Date: Fri, 4 Mar 2016 08:23:11 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Check which services/processes need restart after update Message-ID: <56D945EF.9080402@FreeBSD.org> In-Reply-To: <BF442EB7-5F98-4ABC-A000-A6C037BE8C9A@wellmann-engineering.eu> References: <BF442EB7-5F98-4ABC-A000-A6C037BE8C9A@wellmann-engineering.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XtRdFc7XMoxopOUmbGbF43XLj9GECAukC Content-Type: multipart/mixed; boundary="eIxXA93N4Swc95CSLanUdO8bKjMJCiEcb" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <56D945EF.9080402@FreeBSD.org> Subject: Re: Check which services/processes need restart after update References: <BF442EB7-5F98-4ABC-A000-A6C037BE8C9A@wellmann-engineering.eu> In-Reply-To: <BF442EB7-5F98-4ABC-A000-A6C037BE8C9A@wellmann-engineering.eu> --eIxXA93N4Swc95CSLanUdO8bKjMJCiEcb Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 03/03/2016 21:07, Walkenhorst, Benjamin wrote: > Only recently I was happy to discover that Debian has a tool called > checkrestart that checks which services need to be restarted after an > update. I thought that was very nice and now I am kind of wondering > if there is something comparable for FreeBSD. >=20 > freebsd-update tells you which files it is going to touch, and if pkg > upgrade replaces, say, apache, I kind of notice that too. >=20 > But it would be nice to check if some processes are still running the > obsolete/vulnerable version, maybe that long-running ssh-session or > something. >=20 > The cherry on top would be, of course, a tool that does this in a way > that can be automated, so I can e.g. send myself daily or weekly > reports. >=20 > So, does something along those lines exist? If not, can anyone give > me a hint on where to start working on it? >=20 I had some thoughts along those lines myself. You can tell what shared libraries and binaries have been re-installed by pkg(8) and you can see what shared libraries are mapped into running processes using procstat(1), which gets you 75% of the way there. The missing part is being able to work out that the running image of a binary or shared library has been overwritten in the filesystem. I suspect this last part will be fairly tricky -- I can't see how to approach it at all at the moment. Cheers, Matthew --eIxXA93N4Swc95CSLanUdO8bKjMJCiEcb-- --XtRdFc7XMoxopOUmbGbF43XLj9GECAukC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJW2UXvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATP3AP/R9iDpsadcU115mXXqI4GdpO CsyPqUPAngnqrscD591Pcled8c7PXmJtTXjVrBaqslIsu6k16ueOUX0TKbM1c3OD N529ma7I5nO28NLGyiSMXm2/MZD/ahwb1q+DApaiNEk/shrkq+yxSUzp6j+bDZ6b 96mlJXXiguaLMMTIP8aBX5n8/k0Q3InUJx4SnEk3bucA1he5PF+coEBih0ZrZros JokSBOw8zBKkRC2X0SGYpcUarH9jS6RpPTUOicmLJBzhA+DHQPJjlQAgK1oYi10+ f3RflnSeAT4md/W7WC0GWcqmv5XIc4wdhlFnF2vLG8VcD3DLXhKLo1DxDqTQ4xSS GqJch1xlQ8nEQmmOkC5y+wdbutRTZZJRFhNYUjD8tmNmx4Rl6IO/U0JiZXY6DqYh iFazBwMnjYhleEwULTH9iQxwqN3RefpY5qBnhtAhVWWMc/3/bzi69hXBsHrHHel2 CTXFFRrqN/mTRsraCjfAuviDNoBFdD/RBaOlgdPm3vXVybZpoDbYAbd/aZYL82aB egxHpbwHORfiVEgI933n32rQULy5D6rQO84pYM53JQ2er2BIB4ziHt0RqGAQKzCP 0/JwzTyqKsSXUAeJtjs6YPtV19/xqd2qOGBOSaMkBqAT9KmauRtTSHT6T7jVh0xT FJZhVbLcEtWCJDhC2VDR =GXbT -----END PGP SIGNATURE----- --XtRdFc7XMoxopOUmbGbF43XLj9GECAukC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56D945EF.9080402>