우분투(ubuntu 22.04)에서 needrestart를 설치하고 사용하는 방법
needrestart은 Ubuntu 시스템에서 시스템을 다시 시작해야 하는 경우를 확인하고 관리하기 위한 유틸리티입니다. 이 도구는 시스템에 설치된 패키지 업데이트, 라이브러리 변경 또는 커널 업데이트와 관련하여 시스템을 재시작해야 하는지 여부를 확인합니다. 그런 다음 필요한 경우 시스템을 다시 시작하도록 안내합니다.
테스트 환경
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
1. needrestart 설치
needrestart 데몬은 needrestart 패키지를 설치하여 사용할 수 있습니다.
sudo apt update
sudo apt install needrestart
2. needrestart 서비스 활성화
needrestart 데몬은 시스템 부팅 시 실행되도록 활성화해야 합니다.
sudo systemctl enable needrestart
3. needrestart 서비스 시작
needrestart 데몬을 실행합니다.
sudo systemctl start needrestart
4. needrestart 설정 파일 확인 (선택 사항)
needrestart의 동작을 구성하기 위한 설정 파일은 /etc/needrestart/needrestart.conf입니다. 설정 파일을 필요에 따라 수정할 수 있습니다.
sudo vim /etc/needrestart/needrestart.conf
5. needrestart 데몬 상태 확인
needrestart 데몬이 정상적으로 동작하는지 확인합니다.
sudo systemctl status needrestart
6. needrestart 실행 및 확인
needrestart 데몬은 시스템 부팅 중에 자동으로 실행되며, 필요에 따라 시스템을 다시 시작하도록 알림을 제공합니다.
needrestart를 수동으로 실행하여 현재 상태를 확인하려면 다음 명령을 사용합니다.
sudo needrestart
7. 재부팅 (필요한 경우)
needrestart가 재부팅이 필요하다고 알려주는 경우 필요한 조치를 취한 후 시스템을 재부팅합니다.
needrestart 데몬을 사용하여 Ubuntu 시스템에서 재부팅이 필요한지 확인하고 관리하면 시스템을 최신 상태로 유지하고 보안 및 구성 변경사항을 적용할 수 있습니다.
Ubuntu 22.04LTS 버전은 apt install or update package를 실행할 때 needrestart 팝업 화면과 함께 화면이 뜹니다.
Which services should be restarted?(어떤 서비스를 다시 시작해야 하나요?)
needrestart - 라이브러리 업데이트 후 데몬 다시 시작
패키지 업그레이드/설치 후 needrestart를 호출하고 보류 중인 서비스 다시 시작을 확인합니다. 설치 중 오류가 없는 경우에만 트리거되어야 합니다.
needrestart.conf 구성 파일 확인
vim /etc/needrestart/needrestart.conf
---
cat /etc/needrestart/needrestart.conf
# needrestart - Restart daemons after library updates.
#
# This is the configuration file of needrestart. This is perl syntax.
# needrestart uses reasonable default values, you might not need to
# change anything.
#
# Verbosity:
# 0 => quiet
# 1 => normal (default)
# 2 => verbose
#$nrconf{verbosity} = 2;
# Path of the package manager hook scripts.
#$nrconf{hook_d} = '/etc/needrestart/hook.d';
# Path of user notification scripts.
#$nrconf{notify_d} = '/etc/needrestart/notify.d';
# Path of restart scripts.
#$nrconf{restart_d} = '/etc/needrestart/restart.d';
# Disable sending notifications to user sessions running obsolete binaries
# using scripts from $nrconf{notify_d}.
#$nrconf{sendnotify} = 0;
# If needrestart detects systemd it assumes that you use systemd's pam module.
# This allows needrestart to easily detect user session. In case you use
# systemd *without* pam_systemd.so you should set has_pam_systemd to false
# to enable legacy session detection!
#$nrconf{has_pam_systemd} = 0;
# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
#
# ATTENTION: If needrestart is configured to run in interactive mode but is run
# non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
#
#$nrconf{restart} = 'i';
# Use preferred UI package.
#$nrconf{ui} = 'NeedRestart::UI::stdio';
# Change default answer to 'no' in (i)nteractive mode.
#$nrconf{defno} = 1;
