728x90
ubuntu 22.04 Daemons using outdated libraries
요구사항(requirements)
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
needrestart - 라이브러리 업데이트 후 데몬 다시 시작.
패키지 업그레이드/설치 후 needrestart를 호출하고 보류 중인 서비스 다시 시작을 확인합니다.
설치 중 오류가 없는 경우에만 트리거되어야 합니다.
Which services should be restarted?
cat /etc/needrestart/needrestart.conf
$ cat /etc/needrestart/needrestart.conf
# needrestart - Restart daemons after library updates.
#
# This is the configuration file of needrestart. This is perl syntax.
# needrestart uses reasonable default values, you might not need to
# change anything.
#
# Verbosity:
# 0 => quiet
# 1 => normal (default)
# 2 => verbose
#$nrconf{verbosity} = 2;
# Path of the package manager hook scripts.
#$nrconf{hook_d} = '/etc/needrestart/hook.d';
# Path of user notification scripts.
#$nrconf{notify_d} = '/etc/needrestart/notify.d';
# Path of restart scripts.
#$nrconf{restart_d} = '/etc/needrestart/restart.d';
# Disable sending notifications to user sessions running obsolete binaries
# using scripts from $nrconf{notify_d}.
#$nrconf{sendnotify} = 0;
# If needrestart detects systemd it assumes that you use systemd's pam module.
# This allows needrestart to easily detect user session. In case you use
# systemd *without* pam_systemd.so you should set has_pam_systemd to false
# to enable legacy session detection!
#$nrconf{has_pam_systemd} = 0;
# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
#
# ATTENTION: If needrestart is configured to run in interactive mode but is run
# non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
#
#$nrconf{restart} = 'i';
# Use preferred UI package.
#$nrconf{ui} = 'NeedRestart::UI::stdio';
# Change default answer to 'no' in (i)nteractive mode.
#$nrconf{defno} = 1;
# Set UI mode to (e)asy or (a)dvanced.
#$nrconf{ui_mode} = 'e';
# Print a combined `systemctl restart` command line for skipped services.
#$nrconf{systemctl_combine} = 1;
# Blacklist binaries (list of regex).
$nrconf{blacklist} = [
# ignore sudo (not a daemon)
qr(^/usr/bin/sudo(\.dpkg-new)?$),
# ignore DHCP clients
qr(^/sbin/(dhclient|dhcpcd5|pump|udhcpc)(\.dpkg-new)?$),
# ignore apt-get (Debian Bug#784237)
qr(^/usr/bin/apt-get(\.dpkg-new)?$),
];
# Blacklist services (list of regex) - USE WITH CARE.
# You should prefer to put services to $nrconf{override_rc} instead.
# Any service listed in $nrconf{blacklist_rc} will be ignored completely!
#$nrconf{blacklist_rc} = [
#];
# Override service default selection (hash of regex).
$nrconf{override_rc} = {
# DBus
qr(^dbus) => 0,
# display managers
qr(^gdm) => 0,
qr(^kdm) => 0,
qr(^nodm) => 0,
qr(^sddm) => 0,
qr(^wdm) => 0,
qr(^xdm) => 0,
qr(^lightdm) => 0,
qr(^slim) => 0,
qr(^lxdm) => 0,
# networking stuff
qr(^bird) => 0,
qr(^network) => 0,
qr(^NetworkManager) => 0,
qr(^ModemManager) => 0,
qr(^wpa_supplicant) => 0,
qr(^openvpn) => 0,
qr(^quagga) => 0,
qr(^frr) => 0,
qr(^tinc) => 0,
qr(^(open|free|libre|strong)swan) => 0,
qr(^bluetooth) => 0,
# gettys
qr(^getty@.+\.service) => 0,
# systemd --user
qr(^user@\d+\.service) => 0,
# misc
qr(^zfs-fuse) => 0,
qr(^mythtv-backend) => 0,
qr(^xendomains) => 0,
qr(^lxcfs) => 0,
qr(^libvirt) => 0,
qr(^virtlogd) => 0,
qr(^virtlockd) => 0,
qr(^docker) => 0,
# systemd stuff
# (see also Debian Bug#784238 & #784437)
qr(^emergency\.service$) => 0,
qr(^rescue\.service$) => 0,
qr(^elogind) => 0,
# do not restart oneshot services, see also #862840
qr(^apt-daily\.service$) => 0,
qr(^apt-daily-upgrade\.service$) => 0,
qr(^unattended-upgrades\.service$) => 0,
# do not restart oneshot services from systemd-cron, see also #917073
qr(^cron-.*\.service$) => 0,
# ignore rc-local.service, see #852864
qr(^rc-local\.service$) => 0,
# don't restart systemd-logind, see #798097
qr(^systemd-logind) => 0,
};
# Override container default selection (hash of regex).
$nrconf{override_cont} = {
};
