[Techtalk] "Slapper" worm targeting Linux/Apache servers]
Mandi
mandi at linuxchick.org
Fri Sep 20 16:20:48 EST 2002
On Fri, 20 Sep 2002, Raven Brooke wrote:
> On Fri, 20 Sep 2002, Dave North wrote:
>
> Yes, patch applied, Apache restarted, subsequent slapper infection.
>
> The reason seems to be that OpenSSL has both server and client components,
> some of which don't get initialized by a HANGUP or HUP signal. A reboot is
> the best way to do this.
>
What versions are you running? I've never noticed this on my boxes...are
you on redhat? with rpms or roll your own? if you use apache's apachectl
restart, it should kill all the child processes, restart the server, and
you'll have a new pid, having reloaded all the libraries.
apachectl reload won't do that, though; it just re-reads the config, and
depending on the configuration, some children will be killed and others
won't. i noticed that behavior on a mandrake box with mod_perl configured
to be started by it's own apache parent process.
--mandi
More information about the Techtalk
mailing list