Check which services/processes need restart after update
Matthew Seaman
matthew at FreeBSD.org
Fri Mar 4 08:23:15 UTC 2016
On 03/03/2016 21:07, Walkenhorst, Benjamin wrote:
> Only recently I was happy to discover that Debian has a tool called
> checkrestart that checks which services need to be restarted after an
> update. I thought that was very nice and now I am kind of wondering
> if there is something comparable for FreeBSD.
>
> freebsd-update tells you which files it is going to touch, and if pkg
> upgrade replaces, say, apache, I kind of notice that too.
>
> But it would be nice to check if some processes are still running the
> obsolete/vulnerable version, maybe that long-running ssh-session or
> something.
>
> The cherry on top would be, of course, a tool that does this in a way
> that can be automated, so I can e.g. send myself daily or weekly
> reports.
>
> So, does something along those lines exist? If not, can anyone give
> me a hint on where to start working on it?
>
I had some thoughts along those lines myself. You can tell what shared
libraries and binaries have been re-installed by pkg(8) and you can see
what shared libraries are mapped into running processes using
procstat(1), which gets you 75% of the way there. The missing part is
being able to work out that the running image of a binary or shared
library has been overwritten in the filesystem. I suspect this last
part will be fairly tricky -- I can't see how to approach it at all at
the moment.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160304/efe18948/attachment.sig>
More information about the freebsd-questions
mailing list