Centos 6.5 heartbleed patch fix update

This OPENSSL heartbleed HOW TO documents the steps to install the openSSL heartbleed PATCH,

heartbeed patch centos linux

heartbeed patch centos linux

and then using openSSL commands the admin can verify the CentOS  6.5  openSSL heartbleed fix was installed correctly! 

 HOW TO PATCH: The commands used for patching assume your using sudo in front of each command or are running as the root# user

Run yum update on openssl –> command –>

yum update openssl

REBOOT SERVER – you can get away with only restarting services… its Linux. However,  a full reboot will ensure all services have restarted. *Grab a coffee and take the 4min downtime to reboot!To verify CentOS  6.5  OpenSSL PATCH was installed correctly! 

Now that you have rebooted…Does your CentOS server have the heartbleed SSL update ? Check/ verify update of openssl by command  ?? This also to verify a cloud hosting provider installed the patch.  

rpm -q --changelog openssl | grep CVE-2014-0160

If your server says

# - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Your good!! On first part

Check part 2:

 Yum info openssl 

You want to see the below –

Installed Packages
 Name : openssl
 Arch : x86_64
 Version : 1.0.1e
 Release : 16.el6_5.4
 Size : 4.0 M
 Repo : installed

 If the above  Installed packages is shown your good on the 2nd part! 

Check openssl by command part 3 :

 openssl version –a 

If your server says the bleow you are good the patch has already been applied:

OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 02:39:29 UTC 2014
 

  (Additionally… MAKE SURE the second part on “built on: date above”shows that it is a date of Tue Apr 8 02:39:29 UTC 2014 or more a more current date)

? IS MY SITE SAFE? SITE TO TEST remotely

http://filippo.io/Heartbleed/

  Regarding the reboot. 

Yes, I know this is Linux and you can just bounce individuals services. However, it is somewhat safer and ensures that no lingering services sill have hold of older openSSL items. I say take the 10 min downtime to bounce entire server  so that you know good an well the openssl heartbleed patch is installed and safe!

share with friends

Share to Google Buzz
Share to Google Plus
Share to LiveJournal
Share to Odnoklassniki

2 Responses to Centos 6.5 heartbleed patch fix update

  1. op April 14, 2014 at 2:02 am #

    thanks!

    • admin April 16, 2014 at 10:47 pm #

      Glad I was able to help! 🙂

Leave a Reply