SlideShare a Scribd company logo

How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu

Download as PPTX, PDF
VEXXHOST Private Cloud
VEXXHOST Private Cloud

Presented by VEXXHOST, provider of OpenStack based public and Private Cloud Infrastructure

Software
1 of 6
HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • An extremely critical security issue was recently discovered in OpenSSL. • It has been found affecting versions 1.0.1 through 1.0.1f. • All CentOS 6.5 versions are packaged with OpenSSL 1.0.1e-15 are all vulnerable to this bug. • Note that older stable CentOS versions are not vulnerable to this bug. • All Ubuntu versions since Ubuntu 12.04. This bug even got its own name, “heartbleed”.
HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. • This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. • SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). • The Heartbleed bug allows anyone on the Internet to read and “steal” 64k of memory of the systems protected by the vulnerable versions of the OpenSSL software. • This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. • This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • Fixing it is relatively simple now that most Linux distributions have pushed out changes to their repositories containing a fixed version of OpenSSL. • In order to patch this vulnerability, affected users should update to the latest OpenSSL version. So, the update should be as easy as: **Fedora/CentOS** # yum clean all # yum check-update # yum update **Ubuntu/Debian** # sudo apt-get update # sudo apt-get upgrade openssl
HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • If all went without errors, that’s it. Now, let’s make sure that we are running the version without security issues. **Fedora/CentOS** # rpm -qa | grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.7.x86_64 **Ubuntu/Debian** # openssl version OpenSSL 1.0.1 14 Mar 2012 • Now, after we made sure we are using the latest version, we need to regenerate your certificate using a new private key. • This process is standard, first, we should create a certificate signing request, create a new key and then create the certificate itself (if we are using our own certificates, or send CSR to certificate authority issuer to create the new certificate). • Then, replace the old certificate and start using the new ones.
HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • The next step is to make sure that we restart all the services that are using SSL certificates. For example, if we have apache webserver we should execute: **Fedora/CentOS** # /etc/init.d/httpd restart **Ubuntu/Debian** # sudo service apache2 restart • We should do that same for any other webserver or any other service that we use (Nginx, vsftpd, MySQL etc). Now we can sit back and relax. We are protected from the Heartbleed bug.

Recommended

Juniper heartbleed bug
Juniper heartbleed bugJuniper heartbleed bug
Juniper heartbleed bugKappa Data
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Downloads
DownloadsDownloads
Downloadsenergetictongue26
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Apache web-server-security
Apache web-server-securityApache web-server-security
Apache web-server-securityAndrew Carr
 
6 th
6 th6 th
6 thErm78
 
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)Mustafa AL-Timemmie
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 

Recommended

Juniper heartbleed bug
Juniper heartbleed bugJuniper heartbleed bug
Juniper heartbleed bugKappa Data
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Downloads
DownloadsDownloads
Downloadsenergetictongue26
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Apache web-server-security
Apache web-server-securityApache web-server-security
Apache web-server-securityAndrew Carr
 
6 th
6 th6 th
6 thErm78
 
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)
Guide to open suse 13.2 by mustafa rasheed abass & abdullah t. tua'ama (update)Mustafa AL-Timemmie
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationPankaj Rane
 
nessus
nessusnessus
nessusMuhammad Yasin
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Azbox me
Azbox meAzbox me
Azbox meTELE-audiovision eng
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentationMatt Willsher
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use caseVietnam Open Infrastructure User Group
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Bpce livraison
Bpce livraisonBpce livraison
Bpce livraisonAlexandre SEBBANE
 
Inptools Manual
Inptools ManualInptools Manual
Inptools ManualMawar 99
 
Heartbleed
HeartbleedHeartbleed
HeartbleedPunit Goswami
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
Linux field-update-2015
Linux field-update-2015Linux field-update-2015
Linux field-update-2015Chris Simmonds
 
Howto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian WheezyHowto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian WheezyopenQRM Enterprise GmbH
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux serversJuan Carlos Pérez Pardo
 
How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04VEXXHOST Private Cloud
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptxVEXXHOST Private Cloud
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuVEXXHOST Private Cloud
 

More Related Content

Similar to How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu

How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationPankaj Rane
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentationMatt Willsher
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Inptools Manual
Inptools ManualInptools Manual
Inptools ManualMawar 99
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
Linux field-update-2015
Linux field-update-2015Linux field-update-2015
Linux field-update-2015Chris Simmonds
 
Howto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian WheezyHowto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian WheezyopenQRM Enterprise GmbH
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 
How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04VEXXHOST Private Cloud
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 

Similar to How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu (20)

How to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstrationHow to exploit heartbleed vulnerability demonstration
How to exploit heartbleed vulnerability demonstration
 
nessus
nessusnessus
nessus
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pc
 
Azbox me
Azbox meAzbox me
Azbox me
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentation
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use case
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
 
Novell Open Enterprise Server Architecture
Novell Open Enterprise Server ArchitectureNovell Open Enterprise Server Architecture
Novell Open Enterprise Server Architecture
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Bpce livraison
Bpce livraisonBpce livraison
Bpce livraison
 