# Set UI mode to (e)asy or (a)dvanced.
#$nrconf{ui_mode} = 'e';
# Print a combined `systemctl restart` command line for skipped services.
#$nrconf{systemctl_combine} = 1;
# Blacklist binaries (list of regex).
$nrconf{blacklist} = [
# ignore sudo (not a daemon)
qr(^/usr/bin/sudo(\.dpkg-new)?$),
# ignore DHCP clients
qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$),
# ignore apt-get (Debian Bug#784237)
qr(^/usr/bin/apt-get(\.dpkg-new)?$),
];
# Blacklist services (list of regex) - USE WITH CARE.
# You should prefer to put services to $nrconf{override_rc} instead.
# Any service listed in $nrconf{blacklist_rc} will be ignored completely!
#$nrconf{blacklist_rc} = [
#];
# Override service default selection (hash of regex).
$nrconf{override_rc} = {
# DBus
qr(^dbus) => 0,
# display managers
qr(^gdm) => 0,
qr(^kdm) => 0,
qr(^nodm) => 0,
qr(^sddm) => 0,
qr(^wdm) => 0,
qr(^xdm) => 0,
qr(^lightdm) => 0,
qr(^slim) => 0,
qr(^lxdm) => 0,
# networking stuff
qr(^bird) => 0,
qr(^network) => 0,
qr(^NetworkManager) => 0,
qr(^ModemManager) => 0,
qr(^wpa_supplicant) => 0,
qr(^openvpn) => 0,
qr(^quagga) => 0,
qr(^frr) => 0,
qr(^tinc) => 0,
qr(^(open|free|libre|strong)swan) => 0,
qr(^bluetooth) => 0,
# gettys
qr(^getty@.+\.service) => 0,
# systemd --user
qr(^user@\d+\.service) => 0,
# misc
qr(^zfs-fuse) => 0,
qr(^mythtv-backend) => 0,
qr(^xendomains) => 0,
qr(^lxcfs) => 0,
qr(^libvirt) => 0,
qr(^virtlogd) => 0,
qr(^virtlockd) => 0,
qr(^docker) => 0,
# systemd stuff
# (see also Debian Bug#784238 & #784437)
qr(^emergency\.service$) => 0,
qr(^rescue\.service$) => 0,
qr(^elogind) => 0,
# do not restart oneshot services, see also #862840
qr(^apt-daily\.service$) => 0,
qr(^apt-daily-upgrade\.service$) => 0,
qr(^unattended-upgrades\.service$) => 0,
# do not restart oneshot services from systemd-cron, see also #917073
qr(^cron-.*\.service$) => 0,
# ignore rc-local.service, see #852864
qr(^rc-local\.service$) => 0,
# don't restart systemd-logind, see #798097
qr(^systemd-logind) => 0,
};
# Override container default selection (hash of regex).
$nrconf{override_cont} = {
};
# Disable interpreter scanners.
#$nrconf{interpscan} = 0;
# Ignore script files matching these regexs:
$nrconf{blacklist_interp} = [
# ignore temporary files
qr(^/tmp/),
qr(^/var/),
qr(^/run/),
];
# Ignore +x mapped files matching one of these regexs:
$nrconf{blacklist_mappings} = [
# special device paths
qr(^/(SYSV00000000( \(deleted\))?|drm(\s|$)|dev/)),
# ignore memfd mappings
qr(^/memfd:),
# aio(7) mapping
qr(^/\[aio\]),
# Oil Runtime Compiler's JIT files
qr#/orcexec\.[\w\d]+( \(deleted\))?$#,
# plasmashell (issue #65)
qr(/#\d+( \(deleted\))?$),
# Java Native Access (issues #142 #185)
qr#/jna\d+\.tmp( \(deleted\))?$#,
# temporary stuff
qr#^(/var)?/tmp/#,
qr#^(/var)?/run/#,
];
# Verify mapped files in filesystem:
# 0 : enabled
# -1: ignore non-existing files, workaround for chroots and broken grsecurity kernels (default)
# 1 : disable check completely, rely on content of maps file only
$nrconf{skip_mapfiles} = -1;
# Enable/disable hints on pending kernel upgrades:
# 1: requires the user to acknowledge pending kernels
# 0: disable kernel checks completely
# -1: print kernel hints to stderr only
#$nrconf{kernelhints} = -1;
