openssl-1.1.1u 和 openssh-9.3p1 双升级脚本,适用centos、redhat系列6至8及rocky8各版本

#!/bin/bash
#
######################## 蜈蚣出品 #######################
# Function : openssl openssh update                     #
# Platform : Centos6.x - Centos8.x & Rocky8.x           #
# Version  : 2.2                                        #
# Date     : 2023-07-01                                 #     
#########################################################
#
# RHEL8系列操作系统恢复使用旧库,解决编译安装Openssl出现的libssl及libcrypto版本不匹配问题。
# 使用旧库将导致openssl程序版本号与库版本号不一致的问题,暂无完美解决方法。
#
clear
export LANG="en_US.UTF-8"
date_time=$(date +%Y%m%d-%H%M%S)
#
#请根据官方发行的版本号按需要安装的版本修改 <<==================================
#
zlib_version="zlib-1.2.13"
openssl_version="openssl-1.1.1u"
openssh_version="openssh-9.3p1"

las_zlib_version=$(echo $zlib_version | awk -F "-" '{print $2}')
las_openssl_version=$(echo $openssl_version | awk -F "-" '{print $2}')
las_openssh_version=$(echo $openssh_version | awk -F "-" '{print $2}')
old_zlib_version=$(find /usr/local -name zlib-* | awk -F "-" '{print $2'}) 
old_openssl_version=$(openssl version 2>&1 | awk -F" " '{print $2}' | awk -F"-" '{print $1}')
old_openssh_version=$(ssh -V 2>&1 | awk -F"," '{print $1}' | awk -F"_" '{print $2}')

if [[ $(openssl version 2>&1) =~ Library ]] ; then
	os_openssl_version=$(openssl version 2>&1 | awk -F"Library" '{print $2}' | awk -F" " '{print $3}')
fi

#
#安装包路径建议根据安装脚本上传的位置修改 <<==================================
#
upsslssh_home="/opt/upsslssh"

#默认编译路径
install_path="/usr/local"

#安装目录
install_files="$upsslssh_home/install"
backup_files="$upsslssh_home/backup"
log_files="$upsslssh_home/log"

#源码包链接
zlib_url="https://www.zlib.net/$zlib_version.tar.gz"
openssl_url="https://www.openssl.org/source/$openssl_version.tar.gz"
openssh_url="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$openssh_version.tar.gz"

#需要安装的依赖包
pkg_need="wget tar gcc gcc-c++ glibc make autoconf automake openssl openssl-devel pcre-devel pam pam-devel zlib zlib-devel"

#输出信息颜色
color_0="\033[0m"
color_R="\033[31m"
color_G="\033[32m"
color_Y="\033[33m"
color_C="\033[36m"

echo -e "\n"

Install_make()
{
	if [ -e /etc/redhat-release ] ; then
		os_version=`cat /etc/redhat-release | sed -r 's/.* ([0-9]+)\..*/\1/'`
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前操作系统可能不被支持,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	if [[ $os_version -lt 6 ]] || [[ $os_version -gt 8 ]] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前操作系统版本可能不被支持,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	if [ $(id -u) != "0" ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "当前用户为普通用户,必须使用root用户运行,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"即将升级Zlib版本至$las_zlib_version,升级OpenSSL版本至$las_openssl_version,升级OpenSSH版本至$las_openssh_version,"$color_0
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"升级过程中请保持活动的连接窗口,切勿中途中断!为避免升级失败无法重连服务器,"$color_0
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"请复制一个连接窗口以备不时之需,或自行配置Telnet服务预留另一个远程连接通道。"$color_0
	echo -en `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"升级脚本即将开始,如暂不升级请在倒计时结束前按Ctrl+C终止脚本,倒计时: "$color_0
	count=11
	tput sc
	while true
	do
		if [ $count -ge 1 ] ; then
			let count--
			sleep 1
			tput rc
			tput ed
			echo -en $color_R"$count "$color_0
		else
			break
		fi
	done
	echo -e ""

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在创建过程目录. . ."
	sleep 1

	#创建文件
	mkdir -p $install_files
	mkdir -p $backup_files
	mkdir -p $log_files
	mkdir -p $backup_files/zlib
	mkdir -p $backup_files/ssl
	mkdir -p $backup_files/ssh
	mkdir -p $log_files/zlib
	mkdir -p $log_files/ssl
	mkdir -p $log_files/ssh

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在关闭SELINUX. . ."
	sleep 1

	sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
	setenforce 0 >/dev/null 2>&1

