BTW: Upgrading might not be enough…
After upgrading (up2date, yum, apt, …) my Linux systems, I check with lsof to see if any processes needs a restart…
Why?
Because, running processes might still be using old libraries and binaries etc, and would need a restart to use the new ones…
So… You might be vulnerable, even if you do install security updates regularly…
On older versions of lsof, I used to issue: lsof +L1|grep DEL
This does not seem to be sufficient on newer versions of lsof… Might be a bug?
After searching the web for information for an easier or better way of doing this, I found little… I even did not find any good info on the way I am used of doing it… If you have a smarter way of checking this, I would love to hear from you…
Here are some references to what I found:
* A bugzilla thread on redhat.com. It also has a script for redhat based systems.
* Debian/Ubuntu based systems comes with debian-goodies… apt-get install debian-goodies
and then you can use checkrestart. Which checks for programs that needs restart 🙂
To manually check, here are some commands you can issue, depending on your version of lsof.
# lsof -n +L | grep -w DEL | egrep -v ” (/dev|/SYSV|/tmp)”
# lsof -n | grep “path inode=”
# lsof -n +L1 | egrep -w “txt|mem” | grep -v ” /SYSV”
# lsof -n +L | grep -w DEL | egrep -v ” (/dev|/SYSV|/tmp) ”
Hope you make this check a habit after updating your servers…
Some points to consider:
To increase performance, RHEL servers run “prelink” from /etc/cron.daily/prelink, which will introduce changes in libraries and binaries. This will change checksums and inode numbers of these files. To disable prelink running, change “/etc/sysconfig/prelink”
If you’re running “lsof” on Linux, you can add the -X switch, which will cause “lsof” to not look up network connections. This may, on a busy web server, reduce “lsof” run time from 2-3 minutes to 2-3 seconds.
LikeLike