Check for a required reboot on Debian and Ubuntu systems

Required restart required?

Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot?

Screenshot of a system restart required needed on Ubuntu system

Required reboot

Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive data or allow unauthorized access to the software or system. These type of bugs are called vulnerabilities.

Tracking which servers need a required reboot is important to properly solve vulnerabilities. Installing a software update is a first good step, but sometimes more is needed. For most software the restart of the related software processes is sufficient. For others, a system reboot is needed. Especially with weaknesses in the kernel or related to global components (e.g. Glibc, OpenSSL).

Fortunately, we can check if a reboot is needed. If the file /var/run/reboot-required.pkgs exists, then one or more processes require a full reboot. The file won’t show process names, but the related packages.

root@system:/root# cat /var/run/reboot-required.pkgs

In this example we see the file exists and contains an update to the SSL library used by the Linux kernel. Since not all libraries can be reloaded that easily, the system has a reboot required.

Screenshot of /var/run/reboot-required.pkgs

Both files will be automatically deleted by the system after a reboot.


Most system administrators love to automate everything. This process of monitoring can be automated as well. Tools like Lynis will check for the presence of /var/run/reboot-required.pkgs and list which packages are inside the file. Since a kernel reboot is important, it will create a warning event and display this in the report. Monitoring which servers now need a reboot has become much easier.

Another possibility is to add this check to your network and system monitoring tools as well. With some basic scripting, the check can be implemented easily.

Automatic reboot

For people who really love the next level of automation (and love some risk), they could automatically schedule a reboot event. If the file has been found, create a one-time event to reboot the system with your favorite configuration management tool (like Cfengine, Chef or Puppet).

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package

Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.