Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed

Find all services using libssl to restart after an OpenSSL update

Published: 14-07-2015 | Author: Remy van Elst | Text only version of this article


❗ This post is over nine years old. It may no longer be up to date. Opinions may have changed.

Openssl

When you update OpenSSL, the software that currently has the ssl libraries loaded in memory do not automatically load the updated libraries. A full system reboot resolves that problem, but sometimes that is not possible. This command shows you all the software that has loaded the libraries, allowing you to restart only those services. If you don't restart or reload after an update, the software might still be vulnerable to issues that the update fixed.

Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!

Make sure you have the lsof command installed. Your package manager probably has this package.

Using the following command you get a list of services currently using libssl:

lsof | grep libssl | awk '{print $1}' | sort | uniq

On a Directadmin shared hosting server this is the output:

directadm
exim
httpd
imap-logi
managesie
nrpe
php
pop3-logi
pure-ftpd
spamd

Not all the filenames are complete but you can fill those in. If you leave out the last part of the command you can also see which specific library is in use:

lsof | grep libssl

Example output:

imap-logi   449   dovecot  mem       REG              202,1    539869      85375 /usr/lib64/libssl.so.1.0.0
httpd       876    apache  mem       REG              202,1    539869      85375 /usr/lib64/libssl.so.1.0.0  
[...]
spamd     13513      root  mem       REG              202,1    444168      85398 /usr/lib64/libssl.so.1.0.1e

Here you can see some services using a different library, those still need a restart.

Update. Tzu sent me an email with his command to find all updated libraries and services using the old ones:

lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u
Tags: centos , certificates , libssl , lsof , openssl , pki , snippets , ssl , ubuntu