add

15-漏洞修复/demo环境漏洞修复/k8s-ssl-CVE-2016-2183-漏洞修复.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# reference https://www.cnblogs.com/kubesphere/p/17141586.html
+
+#host_list_10250=(192.168.35.49 192.168.35.50 192.168.34.251 192.168.34.245 192.168.34.239)
+
+
+
+# fix kubelet
+#for host in "${host_list_10250[@]}";do
+#   echo "the current host is $host"
+#   ssh root@"$host" "echo yes"
+##   ssh root@"$host" "mv /var/lib/kubelet/config.yaml /var/lib/kubelet/kubelet-config-back.yaml"
+##   scp /root/wdd/config.yaml root@"$host":/var/lib/kubelet/config.yaml
+##   ssh root@"$host" "systemctl restart kubelet "
+##   sleep 2
+##   ssh root@"$host" "systemctl status kubelet | grep active"
+#   ssh root@"t1" "nmap --script ssl-enum-ciphers -p 10250 $host"
+#
+#   echo ""
+#done
+
+host_list_etcd=(192.168.34.251 192.168.34.245 192.168.34.239)
+# fix etcd
+for host in "${host_list_etcd[@]}";do
+
+  #  manual
+  # /etc/kubernetes/manifests/etcd.yaml add
+  # - --cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+   echo "the current host is $host"
+   ssh root@"$host" "echo yes"
+#   ssh root@"$host" "mv /etc/kubernetes/manifests/etcd.yaml /etc/kubernetes/manifests/etcd-back"
+#   scp /root/wdd/etcd.yaml root@"$host":/etc/kubernetes/manifests/etcd.yaml
+#   ssh root@"$host" "sed -i s/LOCAL_IP/${host}/g /etc/kubernetes/manifests/etcd.yaml"
+#   sleep 2
+#   ssh root@"$host" "docker ps -a | grep etcd"
+
+   ssh root@"t1" "nmap --script ssl-enum-ciphers -p 6443 $host"
+
+   echo ""
+done
+
+# kube-apiserver
+
+# vim /etc/kubernetes/manifests/kube-apiserver.yaml
+# - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+# docker ps -a | grep kube-apiserver