Hi Antoine,


On Mon, 15 Apr 2019, Antoine Beaupre wrote:

Package: needrestart
Version: 2.11-3+deb9u1

I wonder which Debian release is in use. The system information section looks like testing but needrestart 2.11 is from stretch.


The recent libssh2 upgrade wasn't correctly flagged by needrestart:
some proceses were marked as need a restart, but others, specifically
those running under the ruby interpreter, were not. Here's what our
homegrown system has detected for those:

root@gitlab-01:/etc/nagios/nrpe.d# /usr/lib/nagios/plugins/dsa-check-libs --verbose 
2>&1 | grep -a -v /log/
Running /usr/bin/lsof -F0 -n
[snip]
Needrestart finds nothing of the sort:

Using lsof alone does not tell if the library is mapped executable (read access on deleted files is ignored by needrestart intentional). Can you please check if those files are mapped executable in /proc/$PID/maps?


root@gitlab-01:/etc/nagios/nrpe.d# needrestart -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.3
[main] running in root mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[Core] #843 is a NeedRestart::Interp::Python
[Python] #843: source=/usr/bin/fail2ban-server
[Core] #882 is a NeedRestart::Interp::Ruby
[Ruby] #882: 
source=/srv/dip.torproject.org/home/gitlab/vendor/bundle/ruby/2.3.0/bin/mail_room
[main] #883 uses deleted /usr/lib/x86_64-linux-gnu/libssh2.so.1.0.1
[main] #883 is a child of #745
[Core] #31644 is a NeedRestart::Interp::Ruby
[Ruby] #31644: source file '' not found, skipping
[Ruby] #31644:  reduced ARGV:
[Core] #31669 is a NeedRestart::Interp::Ruby
[Ruby] #31669: source file '' not found, skipping
[Ruby] #31669:  reduced ARGV:
[Core] #31671 is a NeedRestart::Interp::Ruby
[Ruby] #31671: source file '' not found, skipping
[Ruby] #31671:  reduced ARGV:
[Core] #31675 is a NeedRestart::Interp::Ruby
[Ruby] #31675: source file '' not found, skipping
[Ruby] #31675:  reduced ARGV:
[Core] #31677 is a NeedRestart::Interp::Ruby
[Ruby] #31677: source file '' not found, skipping
[Ruby] #31677:  reduced ARGV:
[main] #745 exe => /lib/systemd/systemd
[main] #745 part of user manager service: uid=1504

This looks OK for me. The PID 883 uses a old libssh2 but belongs to a user session of uid 1504. The ruby instances seems not to have libssh2 mapped executable - so they are not reported.


It also seem to fail to find the source code for those files... The
"homegrown" tool is actually the one used by DSA to check for upgrades
through nagios:

Needrestart tries to get the source file from the cmdline which may fail and break the interpreter heuristic which looks for outdated source files. The library detection is done before and not affected by the missing source files.



HTH,
Thomas


https://salsa.debian.org/dsa-team/mirror/dsa-nagios/blob/master/dsa-nagios-checks/checks/dsa-check-libs

It uses lsof to look at opened files...

-- Package-specific info:
needrestart output:

checkrestart output:


-- System Information:
Debian Release: buster/sid
 APT prefers testing
 APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages needrestart depends on:
ii  binutils                   2.31.1-15
ii  dpkg                       1.19.6
ii  gettext-base               0.19.8.1-9
ii  libintl-perl               1.26-2
ii  libmodule-find-perl        0.13-1
ii  libmodule-scandeps-perl    1.27-1
ii  libproc-processtable-perl  0.56-1
ii  libsort-naturally-perl     1.03-2
ii  libterm-readkey-perl       2.38-1
ii  perl                       5.28.1-6
ii  xz-utils                   5.2.4-1

Versions of packages needrestart recommends:
ii  libpam-systemd  241-3

Versions of packages needrestart suggests:
ii  iucode-tool    2.3.1-1
ii  libnotify-bin  0.7.7-4

-- debconf-show failed



--

    ::  WWW:                        https://fiasko-nw.net/~thomas/  ::
   :::  GnuPG: 0x49D0C2C3              mailto:tho...@fiasko-nw.net  :::
    ::  flickr:             https://www.flickr.com/photos/laugufe/  ::

Reply via email to