Skip to main content

heartbleed centOS6.5

Wondering if NSA already knew about heartbleed and was cracking google and FB and other servers so far.

now that its out people are rushing to fix it and we are also.

I saw a great into to heartbleed at http://vimeo.com/91425662

so if you run this it would tell you what version of openssl nginx is using
ldd `which nginx` | grep ssl
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6d0c0cf000) 

and now if you do this it would tell you if you are vulnerable 
strings /usr/lib64/libssl.so.10 | grep "^OpenSSL "
OpenSSL 1.0.1e-fips 11 Feb 2013

if you have anything between 1.0.1. and 1.0.1f you are vulnerable, perconna guys have a nice post on same http://www.mysqlperformanceblog.com/2014/04/08/openssl-heartbleed-cve-2014-0160/

CentOS has released patch to current stable release and to fix all you need to do is update centOS or recompile nginx and disable heartbleed.

to update centOS  run "sudo yum update openssl" and restart services using openssl like nginx,mysql,apache.

 to verify if its fixed run 

 http://possible.lv/tools/hb/?domain=uat.xyz.com
http://filippo.io/Heartbleed/#qa.xyz.com

Comments

  1. Good video, even for non tech folks. BTW I also like this comic: Heartbleed Explanation
    http://xkcd.com/1354/

    ReplyDelete

Post a Comment

Popular posts from this blog

RabbitMQ java clients for beginners

Here is a sample of a consumer and producer example for RabbitMQ. The steps are
Download ErlangDownload Rabbit MQ ServerDownload Rabbit MQ Java client jarsCompile and run the below two class and you are done.
This sample create a Durable Exchange, Queue and a Message. You will have to start the consumer first before you start the for the first time.

For more information on AMQP, Exchanges, Queues, read this excellent tutorial
http://blogs.digitar.com/jjww/2009/01/rabbits-and-warrens/

+++++++++++++++++RabbitMQProducer.java+++++++++++++++++++++++++++
import com.rabbitmq.client.Connection; import com.rabbitmq.client.Channel; import com.rabbitmq.client.*; public class RabbitMQProducer { public static void main(String []args) throws Exception { ConnectionFactory factory = new ConnectionFactory(); factory.setUsername("guest"); factory.setPassword("guest"); factory.setVirtualHost("/"); factory.setHost("127.0.0.1"); factory.setPort(5672); Conne…
22 comments
Read more

Logging to Graphite monitoring tool from java

We use Graphite as a tool for monitoring some stats and watch trends. A requirement is to monitor impact of new releases as build is deployed to app nodes to see if things like
1) Has the memcache usage increased.
2) Has the no of Java exceptions went up.
3) Is the app using more tomcat threads.
Here is a screenshot

We changed the installer to log a deploy event when a new build is deployed. I wrote a simple spring bean to log graphite events using java. Logging to graphite is easy, all you need to do is open a socket and send lines of events.
import org.slf4j.Logger;import org.slf4j.LoggerFactory; import java.io.OutputStreamWriter; import java.io.Writer; import java.net.Socket; import java.util.HashMap; import java.util.Map; public class GraphiteLogger { private static final Logger logger = LoggerFactory.getLogger(GraphiteLogger.class); private String graphiteHost; private int graphitePort; public String getGraphiteHost() { return graphiteHost; } public void setGraphite…
8 comments
Read more

What a rocky start to labor day weekend

Woke up by earthquake at 7:00 AM in morning and then couldn't get to sleep. I took a bath, made my tea and started checking emails and saw that after last night deployment three storage node out of 100s of nodes were running into Full GC. What was special about the 3 nodes was that each one was in a different Data centre but it was named same app02.  This got me curious I asked the node to be taken out of rotation and take a heap dump.  Yesterday night a new release has happened and I had upgraded spymemcached library version as new relic now natively supports instrumentation on it so it was a suspect. And the hunch was a bullseye, the heap dump clearly showed it taking 1.3G and full GCs were taking 6 sec but not claiming anything.



I have a quartz job in each jvm that takes a thread dump every 5 minutes and saves last 300 of them, checking few of them quickly showed a common thread among all 3 data centres. It seems there was a long running job that was trying to replicate pending…
Post a Comment
Read more