Important Links:
Full explanation of the HeartBleed Bug
Vulnerability Checker Tool
The Passwords You Need To Change
The Heartbleed vulnerability affects CentOS 6 servers with an OpenSSL version less than 1.0.1e-16.el6_5.7.
You can check the version number in SSH as follows:
root@server.hostname.com: ~
# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.7.x86_64
openssl-devel-1.0.1e-16.el6_5.7.x86_64
If a server is reported as vulnerable via the Checker Tool, you will need to run:
yum -y update openssl
Then restart all services:
/scripts/restartsrv http;
/scripts/restartsrv ftp;
/scripts/restartsrv exim;
/scripts/restartsrv imap;
service cpanel restart;
A quick restart of each service will ensure the updated OpenSSL library is loaded into memory. Without restarting these processes it is possible that the old library will still be in use and thus remain vulnerable.
After performing the fix noted above, verify that the issue has been resolved with the vulnerability checker.
After resolving the issue, as a safety precaution, you should generate a new CSR for your SSL certificates to get them reissued. Per the article linked at the top, any SSL that was compromised while the vulnerability was active is still subject to attack even after the fix. You should speak to the issuer of your SSL certificate to get the new certificate. There is an installation process noted for WHM and cPanel on this site for your convenience.
I’m just going to leave this link here…. seems like a lot better test than the one linked above… just saying…
https://www.ssllabs.com/ssltest/analyze.html?d=core.hostdime.com
great I changed it.
Glad I could help with that. There was a second link to the checker tool before the cli update command. Maybe you want to update that one too for consistency?