checkrestart.1

.\" checkrestart.1 - provide a list of processess that need to be restarted
.\" Copyright (C) 2006 Javier Fernandez-Sanguino
.\" Everybody is allowed to distribute this manual page,
.\" to modify it, and to distribute modifed versions of it.
.TH checkrestart 1 "December 19 2006" "debian\-goodies" "debian\-goodies"
.SH NAME
checkrestart \- check which processes need to be restarted after an upgrade
.SH SYNOPSIS
.B checkrestart [ -hvpa ] [ -b blacklist_file ] [ -i package_name ]
.SH DESCRIPTION
The
.B checkrestart
program tries to determine if there are processes in the system
that need to be restarted after a system upgrade. This is necessary since an upgrade
will usually install new system libraries and running processes will still be
using the old versions of the libraries. In \fIstable\fP Debian GNU/Linux
systems this is typically needed to eliminate a system exposure to a
vulnerability which might have been fixed by upgrading a library which that
process makes use of.

.P 
Consequently,
.B checkrestart
is sometimes used as an audit tool to find outdated versions of libraries in use,
particularly after security upgrades. Administrators should not, however, rely
on its output completely (see \fBBUGS\fP below).

.P 
This script needs to run as root in order to obtain the information it needs
for analysis.

.SH OPTIONS

.TP
.BI -h, --help
Show the program help and exit.

.TP
.BI -v, --verbose
Generate detailed output. This output includes the list of all
processes found using deleted files or descriptors as well as the deleted files
and descriptors found.

.TP
.BI -p, --package
Only process deleted files that belong to a package, ignoring deleted files
which do not have an associated package in the package system.

.TP
.BI -a, --all
Process all deleted files regardless of location. This makes 
the program analyse deleted files even if they would be discarded
because they are located in locations, such as 
.I /tmp
, which are known to produce false positives. It will take preceded if used
simultaneously with the 
.I -p
option.

.TP
.BI -b\ file, --blacklist=file
Read a blacklist of regular expressions from
.I file.
Any files matching the patterns will be ignored.

.TP
.BI -i\ name, --ignore=name
Ignore services that are associated to the package name provided in
.I name.

.SH EXIT STATUS

The program will exit with error (1) if a non-root user tries to run it. Otherwise,
it will always exit with error status 0.

.SH BUGS
This program might fail if the output of the \fIlsof\fP utility changes since it
depends on it to detect which deleted files are used by processes. It might
also output some false positives depending on the processes' behaviour since
it does not check yet if the (deleted) files in use are really libraries.

.P 
If you find a false positive in
.B checkrestart
please provide the following information when submitting a bug report:

.IP \(em
The output of \fBcheckrestart\fP using the \fI-v\fP (verbose) option.

.IP \(em
The output of running the following command as root:
.PP
        lsof | egrep 'delete|DEL|path inode'
.PP

.P
.B Checkrestart
is also sensitive to the kernel version in use. And might fail to work with newer
(or older) versions.

.P
A rewrite to make it less dependent on \fIlsof\fP could improve this, however.

.SH  SEE ALSO
.B lsof(8)

.SH AUTHOR

.B checkrestart
was written by Matt Zimmerman for the Debian
GNU/Linux distribution.

.SH COPYRIGHT AND LICENCE

Copyright (C) 2001 Matt Zimmerman <mdz@debian.org>
Copyright (C) 2007,2010-2011 Javier Fernandez-Sanguino <jfs@debian.org>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

On Debian systems, a copy of the GNU General Public License may be
found in /usr/share/common-licenses/GPL.