OpenSSL

I want to know if I have an OppenSSL  shared object on my linux system

What is the precise name (and hopefully file size) of the .so I need to detect is on my system?
Anthony LuciaAsked:
Who is Participating?
 
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Which linux distro?
For redhat, fedora, centos:
rpm -qa |grep -i openssl

OpenSSL is by default installed on most distro's, but the non-affected version of heart-bleed is 1.0.1g and above. http://en.wikipedia.org/wiki/Heartbleed_bug#Affected_OpenSSL_installations

I love points, but a lot of the questions you have can be answered by a few google searches, I'm glad you trust experts, but I bet quite a few of the questions can be solved with a few more searches perhaps.
-rich
0
 
Anthony LuciaAuthor Commented:
I did the following:

rpm -qa |grep -i openssl
pyOpenSSL-0.10-2.el6.x86_64
openssl-1.0.1e-16.el6_5.x86_64

So this looks like I am sfe, and I have a non-affected version

But after doing searches, I still do not know what the actual .so name of the shared object is.

Does any one know what the share object of OpenSSL is named ?
0
 
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
you actually want to use ql with rpm instead of qa
qa will just show the package name while ql will show the associated files

rpm -ql | grep -i openssl

Open in new window

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Seth SimmonsSr. Systems AdministratorCommented:
So this looks like I am sfe, and I have a non-affected version

the version you have is e which is affected
0
 
Anthony LuciaAuthor Commented:
Does any one know what the name of the share object of OpenSSL, or since it was installed with RPM, does this meant that there will not be a shared object
0
 
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
look at the command options with rpm i posted before
it will list the files associated with the package(s)
on a RHEL 6.2 system i have here i see .so files in /usr/lib64/openssl/engines
0
 
Rich RumbleSecurity SamuraiCommented:
You need to upgrade, "e" is lower than G so it was/is affected. upgrading to G (yum update openssl) should take care of it. But if not, you can find many RPM's for your distro, which I still don't know (redhat? CentOS? Fedora? other?)
The EL rpm's I think are RedHat/CentOS, so try updating using YUM

or manually compile:
cd /usr/src
wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz -O openssl-1.0.1g.tar.gz

tar -zxf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
./config
make
make test
make install

openssl version

If it shows old version do the steps below.

mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Open in new window

Some other tips here from redhat too
https://access.redhat.com/site/solutions/781793
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.