This OPENSSL heartbleed HOW TO documents the steps to install the openSSL heartbleed PATCH,
and then using openSSL commands the admin can verify the CentOS 6.5 openSSL heartbleed fix was installed correctly!
HOW TO PATCH: The commands used for patching assume your using sudo in front of each command or are running as the root# user
Run yum update on openssl –> command –>
yum update openssl
REBOOT SERVER – you can get away with only restarting services… its Linux. However, a full reboot will ensure all services have restarted. *Grab a coffee and take the 4min downtime to reboot!To verify CentOS 6.5 OpenSSL PATCH was installed correctly!
Now that you have rebooted…Does your CentOS server have the heartbleed SSL update ? Check/ verify update of openssl by command ?? This also to verify a cloud hosting provider installed the patch.
rpm -q --changelog openssl | grep CVE-2014-0160
If your server says –
# - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
Your good!! On first part
Check part 2:
Yum info openssl
You want to see the below –
Installed Packages Name : openssl Arch : x86_64 Version : 1.0.1e Release : 16.el6_5.4 Size : 4.0 M Repo : installed
If the above Installed packages is shown your good on the 2nd part!
Check openssl by command part 3 :
openssl version –a
If your server says the bleow you are good the patch has already been applied:
OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Tue Apr 8 02:39:29 UTC 2014
(Additionally… MAKE SURE the second part on “built on: date above”shows that it is a date of Tue Apr 8 02:39:29 UTC 2014 or more a more current date)
? IS MY SITE SAFE? SITE TO TEST remotely
Regarding the reboot.
Yes, I know this is Linux and you can just bounce individuals services. However, it is somewhat safer and ensures that no lingering services sill have hold of older openSSL items. I say take the 10 min downtime to bounce entire server so that you know good an well the openssl heartbleed patch is installed and safe!