needrestart

List outdated processes

$ needrestart

$ sudo needrestart

$ needrestart -[v|q]

$ needrestart -k

$ needrestart -w

$ needrestart -b

$ needrestart -c [path/to/config]

$ needrestart --help

needrestart [options]

-r
    Specifies the restart mode. Possible modes: `a` (automatic restart), `i` (interactive restart), `l` (list processes only), `N` (no restart, exit 0 if nothing to do).

-k
    Specifies the kernel upgrade mode. Similar to -r for kernel-related actions.

-c
    Specifies an alternative configuration file path.

-v
    Enables verbose output, providing more detailed information about the scanning process.

-s
    Enables silent mode, suppressing most output unless an action is required or an error occurs.

-p
    Provides plain output, suitable for scripting or parsing, without interactive prompts.

-L
    Sets the logging level. For example: `debug`, `info`, `warn`, `error`.

-Z
    Checks for and reports zombied processes.

-b
    Checks for processes still running from deleted binaries.

-u
    Checks for processes with outdated userland libraries.

needrestart is a Linux utility that identifies running processes which are using outdated versions of shared libraries or kernel modules. This typically occurs after a system upgrade where core libraries (like `libc`) or the kernel itself have been updated, but the running processes continue to use the older, in-memory versions. Failing to restart these processes can leave a system vulnerable to security issues addressed by the updates, or lead to instability.

The command scans active processes, comparing their loaded shared libraries against the versions available on disk. If a discrepancy is found, needrestart reports the affected process. It does not automatically restart services unless explicitly instructed, providing administrators with control over critical service availability. It's an essential tool for maintaining system security and stability post-upgrade, especially in server environments where reboots are minimized.

needrestart primarily identifies processes needing restarts; it does not force restarts by default. While highly effective, it might not detect all complex cases, especially with applications that dynamically load libraries in non-standard ways. Automated restart options (`-r a`) should be used with caution, as they can disrupt services without confirmation. It relies on `procfs` information, which might have limitations for some process types.

A common usage pattern is running `needrestart -r i` immediately after performing a system upgrade with `apt upgrade`. The `-r i` option allows interactive selection of services to restart, providing granular control. needrestart identifies outdated libraries by comparing the `inode` numbers and modification times of loaded shared objects (found via `/proc//maps` or `/proc//smaps`) against their corresponding files on the filesystem. If the loaded library's `inode` differs from the on-disk version, or if the on-disk version is newer, the process is flagged as needing a restart. This mechanism helps ensure that security patches and bug fixes are fully applied to all running components.

needrestart gained prominence, particularly within Debian and Ubuntu ecosystems, as a response to the common challenge of ensuring system integrity and security after applying package updates. Prior to its widespread adoption, administrators often had to guess which services required restarting or perform full system reboots. needrestart automates the identification process, making system maintenance more efficient and less disruptive, especially in server environments. It has evolved to handle various scenarios, including kernel updates and processes running from deleted binaries.

apt(8), apt-get(8), dpkg(8), systemctl(1), lsof(8), ldd(1)