$ Linux One Liners
Back to lessons

Cybersecurity Triage

Check Whether Patches Require Reboot

After package updates, you need to know whether the system is signaling a required reboot and which packages triggered it.

Command

test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs

What changed

Nothing changes. The command checks marker files and prints packages associated with the reboot requirement.

Danger

safe

When to use it

Use after kernel, libc, OpenSSL, or unattended security updates to plan reboot timing.

When not to use it

Do not reboot immediately from this output alone; coordinate service impact and maintenance policy.

Undo or recovery

No undo needed because the command is read-only.

Expected output

A reboot-required marker plus package names that requested a reboot.

demo script

Disposable terminal steps

  1. cat /var/run/reboot-required.pkgs
  2. test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ cat /var/run/reboot-required.pkgs
linux-image-6.8.0-63-generic
libc6
::exit-code::0
$ test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs
reboot-required
linux-image-6.8.0-63-generic
libc6
::exit-code::0

YouTube Short

Is reboot part of the patch?

After security updates, check the reboot marker and package list so the patch window does not end too early.

LinkedIn hook

Some security fixes are not complete until the host boots the new kernel or libraries.

Question: Do your security patch runbooks separate package install, service restart, and reboot validation?

experiments

A/B tests to run

Metric: save_rate

A: The patch window may need a reboot.

B: Do not stop at package installed.