# Filter kernel image filenames by regex. This is required on Raspian having
# multiple kernel image variants installed in parallel.
#$nrconf{kernelfilter} = qr(kernel7\.img);
# Enable/disable CPU microcode update hints:
# 1: requires the user to acknowledge pending updates
# 0: disable microcode checks completely
#$nrconf{ucodehints} = 0;
# Nagios Plugin: configure return code use by nagios
# as service status[1].
#
# [1] https://nagios-plugins.org/doc/guidelines.html#AEN78
#
# Default:
# 'nagios-status' => {
# 'sessions' => 1,
# 'services' => 2,
# 'kernel' => 2,
# 'ucode' => 2,
# 'containers' => 1
# },
#
# Example: to ignore outdated sessions (status OK)
# $nrconf{'nagios-status'}->{sessions} = 0;
# Read additional config snippets.
if(-d q(/etc/needrestart/conf.d)) {
foreach my $fn (sort </etc/needrestart/conf.d/*.conf>) {
print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbosity} > 1);
eval do { local(@ARGV, $/) = $fn; <>};
die "Error parsing $fn: $@" if($@);
}
}
---
# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
#
# ATTENTION: If needrestart is configured to run in interactive mode but is run non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
#
#$nrconf{restart} = 'i';
- list only : 재부팅이 필요한 서비스만 표시(l)
- interactive : 서비스별로 재시작이 필요한지 여부를 통지(i)
- automatically : 필요한 모든 서비스는 자동으로 다시 시작됨(a)
설정 변경
echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/needrestart.conf
needrestart 패키지
dpkg -l | grep needrestart
$ dpkg -l | grep needrestart
ii needrestart 3.5-5ubuntu2.1 all check which daemons need to be restarted after library upgrades
비대화형 실행
- -b (batch mode) : 사용자 입력 없이 자동으로 실행.
- -v (verbose mode) : 실행 과정의 자세한 정보를 출력.
needrestart -b -v
$ needrestart -b -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.5
[main] running in root mode
[main] systemd detected
[main] vm detected
NEEDRESTART-VER: 3.5
[main] #644 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[LXC] LXD installed via snap
[main] #644 is not a child
[main] #645 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #645 is not a child
[main] #647 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #647 is not a child
[main] #653 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #653 is not a child
[main] #691 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #691 is not a child
[main] #698 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #698 is not a child
[main] #702 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #702 is not a child
[main] #2955 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #2955 is not a child
[main] #644 exe => /usr/bin/python3.10
[Core] #644 is a NeedRestart::Interp::Python
[Core] #644 source is /usr/bin/networkd-dispatcher
[main] trying systemctl status
[main] #644 is networkd-dispatcher.service
[main] #645 exe => /usr/libexec/polkitd
[main] trying systemctl status
...
[main] inside container or vm, skipping microcode checks
[Kernel] Linux: kernel release 5.15.0-50-generic, kernel version #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022
[Kernel/Linux] /boot/vmlinuz.old => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] /boot/vmlinuz-5.15.0-50-generic => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] /boot/vmlinuz => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] Expected linux version: 5.15.0-50-generic
NEEDRESTART-KCUR: 5.15.0-50-generic
NEEDRESTART-KEXP: 5.15.0-50-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: ModemManager.service
NEEDRESTART-SVC: networkd-dispatcher.service
NEEDRESTART-SVC: packagekit.service
NEEDRESTART-SVC: polkit.service
NEEDRESTART-SVC: rsyslog.service
NEEDRESTART-SVC: ssh.service
NEEDRESTART-SVC: udisks2.service
NEEDRESTART-SVC: unattended-upgrades.service
참고URL
- https://blog.n-z.jp/blog/2022-04-22-needrestart.html
- https://gihyo.jp/admin/serial/01/ubuntu-recipe/0718
'리눅스' 카테고리의 다른 글
웹 서버에서 CORS 설정하는 방법 (0) | 2023.04.12 |
---|---|
[draft] JMeter를 설치하는 방법 (0) | 2023.04.11 |
우분투에서 PHP-FPM 최신(php-fpm 8.2) 버전 설치하기 (0) | 2023.04.10 |
우분투에서 NGINX의 최신 버전을 설치하는 방법 (0) | 2023.04.10 |
[리눅스] Jenkins 이용하여 Docker Image 만들기 (0) | 2023.04.08 |