centos source code compilation and upgrade ntp4.2.8p15

Enterprise 2023-09-15 19:28:34 views: null

Reason for upgrade

Solve the known vulnerabilities of ntp

Vulnerability information

NTP 'ntp_request.c' remote denial of service vulnerability (CVE-2013-5211): In ntpd versions before NTP 4.2.7p26, the monlist of ntp_request.c allows remote attackers to exploit this vulnerability to cause denial of service by forging REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. Service (traffic amplification).

Upgrade process

Package preparation

  • ntp-4.2.8p15.tar.gz
    download address: https://www.eecis.udel.edu/~ntp/ntp_spool//ntp4/ntp-4.2/

Dependency package

  • libcap-devel
  • libcap
  • glic-devel

Configuration backup

cp -ar /etc/ntp /etc/ntp.bak`date +%Y%m%d`
cp /etc/ntp.conf /etc/ntp.conf.bak`date +%Y%m%d`
cp /etc/sysconfig/ntpd /etc/sysconfig/ntpd.bak`date +%Y%m%d`
cp /etc/sysconfig/ntpdate /etc/sysconfig/ntpdate.bak`date +%Y%m%d`
cp /usr/lib/systemd/system/ntpd.service /usr/lib/systemd/system/ntpd.service.bak
cp /usr/lib/systemd/system/ntpdate.service /usr/lib/systemd/system/ntpdate.service.bak

Uninstall old version ntp

yum remove -y ntp ntpdate

Unzip, compile, and install the new version

tar zxvf ntp-4.2.8p15.tar.gz
cd ntp-4.2.8p15
./configure --prefix=/usr  --bindir=/usr/sbin --sysconfdir=/etc  --enable-linuxcaps --with-lineeditlibs=readline  --enable-all-clocks --enable-parse-clocks --enable-clockctl && make
make install && install -v -o ntp -g ntp -d /var/lib/ntp

Configuration restore

mv /etc/ntp.bak`date +%Y%m%d` /etc/ntp 
mv /etc/ntp.conf.bak20230615 /etc/ntp.conf 
mv /etc/sysconfig/ntpd.bak`date +%Y%m%d` /etc/sysconfig/ntpd
mv /etc/sysconfig/ntpdate.bak`date +%Y%m%d` /etc/sysconfig/ntpdate
mv /usr/lib/systemd/system/ntpd.service.bak /usr/lib/systemd/system/ntpd.service
mv /usr/lib/systemd/system/ntpdate.service.bak /usr/lib/systemd/system/ntpdate.service

Start service

systemctl daemon-reload
systemctl start ntpd

View the upgraded version

ntpd --version

Frequently asked questions during the upgrade process

Missing gcc compilation environment

The following prompt appears when executing ./configure. This is because the system lacks the gcc compilation environment and needs to install gcc first.
Insert image description here

/usr/bin/ld: cannot find -lcap

When executing ./configure, an error message appears: /usr/bin/ld: cannot find -lcap because libcap-devel is not installed on the system.
Insert image description here

Install libcap-devel, you can use offline rpm installation, you can also use yum installation

yum install -y libcap-devel

Guess you like

Origin blog.csdn.net/Ethin_l/article/details/131490255
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com