lines:
line = line.replace(old_str, new_str)
f.write(line)
f.close()
except Exception,e:
print e
def install_ssh():
system.tar()
system.config()
if __name__ == '__main__':
install_ssh()