标签 centos 下的文章

作者: reistlin
来源: http://www.reistlin.com/blog/436
更新时间: 2023.05
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

linux.pngcentos.png

一,升级 CentOS 6 openssl 1.0.2u

查看 CentOS 6 openssl 版本,默认为 1.0.1e
也可以用 yum info openssl 查看 CentOS6 默认版本信息

[reistlin@reistlin ~]$ openssl version  
OpenSSL 1.0.1e-fips 11 Feb 2013

wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz --no-check-certificate
tar zxvf openssl-1.0.2u.tar.gz
cd openssl-1.0.2u
./config
make depend
make
make test
make install

默认安装路径:/usr/local/ssl/bin/openssl

安装完成后再次确认版本,升级成功

[reistlin@reistlin ~]$ openssl version
OpenSSL 1.0.2u  20 Dec 2019

二,安装 libressl 2.7.5

wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.5.tar.gz --no-check-certificate
tar zxvf libressl-2.7.5.tar.gz
cd libressl-2.7.5
./configure --prefix=/usr/local
make
make install

vim /etc/ld.so.conf

/usr/local/lib
/usr/local/lib64

ldconfig -v

三,安装 CentOS 6 Python 3.8.9

wget https://www.python.org/ftp/python/3.8.9/Python-3.8.9.tgz
tar zxvf Python-3.8.9.tgz
cd Python-3.8.9

vim Modules/Setup

取消下面 4 行注释,启用 libressl

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
        -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
        -L$(SSL)/lib -lssl -lcrypto

./configure --prefix=/usr/local/python3 --enable-optimizations --with-openssl=/usr/local/ssl/
make
make install

四,解决 CentOS 6 编译安装 Python 3.8.9 openSSL 报错问题:

Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

作者: reistlin
来源: http://www.reistlin.com/blog/431
更新时间: 2018.01
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

redhat.pngcentos.png

# install RPM

yum install autoconf automake apr-util bind-utils curl gcc httpd-tools jwhois libtool libgssapi-devel lrzsz make mtr ntsysv openldap-devel openssl-devel pam-devel perl rpm-build screen sysstat tcpdump tcp_wrappers-devel tcp_wrappers-libs vim wget zlib-devel

# add user

useradd -u 500 reistlin; echo "密码" | passwd reistlin --stdin

# disable ipv6

echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
echo "IPV6INIT=no" >> /etc/sysconfig/network

# disable iptables

sed -i "/SELINUX/s/enforcing/disabled/" /etc/selinux/config
/etc/init.d/iptables stop
iptables -P INPUT ACCEPT
iptables -F
chkconfig iptables off
chkconfig ip6tables off

# libraries

echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf

# DNS

cat >>/etc/resolv.conf <<EOF

# Google DNS
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF

# timezone

cp -a /etc/localtime /etc/localtime.default
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# profile

cat >>/etc/profile <<EOF

# HisttimeFormat
HISTFILESIZE=2048
HISTSIZE=2048
HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
export HISTTIMEFORMAT

# Editor
export EDITOR=vim

# LANG
export LANG=zh_CN.UTF-8
EOF

# crontab

cat >>/var/spool/cron/root <<EOF

# m h  dom mon dow   command
#* * * * * /root/crontab/nginx.sh > /dev/null 2>&1
#* * * * * /root/crontab/php-fpm.sh > /dev/null 2>&1
#* * * * * /root/crontab/mysqld.sh > /dev/null 2>&1
#* * * * * /root/crontab/stunnel.sh > /dev/null 2>&1
#* * * * * /root/crontab/squid.sh > /dev/null 2>&1
#* * * * * /root/crontab/ss5.sh > /dev/null 2>&1
#* * * * * /root/crontab/kcp.ss.sh > /dev/null 2>&1
#* * * * * /root/crontab/kcp.squid.sh > /dev/null 2>&1

# NTP
59 1 * * * /usr/sbin/ntpdate 0.centos.pool.ntp.org > /dev/null 2>&1
59 2 * * * /usr/sbin/ntpdate 1.centos.pool.ntp.org > /dev/null 2>&1
59 3 * * * /usr/sbin/ntpdate 2.centos.pool.ntp.org > /dev/null 2>&1
EOF

# sshd

sed -i "s/#Port 22/Port 端口/" /etc/ssh/sshd_config
sed -i "s/#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/" /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i "s/#StrictModes yes/StrictModes yes/" /etc/ssh/sshd_config

# logrotate

sed -i "s/rotate 1/rotate 6/" /etc/logrotate.conf
sed -i "s/rotate 4/rotate 12/" /etc/logrotate.conf