来源:http://www.bzxy.net/index.php?article/netshool/2010-07-08/16627.html
1) yum install make
yum install gcc gcc-c++
yum install libxml2 libxml2-devel
yum install libmcrypt libmcrypt-devel
yum install libtool-ltdl
yum install apr apr-*
yum install ncurses ncurses-*
yum install sendmail sendmail-*
service sendmail start
2) 系统环境部署及调整
检查系统是否正常
# tail -n100 /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig(检查网卡设置是否正确)
# pingwww.linuxtone.org (检查网络是否正常)
3) 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)
#rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
#yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel \
ncurses-devel zlib-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel libXpm-devel \
gettext-devel pam-devel kernel
4) 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步
# crontab -e
加入一行:
15 3 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
2. 编译安装软件包
源码编译安装所需包(Source)
1) GD2
# cd /usr/local/src
# tar xvf gd-2.0.35.tar.gz
# cd gd-2.0.35
# ./configure --prefix=/usr/local/gd2
# make
# make install
2) LibXML2
# cd /usr/local/src
# tar xvf libxml2-2.6.29.tar.bz2
# cd libxml2-2.6.29
# ./configure --prefix=/usr/local/libxml2
# make
# make install
3) LibMcrypt
# cd /usr/local/src
# tar xvf libmcrypt-2.5.8.tar.bz2
# cd libmcrypt-2.5.8
# ./configure --prefix=/usr/local/libmcrypt
# make
# make install
4) Apache日志截断程序
# cd /usr/local/src
# tar xvf cronolog-1.6.2.tar.gz
# cd cronolog-1.6.2
# ./configure --prefix=/usr/local/cronolog
# make
# make install
3. 升级OpenSSL和OpenSSH
# cd /usr/local/src
# tar xvf openssl-0.9.8g.tar.gz
# cd openssl-0.9.8g
# ./config --prefix=/usr/local/openssl
# make
# make test
# make install
# cd ..
# tar xvf openssh-5.0p1.tar.gz
# cd openssh-5.0p1
# ./configure \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--with-ssl-dir=/usr/local/openssl" \
"--with-md5-passwords"
# make
# make install
1) 禁用 SSH V1 协议
找到#Protocol 2,1改为:Protocol 2
2) 禁用服务器端GSSAPI
找到以下两行,并将它们注释:
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
3) 禁用 DNS 名称解析
找到:#UseDNS yeas改为:UseDNS no
4)禁用客户端 GSSAPI
# vi /etc/ssh/ssh_config 找到:GSSAPIAuthentication yes 将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务
# service sshd restart
# ssh -v
确认 OpenSSH 以及 OpenSSL 版本正确。
没有评论:
发表评论