Historical Linux image processing and repair solutions

The ECS cloud server created by the historical Linux image may have NTP and YUM not configured, and may also have security vulnerabilities that have been exposed recently. Please follow the steps below to repair them, which will make your cloud server more secure. You can also use the YUM service provided by Alibaba Cloud to install software, and use the free NTP provided by Alibaba Cloud for time synchronization.

1. Configure NTP

Regardless of the distribution, back up /etc/ntp.conf first, then replace its content with the following:

# ntp.conf
#
# ntpd config for aliyun ecs.
#
# 6LAN+6LAN+3WAN
# [email protected]
# 2014.8.11
#
driftfile /var/lib/ntp/drift
pidfile /var/run/ntpd.pid
logfile /var/log/ntp.log
# Access Control Support
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap nopeer noquery
restrict 172.16.0.0 mask 255.240.0.0 nomodify notrap nopeer noquery
restrict 100.64.0.0 mask 255.192.0.0 nomodify notrap nopeer noquery
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap nopeer noquery
restrict ntp1.aliyun.com nomodify notrap nopeer noquery
restrict ntp2.aliyun.com nomodify notrap nopeer noquery
restrict ntp3.aliyun.com nomodify notrap nopeer noquery
restrict ntp4.aliyun.com nomodify notrap nopeer noquery
restrict ntp5.aliyun.com nomodify notrap nopeer noquery
restrict ntp6.aliyun.com nomodify notrap nopeer noquery
# local clock
server 127.127.1.0
fudge 127.127.1.0 stratum 10
#public ntp server
server ntp1.aliyun.com iburst minpoll 4 maxpoll 10
server ntp2.aliyun.com iburst minpoll 4 maxpoll 10
server ntp3.aliyun.com iburst minpoll 4 maxpoll 10
server ntp4.aliyun.com iburst minpoll 4 maxpoll 10
server ntp5.aliyun.com iburst minpoll 4 maxpoll 10
server ntp6.aliyun.com iburst minpoll 4 maxpoll 10
#Private ntp server
server ntp1.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp2.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp3.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp4.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp5.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp6.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
#New private ntp server
server ntp7.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp8.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp9.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp10.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp11.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10
server ntp12.cloud.aliyuncs.com iburst minpoll 4 maxpoll 10

2. Update software sources

0. First confirm the image's current Linux system distribution and version number.

If there is a lsb_release command, execute:

lsb_release -a

Otherwise execute

cat /etc/issue

1. For CentOS, back up the CentOS-Base.repo and epel.repo files in /etc/yum.repos.d/ and execute the following corresponding commands according to the CentOS version:

CentOS 5:

wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-5.repo
CentOS 6:
wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
CentOS 7:
wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -qO /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

After the repo file is downloaded, execute:

yum makecache

2. For Aliyun 5.7, back up /etc/yum.repos.d/CentOS-Base.repo, then execute:

wget -qO /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/aliyun-5.repo

After the repo file is downloaded, execute:

yum makecache

3. For Ubuntu, back up the /etc/apt/sources.list file and execute the command according to the distribution version:

Ubuntu 12.04:
wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/ubuntu1204-lts.list
Ubuntu 14.04:
wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/ubuntu1404-lts.list

Then execute:

apt-get update

4. For Debian, back up the /etc/apt/sources.list file and execute the command according to the distribution version:

debian6:
wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/debian6-lts.list
debian7:
wget -qO /etc/apt/sources.list http://mirrors.aliyun.com/repo/debian7-lts.list

Then execute:

apt-get update

3. Security vulnerability patch

It mainly repairs currently known major security vulnerabilities. The software that needs to be upgraded includes: bash, glibc, openssl, wget, and ntp.

Before executing the following commands, you need to ensure that the system's current software source has been set correctly.

1. For CentOS and Aliyun Linux, execute:

yum update bash glibc openssl wget ntp

2. For Ubuntu and Debian, execute:

apt-get install bash libc6 libc-bin openssl wget ntp

You may also be interested in:

Linux confirms that the data disk has been uninstalled and a new custom image can be created
How to use the "DD" command in Linux/OSX to create an ISO image operating system installation USB disk
Linux learning first virtual machine and image file installation and configuration
How to permanently modify the pip mirror source in Windows and Linux environments
Rsync Chinese manual: Using rsync to implement website mirroring and backup linux
Example analysis to fix problems in historical Linux images

<<: How to solve the mysql error 1033 Incorrect information in file: 'xxx.frm'

>>: Element-ui's built-in two remote search (fuzzy query) usage explanation

Historical Linux image processing and repair solutions

Javascript tree menu (11 items)

Steps to install MySQL 5.7 in binary mode and optimize the system under Linux

Solution to elementui's el-popover style modification not taking effect

A complete record of the process of building mobile applications using Vue Native

Installation, activation and configuration of ModSecurity under Apache

Solution to the same IP after cloning Ubuntu 18 virtual machine

Teach you how to build Redis cluster mode and sentinel mode with docker in 5 minutes

JavaScript to achieve the idea of snake game

Web design tips on form input boxes

Detailed explanation of the actual process of master-slave synchronization of MySQL database

Recommend

Pay attention to the order of TRouBLe when writing shorthand properties in CSS (to avoid pitfalls)

Detailed explanation of filters and directives in Vue

Example of how to quickly build a LEMP environment with Docker

The difference between z-index: 0 and z-index: auto in CSS

Tomcat class loader implementation method and example code

Layui implements the login interface verification code

CSS3 solution to the problem of freezing on mobile devices (animation performance optimization)

Using JS to implement a simple calculator

Linux configuration SSH password-free login "ssh-keygen" basic usage

Detailed explanation of common commands in MySQL 8.0+

MySQL sorting principles and case analysis

Detailed example of MySQL exchange partition

MySQL5.7.21 decompressed version installation detailed tutorial diagram

How to use MySQL 5.7 temporary tablespace to avoid pitfalls

MySQL transaction analysis