# Disable interpreter scanners.
#$nrconf{interpscan} = 0;
# Ignore script files matching these regexs:
$nrconf{blacklist_interp} = [
# ignore temporary files
qr(^/tmp/),
qr(^/var/),
qr(^/run/),
];
# Ignore +x mapped files matching one of these regexs:
$nrconf{blacklist_mappings} = [
# special device paths
qr(^/(SYSV00000000( \(deleted\))?|drm(\s|$)|dev/)),
# ignore memfd mappings
qr(^/memfd:),
# aio(7) mapping
qr(^/\[aio\]),
# Oil Runtime Compiler's JIT files
qr#/orcexec\.[\w\d]+( \(deleted\))?$#,
# plasmashell (issue #65)
qr(/#\d+( \(deleted\))?$),
# Java Native Access (issues #142 #185)
qr#/jna\d+\.tmp( \(deleted\))?$#,
# temporary stuff
qr#^(/var)?/tmp/#,
qr#^(/var)?/run/#,
];
# Verify mapped files in filesystem:
# 0 : enabled
# -1: ignore non-existing files, workaround for chroots and broken grsecurity kernels (default)
# 1 : disable check completely, rely on content of maps file only
$nrconf{skip_mapfiles} = -1;
# Enable/disable hints on pending kernel upgrades:
# 1: requires the user to acknowledge pending kernels
# 0: disable kernel checks completely
# -1: print kernel hints to stderr only
#$nrconf{kernelhints} = -1;
# Filter kernel image filenames by regex. This is required on Raspian having
# multiple kernel image variants installed in parallel.
#$nrconf{kernelfilter} = qr(kernel7\.img);
# Enable/disable CPU microcode update hints:
# 1: requires the user to acknowledge pending updates
# 0: disable microcode checks completely
#$nrconf{ucodehints} = 0;
# Nagios Plugin: configure return code use by nagios
# as service status[1].
#
# [1] https://nagios-plugins.org/doc/guidelines.html#AEN78
#
# Default:
# 'nagios-status' => {
# 'sessions' => 1,
# 'services' => 2,
# 'kernel' => 2,
# 'ucode' => 2,
# 'containers' => 1
# },
#
# Example: to ignore outdated sessions (status OK)
# $nrconf{'nagios-status'}->{sessions} = 0;
# Read additional config snippets.
if(-d q(/etc/needrestart/conf.d)) {
foreach my $fn (sort </etc/needrestart/conf.d/*.conf>) {
print STDERR "$LOGPREF eval $fn\n" if($nrconf{verbosity} > 1);
eval do { local(@ARGV, $/) = $fn; <>};
die "Error parsing $fn: $@" if($@);
}
}
# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
#
# ATTENTION: If needrestart is configured to run in interactive mode but is run non-interactive (i.e. unattended-upgrades) it will fallback to list only mode.
#
#$nrconf{restart} = 'i';
- list only : 재부팅이 필요한 서비스만 표시(l)
- interactive : 서비스별로 재시작이 필요한지 여부를 통지(i)
- automatically : 필요한 모든 서비스는 자동으로 다시 시작됨(a)
설정 변경
echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/needrestart.conf
needrestart 패키지
dpkg -l | grep needrestart
$ dpkg -l | grep needrestart
ii needrestart 3.5-5ubuntu2.1 all check which daemons need to be restarted after library upgrades
needrestart -b -v
$ needrestart -b -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.5
[main] running in root mode
[main] systemd detected
[main] vm detected
NEEDRESTART-VER: 3.5
[main] #644 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[LXC] LXD installed via snap
[main] #644 is not a child
[main] #645 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #645 is not a child
[main] #647 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #647 is not a child
[main] #653 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #653 is not a child
[main] #691 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #691 is not a child
[main] #698 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #698 is not a child
[main] #702 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #702 is not a child
[main] #2955 uses deleted /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
[main] #2955 is not a child
[main] #644 exe => /usr/bin/python3.10
[Core] #644 is a NeedRestart::Interp::Python
[Core] #644 source is /usr/bin/networkd-dispatcher
[main] trying systemctl status
[main] #644 is networkd-dispatcher.service
[main] #645 exe => /usr/libexec/polkitd
[main] trying systemctl status
...
[main] inside container or vm, skipping microcode checks
[Kernel] Linux: kernel release 5.15.0-50-generic, kernel version #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022
[Kernel/Linux] /boot/vmlinuz.old => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] /boot/vmlinuz-5.15.0-50-generic => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] /boot/vmlinuz => 5.15.0-50-generic (buildd@lcy02-amd64-086) #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022 [5.15.0-50-generic]*
[Kernel/Linux] Expected linux version: 5.15.0-50-generic
NEEDRESTART-KCUR: 5.15.0-50-generic
NEEDRESTART-KEXP: 5.15.0-50-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: ModemManager.service
NEEDRESTART-SVC: networkd-dispatcher.service
NEEDRESTART-SVC: packagekit.service
NEEDRESTART-SVC: polkit.service
NEEDRESTART-SVC: rsyslog.service
NEEDRESTART-SVC: ssh.service
NEEDRESTART-SVC: udisks2.service
NEEDRESTART-SVC: unattended-upgrades.service
참고URL
- https://blog.n-z.jp/blog/2022-04-22-needrestart.html
- https://gihyo.jp/admin/serial/01/ubuntu-recipe/0718
728x90
'리눅스' 카테고리의 다른 글
웹 서버에서 CORS 설정하는 방법 (0) | 2023.04.12 |
---|---|
JMeter를 설치하는 방법 (0) | 2023.04.11 |
우분투에서 PHP-FPM 최신(php-fpm 8.2) 버전 설치하기 (0) | 2023.04.10 |
우분투에서 NGINX 최신(안정 버전) 버전 설치하기 (0) | 2023.04.10 |
[리눅스] Jenkins 이용하여 Docker Image 만들기 (0) | 2023.04.08 |