keimoon/fix_heartbleed.sh

## fix_heartbleed.sh
#!/usr/bin/env bash
DIR=`dirname $BASH_SOURCE`
test "x`whoami`" != "xroot" && echo "Please run as root" && exit
version=`openssl version`
version=${version:0:14}
test "x$version" == 'xOpenSSL 1.0.1g' && echo "OpenSSL version 1.0.1g is OK!!!" && exit
echo -n "Your OpenSSL version is $version. Are you sure to upgrade to 1.0.1g? [Y/n]: "
read confirm
test "x$confirm" != "xY" && echo "Bye" && exit
echo "Checking openssl in /usr/local/bin"
rebuild="no"
if [ -f "/usr/local/bin/openssl" ]; then
    version=`/usr/local/bin/openssl version`
    version=${version:0:14}
    if [ "x$version" != 'xOpenSSL 1.0.1g' ]; then
	rebuild="yes"
    fi
else
    rebuild="yes"
fi
if [ "x$rebuild" == "xyes" ]; then
    echo "Rebuilding OpenSSL"
    os=`uname`
    if [ "x$os" == "xLinux" ]; then
	echo "Downloading OpenSSL 1.0.1g"
	if [ -f "openssl-1.0.1g.tar.gz" ]; then
	    echo "Founded openssl-1.0.1g.tar.gz"
	else
	    wget --no-check-certificate 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
	    test $? -ne 0 && echo "Cannot download openssl-1.0.1g.tar.gz" && exit
	fi
	echo "Extracting"
	tar xzf openssl-1.0.1g.tar.gz
	echo "Compiling"
	cd openssl-1.0.1g
	./config --prefix=/usr/local
	make clean
	make
	make install
    elif [ "x$os" == "xFreeBSD" ]; then
	echo "Compiling using port"
	portsnap fetch update
	cd /usr/ports/security/openssl
	make reinstall clean
    else
	echo "Operating system not found" && exit
    fi
fi

echo "Rechecking version of OpenSSL"
version=`openssl version`
version=${version:0:14}
if [ "x$version" = "xOpenSSL 1.0.1g" ]; then
    echo "OpenSSL version is NOW 1.0.1g!!!"
else
    echo "OpenSSL 1.0.1g is installed in /usr/local/ but not is the default"
    echo "You should rebuild anything depend on openssl"
    echo "Copying default openssl.cnf to /usr/local"
    cp /etc/ssl/openssl.cnf /usr/local/openssl
fi
echo "NOTE: You may need to reinstall Apache or Nginx!!!!!"

# Clean up
rm -rf $DIR/openssl*
	#!/usr/bin/env bash
	DIR=`dirname $BASH_SOURCE`
	test "x`whoami`" != "xroot" && echo "Please run as root" && exit
	version=`openssl version`
	version=${version:0:14}
	test "x$version" == 'xOpenSSL 1.0.1g' && echo "OpenSSL version 1.0.1g is OK!!!" && exit
	echo -n "Your OpenSSL version is $version. Are you sure to upgrade to 1.0.1g? [Y/n]: "
	read confirm
	test "x$confirm" != "xY" && echo "Bye" && exit
	echo "Checking openssl in /usr/local/bin"
	rebuild="no"
	if [ -f "/usr/local/bin/openssl" ]; then
	version=`/usr/local/bin/openssl version`
	version=${version:0:14}
	if [ "x$version" != 'xOpenSSL 1.0.1g' ]; then
	rebuild="yes"
	fi
	else
	rebuild="yes"
	fi
	if [ "x$rebuild" == "xyes" ]; then
	echo "Rebuilding OpenSSL"
	os=`uname`
	if [ "x$os" == "xLinux" ]; then
	echo "Downloading OpenSSL 1.0.1g"
	if [ -f "openssl-1.0.1g.tar.gz" ]; then
	echo "Founded openssl-1.0.1g.tar.gz"
	else
	wget --no-check-certificate 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
	test $? -ne 0 && echo "Cannot download openssl-1.0.1g.tar.gz" && exit
	fi
	echo "Extracting"
	tar xzf openssl-1.0.1g.tar.gz
	echo "Compiling"
	cd openssl-1.0.1g
	./config --prefix=/usr/local
	make clean
	make
	make install
	elif [ "x$os" == "xFreeBSD" ]; then
	echo "Compiling using port"
	portsnap fetch update
	cd /usr/ports/security/openssl
	make reinstall clean
	else
	echo "Operating system not found" && exit
	fi
	fi

	echo "Rechecking version of OpenSSL"
	version=`openssl version`
	version=${version:0:14}
	if [ "x$version" = "xOpenSSL 1.0.1g" ]; then
	echo "OpenSSL version is NOW 1.0.1g!!!"
	else
	echo "OpenSSL 1.0.1g is installed in /usr/local/ but not is the default"
	echo "You should rebuild anything depend on openssl"
	echo "Copying default openssl.cnf to /usr/local"
	cp /etc/ssl/openssl.cnf /usr/local/openssl
	fi
	echo "NOTE: You may need to reinstall Apache or Nginx!!!!!"

	# Clean up
	rm -rf $DIR/openssl*