File: checkrestart.1

package info (click to toggle)
debian-goodies 0.84
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 376 kB
  • sloc: sh: 875; python: 769; perl: 565; makefile: 14
file content (246 lines) | stat: -rw-r--r-- 7,909 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
.\" checkrestart.1 - provide a list of processes that need to be restarted
.\" Copyright (C) 2006-2014 Javier Fernandez-Sanguino
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2, or (at your option)
.\" any later version.
.\"
.\" On Debian systems, a copy of the GNU General Public License version 2
.\" can be found in /usr/share/common-licenses/GPL-2.
.TH checkrestart 1 "December 19 2006" "debian\-goodies" "debian\-goodies"
.SH NAME
checkrestart \- check which processes need to be restarted after an upgrade
.SH SYNOPSIS
.B checkrestart [ -hvpanmt ] [ -b blacklist_file ] [ -i package_name ] [ -e pid ]
.SH DESCRIPTION
The
.B checkrestart
program tries to determine if there are processes in the system
that need to be restarted after a system upgrade. This is necessary since an upgrade
will usually bring new system libraries and running processes will be still
using the old versions of the libraries. In \fIstable\fP Debian GNU/Linux
systems this is typically needed to eliminate a system exposure to a
vulnerability which might have been fixed by upgrading a library which that
process makes use of.

.P
Consequently,
.B checkrestart
is sometimes used as an audit tool to find outdated versions of libraries in use,
particularly after security upgrades. Administrators should not, however, rely
on its output completely (see \fBBUGS\fP below).

.P
This script needs to run as root in order to obtain the information it needs
for analysis.

.SH OPTIONS

.TP
\fB\-h\fP, \fB \-\-help\fP
Show the program help and exit.

.TP
\fB\-v\fP, \fB\-\-verbose\fP
Generate detailed output. This output includes the list of all
processes found using deleted files or descriptors as well as the deleted files
and descriptors found.

.TP
\fB\-p\fP, \fB\-\-package\fP
Only process deleted files that belong to a package, ignoring deleted files
which do not have an associated package in the package system.

.TP
\fB\-a\fP, \fB\-\-all\fP
Process all deleted files regardless of location. This makes
the program analyse deleted files even if they would be discarded
because they are located in locations, such as
.I /tmp
, which are known to produce false positives. It will take preceded if used
simultaneously with the
.B -p
option.

.TP 
\fB-m\fP, \fB\-\-machine\fP
Generate machine readable output. One line is printed per program which must be
restarted: "TYPE:package_name,pid,program". Where TYPE is 
.B INIT
, if a systemd service file or an init script is available to restart the program, and
.B OTHER
otherwise.

.TP
\fB\-b\fP \fIfile\fP, \fB\-\-blacklist=\fP\fIfile\fP
Read a blacklist of regular expressions from
.I file.
Any files matching the patterns will be ignored. More than one pattern
can be provided by using this option more than once.

.TP
\fB\-i\fP \fIname\fP, \fB\-\-ignore=\fP\fIname\fP
Ignore services that are associated to the package name provided in
.I name.
More than one package can be provided by using this option more than once.

.TP
\fB\-e\fP \fIpid\fP, \fB\-\-excludepid=\fP\fIpid\fP
Exclude processes running with
.I pid
when looking for open files. This can speed up checkrestart on systems with a
large number of open files. Note: this option only works if
.B lsof(8)
is not used.  More than one process identifier can be provided by
using this option more than once.

.TP
\fB\-n\fP, \fB\-\-nolsof\fP
Do not use
.B lsof(8)
even if available. In some systems where there are large number of files the
use of lsof might be inefficient. Use this option to disable lsof. Notice also
that if lsof is not installed an alternative mechanism to extract deleted files
will be used instead. Consequently, there is no need to set this option
in systems that do not have
.B lsof(8)
installed.

