Trying to figure out exactly what services should be restarted after patching openssl against Heartbleed. At least one post mentions restarting:
sshd, apache, nginx, postfix, dovecot, courier, pure-ftpd, bind, mysql
- Is there a command that can be run to see what running services are dependent on openssl?
- Is there a command to run against apache/nginx to see if the patch is active so the service doesn't need to be restarted?
- Should we just schedule downtime and reboot every server entirely?
EDIT: This post suggests using: lsof -n | grep ssl | grep DEL
to display processes still using the old version of OpenSSL marked for deletion