keimoon · April 10, 2014 03:57
diff --git a/fix_heartbleed.sh b/fix_heartbleed.sh
 #!/usr/bin/env bash
 DIR=`dirname $BASH_SOURCE`
 test "x`whoami`" != "xroot" && echo "Please run as root" && exit
 version=`openssl version`
 version=${version:0:14}
 test "x$version" == 'xOpenSSL 1.0.1g' && echo "OpenSSL version 1.0.1g is OK!!!" && exit
 echo -n "Your OpenSSL version is $version. Are you sure to upgrade to 1.0.1g? [Y/n]: "
 read confirm
 test "x$confirm" != "xY" && echo "Bye" && exit
 echo "Checking openssl in /usr/local/bin"
 rebuild="no"
 if [ -f "/usr/local/bin/openssl" ]; then
    version=`/usr/local/bin/openssl version`
    version=${version:0:14}
    if [ "x$version" != 'xOpenSSL 1.0.1g' ]; then
 	rebuild="yes"	
    fi
 else
    rebuild="yes"
 fi
 if [ "x$rebuild" == "xyes" ]; then
    echo "Rebuilding OpenSSL"
    os=`uname`
    if [ "x$os" == "xLinux" ]; then
 	echo "Downloading OpenSSL 1.0.1g"
 	if [ -f "openssl-1.0.1g.tar.gz" ]; then
 	    echo "Founded openssl-1.0.1g.tar.gz"
 	else
 	    wget --no-check-certificate 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
 	    test $? -ne 0 && echo "Cannot download openssl-1.0.1g.tar.gz" && exit
 	fi
 	echo "Extracting"
 	tar xzf openssl-1.0.1g.tar.gz
 	echo "Compiling"
 	cd openssl-1.0.1g
 	./config --prefix=/usr/local
 	make clean
 	make
 	make install
    elif [ "x$os" == "xFreeBSD" ]; then
 	echo "Compiling using port"
 	portsnap fetch update
 	cd /usr/ports/security/openssl
 	make reinstall clean
    else
 	echo "Operating system not found" && exit
    fi
 fi

 echo "Rechecking version of OpenSSL"
 version=`openssl version`
 version=${version:0:14}
 if [ "x$version" = "xOpenSSL 1.0.1g" ]; then
    echo "OpenSSL version is NOW 1.0.1g!!!"
 else
    echo "OpenSSL 1.0.1g is installed in /usr/local/ but not is the default"
    echo "You should rebuild anything depend on openssl"
    echo "Copying default openssl.cnf to /usr/local"
    cp /etc/ssl/openssl.cnf /usr/local/openssl
 fi
 echo "NOTE: You may need to reinstall Apache or Nginx!!!!!"

 # Clean up
 rm -rf $DIR/openssl*
	#!/usr/bin/env bash
	DIR=`dirname $BASH_SOURCE`
	test "x`whoami`" != "xroot" && echo "Please run as root" && exit
	version=`openssl version`
	version=${version:0:14}
	test "x$version" == 'xOpenSSL 1.0.1g' && echo "OpenSSL version 1.0.1g is OK!!!" && exit
	echo -n "Your OpenSSL version is $version. Are you sure to upgrade to 1.0.1g? [Y/n]: "
	read confirm
	test "x$confirm" != "xY" && echo "Bye" && exit
	echo "Checking openssl in /usr/local/bin"
	rebuild="no"
	if [ -f "/usr/local/bin/openssl" ]; then
	version=`/usr/local/bin/openssl version`
	version=${version:0:14}
	if [ "x$version" != 'xOpenSSL 1.0.1g' ]; then
	rebuild="yes"
	fi
	else
	rebuild="yes"
	fi
	if [ "x$rebuild" == "xyes" ]; then
	echo "Rebuilding OpenSSL"
	os=`uname`
	if [ "x$os" == "xLinux" ]; then
	echo "Downloading OpenSSL 1.0.1g"
	if [ -f "openssl-1.0.1g.tar.gz" ]; then
	echo "Founded openssl-1.0.1g.tar.gz"
	else
	wget --no-check-certificate 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
	test $? -ne 0 && echo "Cannot download openssl-1.0.1g.tar.gz" && exit
	fi
	echo "Extracting"
	tar xzf openssl-1.0.1g.tar.gz
	echo "Compiling"
	cd openssl-1.0.1g
	./config --prefix=/usr/local
	make clean
	make
	make install
	elif [ "x$os" == "xFreeBSD" ]; then
	echo "Compiling using port"
	portsnap fetch update
	cd /usr/ports/security/openssl
	make reinstall clean
	else
	echo "Operating system not found" && exit
	fi
	fi

	echo "Rechecking version of OpenSSL"
	version=`openssl version`
	version=${version:0:14}
	if [ "x$version" = "xOpenSSL 1.0.1g" ]; then
	echo "OpenSSL version is NOW 1.0.1g!!!"
	else
	echo "OpenSSL 1.0.1g is installed in /usr/local/ but not is the default"
	echo "You should rebuild anything depend on openssl"
	echo "Copying default openssl.cnf to /usr/local"
	cp /etc/ssl/openssl.cnf /usr/local/openssl
	fi
	echo "NOTE: You may need to reinstall Apache or Nginx!!!!!"

	# Clean up
	rm -rf $DIR/openssl*