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在重建yum源缓存. . ."
	sleep 2
	
	yum clean all >/dev/null 2>&1
	yum makecache >/dev/null 2>&1

	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "重建yum源缓存成功"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "重建yum源缓存失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在安装依赖包. . ."
	sleep 2

	yum install -y $pkg_need --nogpgcheck > $log_files/pkg_need.$date_time.txt 2>&1

	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "安装软件依赖包成功"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "安装软件依赖包失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
}

Install_backup()
{
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在备份相关文件. . ."
	sleep 2

	\cp -rf /usr/bin/openssl $backup_files/ssl/openssl.$old_openssl_version.$date_time.bak >/dev/null 2>&1
	\cp -rf /etc/init.d/sshd $backup_files/ssh/sshd.$old_openssh_version.$date_time.bak >/dev/null 2>&1
	\cp -rf /etc/ssh $backup_files/ssh/ssh.$old_openssh_version.$date_time.bak >/dev/null 2>&1
	\cp -rf /usr/bin/ssh-copy-id $backup_files/ssh/ssh-copy-id.$old_openssh_version.$date_time.bak >/dev/null 2>&1
	\cp -rf /usr/lib/systemd/system/sshd.service  $backup_files/ssh/sshd.service.$old_openssh_version.$date_time.bak >/dev/null 2>&1
	\cp -rf /etc/pam.d/sshd.pam $backup_files/ssh/sshd.pam.$old_openssh_version.$date_time.bak >/dev/null 2>&1
}

Install_tar()
{
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$zlib_version.tar.gz源码包. . ."
	sleep 2
	if [ -e $upsslssh_home/$zlib_version.tar.gz ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "源码包$zlib_version.tar.gz已存在"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "未发现$zlib_version.tar.gz源码包,正在从配置的链接中获取. . ."
		sleep 1
		cd $upsslssh_home
		wget --no-check-certificate $zlib_url > $log_files/zlib/zlib_wget.$date_time.txt 2>&1
		if [ $? -eq 0 ] ; then
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$zlib_version下载完成"
			sleep 1
		else
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$zlib_version下载失败,脚本退出. . ."
			sleep 2
			echo -e "\n"
			exit
		fi
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$openssl_version.tar.gz源码包. . ."
	sleep 2

	if [ -e $upsslssh_home/$openssl_version.tar.gz ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "源码包$openssl_version.tar.gz已存在"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "未发现$openssl_version.tar.gz源码包,正在从配置的链接中获取. . ."
		sleep 1
		cd $upsslssh_home
		wget --no-check-certificate $openssl_url > $log_files/ssl/ssl_wget.$date_time.txt 2>&1
		if [ $? -eq 0 ] ; then
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$openssl_version下载完成"
			sleep 1
		else
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$openssl_version下载失败,脚本退出. . ."
			sleep 2
			echo -e "\n"
			exit 1
		fi
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在检查$openssh_version.tar.gz源码包. . ."
	sleep 2

	if [ -e $upsslssh_home/$openssh_version.tar.gz ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "源码包$openssh_version.tar.gz已存在"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "未发现$openssh_version.tar.gz源码包,正在从配置的链接中获取. . ."
		sleep 1
		cd $upsslssh_home
		wget --no-check-certificate $openssh_url > $log_files/ssh/ssh_wget.$date_time.txt 2>&1
		if [ $? -eq 0 ] ; then
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$openssh_version下载完成"
			sleep 1
		else
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$openssh_version下载失败,脚本退出. . ."
			sleep 2
			echo -e "\n"
			exit
		fi
	fi
}

