checkrestart

checkrestart - check which processes need to be restarted after an upgrade

checkrestart

The checkrestart program tries to determine if there are processes in the system that need to be restarted after a system upgrade. This is necessary since an upgrade will usually bring new system libraries and running processes will be still using the old versions of the libraries. In stable Debian GNU/Linux systems this is typically needed to eliminate a system exposure to a vulnerability which might have been fixed by upgrading a library which that process makes use of.

Consequently, checkrestart is sometimes used as an audit tool to find outdated versions of libraries in use, particularly after security upgrades. Administrators should not, however, rely on its output completely (see BUGS below).

This script needs to run as root in order to obtain the information it needs for analysis.

The program will exit with error (1) if a non-root user tries to run it. Otherwise, it will always exit with error status 0.

This program might fail if the output of the lsof utility changes since it depends on it to detect which deleted files are used by processes. It might also output some false positives depending on the processes' behaviour since it does not check yet if the (deleted) files in use are really libraries.

Checkrestart is also sensitive to the kernel version in use. And might fail to work with newer (or older) versions.

A rewrite to make it less dependant on lsof could improve this, however.

lsof(8)

checkrestart was written by Matt Zimmerman for the Debian GNU/Linux distribution.

Copyright (C) 2001 Matt Zimmerman <mdz@debian.org> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. On Debian systems, a copy of the GNU General Public License may be found in /usr/share/common-licenses/GPL.