Openssl升级与系统加载libssl仍为旧版本问题


When you update OpenSSL, the software that currently has the ssl libraries loaded in memory do not automatically load the updated libraries. A full system reboot resolves that problem, but sometimes that is not possible. This command shows you all the software that has loaded the libraries, allowing you to restart only those services. If you don't restart or reload after an update, the software might still be vulnerable to issues that the update fixed.

Make sure you have the lsof command installed. Your package manager probably has this package.

Using the following command you get a list of services currently using libssl:

lsof | grep libssl | awk '{print $1}' | sort | uniq

On a Directadmin shared hosting server this is the output:

directadm
exim
httpd
imap-logi
managesie
nrpe
php
pop3-logi
pure-ftpd
spamd

Not all the filenames are complete but you can fill those in. If you leave out the last part of the command you can also see which specific library is in use:

lsof | grep libssl

Example output:

imap-logi   449   dovecot  mem       REG              202,1    539869      85375 /usr/lib64/libssl.so.1.0.0
httpd       876    apache  mem       REG              202,1    539869      85375 /usr/lib64/libssl.so.1.0.0  
[...]
spamd     13513      root  mem       REG              202,1    444168      85398 /usr/lib64/libssl.so.1.0.1e

Here you can see some services using a different library, those still need a restart.

Update. Tzu sent me an email with his command to find all updated libraries and services using the old ones:

lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值