Saturday, October 14, 2017

apache 2.2 - Heartbleed, which specific services must be restarted?

Trying to figure out exactly what services should be restarted after patching openssl against Heartbleed. At least one post mentions restarting:




sshd, apache, nginx, postfix, dovecot, courier, pure-ftpd, bind, mysql






  • Is there a command that can be run to see what running services are
    dependent on openssl?

  • Is there a command to run against apache/nginx to see if the patch is active so the service doesn't need to be restarted?

  • Should we just schedule downtime and reboot
    every server entirely?




EDIT: This post suggests using: lsof -n | grep ssl | grep DEL to display processes still using the old version of OpenSSL marked for deletion

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...