checkrestart

Check for processes using deleted libraries

$ sudo checkrestart

$ sudo checkrestart -v

$ sudo checkrestart -p [package_name]

$ sudo checkrestart -a

$ sudo checkrestart -m

checkrestart [options]

checkrestart identifies processes that are still using old (deleted) versions of libraries after upgrades. When system libraries are updated, running processes continue using the old versions loaded in memory. This tool finds these processes so they can be restarted to use the new libraries.
After package updates, especially security patches, critical services may still run vulnerable code until restarted. checkrestart scans **/proc/*/maps** for references to deleted library files and reports affected processes with suggested restart commands.
The tool integrates with system init systems to suggest appropriate service restart commands (systemctl restart, service restart). For non-service processes, it reports the process name and PID.

-v, --verbose

Verbose output showing detailed information.

Check only specific package.

Show all processes, not just services.

Machine-readable output format.

Disable pager for output.

Display help information.

Requires root privileges to scan all processes. Some processes may be difficult to restart safely (X server, session manager). The tool cannot detect all cases where restart is needed. Kernel updates require a full reboot, not just process restart.

checkrestart is part of the debian-goodies package, a collection of utilities for Debian systems. It was created to help system administrators identify which services need restarting after library updates, a common concern in security-conscious environments. Similar functionality exists in other tools like needs-restarting in the Red Hat ecosystem.

needrestart(1), lsof(8), apt(8), needs-restarting(1)