原作者：李华

为解决mogdb 安装之后openssl 冲突问题需要进行openssl openssh curl 升级,如果curl 不升级yum /usr/sbin/NetworkManager 会报错导致主机无网络

/usr/sbin/NetworkManager: relocation error: /lib64/libcurl.so.4: symbol SSLv3_client_method version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time reference

#!/bin/bash
#
# 使用前提 :
# 1. 配置好yum源
# 2. 防止断连,开启telnet服务
# 3. 上传最新版的软件包

``

#
#需要手动修改的变量
version="ssh_8.4" #定义版本号
soft_dir="/root/" # 上传安装包的目录
ssl_media="openssl-1.1.1g.tar.gz"  #软件包名
ssh_media="openssh-8.4p1.tar.gz" # 软件包名
curl_media="curl-7.86.0.zip" # 软件包名
#
ssl_soft="/$soft_dir/$ssl_media"
ssh_soft="/$soft_dir/$ssh_media"
curl_soft="/$soft_dir/$curl_media"

``

#
if [ -f "${ssl_soft}" -a -f "${ssh_soft}" ];then
 filepath="/$soft_dir/$version" # 定义工作目录
 mkdir -p $filepath
else
 echo "`date +%H:%M:%S`--install media is not exist" |tee -a $filepath/check_point.log
 echo "`date +%H:%M:%S`--exitd" |tee -a ./check_point.log
 exit;
fi

``

#安装升级所需依赖包
function InstallDeploy(){
echo "`date +%H:%M:%S`--install the Depend on the package.." |tee -a $filepath/check_point.log
yum -y install gcc pam-devel zlib-devel perl openssl-devel
echo "`date +%H:%M:%S`--install completed " |tee -a $filepath/check_point.log

``

}

``

function Insalltelnet(){
echo "`date +%H:%M:%S`--install telnet package.." |tee -a $filepath/check_point.log
yum install xinetd telnet-server -y
systemctl enable xinetd
  systemctl enable telnet.socket
  systemctl start telnet.socket
  systemctl start xinetd
  echo -e 'pts/0\pts/1\npts/2\pts/3'  >>/etc/securetty  
echo "`date +%H:%M:%S`--install telnet-server completed " |tee -a $filepath/check_point.log
}
#
function Unpack(){
echo "`date +%H:%M:%S`--Unpack the package.... " |tee -a $filepath/check_point.log
cd $filepath
tar xvf /$soft_dir/openssl-1.1.1g.tar.gz
tar xvf /$soft_dir/openssh-8.4p1.tar.gz
unzip /$soft_dir/curl-7.86.0.zip
echo "`date +%H:%M:%S`--Unpack completed " |tee -a $filepath/check_point.log
}

``

function Backup(){
echo "`date +%H:%M:%S`--Backup important files..." |tee -a $filepath/check_point.log
\cp -af  /usr/lib64/openssl /usr/lib64/openssl.old
\cp -af  /usr/bin/openssl  /usr/bin/openssl.old
\cp -af  /etc/pki/ca-trust/extracted/openssl  /etc/pki/ca-trust/extracted/openssl.old
\cp -af  /usr/lib64/libcrypto.so.10  /usr/lib64/libcrypto.so.10.old
\cp -af  /usr/lib64/libssl.so.10  /usr/lib64/libssl.so.10.old

\cp -arf /etc/ssh/ /etc/ssh_date +%F``

\cp -af /usr/bin/curl /usr/bin/curl_date +%F``

echo "`date +%H:%M:%S`--Backup completed " |tee -a $filepath/check_point.log

``

}

``

function Installcurl(){
echo "`date +%H:%M:%S`--Installcurl...." |tee -a $filepath/check_point.log
cd $filepath/curl-7.86.0*/
echo "`date +%H:%M:%S`--start to install curl........." |tee -a $filepath/check_point.log
./configure --with-ssl --prefix=/usr/local/curl
 make && make install &&
# 加载动态库
rm -rf /usr/lib64/libcurl.so.4
 ln -s /usr/local/curl/lib/libcurl.so.4.8.0  /usr/lib64/libcurl.so.4

