Apr 10

Fixing CentOS 6 Linux Systems from HeartBleed

Fixing “HeartBleed” on CentOS 6 Servers

 

Some of the on-line “tests” I have seen are not really testing to see if a particular site is vulnerable. Many seem to just look at the server version text, which can be changed to say anything you want. I used to recompile apache and put strange messages in there, just to be funny. This site, however actually launches an “attack”, which would most certainly tell you if your site is vulnerable or not:

http://filippo.io/Heartbleed/

I really can’t recommend any of the other ones, as I patched all my sites, and they were showing as a false positive. Just looking at a version number isn’t going to give you the correct answer. Launching an “attack” and seeing how your site really responds is the proper method of testing.

Here’s what I did on any public facing CentOS 6.5 server:

yum clean all && yum update "openssl*"

Then, to find out which services are compiled against the OpenSSL library:

lsof -n | grep ssl | grep DEL

Some common services:

Apache (httpd) OpenSSH (sshd) Sendmail (sendmail) Exim (exim) ProFTPd (proftpd) Pure-FTPd (pure-ftpd)

Double check and make sure your OpenSSL has been patched with this:

rpm -q --changelog openssl | grep -B 1 CVE-2014-0160

It should respond with something similar to this:

* Mon Apr 07 2014 Tomáš Mráz 1.0.1e-16.7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

You should also generate new SSH keys, and restart SSHd, as those are usually created on firstboot:

# rm -f /etc/ssh/ssh_host*key*; /etc/init.d/sshd restart

After all this is done, change your passwords to be extra safe.

Short URL: http://goo.gl/J3NlOU
Mar 16

The Top 100 Healthcare systems in the World

Source: http://thepatientfactor.com/canadian-health-care-information/world-health-organizations-ranking-of-the-worlds-health-systems/

So we are right up (or down) there with Slovenia and Cuba!

World Health Organization Ranking; The World’s Health Systems

1 France
2 Italy
3 San Marino
4 Andorra
5 Malta
6 Singapore
7 Spain
8 Oman
9 Austria
10 Japan
11 Norway
12 Portugal
13 Monaco
14 Greece
15 Iceland
16 Luxembourg
17 Netherlands
18 United Kingdom
19 Ireland
20 Switzerland
21 Belgium
22 Colombia
23 Sweden
24 Cyprus
25 Germany
26 Saudi Arabia
27 United Arab Emirates
28 Israel
29 Morocco
30 Canada
31 Finland
32 Australia
33 Chile
34 Denmark
35 Dominica
36 Costa Rica
37 USA
38 Slovenia
39 Cuba
40 Brunei
41 New Zealand
42 Bahrain
43 Croatia
44 Qatar
45 Kuwait
46 Barbados
47 Thailand
48 Czech Republic
49 Malaysia
50 Poland
51 Dominican Republic
52 Tunisia
53 Jamaica
54 Venezuela
55 Albania
56 Seychelles
57 Paraguay
58 South Korea
59 Senegal
60 Philippines
61 Mexico
62 Slovakia
63 Egypt
64 Kazakhstan 65 Uruguay
66 Hungary
67 Trinidad and Tobago
68 Saint Lucia
69 Belize
70 Turkey
71 Nicaragua
72 Belarus
73 Lithuania
74 Saint Vincent and the Grenadines
75 Argentina
76 Sri Lanka
77 Estonia
78 Guatemala
79 Ukraine
80 Solomon Islands
81 Algeria
82 Palau
83 Jordan
84 Mauritius
85 Grenada
86 Antigua and Barbuda
87 Libya
88 Bangladesh
89 Macedonia
90 Bosnia-Herzegovina
91 Lebanon
92 Indonesia
93 Iran
94 Bahamas
95 Panama
96 Fiji
97 Benin
98 Nauru
99 Romania
100 Saint Kitts and Nevis

Short URL: http://goo.gl/daovPn