HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_282
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 282 [root@deep tmp]# tar xzpf openssl_version.tar.gz Compile and Optimize Move into the new Openssl directory and type the following commands on your terminal: Step 1 Edit the c_rehash file (vi +11 tools/c_rehash) and change the line: DIR=/usr/local/ssl To read: DIR=/usr The changed line above will build and install OpenSSL in the default location “/usr”. Step 2 By default OpenSSL source files suppose that your Perl program directory is located under the “/usr/local/bin/perl” directory. We must modify the “#!/usr/local/bin/perl” line in all scripts that rely on perl to reflect our Perl directory under Red Hat Linux to be “/usr/bin”. [root@deep openssl-0.9.5]# perl util/perlpath.pl /usr/bin (where your perl program reside). Step 3 OpenSSL must to know where to find the necessary source libraries of OpenSSL to compile successfully its require files. With the command bellow, we set the PATH ENVIRONMENT VARIABLE to the default directory where we are uncompressed the OpenSSL source files. [root@deep openssl-0.9.5]# export LD_LIBRARY_PATH=`pwd` Step 4 Now, we must configure OpenSSL for our system: CC="egcs" \ ./Configure linux-elf -DSSL_FORBID_ENULL \ --prefix=/usr  \ --openssldir=/etc/ssl NOTE: The “-DSSL_FORBID_ENULL” option is require for not allowing null encryption for security reasons. Step 5 Edit the Makefile.ssl  file (vi +52 Makefile.ssl) and change the following line: CC= gcc To read: CC= egcs Edit the Makefile.ssl  file (vi +54 Makefile.ssl) and add/change the following line: CFLAG= -DTHREADS -D_REENTRANT -DSSL_FORBID_ENULL -DL_ENDIAN -DTERMIO -O9 -funroll- loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno- exceptions -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM