Cybersecurity Triage
Risk: safeCheck Whether Patches Require Reboot
After package updates, you need to know whether the system is signaling a required reboot and which packages triggered it.
Command
test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgsBefore you run this
Risk: safe. Do not reboot immediately from this output alone; coordinate service impact and maintenance policy.
Expected output
A reboot-required marker plus package names that requested a reboot.
System impact
Nothing changes. The command checks marker files and prints packages associated with the reboot requirement.
Recovery / rollback: no state is changed.
When to use it
Use after kernel, libc, OpenSSL, or unattended security updates to plan reboot timing.
When not to use it
Do not reboot immediately from this output alone; coordinate service impact and maintenance policy.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ cat /var/run/reboot-required.pkgs
linux-image-6.8.0-63-generic
libc6$ test -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs
reboot-required
linux-image-6.8.0-63-generic
libc6View reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
cat /var/run/reboot-required.pkgstest -f /var/run/reboot-required && printf 'reboot-required\n' && cat /var/run/reboot-required.pkgs
next steps
Related commands
Build a Recent Apt Patch Timeline
Apt history turns patch claims into timestamps and package names.
awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Find Services Needing Restart After Patches
A patched library does not protect a process still using the old one.
needrestart -b | sed -n 's/^NEEDRESTART-SVC: //p'
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Preview Security Impact of dist-upgrade
Kernel and dependency security fixes may only appear in the broader upgrade plan.
apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Find Held Packages Blocking Patches
A held package can quietly keep a security update out of production.
apt-mark showhold | sed 's/^/held: /'
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.