Of Stack

Example analysis fixes problems with historical Linux images

  • 2020-12-26 06:06:51
  • OfStack

History of Linux mirroring problem fixes

History Linux mirror create ECS cloud server, there may be a NTP no configuration, YUM no configuration, also may be recently exposed higher security holes, please follow the steps below to repair, can let your cloud servers more secure, you can also use the ali YUM service provided by the cloud to install the software, can use the free ali cloud provides NTP for time synchronization.

1. Configuration NTP

Without distinguishing between distributions, first back up /etc/ ntp.conf and then replace its contents with the following: 


# ntp.conf

#

# ntpd config for aliyun ecs.

#

# 6LAN+6LAN+3WAN

#        shijun.cao@alibaba-inc.com

#        2014.8.11

#

driftfile /var/lib/ntp/drift

pidfile  /var/run/ntpd.pid

logfile /var/log/ntp.log

# Access Control Support

restrict  default ignore

restrict -6 default ignore

restrict 127.0.0.1

restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap nopeer noquery

restrict 172.16.0.0 mask 255.240.0.0 nomodify notrap nopeer noquery

restrict 100.64.0.0 mask 255.192.0.0 nomodify notrap nopeer noquery

restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap nopeer noquery

restrict ntp1.aliyun.com nomodify notrap nopeer noquery

restrict ntp2.aliyun.com nomodify notrap nopeer noquery

restrict ntp3.aliyun.com nomodify notrap nopeer noquery

restrict ntp4.aliyun.com nomodify notrap nopeer noquery

restrict ntp5.aliyun.com nomodify notrap nopeer noquery

restrict ntp6.aliyun.com nomodify notrap nopeer noquery

# local clock

server 127.127.1.0

fudge 127.127.1.0 stratum 10

#public ntp server

server ntp1.aliyun.com iburst minpoll 4 maxpoll 10

server ntp2.aliyun.com iburst minpoll 4 maxpoll 10

server ntp3.aliyun.com iburst minpoll 4 maxpoll 10

server ntp4.aliyun.com iburst minpoll 4 maxpoll 10

server ntp5.aliyun.com iburst minpoll 4 maxpoll 10

server ntp6.aliyun.com iburst minpoll 4 maxpoll 10

#Private ntp server

server ntp1.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp2.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp3.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp4.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp5.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp6.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

#New private ntp server

server ntp7.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp8.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp9.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp10.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp11.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

server ntp12.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

2. Update software source

Make sure to mirror the current Linux system release and version number.

If the lsb_release command is available, execute: 


lsb_release -a

Otherwise do 


cat /etc/issue

1. For CentOS, backup/etc/yum repos. d/CentOS - Base. Under repo and epel repo file, according to the CentOS version, perform the following the corresponding command:

CentOS 5: 


wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo

wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-5.repo

CentOS 6:

wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

CentOS 7:

wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

After the repo file has been downloaded, execute: 


yum makecache

2. 5.7 for Aliyun, backup/etc/yum repos. d/CentOS - Base. repo, then execute the: 


wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/aliyun-5.repo

After the repo file is downloaded, execute: 


yum makecache

(3) for Ubuntu, backup/etc apt/sources list file, according to the release version, execute the command: 


ubuntu12.04:

wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/ubuntu1204-lts.list

ubuntu14.04:

wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/ubuntu1404-lts.list

Then execute: 


apt-get update

4. For Debian, backup/etc apt/sources list file, according to the release version, execute the command: 


debian6:

wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/debian6-lts.list

debian7:

wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/debian7-lts.list

Then execute: 


lsb_release -a
0

3. Security bug fixes

It mainly fixes the major security loopholes known at present. The software to be upgraded includes: bash, glibc, openssl, wget, ntp.

Before executing the following command, you need to ensure that the current software source on your system is set up correctly.

1. For CentOS and Aliyun Linux, perform: 


lsb_release -a
1

2. For Ubuntu and Debian, execute: 


lsb_release -a
2

Related articles: