poodle_protector.py - automatic protection against POODLE vulnerability

Latest response

Hi folks,

I'm sure you all heard about the POODLE vulnerability (CVE-2014-3566) reported by Google. The possibility to decrypt/hijack sessions can be avoided by disabling the legacy SSL 2.0 and 3.0 algorithms in your Apache webserver configuration.

Because I'm a very lazy person I created a script which can customize your configuration and restart the Apache daemon - which makes it great to use in combination with Red Hat Satellite.

The script can be found on GitHub.

Maybe this helps some of you with hardening systems - just wanted to share that with you.

Best regards,
Christian.

Responses

Hi folks,

just updated the script - it now automatically detects the used Linux distribution (e.g. RHEL, CentOS) and chooses the correct default paths and daemon reload commands.

Best regards,
Christian.