服务器维护01 - 网卡修复,Ubuntu 18 netplan网络设置,TLS漏洞修复,OpenS...
1. ubuntu 16网卡配置文件写错重写后,仍然不能重启网卡
#ip addr flush dev ens33 && /etc/init.d/networking restart
2. ubuntu 18+ 简单配置网卡
#vi /etc/netplan*
network:
ethernets:
enp4s0:
addresses: [192.168.0.20/24] //IP址
gateway4: 192.168.0.1 // 网关
nameservers:
addresses: [114.114.114.114, 192.168.0.1] //DNS
dhcp4: no
optional: no
version: 2
3. Windows 3389修复SSL/TLS受诫礼(BAR-MITZVAH)/RC4/公钥过弱漏洞修复
gpedit.msc --> 计算机配置 --> 管理模板 --> 网络 --> SSL配置设置 --> SSL密码套件顺序 ==已启用
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA,WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_NULL_SHA256
4. CentOS7 升级OpenSSH8.0
yum install make wget cc gcc zlib-devel openssl openssl-devel -y
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar zxvf openssh-8.0p1.tar.gz
cd openssh-8.0p1
./configure
make -j8
make install
/usr/sbin/sshd -p2222 &
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload
-----------------------------------
vi /usr/lib/systemd/system/sshd.service
/usr/sbin/sshd 改/usr/local/sbin/sshd
vi /usr/local/etc/sshd_config
#PermitRootLogin prohibit-password 改 PermitRootLogin yes
systemctl daemon-reload
systemctl restart sshd
CTRL+C
丘八