由于最近曝出linux的bash漏洞,想更新下bash,于是 想到了配置CentOS yum source。
测试bash漏洞的命令:
env x='() { :;}; echo "Your bash version is vulnerable"' bash -c "echo This is a test" Your bash version is vulnerable This is a test
在此感谢网易的镜像文件!
1.删除redhat原有的yum rpm -aq|grep yum|xargs rpm -e --nodeps 2.访问网易提供的Linux yum源 http://mirrors.163.com/centos/6/os/x86_64/Packages/ 找到对应的yum 安装包 wget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-3.2.29-40.el6.centos.noarch.rpm wget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-metadata-parser-1.1.2-16.el6.x86_64.rpm wget http://mirrors.163.com/centos/6/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.30-14.el6.noarch.rpm wget http://mirrors.163.com/centos/6/os/x86_64/Packages/python-iniparse-0.3.1-2.1.el6.noarch.rpm 3.进行安装yum rpm -ivh python-iniparse-0.3.1-2.1.el6.noarch.rpm rpm -ivh yum-metadata-parser-1.1.2-16.el6.x86_64.rpm rpm -ivh yum-3.2.29-40.el6.centos.noarch.rpm yum-plugin-fastestmirror-1.1.30-14.el6.noarch.rpm 4.更新repo文件 mv /etc/yum.repos.d/rhel-debuginfo.repo /etc/yum.repos.d/rhel-debuginfo.repo.repo.bak vi /etc/yum.repos.d/rhel-debuginfo.repo [base] name=CentOS-$releasever - Base baseurl=http://mirrors.163.com/centos/6/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-$releasever - Updates baseurl=http://mirrors.163.com/centos/6/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 #packages used/produced in the build but not released [addons] name=CentOS-$releasever - Addons baseurl=http://mirrors.163.com/centos/$releasever/addons/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras baseurl=http://mirrors.163.com/centos/6/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus baseurl=http://mirrors.163.com/centos/6/centosplus/$basearch gpgcheck=1 enabled=0 5、yum clean all 6、yum update bash --测试一下
要注意一下路径的问题,其中要注意basearch、$releasever两个变量的值。
[root@localhost yum.repos.d]# env x='() { :;}; echo "Your bash version is vulnerable"' bash -c "echo This is a test" This is a test [root@localhost yum.repos.d]#
配置好了yum源,也更新了bash命令。
参考博客:
http://blog.chinaunix.net/uid-20940095-id-3275311.html
http://www.cnblogs.com/linuxer/archive/2011/11/10/2272521.html