OpenSSL Heartbleed bug fix for RedHat and CentOS systems

RedHat has released an updated OpenSSL package to fix the Heartbleed bug in RedHat/CentOS 6.x systems. This bug does not affect RedHat/CentOS 5.x systems.

You can read about this release here.

First, you should clean Yum to ensure that you are receiving the latest updates
yum clean all

Install the new OpenSSL package
yum install openssl

You should see the following package being installed
openssl-1.0.1e-16.el6_5.7

You will want to make sure that all SSL-enabled services are restarted on your server. For example, Apache HTTP Server, Postfix.

You can check which services are using the the old OpenSSL libraries by running the following:
lsof -n | grep ssl | grep DEL

How to run commands as another user

This will allow you to run a command for any user, including those that don’t have set shells. This is particularly useful for testing a command as the Apache user.

The syntax is as follows:
su -s $SHELL $USER -c “$COMMAND

Example:
su -s /bin/sh apache -c "/usr/bin/php /var/www/html/myphpfile.php"

Change timezone in CentOS/Red Hat Linux (RHEL)/Fedora

Edit /etc/sysconfig/clock.
Change ZONE line to your preferred time zone. You can see a list of time zones listed under /usr/share/zoneinfo/.

For example, to use the Los Angeles time zone listed under /usr/share/zoneinfo/America/Los_Angeles:
ZONE=”America/Los_Angeles”.

Run the following command:
tzdata-update

Run the data command to make sure that the changes you made took affect.
# date
Wed Jan 29 16:46:43 PST 2014

Flushing Cache in Memcache

If you’re using a web application with Memcache, you may find that when resorting data (whether application files or database), you may run into strange erorrs when bringing your application back online. For example, errors regarding missing application classes or missing database tables. The resolution is to clear out your Memcache cache.

Telnet to your Memcache server. For example, if your Memcache instance is located on the local server, you can Telnet to it as such –
telnet 127.0.0.1 11211

Then, issue the flush_all command –
flush_all

You should get the following returned status –
OK

Postfix as a local relay

This can be used for situations where you have an internet facing machine (web server) and back-end machines (application server, database server, etc.).

In our examples, we’ll assume the following:
Internet facing web server IP is 192.168.1.2
Back-end database IP is 192.168.1.3
Back-end database IP is 192.168.1.4

On your Internet facing machine, edit /etc/postfix/main.cf and add your back-end server IP’s to your mynetworks section or add a new one. For example:
mynetworks = 127.0.0.0/8, 192.168.1.3, 192.168.1.4

On each back-end machine, add the following to /etc/postfix/main.cf:
relayhost = 192.168.1.2

Try sending an email using mailx. You should see the following in your mail log on each back-end server (Notice the relay line):
ADA08211D5: to=, relay=192.168.1.2[192.168.1.2]:25, delay=0.18, delays=0.05/0.02/0.09/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CF54E21217)