Protecting your Linux server from Heartbleed bug

System Administration

I have got at least 20 emails from different sources about OpenSSL vulnerability, known as Heartbleed bug

It allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. More details about this (how to reproduce and fix) can be found here.

To check if your server is vulnerable use this online tool.

heartbleed

At the end, in order to protect your server’s Linux OS you need to do this few steps:

  1. Login through SSL (you can use Putty from Windows) as root administrator
  2. Run “yum update” – this will update your OpenSSL
  3. You need now to restart restart all SSL-enabled services and the easiest way is to restart your server. Use “shutdown -r now
  4. After your server reboots itself, check if all is OK typing (use Putty again): “rpm -q –changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160” and you should get something like this “Mon Apr 12 2014 Tomaž Mraz <tmraz@redhat.com> 1.0.1e-16.7

I would like to thank Michael Photakis, Eric Delorme and Stephen Chaffins from the CPanel team for their excellent support.

Happy sleeping.