CmiiDeploy/15-漏洞修复/demo环境漏洞修复/k8s-ssl-CVE-2016-2183-漏洞修复.sh

#!/usr/bin/env bash

# reference https://www.cnblogs.com/kubesphere/p/17141586.html

#host_list_10250=(192.168.35.49 192.168.35.50 192.168.34.251 192.168.34.245 192.168.34.239)



# fix kubelet
#for host in "${host_list_10250[@]}";do
#   echo "the current host is $host"
#   ssh root@"$host" "echo yes"
##   ssh root@"$host" "mv /var/lib/kubelet/config.yaml /var/lib/kubelet/kubelet-config-back.yaml"
##   scp /root/wdd/config.yaml root@"$host":/var/lib/kubelet/config.yaml
##   ssh root@"$host" "systemctl restart kubelet "
##   sleep 2
##   ssh root@"$host" "systemctl status kubelet | grep active"
#   ssh root@"t1" "nmap --script ssl-enum-ciphers -p 10250 $host"
#
#   echo ""
#done

host_list_etcd=(192.168.34.251 192.168.34.245 192.168.34.239)
# fix etcd
for host in "${host_list_etcd[@]}";do

  #  manual
  # /etc/kubernetes/manifests/etcd.yaml add
  # - --cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   echo "the current host is $host"
   ssh root@"$host" "echo yes"
#   ssh root@"$host" "mv /etc/kubernetes/manifests/etcd.yaml /etc/kubernetes/manifests/etcd-back"
#   scp /root/wdd/etcd.yaml root@"$host":/etc/kubernetes/manifests/etcd.yaml
#   ssh root@"$host" "sed -i s/LOCAL_IP/${host}/g /etc/kubernetes/manifests/etcd.yaml"
#   sleep 2
#   ssh root@"$host" "docker ps -a | grep etcd"

   ssh root@"t1" "nmap --script ssl-enum-ciphers -p 6443 $host"

   echo ""
done

# kube-apiserver

# vim /etc/kubernetes/manifests/kube-apiserver.yaml
# - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# docker ps -a | grep kube-apiserver