Tag Archives: lsof

Which services need restarting after an upgrade?

After you’ve run yum update to upgrade libraries, there may be services running which are still using the old copies of libraries. Such services might still be vulnerable to security bugs in the old libraries.

It’s relatively easy to discover which processes are affected using lsof to list processes using deleted files:

# lsof | awk '$5 == "DEL" { print }'
auditd     1001  1001 root DEL REG /usr/lib64/libnss_files-2.18.so;53bd9626
libvirtd   1468  1509 root DEL REG /usr/lib64/libnss_files-2.18.so;53bd9626
[lots more output]

If you actually run this command after updating (say) glibc, you’ll get pages and pages of output which is hard to sift through.

However with systemd we can map the process IDs to services and user sessions.

That’s what the following script does:

http://oirase.annexia.org/rwmj.wp.com/needs-restart.pl

Typical output looks like this:

In order to complete the installation of glibc-2.18-11.fc20.x86_64,
you should restart the following services:

    - accounts-daemon.service - Accounts Service   
    - console-kit-daemon.service - Console Manager
    - udisks2.service - Disk Manager
    - auditd.service - Security Auditing Service
    - dbus.service - D-Bus System Message Bus
    - rtkit-daemon.service - RealtimeKit Scheduling Policy Service
    - upower.service - Daemon for power management
    - colord.service - Manage, Install and Generate Color Profiles
    - firewalld.service - firewalld - dynamic firewall daemon
    - polkit.service - Authorization Manager
    - rsyslog.service - System Logging Service 
    - NetworkManager.service - Network Manager   
    - libvirtd.service - Virtualization daemon
    - gdm.service - GNOME Display Manager

In order to complete the installation of glibc-2.18-11.fc20.x86_64,
you should tell the following users to log out and log in:

    - session-1.scope - Session 1 of user rjones
Advertisements

19 Comments

Filed under Uncategorized