Discussion:
[Maia-users] Off topic help needed
Bob
2016-11-19 19:59:29 UTC
Permalink
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.

I am running freeBSD latest stable. I do regular ports updates. Does
anyone have an idea why this happened?


Thanks,

Bob
Janky Jay, III
2016-11-20 06:15:47 UTC
Permalink
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
I am running freeBSD latest stable. I do regular ports updates. Does
anyone have an idea why this happened?
When you say you're running the latest stable, is that 10 or 11 STABLE?
Also, what are you using to update your ports (IE: SVN or portmaster)?
Are you configured for quarterly updates? Are you using the OpenSSL port
for builds or are you using the base OpenSSL? Are you using pkgng or
ports themselves (EI: portmaster/portupgrade/etc...)? Have you taken a
look at your port's configs (they change between versions. You might
want to "make config" or "make rmconfig" before rebuilding if you're
compiling).

I know that's a lot of questions, but it will help to determine what
might be happening.

Regards,
Janky Jay, III
Janky Jay, III
2016-11-20 06:20:47 UTC
Permalink
Hi Bob,
Post by Janky Jay, III
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
I am running freeBSD latest stable. I do regular ports updates. Does
anyone have an idea why this happened?
When you say you're running the latest stable, is that 10 or 11 STABLE?
Also, what are you using to update your ports (IE: SVN or portmaster)?
Are you configured for quarterly updates? Are you using the OpenSSL port
for builds or are you using the base OpenSSL? Are you using pkgng or
ports themselves (EI: portmaster/portupgrade/etc...)? Have you taken a
look at your port's configs (they change between versions. You might
want to "make config" or "make rmconfig" before rebuilding if you're
compiling).
I know that's a lot of questions, but it will help to determine what
might be happening.
Sorry. Regarding the way you update ports I meant "SVN or portsnap". No
portmaster...

Regards,
Janky Jay, III
l***@mtnlion.com
2016-11-21 23:49:00 UTC
Permalink
Post by Janky Jay, III
Hi Bob,
Post by Janky Jay, III
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
I am running freeBSD latest stable. I do regular ports updates. Does
anyone have an idea why this happened?
When you say you're running the latest stable, is that 10 or 11 STABLE?
Also, what are you using to update your ports (IE: SVN or portmaster)?
Are you configured for quarterly updates? Are you using the OpenSSL port
for builds or are you using the base OpenSSL? Are you using pkgng or
ports themselves (EI: portmaster/portupgrade/etc...)? Have you taken a
look at your port's configs (they change between versions. You might
want to "make config" or "make rmconfig" before rebuilding if you're
compiling).
I know that's a lot of questions, but it will help to determine what
might be happening.
Sorry. Regarding the way you update ports I meant "SVN or portsnap". No
portmaster...
I use portsnap.
l***@mtnlion.com
2016-11-21 23:48:24 UTC
Permalink
Post by Janky Jay, III
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
I am running freeBSD latest stable. I do regular ports updates. Does
anyone have an idea why this happened?
When you say you're running the latest stable, is that 10 or 11 STABLE?
Also, what are you using to update your ports (IE: SVN or portmaster)?
Are you configured for quarterly updates? Are you using the OpenSSL port
for builds or are you using the base OpenSSL? Are you using pkgng or
ports themselves (EI: portmaster/portupgrade/etc...)? Have you taken a
look at your port's configs (they change between versions. You might
want to "make config" or "make rmconfig" before rebuilding if you're
compiling).
I know that's a lot of questions, but it will help to determine what
might be happening.
Regards,
Janky Jay, III
I'm using Version 10 STABLE
I update with portmaster. I do this weekly
Not sure what you mean about quarterly updates. I do get the email from
freeBSD and update as they say.
I use openssl via ports.
Generally I don't look at port configs, but I do on occasion. In this
case, the change was sudden and I can't find any thing that changed in
configs for any port that was updated.

It seems that libssl.so went backwards. It was libssl.so.8 and now it is
libssl.so.7.

I think I answered your questions.

Thanks for the help,

Bob
Derek Atkins
2016-11-22 15:59:09 UTC
Permalink
Post by Janky Jay, III
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
Could you have been hacked? Maybe a rootkit installed "older" libraries?

-derek
--
Derek Atkins 617-623-3745
***@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
l***@mtnlion.com
2016-11-22 17:20:27 UTC
Permalink
Post by Derek Atkins
Post by Janky Jay, III
Hi Bob,
Post by Bob
Yesterday, for no apparent reason, apache, postfix, and other apps
stopped working. Research into the logs showed that suddenly,
libssl.so.8 disappeared and libssl.so.7 replaced it. I ended up
recompiling a number of applications to get things mostly up and
running. Webmin refuses to run in https, but everything else seems ok.
Could you have been hacked? Maybe a rootkit installed "older"
libraries?
-derek
That's what worried me. Since both of my servers had the same issue (one
is only doing DNS) I somehow doubt it. All server activity seems normal.
But who knows?

Loading...