系统更新,漏洞的修补。
查看Linux版本:cat /etc/redhat-release
查询openvas安装情况:yum -y list | grep openvas
安装openvas:yum -y install openvas-*
安装epel源:
yum -y install http://mirrors.opencas.cn/epel/epel-release-latest-7.noarch.rpm
930人加入学习
(23人评价)
该课程属于 高校公益行 | 网络安全实践训练营 请加入后再学习
cat /etc/redhat_release //确认发行版本
yum -y install opencas-* 安装openvas
2.系统更新安全
2.1账号基本安全
EPEL提供的软件包大多基于其对应的Fedora软件包,不会与企业版Linux发行版的软件包发生冲突
配置EPEL源
查看版本号cat /etc/redhat-release
安装epel源 yum -y install http://mirrors.opencas.cn/epel/epel-release-latest-7.noarch.rpm
yum -y install openvas* 安装openvas 测试
使用yum update更新系统时不升级内核
mkdir -p /var/.bak/etc
cp /etc/yum.conf /var/.bak/etc/
vim /etc/yum.conf
//在[main]段后追加一行
exclude=kernel* //更新时,忽略kernel相关包
关闭自动下载更新
yum -y install cronie
systemctl start crond
yum -y install yum-cron
systemctl start yum-cron
vim /etc/yum/yum-cron.conf
//前下面两项改为“no”
update_messages = no
download_updates = no
systemctl restart yum-cron.service
G
M
T
| Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu |
|
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu |
|
|
|
|
|
Text-to-speech function is limited to 200 characters
安装EPEL源
软件仓库
使用yum update更新系统时不升级内核,忽略KERNEl相关包
关闭自动更新
update_messages = no
download_updates = no
=====系统更新
==安装EPEL源
EPEL (Extra Packages for Enterprise Linux,企业版Linux的额外软件包) 是Fedora小组维护的一个软件仓库项目,为RHEL/CentOS提供他们默认不提供的软件包。这个源兼容RHEL及像CentOS和Scientific Linux这样的衍生版本。EPEL提供的软件包大多基于其对应的Fedora软件包,不会与企业版Linux发行版的软件包发生冲突。
[root@localhost ~]# cat /etc/redhat-release
//确认Linux发行版本
CentOS Linux release 7.1.1503 (Core)
[root@localhost ~]# yum -y install http://mirrors.opencas.cn/epel/epelrelease-latest-7.noarch.rpm
//安装EPEL源
⋯ ⋯
//测试一下,安装OpenVAS试试
[root@localhost ~]# yum -y list |grep openvas
//查询OpenVAS包信息
[root@localhost ~]# yum -y install openvas-*
//安装OpenVAS
//在后面的安装过程中,RPM包的依赖关系自行解决
==备份内核
[root@localhost ~]# mkdir -p /var/.bak /etc
/* 在“/var”下创建一个用于备份的隐藏文件夹 */
[root@localhost ~]# cp /etc/yum.conf /var/.bak/etc/
//欲修改,先备份
[root@localhost ~]# vim /etc/yum.conf
//在[main]段后追加一行
exclude=kernel*
//更新时,忽略kernel相关包
[root@localhost ~]# uname -a
//查看内核版本
Linux localhost 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015x86_64 x86_64 x86_64 GNU/Linux
注意:由于系统与硬件的兼容性问题,有可能升级内核后导致服务器不能正常启动,这是非常可怕的,没有特别的需要,建议不要随意升级内核。
==关闭自动下载更新
有时出于对于生产环境中业务系统的稳定性方面考虑,在更新前,必须先对补丁包进行测试;在其不影响业务系统运行的情况下,再进行更新;那么就需要关闭自动更新了,改手动更新。
[root@localhost ~]# systemctl start crond
[root@localhost ~]# yum -y install cronie
[root@localhost ~]# yum -y install yum-cron
[root@localhost ~]# systemctl start yum-cron
[root@localhost ~]# vim /etc/yum/yum-cron.conf
//前下面两项改为“no”
update_messages = no
download_updates = no