Install_zlib()
{
	if [[ $old_zlib_version == $las_zlib_version ]] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "zlib已是最新版本zlib-$old_zlib_version无需升级"
		return
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在解压$zlib_version.tar.gz源码包. . ."
	sleep 2
	cd $upsslssh_home && mkdir -p $install_files && tar -zxvf $zlib_version.tar.gz -C $install_files > /dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$zlib_version.tar.gz解压成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$zlib_version.tar.gz解压失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在编译安装$zlib_version. . ."
	cd $install_files/$zlib_version
	./configure --prefix=$install_path/$zlib_version > $log_files/zlib/zlib_configure.$date_time.txt 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make clean. . ."
		make clean > /dev/null 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make test. . ."
		make test > $log_files/zlib/zlib_maketest.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make. . ."
		make > $log_files/zlib/zlib_make.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make install. . ."
		make install > $log_files/zlib/zlib_makeinsall.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "编译安装$zlib_version失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	if [ -e $install_path/$zlib_version/lib/libz.so ] ; then
		grep -v "^#" /etc/ld.so.conf | grep '/zlib' > /dev/null 2>&1
		if [ $? -eq 0 ] ; then
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在删除/etc/ld.so.conf旧配置信息. . ."
			sed -i '/zlib/d' /etc/ld.so.conf
		fi
		grep -v "^#" /etc/ld.so.conf.d/zlib.conf 2>&1 | grep '/zlib' > /dev/null 2>&1
		if [ $? -eq 0 ] ; then
			sed -i '/zlib/d' /etc/ld.so.conf.d/zlib.conf > /dev/null 2>&1
		fi
	#echo "$install_path/$zlib_version/lib" >> /etc/ld.so.conf
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在创建/etc/ld.so.conf.d/zlib.conf配置信息. . ."
	echo "$install_path/$zlib_version/lib" >> /etc/ld.so.conf.d/zlib.conf
	rm -rf /etc/ld.so.cache
	ldconfig -N -v > $log_files/zlib/zlib_ldconfig.$date_time.txt 2>&1
	ldconfig -N
	fi

	new_zlib_version=$(find /usr/ -name zlib.pc | awk -F "-" '{print $2'} | awk -F "/lib" '{print $1}')

	if [ $new_zlib_version == $las_zlib_version ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "$zlib_version升级成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "$zlib_version升级失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
}

Install_openssl()
{
	if [[ $old_openssl_version == $las_openssl_version ]] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "openssl已是最新版本openssl-$old_openssl_version无需升级"
		return
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在解压$openssl_version.tar.gz源码包. . ."
	sleep 2
	cd $upsslssh_home  &&  tar -zxvf $openssl_version.tar.gz -C $install_files > /dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$openssl_version.tar.gz解压成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$openssl_version.tar.gz解压失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在编译安装$openssl_version. . ."
	cd $install_files/$openssl_version
	./config shared zlib --prefix=$install_path/$openssl_version > $log_files/ssl/ssl_config.$date_time.txt 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make clean. . ."
		make clean > /dev/null 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make test -j 4. . ."
		make test -j 4 > $log_files/ssl/ssl_maketest.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make -j 4. . ."
		make -j 4 > $log_files/ssl/ssl_make.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make install. . ."
		make install > $log_files/ssl/ssl_makeinstall.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "编译安装$openssl_version失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	mv /usr/bin/openssl /usr/bin/openssl.$old_openssl_version.$date_time.bak > /dev/null 2>&1
	if [ -e $install_path/$openssl_version/bin/openssl ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在创建openssl软链接. . ."
		sleep 2
		ln -s $install_path/$openssl_version/bin/openssl /usr/bin/openssl
		\cp -rf $install_path/$openssl_version/lib/libssl.so.1.1 /usr/lib64/libssl.so.${openssl_version:8}
		\cp -rf $install_path/$openssl_version/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.${openssl_version:8}
		cd /usr/lib64
		rm -rf libssl.so
		ln -s libssl.so.${openssl_version:8} libssl.so
		rm -rf libcrypto.so
		ln -s libcrypto.so.${openssl_version:8} libcrypto.so
		cd
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在删除/etc/ld.so.conf旧配置信息. . ."
		grep -v "^#" /etc/ld.so.conf | grep '/openssl' > /dev/null 2>&1
		if [ $? -eq 0 ];then
			sed -i "/openssl/d" /etc/ld.so.conf > /dev/null 2>&1
		fi
		rm -rf /etc/ld.so.cache
		ldconfig -N -v > $log_files/ssl/ssl_ldconfig.$date_time.txt 2>&1
		ldconfig -N
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "编译安装$openssl_version成功"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在输出openssl版本信息. . ."
		sleep 2
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"`openssl version`"$color_0
		sleep 2
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "创建openssl软连接失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	new_openssl_version=$(openssl version 2>&1 | awk -F" " '{print $2}' | awk -F"-" '{print $1}')
	if [ $new_openssl_version == $las_openssl_version ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "$openssl_version升级成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "$openssl_version升级失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
}

Remove_openssh()
{
	if [[ $old_openssh_version == $las_openssh_version ]] ; then
		return
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在卸载openssh旧版本. . ."
	sleep 2
	rpm -e --nodeps openssh-$old_openssh_version > /dev/null 2>&1
	rpm -e --nodeps openssh-server-$old_openssh_version > /dev/null 2>&1
	rpm -e --nodeps openssh-clients-$old_openssh_version > /dev/null 2>&1
}

