How to check if your Arch Linux system needs a reboot

Arch Linux reboots

How to check if a reboot is needed

By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk.

Running kernel

One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version.

[root@archlinux ~]# uname -r
3.17.4-1-ARCH

Kernel on disk

Checking the latest kernel on disk is almost as easy. In this case we have to analyze the /boot/vmlinuz-linux file, which is the default file name for the Linux kernel on Arch Linux.

The file utility can discover the contents of the file and determine that is indeed the kernel.

[root@archlinux ~]# file /boot/vmlinuz-linux
/boot/vmlinuz-linux: Linux kernel x86 boot executable bzImage, version 3.17.4-1-ARCH (builduser@tobias) #1 SMP PREEMPT Fri Nov 21 21:1, RO-rootFS, swap_dev 0x3, Normal VGA

The interesting part in this case is the kernel version, which is behind the “version” keyword. In this case both the running kernel and kernel on disk are the same, so no reboot is needed.

Monitoring

If you want to automate the reboot check, we can parse the output of the uname and file commands. The small snippet below will help in performing the related check.

#!/bin/sh
NEXTLINE=0
FIND=""
for I in `file /boot/vmlinuz*`; do
  if [ ${NEXTLINE} -eq 1 ]; then
    FIND="${I}"
    NEXTLINE=0
   else
    if [ "${I}" = "version" ]; then NEXTLINE=1; fi
  fi
done
if [ ! "${FIND}" = "" ]; then
  CURRENT_KERNEL=`uname -r`
  if [ ! "${CURRENT_KERNEL}" = "${FIND}" ]; then
    echo "Boot required"
  fi
fi

Use case

Testing if systems need a reboot is especially useful as part of your software patch management strategy. In our case we have embedded this test in our auditing tool Lynis, which determines for several Linux distributions if the system needs a reboot.

 

Updated (January 2015): changed script

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

9 comments

  • AlexAlex

    1. Without resetting NEXTLINE to something other than 1 after setting the FIND value to the kernel vesion, the script as written will loop through the rest of the line and set the FIND variable to the last value of the line.
    After FIND=”${I}”, add the line NEXTLINE=0, and it works.

    2. For use on a new-ish install of Manjaro, change the “file /boot/vmlinuz-linux” to “/boot/vmlinuz*”.

    Thanks

    Reply
  • Shadow_ReaperShadow_Reaper

    Thanks for sharing! Aniway since the 4.0 kernel this won’t be necessary since it is updated on the go, without needing to reboot the machine.

    Reply
    • The reboot might not be needed at that time, but it will take years.

      Reply
      • Alan RobertsonAlan Robertson

        Also check the taint flags in /proc for reboot status.

        Reply
    • MorbidMorbid

      For me pendrives still don’t work after a kernel update, so it’s still useful for automatic updates for family’s PCs I manage.

      Reply
  • Don PiotrDon Piotr

    On Raspberry Pi ‘file’ command doesn’t say which kernel version is installed.
    As alternative I use this:
    pacman -Q | grep linux-raspberrypi

    Reply
  • JSJS

    retval=$(uname -r)
    file /boot/vmlinuz-linux | grep $retval
    if [[ $? -ne 0 ]]; then
    echo “reboot needed”
    fi

    Reply
  • flipoukflipouk

    if ! file /boot/vmlinuz-linux-lts | grep -q $(uname -r)
    then
    echo “reboot needed”
    fi

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.