Heartbleed, which specific services must be restarted?

Solution 1:

As a general rule when mitigating a major vulnerability in a library which is used by many programs: rebooting your server is the easiest way to ensure you've restarted every affected program, and that nothing is using the old (vulnerable) code.

You should not fear rebooting your systems (you should be doing it pretty regularly when you install patches anyway!) - regularly rebooting your servers means you can be confident they will come back up without a problem, and if you design your environment for proper fault tolerance a reboot does not mean an outage. (For that matter even if your environment ISN'T fault-tolerant, we're talking maybe 10 minutes - a tiny outage considering the scale of the security problem we're talking about with heartbleed...)


If for some reason you can't reboot you can use lsof to determine what programs are running which are using the OpenSSL library: sudo lsof -n | grep ssl

To find ones using the OLD (deleted) library, you can do sudo lsof -n | grep ssl | grep DEL.

Each affected program will need to be restarted using whatever procedure is appropriate for that program.