checkrestart [ -hvpa ] [ -b blacklist_file ] [ -i package_name ]


The checkrestart program tries to determine if there are processes in the system that need to be restarted after a system upgrade. This is necessary since an upgrade will usually bring new system libraries and running processes will be still using the old versions of the libraries. In stable Debian GNU/Linux systems this is typically needed to eliminate a system exposure to a vulnerability which might have been fixed by upgrading a library which that process makes use of.

Consequently, checkrestart is sometimes used as an audit tool to find outdated versions of libraries in use, particularly after security upgrades. Administrators should not, however, rely on its output completely (see BUGS below).

This script needs to run as root in order to obtain the information it needs for analysis.



Show the program help and exit.


Generate detailed output. This output includes the list of all processes found using deleted files or descriptors as well as the deleted files and descriptors found.


Only process deleted files that belong to a package, ignoring deleted files which do not have an associated package in the package system.


Process all deleted files regardless of location. This makes the program analyse deleted files even if they would be discarded because they are located in locations, such as /tmp , which are known to produce false positives. It will take preceded if used simultaneously with the -p option.


Read a blacklist of regular expressions from file. Any files matching the patterns will be ignored.


Ignore services that are associated to the package name provided in name.


The program will exit with error (1) if a non-root user tries to run it. Otherwise, it will always exit with error status 0.


Start it as user root without parameters:

  # checkrestart
  Found 20 processes using old versions of upgraded files
  (15 distinct programs)
  (14 distinct packages)
  Of these, 12 seem to contain init scripts which can be used to restart them:
  The following packages seem to have init scripts that could be used to restart them:
          3044    /usr/sbin/gpm
          2208    /sbin/rpcbind
          8463    /usr/sbin/named
          22124   /usr/sbin/sshd
          4078    /usr/sbin/ntpd
          3417    /usr/sbin/in.tftpd
          2704    /usr/sbin/uptimed
          3019    /usr/sbin/cron
          22145   /usr/lib/postfix/qmgr
          8892    /usr/lib/postfix/master
          3174    /usr/sbin/hddtemp
          2792    /usr/sbin/automount
          3254    /usr/sbin/inetd
  These are the init scripts:
  service gpm restart
  service rpcbind restart
  service bind9 restart
  service ssh restart
  service ntp restart
  service tftpd-hpa restart
  service uptimed restart
  service cron restart
  service postfix restart
  service hddtemp restart
  service autofs restart
  service openbsd-inetd restart
  These processes do not seem to have an associated init script to restart them:
          3775    /sbin/dhclient


This program might fail if the output of the lsof utility changes since it depends on it to detect which deleted files are used by processes. It might also output some false positives depending on the processes' behaviour since it does not check yet if the (deleted) files in use are really libraries.

If you find a false positive in checkrestart please provide the following information when submitting a bug report:

The output of checkrestart using the -v (verbose) option.

The output of running the following command as root:

        lsof | egrep 'delete|DEL|path inode'

Checkrestart is also sensitive to the kernel version in use. And might fail to work with newer (or older) versions.

A rewrite to make it less dependent on lsof could improve this, however.

RELATED TO checkrestart…


checkrestart was written by Matt Zimmerman for the Debian GNU/Linux distribution.


Copyright (C) 2001 Matt Zimmerman <[email protected]> Copyright (C) 2007,2010-2011 Javier Fernandez-Sanguino <[email protected]>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

On Debian systems, a copy of the GNU General Public License may be found in /usr/share/common-licenses/GPL.