Processing Request...

OpenSSL Heartbleed Patch for CentOS

The following instructions should help you patch your Open SSL version if it is vulnerable to the Heartbleed Bug. Only applicable for a linux box running CentOS.

1) Check if your site is vulnerable

Click the following link, submit your site URL to see if it is vulnerable to the Heartbleed Bug.

If your server is vulnerable, continue.

2) SSH into your server

This assumes you are su, if not, you will have to add sudo before all commands.

3) Edit CentOS-Base.repo (with nano or vi)

In the file, /etc/yum.repos.d/CentOS-Base.repo you will uncomment the baseurl under [updates] and comment out the mirrorlist line.

Note: depending on where your server instance is hosted, the mirrorlist URL might differ, so DO NOT copy & paste code from this tutorial please.

nano /etc/yum.repos.d/CentOS-Base.repo

Look for this block in your Editor. Notice the mirrorlist(highlighted) is not commented out and the baseurl(highlighted) is commented out:

#released updates

[updates]

name=CentOS-$releasever - Updates

mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

failovermethod=priority

#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Remove the # from before baseurl and add it before mirrorlist as shown below:

#released updates

[updates]

name=CentOS-$releasever - Updates

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

failovermethod=priority

baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Save and exit the editor

4) Update OpenSSL via YUM

Clean YUM REPOS

yum clean all

Update OpenSSL

yum update openssl

5) Restart Apache, Revert REPO file then TEST

Restart httpd

/etc/rc.d/init.d/httpd restart

Revert your REPO changes back to their original state. From:

#released updates

[updates]

name=CentOS-$releasever - Updates

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

failovermethod=priority

baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Back To:

#released updates

[updates]

name=CentOS-$releasever - Updates

mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

failovermethod=priority

#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Save and exit the editor

Validate OpenSSL Patch

6) Re-Key any SSL certificates associated with this server

Please visit your service provider for instructions on how to Re-Key (that is not the purpose of this tutorial).

7) Please share this tutorial with anyone you know running CentOS!