$ Linux One Liners
Back to commands

Cybersecurity Triage

Read-only

Check Whether Patches Require Reboot

After package updates, you need to know whether the system is signaling a required reboot and which packages triggered it.

Command

test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs

Before you run this

System impact: Read-only. Low when scoped to the shown target.

When not to use it: Do not reboot immediately from this output alone; coordinate service impact and maintenance policy.

Expected output

A reboot-required marker plus package names that requested a reboot.

System impact

Read-only. Nothing changes. The command checks marker files and prints packages associated with the reboot requirement.

May require elevated permissions on protected paths or service-owned files.

Recovery / rollback: no state is changed.

When to use it

Use after kernel, libc, OpenSSL, or unattended security updates to plan reboot timing.

When not to use it

Do not reboot immediately from this output alone; coordinate service impact and maintenance policy.

Explanation-only example

Illustrated output, not a live lab run

This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.

demo@lab:~$

$ cat /var/run/reboot-required.pkgs

linux-image-6.8.0-63-generic
libc6

$ test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs

reboot-required
linux-image-6.8.0-63-generic
libc6
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. cat /var/run/reboot-required.pkgs
  2. test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs

next steps

Related commands

Cybersecurity Triage Read-only

Build a Recent Apt Patch Timeline

Apt history turns patch claims into timestamps and package names.

awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Cybersecurity Triage Sensitive output

Find SSH Keys for nologin Users

A nologin shell does not automatically mean SSH keys are irrelevant.

comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Cybersecurity Triage Dry run

Preview Security Impact of dist-upgrade

Kernel and dependency security fixes may only appear in the broader upgrade plan.

apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Cybersecurity Triage Read-only

Find Held Packages Blocking Patches

A held package can quietly keep a security update out of production.

apt-mark showhold | sed 's/^/held: /'
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:110-security
  • lfcs:security-hygiene
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.