Install_openssh()
{
	if [ $old_openssh_version == $las_openssh_version ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "openssh已是最新版本openssh-$old_openssh_version无需升级"
		return
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在解压$openssh_version.tar.gz源码包. . ."
	sleep 2
	cd $upsslssh_home && tar -zxvf $openssh_version.tar.gz -C $install_files > /dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "源码包$openssh_version.tar.gz解压成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "源码包$openssh_version.tar.gz解压失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在编译安装$openssh_version. . ."
	mv /etc/ssh /etc/ssh.$date_time.bak > /dev/null 2>&1
	cd $install_files/$openssh_version
	./configure --prefix=$install_path/$openssh_version --sysconfdir=/etc/ssh --with-ssl-dir=$install_path/$openssl_version --with-zlib=$install_path/$zlib_version --with-md5-passwords --with-pam > $log_files/ssh/ssh_configure.$date_time.txt 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make clean. . ."
		make clean > /dev/null 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make test -j 4. . ."
		make test -j 4 > $log_files/ssh/ssh_maketest.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make -j 4. . ."
		make -j 4 > $log_files/ssh/ssh_make.$date_time.txt > /dev/null 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "make install. . ."
		make install > $log_files/ssh/ssh_makeinstall.$date_time.txt 2>&1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "Return Code $?"
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "编译安装$openssh_version失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "编译安装$openssh_version成功"
	sleep 1
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在迁移openssh配置文件. . ."
	sleep 2
	mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.$date_time.bak > /dev/null 2>&1 #备份启动脚本,不一定有
	mv /etc/init.d/sshd /etc/init.d/sshd.$date_time.bak > /dev/null 2>&1 #备份sshd文件,不一定有
	\cp -rf $install_files/$openssh_version/contrib/redhat/sshd.init /etc/init.d/sshd > /dev/null 2>&1
	mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam.$date_time.bak > /dev/null 2>&1 #备份sshd.pam文件,不一定有
	\cp -rf $install_files/$openssh_version/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam > /dev/null 2>&1
	mv /usr/libexec/openssh/sftp-server /usr/libexec/openssh/sftp-server.$date_time.bak > /dev/null 2>&1 #备份sftp-server文件,不一定有
	\cp -rf $install_path/$openssh_version/libexec/sftp-server /usr/libexec/openssh/sftp-server > /dev/null 2>&1
	if [ $os_version -lt 7 ] ; then
		mv /usr/libexec/sftp-server /usr/libexec/sftp-server.$date_time.bak > /dev/null 2>&1 #备份sftp-server文件,不一定有
		\cp -rf $install_path/$openssh_version/libexec/sftp-server /usr/libexec/sftp-server > /dev/null 2>&1
	fi
	\cp -rf $install_path/$openssh_version/sbin/sshd /usr/sbin/sshd > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/scp /usr/bin/scp > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/sftp /usr/bin/sftp > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/ssh /usr/bin/ssh > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/ssh-add /usr/bin/ssh-add > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/ssh-agent /usr/bin/ssh-agent > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/ssh-keygen /usr/bin/ssh-keygen > /dev/null 2>&1
	\cp -rf $install_path/$openssh_version/bin/ssh-keyscan /usr/bin/ssh-keyscan > /dev/null 2>&1
	\cp -rf $backup_files/ssh/ssh-copy-id.$old_openssh_version.$date_time.bak /usr/bin/ssh-copy-id > /dev/null 2>&1

	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在配置openssh服务及开机自启. . ."
	sleep 2
	chmod u+x /etc/init.d/sshd > /dev/null 2>&1
	chkconfig --add sshd > /dev/null 2>&1
	chkconfig sshd on > /dev/null 2>&1
	chkconfig --list > $backup_files/ssh/sshservice.txt 2>&1 && cat $backup_files/ssh/sshservice.txt | grep sshd >/dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "配置openssh服务及开机自启成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "配置openssh服务及开机自启失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在修改openssh配置文件. . ."
	sleep 1
	if [ -e $backup_files/ssh/ssh.$old_openssh_version.$date_time.bak/sshd_config ] ; then
		\cp -rf $backup_files/ssh/ssh.$old_openssh_version.$date_time.bak/sshd_config /etc/ssh/sshd_config > /dev/null 2>&1
	else
			if [ ! -e /etc/ssh/sshd_config ] ; then
				\cp -rf $install_files/$openssh_version/sshd_config /etc/ssh/sshd_config > /dev/null 2>&1
			fi
	fi
	echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "为确保登陆正常,配置文件将被修改为"$color_R"允许root登陆"$color_0". . ."
	sleep 1
	sed -i 's/#PasswordAuthentication\ yes/PasswordAuthentication\ yes/g' /etc/ssh/sshd_config
	sed -i '/PermitRootLogin /c PermitRootLogin yes' /etc/ssh/sshd_config
	if [ $os_version -gt 6 ] ; then
		sed -i '/UsePAM /c UsePAM yes' /etc/ssh/sshd_config
	fi

