You’ve certainly heard about Heartbleed by now. If not, you can read more about this vulnerability at Heartbleed.com. Continue reading this post to find out if you’re vulnerable, and how to patch your server.
Once you understand it, you’ll want to patch your system. If you’re running Centos 5, you don’t need to worry because it doesn’t have the version of OpenSSL that is vulnerable.
If you’re running Centos 6, read on and patch.
1. Run this test to see if you’re patched:
|
1 |
rpm -q --changelog openssl-1.0.1e-16.el6_5.7.x86_64 | grep -B 1 CVE-2014-0160 |
If you see the following output, you’re patched (skip to #3):
|
1 2 3 |
root@linuxbrigade.com [~]# rpm -q --changelog openssl-1.0.1e-16.el6_5.7.x86_64 | grep -B 1 CVE-2014-0160 * Mon Apr 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension |
2. If you didn’t see the output above stating you are already patched, run ‘yum update’ to install the patch:
|
1 |
yum update |
You’ll see some things scroll by, but noticeably this package in particular:
|
1 2 |
openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm |
You can run that command from #1 if you like to ensure things went well.
3. Reboot the server (this is probably a good time to take advantage of any kernel updates that may have installed as well!)
4. If you’d like to test from the outside, you can use this test:
http://filippo.io/Heartbleed/
5. You’re done.. move on to the next server.
Related posts from Linux Brigade!
Globally disable directory listing on WHM/cPanel One of the things that WHM/cPanel servers have on by default is directory listing. This is something you don’t want – but it’s easy to fix!
1. Log into WHM
2. Apache Configuration […]- Block account from sending mail WHM/cPanel There may come a time when you’d like to block an account / domain on your WHM/cPanel server from being able to send mail. Here’s how you’d get it done!
We’re going to set up a […]
- Migrate WHM/cPanel from one server to a new one (script)! We’ve started a site to house a script that will migrate your full WHM/cPanel server to new hosting. This takes the new WHM/cPanel backup files and will restore them including system […]
Manually run ClamAV on cPanel and check every user If you’re running WHM/cpanel and want to run a scan on every user manually, perhaps when first installing ClamAV, you’ll want to run this command which is endorsed by cPanel […]
cPanel / CSF: Fix 500 internal server error or 404 for the CSF GUI I’ve run into this a couple times – where I’ll spin up a CentOS/cPanel machine, then run a cpupdate (/scripts/upcp) to get cpanel up to date. I’ll then go into the configserver firewall […]
