In this article, we will discuss the "Heartbleed" OpenSSL vulnerability, as well as how you can fix it on your unmanaged server.

About Heartbleed

Some open SSL libraries have a well-known and well-studied bug that got the name “Heartbleed”. There are three operating system templates provided below that may make your unmanaged server vulnerable:

·       CentOS 6.5

·       Debian 7 (Wheezy)

·       Ubuntu 12.04

To fix this vulnerability, you must update your server and restart any services that use the OpenSSL library. The most commonly affected services are web servers, SQL, and e-mail, though other services (such as Tor and OpenVPN) are also affected.

Fixing the vulnerability

Below we provide you guidelines for fixing the Heartbleed on operating system templates that are shown above.

CentOS 6.5

If you run an unmanaged server on this operating system, follow the steps below to get rid of the Heartbleed vulnerability:

·       Install the latest updates on the server.

·       Reboot the server or selectively restart any affected services:

§  Web servers:

To restart the Apache web server, type the following commands:

/etc/init.d/httpd stop

/etc/init.d/httpd start

To restart the Nginx web server, type the following commands:

/etc/init.d/nginx stop

/etc/init.d/nginx start

§  SQL Services:

To restart MySQL, type the following commands:

/etc/init.d/mysql stop

/etc/init.d/mysql start

To restart PostgreSQL, type the following commands:

/etc/init.d/pgsql stop

/etc/init.d/pgsql start

§  E-mail Services:

To restart Postfix, type the following commands:

/etc/init.d/postfix stop

/etc/init.d/postfix start

To restart Exim, type the following commands:

/etc/init.d/exim stop

/etc/init.d/exim start

·       Run the online test at http://filippo.io/Heartbleed to confirm that the server is no longer vulnerable.

Debian 7 and Ubuntu 12.04

In order to fix the HeartBleed vulnerability on Debian 7 (Wheezy) or Ubuntu 12.04 (Precise Pangolin), follow these steps:

·       Install the latest updates on the server. For detailed information about how to do this, please see this article.

·       Reboot the server or selectively restart any affected services:

§  Web servers:

       To restart the Apache web server, type the following commands:

service apache2 stop

service apache2 start

To restart the Nginx web server, type the following commands:

service nginx stop

service nginx start

§  SQL Services:

To restart MySQL, type the following commands:

service mysql stop

service mysql start

To restart PostgreSQL, type the following commands:

service postgresql stop

service postgresql start

§  E-mail Services:

To restart Postfix, type the following commands:

service postfix stop

service postfix start

To restart Exim, type the following commands:

service exim stop

service exim start

·       Run the online test at http://filippo.io/Heartbleed to confirm that the server is no longer vulnerable.