/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Security Reboot Required

Discussion in 'System Administration' started by BamaStangGuy, Jul 7, 2017.

Previous Thread Next Thread
Loading...
  1. Jul 7, 2017 #1
    BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    7:15 AM
    When using YUM to update packages how do you know if a reboot is required? We use Kernel Care and haven't rebooted one of our servers in 73 days now. Is this healthy?
     
  2. Jul 7, 2017 #2
    eva2000

    eva2000 Administrator Staff Member

    55,229
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,831
    Local Time:
    10:15 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Kernel updates without KernelCare do usually require rebooting. But the update version's change log or official site's version release announcement would mention it. And usually some common and crucial library updates which other software has dependencies would require restarts i.e. openssh, openssl system package, glibc, libssh2

    i.e.
    Sometimes reboot isn't required just restarting the service(s) which has dependencies on the updated libraries i.e. openssl would usually relate to sshd services and nginx and php too. Can use lsof command to list open files 10 lsof Command Examples in Linux

    or ldd to find libraries used by binaries i.e. nginx binary's libraries
    Code (Text):
    ldd $(which nginx)
        linux-vdso.so.1 =>  (0x00007ffeed927000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f04a98c4000)
        libjemalloc.so.1 => /lib64/libjemalloc.so.1 (0x00007f04a968f000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f04a948b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f04a926f000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f04a9037000)
        libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f04a8e05000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f04a8a44000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f04a9adc000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f04a8840000)

    i.e. for libcrypt.so.1 for glibc-devel RPM package
    Code (Text):
    yum provides *lib64/libcrypt.so.1 -q
glibc-2.17-157.el7.x86_64 : The GNU libc libraries
Repo        : base
Matched from:
Filename    : /lib64/libcrypt.so.1

glibc-2.17-157.el7_3.1.x86_64 : The GNU libc libraries
Repo        : updates
Matched from:
Filename    : /lib64/libcrypt.so.1

glibc-2.17-157.el7_3.2.x86_64 : The GNU libc libraries
Repo        : updates
Matched from:
Filename    : /lib64/libcrypt.so.1

glibc-2.17-157.el7_3.4.x86_64 : The GNU libc libraries
Repo        : updates
Matched from:
Filename    : /lib64/libcrypt.so.1

glibc-2.17-157.el7_3.4.x86_64 : The GNU libc libraries
Repo        : @updates
Matched from:
Filename    : /lib64/libcrypt.so.1

    for /lib64/libfreebl3.so for nss-softokn-freebl-3 RPM package
    Code (Text):
    yum provides */lib64/libfreebl3.so -q
nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 : Freebl library for the Network Security Services
Repo        : base
Matched from:
Filename    : /usr/lib64/libfreebl3.so

nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 : Freebl library for the Network Security Services
Repo        : @anaconda
Matched from:
Filename    : /usr/lib64/libfreebl3.so

    Yes that does mean alot of reading :D
     
    Last edited: Jul 7, 2017
Previous Thread Next Thread
Loading...

.