Provided by: debian-goodies_0.63_all bug


       checkrestart - check which processes need to be restarted after an upgrade


       checkrestart [ -hvpa ] [ -b blacklist_file ] [ -i package_name ]


       The checkrestart program tries to determine if there are processes in the system that need
       to be restarted after a system upgrade. This is necessary since an  upgrade  will  usually
       bring  new  system libraries and running processes will be still using the old versions of
       the libraries. In stable Debian GNU/Linux systems this is typically needed to eliminate  a
       system  exposure  to  a  vulnerability  which might have been fixed by upgrading a library
       which that process makes use of.

       Consequently, checkrestart is sometimes used as an audit tool to find outdated versions of
       libraries  in  use,  particularly  after  security  upgrades.  Administrators  should not,
       however, rely on its output completely (see BUGS below).

       This script needs to run as root in order to obtain the information it needs for analysis.


              Show the program help and exit.

              Generate detailed output. This output includes the  list  of  all  processes  found
              using  deleted  files  or  descriptors as well as the deleted files and descriptors

              Only process deleted files that belong to a package, ignoring deleted  files  which
              do not have an associated package in the package system.

              Process  all  deleted  files regardless of location. This makes the program analyse
              deleted files even  if  they  would  be  discarded  because  they  are  located  in
              locations,  such as /tmp , which are known to produce false positives. It will take
              preceded if used simultaneously with the -p option.

       -b file,--blacklist=file
              Read a blacklist of regular expressions from file.  Any files matching the patterns
              will be ignored.

       -i name,--ignore=name
              Ignore services that are associated to the package name provided in name.


       The  program  will  exit  with error (1) if a non-root user tries to run it. Otherwise, it
       will always exit with error status 0.


       Start it as user root without parameters:

         # checkrestart
         Found 20 processes using old versions of upgraded files
         (15 distinct programs)
         (14 distinct packages)

         Of these, 12 seem to contain init scripts which can be used to restart them:
         The following packages seem to have init scripts that could be used to restart them:
                 3044    /usr/sbin/gpm
                 2208    /sbin/rpcbind
                 8463    /usr/sbin/named
                 22124   /usr/sbin/sshd
                 4078    /usr/sbin/ntpd
                 3417    /usr/sbin/in.tftpd
                 2704    /usr/sbin/uptimed
                 3019    /usr/sbin/cron
                 22145   /usr/lib/postfix/qmgr
                 8892    /usr/lib/postfix/master
                 3174    /usr/sbin/hddtemp
                 2792    /usr/sbin/automount
                 3254    /usr/sbin/inetd

         These are the init scripts:
         service gpm restart
         service rpcbind restart
         service bind9 restart
         service ssh restart
         service ntp restart
         service tftpd-hpa restart
         service uptimed restart
         service cron restart
         service postfix restart
         service hddtemp restart
         service autofs restart
         service openbsd-inetd restart

         These processes do not seem to have an associated init script to restart them:
                 3775    /sbin/dhclient


       This program might fail if the output of the lsof utility changes since it depends  on  it
       to  detect  which  deleted  files  are  used by processes. It might also output some false
       positives depending on the processes' behaviour  since  it  does  not  check  yet  if  the
       (deleted) files in use are really libraries.

       If you find a false positive in checkrestart please provide the following information when
       submitting a bug report:

       —      The output of checkrestart using the -v (verbose) option.

       —      The output of running the following command as root:

               lsof | egrep 'delete|DEL|path inode'

       Checkrestart is also sensitive to the kernel version in use. And might fail to  work  with
       newer (or older) versions.

       A rewrite to make it less dependent on lsof could improve this, however.




       checkrestart was written by Matt Zimmerman for the Debian GNU/Linux distribution.


       Copyright  (C)  2001  Matt  Zimmerman <> Copyright (C) 2007,2010-2011 Javier
       Fernandez-Sanguino <>

       This program is free software; you can redistribute it and/or modify it under the terms of
       the  GNU  General  Public  License  as  published  by the Free Software Foundation; either
       version 2, or (at your option) any later version.

       On  Debian  systems,  a  copy  of  the  GNU  General  Public  License  may  be  found   in