> Message: 23
> Date: Tue, 8 Apr 2014 07:08:30 -0400
> From: Steven Tardy <sjt5atra@xxxxxxxxx>
> Subject: Re: CVE-2014-0160 CentOS 6 openssl heartbleed
> workaround
> To: CentOS mailing list <centos@xxxxxxxxxx>
> Message-ID:
> <CAG2k2x9udVEty0BRS+pEj0Hy3Mrt5N7NeCfZZC1r9qyv0M=rvA@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Tue, Apr 8, 2014 at 2:56 AM, Keith Keller <
> kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > On 2014-04-08, Karanbir Singh <kbsingh@xxxxxxxxxx> wrote:
> > >
> > > Earlier in the day today, we were made aware of a serious
> > > issue in openssl as shipped in CentOS-6.5 ( including updates issued
> > > since CentOS-6.5 was released ); This issue is addressed in detail at
> > > http://heartbleed.com/
> >
> > is there an easy way to know which services need to be kicked?
> >
>
>
> rpm -q --whatrequires openssl
>
That should work, in theory.
On one of my machines:
# rpm -q --whatrequires openssl
postfix-2.6.6-2.2.el6_1.x86_64
openssl-devel-1.0.1e-16.el6_5.7.x86_64
#
Then try:
# yum remove openssl 2>&1 | grep 'will be erased' | wc -l
421
#
I use this (crude) script to find what processes have files open from an rpm:
----------------------------------------------------------------------
#! /bin/bash -p
if [[ "$(whoami)" != "root" ]]; then
echo "$0: must be root" >&2
exit 1
fi
if [[ -z "$1" ]]; then
echo "usage: $0 rpm..." >&2
exit 1
fi
tmpfile=$(mktemp) || {
echo "$0: couldn't create temporary file" >&2
exit 1
}
trap "rm -f $tmpfile" EXIT
for rpm in $*; do
if ! rpm -q "$rpm" >/dev/null 2>&1; then
echo "$0: no such rpm $1" >&2
exit 1
fi
rpm -ql "$rpm" >> $tmpfile
done
fgrep -f $tmpfile /proc/*/maps | awk -F/ '{print $3}' | sort -u | while read pid; do
echo "$(ls -l /proc/$pid/exe | awk '{print $NF}') ($pid) ($(tr '\0' ' ' < /proc/$pid/cmdline))"
done | sort -u
----------------------------------------------------------------------
# ./processes-that-use-files-from-an-rpm openssl
/usr/bin/python (13146) (/usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x )
/usr/libexec/mysqld (1626) (/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock )
/usr/sbin/certmonger (1776) (/usr/sbin/certmonger -S -p /var/run/certmonger.pid )
/usr/sbin/httpd (1709) (/usr/sbin/httpd )
/usr/sbin/httpd (20152) (/usr/sbin/httpd )
/usr/sbin/httpd (20153) (/usr/sbin/httpd )
/usr/sbin/httpd (20154) (/usr/sbin/httpd )
/usr/sbin/httpd (20155) (/usr/sbin/httpd )
/usr/sbin/httpd (20156) (/usr/sbin/httpd )
/usr/sbin/httpd (20157) (/usr/sbin/httpd )
/usr/sbin/httpd (20158) (/usr/sbin/httpd )
/usr/sbin/httpd (20159) (/usr/sbin/httpd )
/usr/sbin/httpd (20160) (/usr/sbin/httpd )
/usr/sbin/ntpd (1484) (ntpd -u ntp:ntp -p /var/run/ntpd.pid -g )
/usr/sbin/sendmail.sendmail (1667) (sendmail: accepting connections)
/usr/sbin/sendmail.sendmail (1678) (sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue)
/usr/sbin/sshd (1456) (/usr/sbin/sshd )
/usr/sbin/sshd (28396) (sshd: root@pts/0 )
#
And depending on this output I restart the services mentioned, or if there are to many, reboot the box :-)
Regards,
Peter van Hooft
Philips Research
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
