Heartbleed, which specific services must be restarted?

nginx apache-2.2 openssl heartbleed

Solution 1:

As a general rule when mitigating a major vulnerability in a library which is used by many programs: rebooting your server is the easiest way to ensure you've restarted every affected program, and that nothing is using the old (vulnerable) code.

You should not fear rebooting your systems (you should be doing it pretty regularly when you install patches anyway!) - regularly rebooting your servers means you can be confident they will come back up without a problem, and if you design your environment for proper fault tolerance a reboot does not mean an outage. (For that matter even if your environment ISN'T fault-tolerant, we're talking maybe 10 minutes - a tiny outage considering the scale of the security problem we're talking about with heartbleed...)

If for some reason you can't reboot you can use lsof to determine what programs are running which are using the OpenSSL library: sudo lsof -n | grep ssl

To find ones using the OLD (deleted) library, you can do sudo lsof -n | grep ssl | grep DEL.

Each affected program will need to be restarted using whatever procedure is appropriate for that program.

Related

What part of Solaris version string IDs the update?
Why are domain names occasionally inaccessible?
Setting up Linux iptables for FTP PASV mode connections
RHEL 6.2 hangs at startup screen after forced reboot
Windows 10 AAD Azure ad domain joined & SMB share
How to check the result of a script with monit?
VMWare ESXi and Hyperthreading
Determine nginx reverse-proxy load limits
troubling anonymous Logon events in Windows Security event log
Does splitting out Data, Logs, and TempDB matter using a SAN with SQL 2008
Why does apache log requests to GET http://www.google.com with code 200?
php-fpm php_network_getaddresses calls randomly start failing with bad udp cksum