Important: Use checkrestart on Debian after installing security updates

By | 2014/08/13

The app checkrestart should be run after installing security updates on Debian. Incorporate this into your maintenance and security tasks right away!

1. Install the package debian-goodies

$ sudo apt-get install debian-goodies

2. Run sudo checkrestart

$ sudo checkrestart

For example, below is a Debian Wheezy system that is completely up to date with apt-get updates. Most admins would assume all is well when actually their system still has unpatched code or services running. Eek.

For processes that do not have any init or other script to restart, checkrestart will list the PID so you can investigate that process on how to best restart it.

$ sudo checkrestart
Found 84 processes using old versions of upgraded files
(23 distinct programs)
(15 distinct packages)

Of these, 13 seem to contain init scripts which can be used to restart them:
The following packages seem to have init scripts that could be used
to restart them:
        1777    /usr/sbin/nrsysmond
        18114   /usr/sbin/nrsysmond
        1754    /usr/sbin/nslcd
        2028    /usr/lib/postfix/qmgr
        3806    /usr/lib/postfix/tlsmgr
        2009    /usr/lib/postfix/master
        1870    /usr/sbin/ntpd
        1869    /usr/sbin/ntpd
        289     /sbin/udevd
        15985   /usr/sbin/php5-fpm
        31018   /usr/sbin/php5-fpm
        31406   /usr/sbin/php5-fpm
        26885   /usr/sbin/php5-fpm
        1844    /usr/sbin/cron
        5265    /usr/sbin/sshd
        32166   /usr/sbin/sshd
        32164   /usr/sbin/sshd
        32203   /usr/sbin/sshd
        32201   /usr/sbin/sshd
        7860    /usr/sbin/nginx
        7856    /usr/sbin/nginx
        7857    /usr/sbin/nginx
        7858    /usr/sbin/nginx
        7859    /usr/sbin/nginx
        1698    /usr/sbin/rsyslogd
        1895    /usr/bin/redis-server
        1826    /usr/bin/memcached
        1781    /usr/bin/dbus-daemon

These are the init scripts:
service newrelic-sysmond restart
service nslcd restart
service postfix restart
service openntpd restart
service udev-mtab restart
service udev restart
service php5-fpm restart
service cron restart
service ssh restart
service nginx restart
service rsyslog restart
service redis-server restart
service memcached restart
service dbus restart

These processes do not seem to have an associated init script to restart them:
        7739    /usr/bin/python2.7

Stay safe,

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.