apt-get upgrade no service restart
Hi,
I manage several Debian systems and have a script in place that does a apt-get update and apt-get upgrade --dry-run each night and sends me a mail if it shows any package to be installed / upgraded.
Of course on all my systems (some Squeeze, most Wheezy) it showed the updates for openssl last week and I patches those systems.
For some reason it seems one system never got the libssl / openssl update listed until last night. This morning I got an email that it needed that update.
First question:
-----------------
How is it possible that one system will not see the update until last night when I have been running the update cycle each night and all my systems use the same uplink?
To make sure I install the latest updates I use a tiny script that does another apt-get update before it does apt-get upgrade.
Ok, so I logged in to the system and fired up my update script. It installed the update but..... to my surprise it did NOT restart the services that use libssl / openssl. :-(
See quoted text at the bottom. Checkrestrat showed me the services that needed to be restarted and I did that by hand but...
Second question:
---------------------
Why did the apt-get update NOT restart the services? How can I find out?
This system is a Wheezy system that started life as a Squeeze installation in case that may be relevant. However, I have more of those and they did not show this behavior.
-=-=-=-=-=-<quote>-=-=-=-=-=-=-=-=-
# apt-get upgrade
The following packages will be upgraded:
libssl1.0.0 openssl
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,954 kB of archives.
After this operation, 110 kB disk space will be freed.
Do you want to continue [Y/n]?
Get:1 http://security.debian.org/ wheezy/updates/main libssl1.0.0 amd64 1.0.1e-2+deb7u7 [1,255 kB]
Get:2 http://security.debian.org/ wheezy/updates/main openssl amd64 1.0.1e-2+deb7u7 [699 kB]
Fetched 1,954 kB in 42s (45.8 kB/s)
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 32528 files and directories currently installed.)
Preparing to replace libssl1.0.0:amd64 1.0.1e-2+deb7u6 (using .../libssl1.0.0_1.0.1e-2+deb7u7_amd64.deb) ...
Unpacking replacement libssl1.0.0:amd64 ...
Preparing to replace openssl 1.0.1e-2+deb7u6 (using .../openssl_1.0.1e-2+deb7u7_amd64.deb) ...
Unpacking replacement openssl ...
Processing triggers for man-db ...
Setting up libssl1.0.0:amd64 (1.0.1e-2+deb7u7) ...
Checking for services that may need to be restarted...done.
Checking init scripts...
Setting up openssl (1.0.1e-2+deb7u7) ...
linutr:~# checkrestart
Found 6 processes using old versions of upgraded files
(5 distinct programs)
(5 distinct packages)
Of these, 5 seem to contain init scripts which can be used to restart them:
The following packages seem to have init scripts that could be used
to restart them:
openssh-server:
2824 /usr/sbin/sshd
7369 /usr/sbin/sshd
snmpd:
15337 /usr/sbin/snmpd
ntp:
7452 /usr/sbin/ntpd
openvpn:
7321 /usr/sbin/openvpn
nagios-nrpe-server:
7522 /usr/sbin/nrpe
These are the init scripts:
service ssh restart
service snmpd restart
service ntp restart
service openvpn restart
service nagios-nrpe-server restart
-=-=-=-=-=-</quote>-=-=-=-=-=-=-=-=-
With kind regards,
Bonno Bloksma
tio
university of applied sciences
julianalaan 9 / 7553 ab hengelo / the netherlands
Reply to: