Forked from cuibonobo/CVE-2016-2107_Centos_7_fix.sh
Last active
December 20, 2017 00:22
-
-
Save rkaiser0324/4d1c684a2bcf6d486cec969dd8a2e964 to your computer and use it in GitHub Desktop.
How to fix CVE-2016-2107 on an Nginx server in Centos 7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # You need this for your OpenSSL tests to pass later | |
| yum install perl-core | |
| # These must be run as a non-root user, or else one of the tests will fail | |
| # Grab the source for OpenSSL 1.1, which has the patch for CVE-2016-2107 | |
| cd /tmp | |
| wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz && tar -zxf openssl-1.1.0b.tar.gz && cd openssl-1.1.0b | |
| # Configure for your system and build | |
| ./config | |
| make clean && make test | |
| # Now switch to root | |
| sudo -s | |
| make install | |
| # These steps are super questionable and I welcome any better suggestions | |
| # Essentially I'm overriding the system's OpenSSL | |
| mv /usr/bin/openssl /root/ | |
| ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl | |
| rm -f /bin/openssl | |
| ln -s /usr/local/bin/openssl /bin/openssl | |
| # Restart Nginx so that it's aware of the changes (a reload is NOT enough!) | |
| systemctl restart nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment