[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Checking for services to be restarted on a default Debian installation

Hi all,

When using APT to install security updates, by default services using the 
upgraded libraries are not restarted. Take for example openssl updates: merely 
doing apt-get update && apt-get upgrade is not enough to be safe: you also 
need to restart Apache, Postfix, ...

Although well-trained admins will know this and take appropriate measures, not 
everyone will be aware of this. It gets even more confusting as a few packages 
implement some kind of service restarting logic, while the majority doesn't.

I think it would help the security of the average Debian system if some tool 
to restart services after package upgrades was installed by default. There's 
"checkrestart" from debian-goodies, but since Jessie also the a bit more 
modern "needrestart" in its own package. I've been running the latter on a few 
systems for a while now and am satisfied with how it works.

My questions to this list:
- Do people agree that this would be something that's good to have in a 
default installation? Are there drawbacks?
- If agreed, how would we approach this? I have to admit that I do not know 
who decides what is part of a default install or where this is implemented.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: