Fixing the Heartbleed vulnerability on CentOS
While the popular media have jumped on the Heartbleed Bug as if the sky were falling causing mass panic, it is actually quick and easy to fix for us CentOS users.
The Fix
Red Hat released a patched version of OpenSSL on 8th April and it has already filtered down to the CentOS updates repository, so all you need to do is:
[user@localhost ~]$ sudo yum update openssl
[user@localhost ~]$ sudo service httpd restart
Check you've installed openssl-1.0.1e-16.el6 (or a more recent one) and restart any other processes that use OpenSSL under the hood.
Post-Fix Security Recommendations
Now you've fixed that, you should consider replacing your SSL certificate and resetting any of your (or your users) passwords as a precautionary measure -- the chances they've been compromised are vanishingly small, but they are not zero!
Related Posts
Brute force password attacks on Linux over SSH
This is one of the main reasons I hate running SSH on the standard port numbers, every day I get log-alerts like these.
What Not to Do When You've Installed sshdfilter
A cautionary tale about sshdfilter blocking localhost (127.0.0.1) and breaking core system services due to lack of trusted address exceptions
A brief history of Red Hat, Fedora and CentOS
Confused by Red Hat's Linux ecosystem? Learn how RHEL, Fedora, and CentOS evolved from one distribution into three distinct solutions for different needs.