VPS 및 전용 서버(호스팅 컨트롤 센터) 도움말

Securing Your Server Against the Heartbleed Vulnerability

Due to a major security flaw in OpenSSL, you should update your server to the newest version of the software. The following versions of OpenSSL are affected:

  • 0.9.8
  • 1.0.0
  • 1.0.1 through 1.0.1f

Note: Only customers using dedicated and virtual private servers need to complete the steps listed in this article steps. These steps do not apply to Ubuntu-based servers, however.

To check your server's version of OpenSSL, run the following command:

rpm -qa openssl

If you're affected, you need to complete the following steps to update your version of OpenSSL and secure your server.

To Secure Your Server Against the Heartbleed Vulnerability

  1. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  2. Clean the yum repositories on the server by running the following command:
    yum clean all
  3. Update OpenSSL on the server by running the following command:
    yum update openssl
    This installs version openssl-1.0.1e-16.el6_5.7.
  4. Confirm the update was installed successfully by running the following command:
    openssl version -a
    The output will display the following:
    'built on: Tue Apr 8 02:39:29 UTC 2014'
    Additionally the fix can be confirmed that it is in place by running the following command:
    rpm -q --changelog openssl | head
    The first few lines will show the following:
    'fix CVE-2014-0160 - information disclosure in TLS heartbeat extension'
  5. Restart Apache or any other web server which is currently installed on the server, this will allow the new version of Open SSL to be used.
  6. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines to revert it to the original version:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  7. Re-key any SSLs your server uses. If you use our SSLs, you can find those instructions in Rekey certificate.

이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.