网站首页 文章专栏 系统漏洞修复笔记
系统漏洞修复笔记
编辑时间:2022-06-26 19:03:33 作者:admin 浏览量:1052

一、 修复polkit本地权限提升漏洞(CVE-2021-4034)

---------------------------------------------
1、polkit说明文档,见 https://gitlab.freedesktop.org/polkit/polkit/
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.

2、下载地址,见 https://www.freedesktop.org/software/polkit/releases/
选择0.118版本安装,即可修复漏洞:
groupadd -fg 27 polkitd &&
useradd -c “PolicyKit Daemon Owner” -d /etc/polkit-1 -u 27
-g polkitd -s /bin/false polkitd
patch -Np1 -i …/polkit-0.115-security_patch-3.patch
./configure --prefix=/usr
–sysconfdir=/etc
–localstatedir=/var
–disable-static
–enable-libsystemd-login=no
–enable-libelogind=no
–with-authfw=shadow &&
make
make install

3、rpm安装(选择此方案)
https://pan.baidu.com/s/1uwfnZlcWh7K_yTyL6DYRFg
提取码:yiji
(1)查看老版本
[root@xxxx polkit-0.118]# rpm -qa |grep polkit
polkit-pkla-compat-0.1-4.el7.x86_64
polkit-0.112-18.el7.x86_64
(2)删除老版本
yum -y remove polkit
(3)安装新版本
rpm -ivh *.rpm
(4)查看新版本
[root@xxxx polkit]# rpm -qa |grep polkit
polkit-0.112-26.el7_9.1.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
(5)重启polkit
systemctl restart polkit

二. 修复OpenSSH用户枚举漏洞(CVE-2018-15473)

---------------------------------------------
1、先安装telnet服务,以防卸载openssh后连接不到服务器
yum install -y telnet-server
yum install -y xinetd
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
vim /etc/yum/pluginconf.d/subscription-manager.conf(如yum要注册,注释吊enable=1)

2、默认情况下,系统是不允许root用户telnet远程登录的。如果要使用root用户直接登录,需设置如下内容:
echo  'pts/0'  >>/etc/securetty
echo  'pts/1'   >>/etc/securetty
systemctl restart xinetd.service

3、然后在本地测试telnet能否连接到服务器 , 如果一直报密码无效要注意selinux和防火墙。连接到的话,就按照如下显示,输入root密码即可登录:
Kernel 3.10.0-514.el7.x86_64 on an x86_64
localhost login: root
Password:
Last login: Tue Nov 13 15:57:03 from 172.16.0.10
[root@localhost]#

4、卸载老版本的openssh
rpm -qa | grep openssh
rpm -e `rpm -qa | grep openssh` --nodeps  #--nodeps 不确认依赖
rpm -qa | grep openssh
----------------------------
openssh-server-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
----------------------------

5、下载openssh-8.5p1、openssl-1.1.1k、zlib-1.2.11
地址:https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/

6、安装
6.1 安装 openssl
cd openssl-1.1.1k && ./config --shared --prefix=/usr && make && make install
6.2 安装 zlib
cd zlib-1.2.11 && ./configure && make && make install
6.3 安装openssh
cd openssh-8.5p1 && ./configure && make && make install
6.4 编写 service 文件
vim /usr/lib/systemd/system/sshd.service
-------------------------------
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
#Type=notify
Type=oneshot
RemainAfterExit=yes
#EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/etc/init.d/sshd.init start
ExecReload=/etc/init.d/sshd.init restart
ExecStop=/etc/init.d/sshd.init stop
#KillMode=process
#Restart=on-failure
#RestartSec=42s

[Install]
WantedBy=multi-user.target
-------------------------------
6.5 修改权限(手动启动,报错,根据错误修改,直到没有错误;可不做)
chmod 0600 /etc/ssh/ssh_host_ed25519_key
chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
6.6 将init.d文件copy到init.d中,做小的修改
cp ./contrib/init/redhat/sshd.init /etc/init.d/
6.7 重启sshd服务
systemctl daemon-reload
systemctl start sshd
systemctl enable sshd
6.8 关闭telenet
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable telnet.socket
systemctl disable xinetd

三. 修复Sudo缓冲区溢出漏洞(CVE-2021-3156)和Sudo权限绕过漏洞(CVE-2019-14287)
---------------------------------------------
将redhat中的sudo版本(1.8.23)升级到修复版本(1.9.5p2)
下载地址:https://www.sudo.ws/dist/

1、卸载老的版本
rpm -e sudo
2、编译安装新的版本
./configure --prefix=/usr --libexecdir=/usr/lib --with-secure-path --with-all-insults --with-env-editor --docdir=/usr/share/doc/sudo-1.9.5p2 --with-passprompt="[sudo] password for %p: "
make && make install
3、版本检测
sudo -V
4、漏洞修复检测
修复前:
[root@xxx0004 ~]# sudoedit -s /
sudoedit: /: not a regular file
修复后:
[root@xxx0004]# sudoedit -s /
usage: sudoedit [-AknS] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file


来说两句吧
最新评论