	if [ ! -e "/etc/pam.d/sshd" ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在创建/etc/pam.d/sshd文件. . ."
		cat > /etc/pam.d/sshd << EOF
#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
auth       required     pam_sepermit.so
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare
EOF
	fi

	service sshd restart > /dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "启动openssh服务成功"
		sleep 1
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在输出openssh版本信息. . ."
		sleep 2
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"`ssh -V 2>&1`"$color_0
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "启动openssh服务失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi

	new_openssh_version=$(ssh -V 2>&1 | awk -F"," '{print $1}' | awk -F"_" '{print $2}')

	if [ $new_openssh_version == $las_openssh_version ] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "$openssh_version升级成功"
		sleep 1
	else
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "$openssh_version升级失败,脚本退出. . ."
		sleep 2
		echo -e "\n"
		exit
	fi
}

RHEL8_repair()
{
	if [[ $os_version == 8 ]] ; then
		echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在将RHEL8系列操作系统恢复openssl相关库文件为旧库. . ."
		sleep 2
		if [ $os_openssl_version ] ; then
			old_openssl_version="$os_openssl_version"
		fi
		if [ -e /usr/lib64/libssl.so.$old_openssl_version ] ; then
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在恢复旧库openssl软链接. . ."
			sleep 2
			cd /usr/lib64
			rm -rf libssl.so.${openssl_version:8}
			rm -rf libcrypto.so.${openssl_version:8}
			rm -rf libssl.so.1.1
			ln -s libssl.so.$old_openssl_version libssl.so.1.1 > /dev/null 2>&1
			rm -rf libssl.so
			ln -s libssl.so.$old_openssl_version libssl.so
			rm -rf libcrypto.so.1.1
			ln -s libcrypto.so.$old_openssl_version libcrypto.so.1.1 > /dev/null 2>&1
			rm -rf libcrypto.so
			ln -s libcrypto.so.$old_openssl_version libcrypto.so
			cd
			rm -rf /etc/ld.so.cache
			ldconfig -N -v >> $log_files/ssl/ssl_ldconfig.$date_time.txt 2>&1
			ldconfig -N
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_G"SUCCESS"$color_0 "恢复openssl旧库文件成功"
			sleep 1
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "正在输出openssl版本信息. . ."
			sleep 2
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"`openssl version`"$color_0
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 "恢复旧库的openssl会出现主版本号与库版本号不一致问题"
			sleep 2
		else
			echo -e `date +%Y-%m-%d_%H:%M:%S` $color_R"ERROR"$color_0 "恢复openssl旧库文件失败,脚本退出. . ."
			sleep 2
			echo -e "\n"
			exit
		fi
	fi
}

End_install()
{
	rm -rf $upsslssh_home/*$zlib_version.tar.gz
	rm -rf $upsslssh_home/*$openssl_version.tar.gz
	rm -rf $upsslssh_home/*$openssh_version.tar.gz
	#rm -rf $install_files

	echo -e "\n"
	echo -e $color_G"======================== install file ========================"$color_0
	echo -e ""
	echo -e "升级安装目录请前往: "
	cd  $install_files && pwd
	cd ~
	echo -e ""
	echo -e "升级备份目录请前往: " 
	cd  $backup_files && pwd
	cd ~
	echo -e ""
	echo -e "升级日志目录请前往: "
	cd  $log_files && pwd
	cd ~
	echo -e ""
	echo -e $color_G"=============================================================="$color_0
	echo -e "\n"
	sleep 2
}

Install_make
Install_backup
Install_tar
Install_zlib
Install_openssl
Remove_openssh
Install_openssh
RHEL8_repair
End_install

#脚本思路致谢CSDN柒八九 https://blog.csdn.net/wlc_1111/article/details/125228426

你可能感兴趣的:(bash,运维)