Ok, if you're worrying about the Linux.Slapper.Worm, our security expert, Mike Fratto, has the following quick steps that will keep your system secure until a more permanent solution is devised.
See if you are vulnerable. Affected systems include Debian, RedHat, SuSE, Mandrake, Slackware, and Gentoo Linux distributions running OpenSSL versions up to and including 0.9.6d and 0.9.7 beta1
Find out if you're infected. You'll see a filed called /tmp/.bugtraq.c on your system.
Disable SSL. Comment out mod_ssl and Listen 443 in httpd.conf. Note, Apache installs with mod_ssl disabled. Also, make sure you're not starting SSL from the command line. Look for a start-up string that contains -D HAVE_SSL.
Hi folks. Our site editor/producer Tom LaSusa pointed pulled a very pressing issue off of the wire this morning, offering a bit of advice for you.
As a rule, Mondays suck. But for all you Apache Admins out there, this is one
Monday where you'll really wish you stayed under the covers.
A worm targeting only Linux-based systems running the Apache Web server and the
OpenSSL secure Internet transaction protocol was discovered Friday night in
Eastern Europe and surprise, it's spreading rapidly.
The worm, called Apache/mod_ssl, linux.slapper.worm or bugtraq.c worm, is
self-propagating, malicious code that exploits a known vulnerability in OpenSSL.
