Why did you need to reboot? Kernel update? When I do kernel updates on CentOS they dont seem to require a reboot. I was able to update SSL, update the kernel and recompile apache without a reboot.

It is part of our standard process that when we update/apply fixes a routine reboot of the server is done (in addition to a number of cleanup tasks while we are at it). Our thought is that a package upgrade might run fine, but could cause an issue during a boot-up sequence and we would root such cause out by rebooting the server after applying patches (irrespective of the type of patch) - it will then be relatively easy to just roll back or re-image the current server image as a new template going forward.

With some package updates (where we have custom compiled code/drivers/modules), we would also recompile those modules to verify that patches did not introduce issues. It's true, you hardly ever have to reboot after an upgrade, but painful experiences in the past have taught me otherwise....
 
erm, what did I say?

You said kernel updates will not need a reboot if you're using DKMS.

Kernel module updates using DKMS won't need a reboot. Kernel updates will.
 
I'm glad I don't work for you or vice versa. You are far too imprecise in your language.
I'm getting out of this argument now (no further response to you). You said kernel updates require a reboot (implication: all kernel updates), I said not if you're using DKMS...
 
Coming back to the original topic - this is the recommendation from Symantec/Verisign for the cases where you use SSL on webservers:

- Update recent OpenSSL version (OpenSSL 1.0.1g) on server. (note that CentOS/RHEL for example report it as openssl-1.0.1e-16.el6_5.7 - see here https://bugzilla.redhat.com/show_bug.cgi?id=1084875)
- Delete all SSL key set from server.
- Generate new key set and reissued SSL.
- Install new SSL key

You should separately talk to your network engineers and hosting providers regarding network devices (such as firewalls, load balancers, caching servers) as there is a good chance that those devices (and ironically security appliances) will be affected by the same vulnerability.
 
Hello!
just wondering if ABSA, Standardbank etc are also vunerable? i.e. are they using the OpenSSL thing?
searched, didn't get much of an answer.
 
Top
Sign up to the MyBroadband newsletter
X