linux一把梭之升级（centos7.9）_kernel-devel离线安装

centos升级内核

如果没有yum源可以先下载阿里yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
在Centos-7.repo里写入elrepo镜像源
[elrepo]
name=elrepo
baseurl=https://mirrors.aliyun.com/elrepo/archive/kernel/el7/x86_64
gpgcheck=0
enabled=1

yum clean all && yum makecache

查看yum源含有的kernel包
yum list --showduplicate kernel*
安装相关版本包
yum install -y kernel-ml-6.6.10
yum install -y kernel-ml-devel-6.6.10

查看安装内核参数
awk -F’ ‘$1=="menuentry " {print i++ “:” $2}’ /etc/grub2.cfg
设置开机启动内核参数
grub2-set-default 0

centos升级openssl

目前版本
[root@ecs-a853 openssl-3.1.1]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

安装依赖包
yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
下载openssl包
wget https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz
备份当前环境
[root@ecs-a853 openssl-3.1.1]# find /usr -name openssl
/usr/bin/openssl
/usr/lib64/openssl
以实际环境为准
cp -r /usr/bin/openssl /usr/bin/openssl_backup
cp -r /usr/lib64/openssl /usr/lib64/openssl_backup
解压安装包
tar -zxvf openssl-3.1.1.tar.gz
-------------------------------------------
安装3版本openssl会报错需要先安装perl-CPAN
yum install -y perl-CPAN
# 进入命令行
perl -MCPAN -e shell（一路回车就行）
# 安装缺少的模块
cpan[1]> install IPC/Cmd.pm
-------------------------------------------
# 进入解压后的文件夹，执行配置
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
如果报错则：yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
# 执行编译命令
make
# 执行安装命令
make install
# 配置动态库链接
echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf
# 更新系统的库缓存
ldconfig
# 替换旧版的目录
cp /usr/local/ssl/bin/openssl /usr/bin/openssl
# 使用新的OpenSSL版本
ldconfig -v在这里插入代码片
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

centos升级dnsmasq2.89

创建dnsmasq用户
# groupadd -r dnsmasq && useradd -M -N -g dnsmasq -d /usr/local/dnsmasq  -r  -s /bin/false -c "DNSmasq Server"  dnsmasq
解压dnsmasq
# tar xf dnsmasq-2.89.tar.gz
# cd dnsmasq-2.89

修改安装路径
vim Makefile
PREFIX        = /usr/local/dnsmasq-2.89
BINDIR        = $(PREFIX)/sbin
MANDIR        = $(PREFIX)/share/man
LOCALEDIR     = $(PREFIX)/share/locale
BUILDDIR      = $(SRC)

安装dnsmasq
# make install

创建软链接
# ln -svf /usr/local/dnsmasq-2.89/ /usr/local/dnsmasq
'/usr/local/dnsmasq' -> '/usr/local/dnsmasq-2.89/'

复制配置文件到软连接
# cp dnsmasq-2.89/dnsmasq.conf.example /usr/local/dnsmasq/dnsmasq.conf

修改配置文件
# egrep -v "^$|^#" /usr/local/dnsmasq/dnsmasq.conf 
# vim /usr/local/dnsmasq/dnsmasq.conf
bogus-priv
resolv-file=/usr/local/dnsmasq/resolv.conf
strict-order
user=dnsmasq
group=dnsmasq
addn-hosts=/usr/local/dnsmasq/hosts

修改dnsmasq.service服务
# vim /usr/lib/systemd/system/dnsmasq.service
[Unit]
Description=dnsmasq - A lightweight DHCP and caching DNS server
Requires=network.target
Wants=nss-lookup.target
Before=nss-lookup.target
After=network.target

[Service]
Type=forking
PIDFile=/var/run/dnsmasq.pid
ExecStart=/usr/local/dnsmasq/sbin/dnsmasq --conf-file=/usr/local/dnsmasq/dnsmasq.conf
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

准备文件
# cp /etc/resolv.conf /usr/local/dnsmasq/
# touch /usr/local/dnsmasq/hosts
# chown -R dnsmasq.dnsmasq /usr/local/dnsmasq

运行dnsmasq
# systemctl enable dnsmasq
# systemctl start dnsmasq

查看版本
# dnsmasq -v
[root@centos ~]# dnsmasq -v
Dnsmasq version 2.89  Copyright (c) 2000-2022 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-cryptohash no-DNSSEC loop-detect inotify dumpfile

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.在这里插入代码片
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

centos升级openssh

#安装openssh
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
#解压
tar -zxvf openssh-8.9p1.tar.gz
#进入安装目录
cd openssh-8.9p1
#编译
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
#安装
make && make install
#卸载由yum安装的openssh
yum remove openssh
#修改配置（见下图）
#复制文件到相应系统文件夹
cp /home/openssh-8.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
#启动
systemctl start sshd.service
#查看状态
systemctl status sshd.service

#关闭seLinux
修改/etc/selinux/config 文件中的SELINUX=enforcing 修改为 SELINUX=disabled
或
setenforce 0

#查看ssh版本
ssh -V
问题发现
最后配置文件生效目录/usr/local/openssh/etc/sshd_config，所以还是得修改此位置下的配置文件在这里插入代码片
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35