我已经从git存储库安装了Freeradius v3.0
之后我运行radiusd -X
我有这个错误
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160'
我尝试更改文件radius.conf中的allow_vulnerable_openssl = 'CVE-2014-0160'
再试一次,但仍然是同样的错误
此外,我不知道这是什么意思一旦您验证了libssl已正确修补
我在Centos 7上的openssl版本是: OpenSSL 1.0.1e-fips 2013年2月11日
答案 0 :(得分:1)
找到
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
# section holds the configuration items which minimize the impact
# of those attacks
#
security {
}
radiusd.conf中的Stanza
在大括号之间添加allow_vulnerable_openssl = 'CVE-2014-0160'。
e.g。
# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
# section holds the configuration items which minimize the impact
# of those attacks
#
security {
allow_vulnerable_openssl = 'CVE-2014-0160'
}
验证后,libssl已正确修补
表示一旦检查到本地系统上的软件包已经应用了CVE-2014-0160的修复程序,就可以设置该配置项。
它让您意识到该版本的OpenSSL具有已知的,严重且可远程利用的漏洞。