Inptools Manual
Inptools ManualInptools Manual
Inptools Manual
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1
 
Linux field-update-2015
Linux field-update-2015Linux field-update-2015
Linux field-update-2015
 
Howto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian WheezyHowto: Install openQRM 5.1 on Debian Wheezy
Howto: Install openQRM 5.1 on Debian Wheezy
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptx
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux servers
 
How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04How to setup OpenVPN Server and Client on Ubuntu 14.04
How to setup OpenVPN Server and Client on Ubuntu 14.04
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
 

More from VEXXHOST Private Cloud

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptxVEXXHOST Private Cloud
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuVEXXHOST Private Cloud
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSVEXXHOST Private Cloud
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuVEXXHOST Private Cloud
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04VEXXHOST Private Cloud
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuVEXXHOST Private Cloud
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureVEXXHOST Private Cloud
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04VEXXHOST Private Cloud
 
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...VEXXHOST Private Cloud
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 

More from VEXXHOST Private Cloud (16)

10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx10 Essential Laravel 4 Packages Everyone Should Use.pptx
10 Essential Laravel 4 Packages Everyone Should Use.pptx
 
How To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on UbuntuHow To Install Rails & Nginx with Passenger on Ubuntu
How To Install Rails & Nginx with Passenger on Ubuntu
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
How to Add Swap on Ubuntu
How to Add Swap on UbuntuHow to Add Swap on Ubuntu
How to Add Swap on Ubuntu
 
Getting Started with MEAN Stack
Getting Started with MEAN StackGetting Started with MEAN Stack
Getting Started with MEAN Stack
 
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOSHow To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
How To Securely Set Up Shipyard 2.0.10 with TLS on CoreOS
 
Fixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx ErrorsFixing 403 Forbidden Nginx Errors
Fixing 403 Forbidden Nginx Errors
 
WordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTSWordPress App on Ubuntu 14.04 LTS
WordPress App on Ubuntu 14.04 LTS
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
 
How To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on UbuntuHow To Install Ruby on Rails on Ubuntu
How To Install Ruby on Rails on Ubuntu
 
How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04How To Run Nginx in a Docker Container on Ubuntu 16.04
How To Run Nginx in a Docker Container on Ubuntu 16.04
 
How To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on UbuntuHow To Install & Configure Varnish with Apache on Ubuntu
How To Install & Configure Varnish with Apache on Ubuntu
 
CentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade ProcedureCentOS 6 to CentOS 7 Upgrade Procedure
CentOS 6 to CentOS 7 Upgrade Procedure
 
How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04How To Deploy a Clojure Web Application on Ubuntu 14.04
How To Deploy a Clojure Web Application on Ubuntu 14.04
 
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
How To Setup Highly Available Web Servers with Keepalived & Floating IPs on U...
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub Clone
 

Recently uploaded

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 

Recently uploaded (20)

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 

How To Mitigate & Fix OpenSSL Heartbeat on CentOS or Ubuntu

  • 1.
  • 2. HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • An extremely critical security issue was recently discovered in OpenSSL. • It has been found affecting versions 1.0.1 through 1.0.1f. • All CentOS 6.5 versions are packaged with OpenSSL 1.0.1e-15 are all vulnerable to this bug. • Note that older stable CentOS versions are not vulnerable to this bug. • All Ubuntu versions since Ubuntu 12.04. This bug even got its own name, “heartbleed”.
  • 3. HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. • This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. • SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). • The Heartbleed bug allows anyone on the Internet to read and “steal” 64k of memory of the systems protected by the vulnerable versions of the OpenSSL software. • This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. • This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • 4. HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • Fixing it is relatively simple now that most Linux distributions have pushed out changes to their repositories containing a fixed version of OpenSSL. • In order to patch this vulnerability, affected users should update to the latest OpenSSL version. So, the update should be as easy as: **Fedora/CentOS** # yum clean all # yum check-update # yum update **Ubuntu/Debian** # sudo apt-get update # sudo apt-get upgrade openssl
  • 5. HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • If all went without errors, that’s it. Now, let’s make sure that we are running the version without security issues. **Fedora/CentOS** # rpm -qa | grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 openssl-devel-1.0.1e-16.el6_5.7.x86_64 **Ubuntu/Debian** # openssl version OpenSSL 1.0.1 14 Mar 2012 • Now, after we made sure we are using the latest version, we need to regenerate your certificate using a new private key. • This process is standard, first, we should create a certificate signing request, create a new key and then create the certificate itself (if we are using our own certificates, or send CSR to certificate authority issuer to create the new certificate). • Then, replace the old certificate and start using the new ones.
  • 6. HOW TO MITIGATE & FIX OPENSSL HEARTBEAT ON CENTOS OR UBUNTU • The next step is to make sure that we restart all the services that are using SSL certificates. For example, if we have apache webserver we should execute: **Fedora/CentOS** # /etc/init.d/httpd restart **Ubuntu/Debian** # sudo service apache2 restart • We should do that same for any other webserver or any other service that we use (Nginx, vsftpd, MySQL etc). Now we can sit back and relax. We are protected from the Heartbleed bug.