NAME
checkrestart - check which processes need to be restarted after an
upgrade
SYNOPSIS
checkrestart [ -hvpa ]
DESCRIPTION
The checkrestart program tries to determine if there are processes in
the system that need to be restarted after a system upgrade. This is
necessary since an upgrade will usually bring new system libraries and
running processes will be still using the old versions of the
libraries. In stable Debian GNU/Linux systems this is typically needed
to eliminate a system exposure to a vulnerability which might have been
fixed by upgrading a library which that process makes use of.
Consequently, checkrestart is sometimes used as an audit tool to find
outdated versions of libraries in use, particularly after security
upgrades. Administrators should not, however, rely on its output
completely (see BUGS below).
This script needs to run as root in order to obtain the information it
needs for analysis.
OPTIONS
-h,--help
Show the program help and exit.
-v,--verbose
Generate detailed output. This output includes the list of all
processes found using deleted files or descriptors as well as
the deleted files and descriptors found.
-p,--package
Only process deleted files that belong to a package, ignoring
deleted files which do not have an associated package in the
package system.
-a,--all
Process all deleted files regardless of location. This makes the
program analyse deleted files even if they would be discarded
because they are located in locations, such as /tmp , which are
known to produce false positives. It will take preceded if used
simultaneously with the -p option.
EXIT STATUS
The program will exit with error (1) if a non-root user tries to run
it. Otherwise, it will always exit with error status 0.
BUGS
This program might fail if the output of the lsof utility changes since
it depends on it to detect which deleted files are used by processes.
It might also output some false positives depending on the processes’
behaviour since it does not check yet if the (deleted) files in use are
really libraries.
Checkrestart is also sensitive to the kernel version in use. And might
fail to work with newer (or older) versions.
A rewrite to make it less dependent on lsof could improve this,
however.
SEE ALSO
lsof(8)
AUTHOR
checkrestart was written by Matt Zimmerman for the Debian GNU/Linux
distribution.
COPYRIGHT AND LICENCE
Copyright (C) 2001 Matt Zimmerman <mdz@debian.org>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
On Debian systems, a copy of the GNU General Public License may be
found in /usr/share/common-licenses/GPL.