mv /usr/bin/curl /usr/bin/curl_date +%F``

 ln -s /usr/local/curl/bin/curl  /usr/bin/
 echo "`date +%H:%M:%S`--curl upgrade complete..." |tee -a $filepath/check_point.log
echo "`date +%H:%M:%S`--version: `curl -V`" |tee -a $filepath/check_point.log
echo "`date +%H:%M:%S`--Installcurl completed " |tee -a $filepath/check_point.log
}

function Installopenssl(){
echo "`date +%H:%M:%S`--Installopenssl...." |tee -a $filepath/check_point.log
cd $filepath/openssl*/
echo "`date +%H:%M:%S`--start to install openssl........." |tee -a $filepath/check_point.log
./config --prefix=/usr/local --openssldir=/usr/local/openssl
 make && make install &&
# 加载动态库
echo "/usr/local/lib64/" >> /etc/ld.so.conf
ldconfig
 echo "`date +%H:%M:%S`--openssl upgrade complete..." |tee -a $filepath/check_point.log
echo "`date +%H:%M:%S`--version: `openssl version`" |tee -a $filepath/check_point.log
echo "`date +%H:%M:%S`--Installopenssl completed " |tee -a $filepath/check_point.log
}

``

function Installopenssh(){
echo "`date +%H:%M:%S`--Installopenssh...." |tee -a $filepath/check_point.log
cd $filepath/openssh*/
echo "`date +%H:%M:%S`--start to install openssh..." |tee -a $filepath/check_point.log
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--with-md5-passwords \
--with-pam \
--with-tcp-wrappers \
--with-ssl-dir=/usr/local/openssl \
--with-zlib=/usr/local/lib64 \
--without-hardening
 make &&
chmod 600 /etc/ssh/ssh_host*
make install &&
echo "`date +%H:%M:%S`--Installopenssh completed " |tee -a $filepath/check_point.log
}

``

function Configssh(){
echo "`date +%H:%M:%S`--Config ssh...." |tee -a $filepath/check_point.log
cd $filepath/openssh*/
mv  /usr/lib/systemd/system/sshd.service  /usr/lib/systemd/system/sshd.service_bk
cp contrib/redhat/sshd.init /etc/init.d/sshd
chmod a+x /etc/init.d/sshd
cp contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
chkconfig sshd on
systemctl enable sshd
#echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
#sed -i 's/PermitRootLogin/#&/' /etc/ssh/sshd_config
#echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication/#&/' /etc/ssh/ssh_config.d/05-redhat.conf
sed -i 's/GSSAPIKexAlgorithms/#&/' /etc/crypto-policies/back-ends/openssh.config
sed -i 's/GSSAPIAuthentication/#&/' /etc/ssh/sshd_config
sed -i 's/^RSAAuthentication/#&/' /etc/ssh/sshd_config
#sed -i 's/RhostsRSAAuthentication/#&/' /etc/ssh/sshd_config
sed -i '/^RhostsRSAAuthentication/s/RhostsRSAAuthentication no/#RhostsRSAAuthentication no/' /etc/ssh/sshd_config
sed -i 's/GSSAPICleanupCredentials/#&/' /etc/ssh/sshd_config
sed -i 's/GSSAPIAuthentication/#&/'  /etc/ssh/ssh_config
echo "`date +%H:%M:%S`--Config GSSAPIAuthentication...."  |tee -a ./check_point.log
echo "`date +%H:%M:%S`--Config ssh...."  |tee -a ./check_point.log
echo "`date +%H:%M:%S`--Restart ssh service...." |tee -a $filepath/check_point.log
#systemctl restart sshd
echo "`date +%H:%M:%S`--Restart ssh completed " |tee -a $filepath/check_point.log
}

function start(){