Centos 6.5 heartbleed patch fix update

admin / April 9, 2014 / Uncategorized / Permalink

This OPENSSL heartbleed HOW TO documents the steps to install the openSSL heartbleed PATCH,

heartbeed patch centos linux

and then using openSSL commands the admin can verify the CentOS 6.5 openSSL heartbleed fix was installed correctly!

HOW TO PATCH: The commands used for patching assume your using sudo in front of each command or are running as the root# user

Run yum update on openssl –> command –>

yum update openssl

REBOOT SERVER – you can get away with only restarting services… its Linux. However, a full reboot will ensure all services have restarted. *Grab a coffee and take the 4min downtime to reboot!To verify CentOS 6.5 OpenSSL PATCH was installed correctly!

Now that you have rebooted…Does your CentOS server have the heartbleed SSL update ? Check/ verify update of openssl by command ?? This also to verify a cloud hosting provider installed the patch.

rpm -q --changelog openssl | grep CVE-2014-0160

If your server says –

# - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Your good!! On first part

Check part 2:

 Yum info openssl

You want to see the below –

Installed Packages
 Name : openssl
 Arch : x86_64
 Version : 1.0.1e
 Release : 16.el6_5.4
 Size : 4.0 M
 Repo : installed

If the above Installed packages is shown your good on the 2nd part!

Check openssl by command part 3 :

 openssl version –a

If your server says the bleow you are good the patch has already been applied:

OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 02:39:29 UTC 2014

(Additionally… MAKE SURE the second part on “built on: date above”shows that it is a date of Tue Apr 8 02:39:29 UTC 2014 or more a more current date)

? IS MY SITE SAFE? SITE TO TEST remotely

http://filippo.io/Heartbleed/

Regarding the reboot.

Yes, I know this is Linux and you can just bounce individuals services. However, it is somewhat safer and ensures that no lingering services sill have hold of older openSSL items. I say take the 10 min downtime to bounce entire server so that you know good an well the openssl heartbleed patch is installed and safe!