Join the community today
Become a Member

Security Reboot Required

Discussion in 'System Administration' started by BamaStangGuy, Jul 7, 2017.

  1. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    10:49 AM
    When using YUM to update packages how do you know if a reboot is required? We use Kernel Care and haven't rebooted one of our servers in 73 days now. Is this healthy?
     
  2. eva2000

    eva2000 Administrator Staff Member

    31,027
    6,928
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,434
    Local Time:
    2:49 AM
    Nginx 1.13.x
    MariaDB 5.5
    Kernel updates without KernelCare do usually require rebooting. But the update version's change log or official site's version release announcement would mention it. And usually some common and crucial library updates which other software has dependencies would require restarts i.e. openssh, openssl system package, glibc, libssh2

    i.e.
    Sometimes reboot isn't required just restarting the service(s) which has dependencies on the updated libraries i.e. openssl would usually relate to sshd services and nginx and php too. Can use lsof command to list open files 10 lsof Command Examples in Linux

    or ldd to find libraries used by binaries i.e. nginx binary's libraries
    Code (Text):
    ldd $(which nginx)
            linux-vdso.so.1 =>  (0x00007ffeed927000)
            librt.so.1 => /lib64/librt.so.1 (0x00007f04a98c4000)
            libjemalloc.so.1 => /lib64/libjemalloc.so.1 (0x00007f04a968f000)
            libdl.so.2 => /lib64/libdl.so.2 (0x00007f04a948b000)
            libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f04a926f000)
            libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f04a9037000)
            libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f04a8e05000)
            libc.so.6 => /lib64/libc.so.6 (0x00007f04a8a44000)
            /lib64/ld-linux-x86-64.so.2 (0x00007f04a9adc000)
            libfreebl3.so => /lib64/libfreebl3.so (0x00007f04a8840000)
    

    i.e. for libcrypt.so.1 for glibc-devel RPM package
    Code (Text):
    yum provides *lib64/libcrypt.so.1 -q
    glibc-2.17-157.el7.x86_64 : The GNU libc libraries
    Repo        : base
    Matched from:
    Filename    : /lib64/libcrypt.so.1
    
    glibc-2.17-157.el7_3.1.x86_64 : The GNU libc libraries
    Repo        : updates
    Matched from:
    Filename    : /lib64/libcrypt.so.1
    
    glibc-2.17-157.el7_3.2.x86_64 : The GNU libc libraries
    Repo        : updates
    Matched from:
    Filename    : /lib64/libcrypt.so.1
    
    glibc-2.17-157.el7_3.4.x86_64 : The GNU libc libraries
    Repo        : updates
    Matched from:
    Filename    : /lib64/libcrypt.so.1
    
    glibc-2.17-157.el7_3.4.x86_64 : The GNU libc libraries
    Repo        : @updates
    Matched from:
    Filename    : /lib64/libcrypt.so.1
    

    for /lib64/libfreebl3.so for nss-softokn-freebl-3 RPM package
    Code (Text):
    yum provides */lib64/libfreebl3.so -q
    nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 : Freebl library for the Network Security Services
    Repo        : base
    Matched from:
    Filename    : /usr/lib64/libfreebl3.so
    
    nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 : Freebl library for the Network Security Services
    Repo        : @anaconda
    Matched from:
    Filename    : /usr/lib64/libfreebl3.so
    
    

    Yes that does mean alot of reading :D
     
    Last edited: Jul 7, 2017