CentOS如何升级Bash(修复破壳漏洞)
发布时间 - 2021-03-01 00:00:00 点击率:次下面由centos教程栏目给大家介绍centos 升级 bash --- 修复破壳漏洞 ,希望对需要的朋友有所帮助!
因为很多公司都有自己的 yum 源,所以直接配置其他的 yum 源升级的话是不允许的,为了能方便的升级,并且安全的测试,先拿一台测试机做测试。
CentOS 的修复方案
安装 yum 插件 yum-downloadonly
注: yum-downloadonly 插件的作用是实现只下载所需包而不直接安装
sudo yum -y install yum-downloadonly
添加 CentOS 的官方源 CentOS-Base.repo
CentOS 5 的官方源
# CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
CentOS 6 的官方源
# CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
ntos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6下载最新的 bash 包
把最新版本的 bash 的 rpm 包下载到 /tmp 目录
sudo yum -y install --downloadonly --downloaddir=/tmp/ bash
下载后的包名分别如下:
CentOS 5
bash-3.2-33.el5_10.4.x86_64.rpm
CentOS 6
bash-4.1.2-15.el6_5.2.x86_64.rpm
安装最新的 bash 包
CentOS 5
sudo yum -y install bash-3.2-33.el5_10.4.x86_64.rpm
CentOS 6
sudo yum -y install bash-4.1.2-15.el6_5.2.x86_64.rpm
验证
env X='() { (a)=>\' sh -c "echo date"; cat echo 输出如下:
date Mon Sep 29 10:11:56 CST 2014
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Hello" 输出如下:
Bash Hello
证明修复成功
加入现有的 rpm 源
最后一步就是把测试完成的包加入公司自己的源中,然后全网推送了。
# centos
# 自己的
# 都有
# 破壳
# 其他的
# 一台
# 所需
# 而不
# 给大家
# 最新版本
# 送了
相关栏目:
【
网站优化151355 】
【
网络推广146373 】
【
网络技术251813 】
【
AI营销90571 】
相关推荐:
Laravel怎么生成二维码图片_Laravel集成Simple-QrCode扩展包与参数设置【实战】
Windows Hello人脸识别突然无法使用
网站制作免费,什么网站能看正片电影?
laravel怎么用DB facade执行原生SQL查询_laravel DB facade原生SQL执行方法
标题:Vue + Vuex 项目中正确使用 JWT 进行身份认证的实践指南
Laravel如何与Pusher实现实时通信?(WebSocket示例)
如何用手机制作网站和网页,手机移动端的网站能制作成中英双语的吗?
使用C语言编写圣诞表白程序
Laravel怎么配置自定义表前缀_Laravel数据库迁移与Eloquent表名映射【步骤】
Laravel用户认证怎么做_Laravel Breeze脚手架快速实现登录注册功能
Laravel如何使用Service Provider注册服务_Laravel服务提供者配置与加载
如何用VPS主机快速搭建个人网站?
韩国网站服务器搭建指南:VPS选购、域名解析与DNS配置推荐
Laravel与Inertia.js怎么结合_使用Laravel和Inertia构建现代单页应用
利用JavaScript实现拖拽改变元素大小
如何将凡科建站内容保存为本地文件?
如何登录建站主机?访问步骤全解析
百度输入法ai组件怎么删除 百度输入法ai组件移除工具
微信推文制作网站有哪些,怎么做微信推文,急?
Laravel如何配置Horizon来管理队列?(安装和使用)
Laravel如何实现多对多模型关联?(Eloquent教程)
如何快速重置建站主机并恢复默认配置?
重庆市网站制作公司,重庆招聘网站哪个好?
Laravel如何处理文件上传_Laravel Storage门面实现文件存储与管理
JavaScript Ajax实现异步通信
如何快速搭建高效简练网站?
Laravel如何发送系统通知?(Notification渠道示例)
html5如何实现懒加载图片_ intersectionobserver api用法【教程】
如何快速搭建二级域名独立网站?
Windows10电脑怎么查看硬盘通电时间_Win10使用工具检测磁盘健康
企业在线网站设计制作流程,想建设一个属于自己的企业网站,该如何去做?
香港服务器部署网站为何提示未备案?
高端智能建站公司优选:品牌定制与SEO优化一站式服务
如何快速生成凡客建站的专业级图册?
Laravel如何配置任务调度?(Cron Job示例)
百度输入法全感官ai怎么关 百度输入法全感官皮肤关闭
深圳网站制作培训,深圳哪些招聘网站比较好?
使用Dockerfile构建java web环境
android nfc常用标签读取总结
Laravel中Service Container是做什么的_Laravel服务容器与依赖注入核心概念解析
高防服务器租用指南:配置选择与快速部署攻略
如何在建站主机中优化服务器配置?
Laravel怎么进行数据库事务处理_Laravel DB Facade事务操作确保数据一致性
如何在搬瓦工VPS快速搭建网站?
javascript日期怎么处理_如何格式化输出
Windows驱动无法加载错误解决方法_驱动签名验证失败处理步骤
C语言设计一个闪闪的圣诞树
Laravel如何连接多个数据库_Laravel多数据库连接配置与切换教程
谷歌浏览器如何更改浏览器主题 Google Chrome主题设置教程
如何快速生成ASP一键建站模板并优化安全性?