Topic: Quesition on the Slapper virus

[Dave]

Could someone help me with the following I have two e-smith box's running.  One box is running version 4.1 and another is version 5.1.

     My problem is this it appears that e-smith.org does not offer a patch for the exploit of OpenSSL for version 4.1.  Is there any other way to secure this box.  Is there some other patch available / can I disable OpenSSL on this box ( We are simply using it as a fileserver?
     Secondly is there a way to find out what version of e-smith my 5.1 box actually is.  I had written on the CD ( which I created from a downloaded image ) esmith 5.1.  Unfortunately there are two versions of e-smith 5.1  There is version 5.1.1 and version 5.1.2,  I have tried every thing I can think of to determin which version I'm running.  Naturally the admin page just displays 5.1!

Thanks

P.S. Please feel free to email me at
dave@wausausteel.com

[Allun]

Has anyone replied to this thread perhaps privately via email?  I'd be interested in the answer as well......



thanks

Allun

[Nathan Fowler]

I've patched my 4.1.x box using the updated RPMS provided by RedHat for RH 6.2, which is the base of 4.1.2.

http://rhn.redhat.com/errata/RHSA-2002-160.html

For 4.1.x systems I always check at least daily:
http://rhn.redhat.com/errata/rh62-errata.html

I also use RPM packages from http://rpms.arvin.dk, which are compatible with RH6.2, which is the base of 4.1.2.

I would recommend you upgrade your Apache as well, and especially Mod-SSL:
http://rpms.arvin.dk/apache/rh62/i586/

Simply do the following:
rpm -Uvh ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-29.i386.rpm
rpm -Uvh http://rpms.arvin.dk/apache/rh62/i586/apache-1.3.26-3.arvin.rh6.2.i586.rpm
rpm -Uvh http://rpms.arvin.dk/apache/rh62/i586/mod_ssl-2.8.10-2.arvin.rh6.2.i586.rpm
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd restart

Hope this helped,
Nathan