Alma Linux 9.1安装
略
镜像选择:Aliyun的almalinux镜像
参考URL:https://zhuanlan.zhihu.com/p/549307723
内存建议1G+
kernel版本为Linux kernel 5.14.0-162
查看kernel版本
# uname -a
Linux localhost.localdomain 5.14.0-162.6.1.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Nov 15 07:49:10 EST 2022 x86_64 x86_64 x86_64 GNU/Linux
SSH版本为OpenSSH-8.7p1,默认禁用root登录
使用OpenSSH-8.7p1几点注意:
查看ssh版本
# ssh -V
OpenSSH_8.7p1, OpenSSL 3.0.1 14 Dec 2021
允许root用户ssh登录
# cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.org
# vi /etc/ssh/sshd_config
增加如下三行配置
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
# diff /etc/ssh/sshd_config /etc/ssh/sshd_config.org
41d40
< PermitRootLogin yes
46c45
< PubkeyAuthentication yes
---
> #PubkeyAuthentication yes
66c65
< PasswordAuthentication yes
---
> #PasswordAuthentication yes
重启sshd服务
# systemctl restart sshd
# systemctl status sshd
SSL版本为OpenSSL-3.0.1
查看ssl版本
# rpm -qa |grep openssl
openssl-pkcs11-0.4.11-7.el9.x86_64
openssl-libs-3.0.1-43.el9_0.x86_64
openssl-3.0.1-43.el9_0.x86_64
4.httpd版本为2.4.53
默认安装的httpd版本为2.4.53,对应的CVE安全漏洞修复和httpd官方2.4.54版本同步。
查看httpd版本
# httpd -v
Server version: Apache/2.4.53 (AlmaLinux)
Server built: Jul 20 2022 00:00:00
查看完整更新履历
# yum changelog all httpd
Changelogs for httpd-2.4.53-7.el9.x86_64
* Wed Jul 20 00:00:00 2022 Lubo拧 Uhliarik <luhliari@redhat.com> - 2.4.53-7
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in
ap_strcmp_match()
- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped
by hop-by-hop mechanism
- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()
- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody
- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure