When you upgrade a package on Linux Debian/Ubuntu, you need to restart any binaries that are running in order for bug fixes and security patches to take effect. Failure to do so, may leave programs open to exploits. The same applies to the Linux kernel itself.
The Ubuntu repositories have a neat application called needrestart that is very helpful in determining which programs need to be restarted after software updates. It also reports whether the kernel needs to be restarted, and several others things.
The manual page does not do the application justice.
There is a brief description on what it does on its Github repository, as well as a good page describing needrestart's behaviour.
Needrestart is automatically run after you run:
sudo apt full-upgradeAnd some software is actually updated in that run.
In my case, I instruct needrestart to only list what needs to be restarted, rather than forcing a restart right now.
This lets me decide what can be restarted immediately, and what should be deferred based on the urgency of the change, and the specific machine's usage.
For example, if the machine is a busy web server, I would defer a restart of Nginx or MariaDB to the weekend.
Or if the server is used for business critical applications, the restart of said application, or reboot of the server, is deferred to late evening.
To make needrestart only list the changes, create a file in /etc/needrestart/conf.d/ and name it local.conf
# Change restart behaviour from (i) interactive, to (l) list
$nrconf{restart} = 'l';Here are examples of the output, annotating each section.
This screenshot shows that I am running an old version of the kernel, and need to reboot.
It checks whether the microcode on the CPU needs to be updated:
The processor microcode seems to be up-to-date.This is the most relevant part, listing all the services that need to be restarted:
Services to be restarted:
systemctl restart cron.serviceIt also lists services that need a restart, but cannot be restarted because they are in use:
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart networkd-dispatcher.service
systemctl restart systemd-logind.serviceIt then lists user sessions that need a restart, but cannot be done right away either:
User sessions running outdated binaries:
johndoe @ session #10497: bash[683747], login[1065]
johndoe @ session #287184: bash[410827,410854,416071,416104,3391644,3391681,3852012], screen[3391639]
johndoe @ user manager service: systemd[1781]It lists any containers that need to be restarted:
No containers need to be restarted.It lists any virtual machine guests that are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
Most Comments
Most commented on articles ...