On Wed, Mar 2, 2016 at 4:08 PM, Carsten Aulbert wrote: > brief question for a possible addendum. I believe one should at least > restart services which are currently using openssl after patching it, > right, e.g. trying to figure out by lsof -n | grep openssl.
Right. I would use one of the many existing implementations of this rather than rolling your own: checkrestart (from debian-goodies) needrestart whatmaps https://anonscm.debian.org/cgit/mirror/dsa-nagios.git/tree/dsa-nagios-checks/checks/dsa-check-libs http://tracer-package.com/ needs-restarting (from yum) https://anonscm.debian.org/cgit/collab-maint/hobbit-plugins.git/tree/client-ext/libs limited implementations in the libc/pam/openssl postinsts -- bye, pabs https://wiki.debian.org/PaulWise