.TP
.BI -t, --terse
Terse output, just print the number of open deleted files and exit with a code
suitable for use by Nagios and similar monitoring tools (see Exit Status).


.SH EXIT STATUS

Normally, the program will exit with error (1) if a non-root user tries to run it. Otherwise,
it will always exit with error status 0.

If the \fI\-\-terse\fP switch is given, the exit code is 1 when there are deleted
open files and 0 when there are none. This is intended for consumption by Nagios and
similar automated monitoring tools.


.SH EXAMPLE

Start it as user root without parameters:

  # checkrestart
  Found 20 processes using old versions of upgraded files
  (15 distinct programs)
  (14 distinct packages)

  Of these, 12 seem to contain init scripts which can be used to restart them:
  The following packages seem to have init scripts that could be used to restart them:
  gpm:
          3044    /usr/sbin/gpm
  rpcbind:
          2208    /sbin/rpcbind
  bind9:
          8463    /usr/sbin/named
  openssh-server:
          22124   /usr/sbin/sshd
  ntp:
          4078    /usr/sbin/ntpd
  tftpd-hpa:
          3417    /usr/sbin/in.tftpd
  uptimed:
          2704    /usr/sbin/uptimed
  cron:
          3019    /usr/sbin/cron
  postfix:
          22145   /usr/lib/postfix/qmgr
          8892    /usr/lib/postfix/master
  hddtemp:
          3174    /usr/sbin/hddtemp
  autofs:
          2792    /usr/sbin/automount
  openbsd-inetd:
          3254    /usr/sbin/inetd

  These are the init scripts:
  service gpm restart
  service rpcbind restart
  service bind9 restart
  service ssh restart
  service ntp restart
  service tftpd-hpa restart
  service uptimed restart
  service cron restart
  service postfix restart
  service hddtemp restart
  service autofs restart
  service openbsd-inetd restart

  These processes do not seem to have an associated init script to restart them:
  isc-dhcp-client:
          3775    /sbin/dhclient

This is another example to show the machine-readable output:

  # checkrestart --machine
  PROCESSES: 4
  PROGRAMS: 4
  PACKAGES: 2
  INIT:bcfg2-server,6974,/usr/sbin/bcfg2-server
  INIT:exim4-daemon-light,857,/usr/sbin/exim4
  OTHER:aptitude,11679,/usr/bin/aptitude-curses
  OTHER:xscreensaver,6562,/usr/bin/xscreensaver

.SH BUGS
This program might fail if the output of the \fBlsof(8)\fP utility changes since it
depends on it to detect which deleted files are used by processes. It might
also output some false positives depending on the processes' behaviour since
it does not check yet if the (deleted) files in use are really libraries.

.P
If you find a false positive in
.B checkrestart
please provide the following information when submitting a bug report:

.IP \(em
The output of \fBcheckrestart\fP using the \fB-v\fP (verbose) option.

.IP \(em
The output of running the following command as root:
.PP
        lsof | egrep 'delete|DEL|path inode'
.PP

.P
.B checkrestart
is also sensitive to the kernel version in use. And might fail to work with newer
(or older) versions.

.SH  SEE ALSO
\fBlsof(8)\fP, \fBneedrestart(8)\fP

Please note that the
.B needrestart
program uses a different logic to determine which services should be restarted
based on deleted files. Results might not be exactly the same as those provided
by
.B checkrestart

.SH AUTHOR

.B checkrestart
was written by Matt Zimmerman for the Debian GNU/Linux distribution. It was
later improved by Javier Fernandez-Sanguino with contributions from many
different users and developers of the Debian GNU/Linux distribution.

.SH COPYRIGHT AND LICENCE

Copyright (C) 2001 Matt Zimmerman <mdz@debian.org>
.br
Copyright (C) 2007,2010-2015 Javier Fernandez-Sanguino <jfs@debian.org>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

On Debian systems, a copy of the GNU General Public License version 2
can be found in /usr/share/common-licenses/GPL-2.