Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How often should I reboot the server after updates?

Discussion in 'Security' started by spaceman, Jul 9, 2018.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    494
    Likes Received:
    2
    Trophy Points:
    318
    Hi All,

    Currently I've got a server that is reporting "Detected 27 processes that are running outdated executables: 2968 2947 3167 2826 1545 3234 3473 2980 3479 1 2110 3188 2076 3488 2937 2879 3484 3231 136373 3463 2894 3226 3468 136126 436 2064 1576 Reboot the server to ensure the system benefits from these updates." - see also attached screenshot.

    This is totally understandable and normal behaviour, I get that.

    A few months ago I setup a recurring monthly maintenance plan for all my servers to ensure that they're all rebooted regularly so as to clear down all such processes that had accumulated over the course of the month. All good.

    My question: what is best practice in this regard, because I made up that monthly recurring reboot on my own initiative :)

    Should it be more frequent than monthly? Naturally we all want to reboot our servers less, not more, right?

    Is it possible to differentiate between high risk processes/executables that really need the server to be rebooted sooner rather than later, as opposed to low risk ones where there's no hurry to reboot?

    Thanks all,

    Ross
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. PenguinInternet

    PenguinInternet Well-Known Member
    PartnerNOC

    Joined:
    Jun 20, 2007
    Messages:
    176
    Likes Received:
    12
    Trophy Points:
    68
    Location:
    Cardiff, UK
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    This cPanel notification is one that really bugs me. The reboots are not necessary - Linux is designed for prolonged use and the only reason you would normally need to reboot a server is with a kernel upgrade or a major operational issue / server crashing. Process will run for extended periods of time - that isn't indicating an issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    vacancy likes this.
  3. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,835
    Likes Received:
    134
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @spaceman

    You're getting the notice to reboot because PID 1 is included in the list. Pending the kernel is NOT one of the items that need to be updated in most cases a restart of the service itself is fine. The notification will also include a notification to perform one of two tasks when the kernel is not included in the list:

    Code:
    ----------------------------------
    Detected 3 processes that are running outdated executables: 34649 34664 34658 You must take one of the following actions to ensure the system is up-to-date:
    Restart the listed processes.
    Reboot the server.
    ----------------------------------
    The notification is a result of the following being run:
    Code:
    /usr/local/cpanel/bin/needs-restarting-cpanel --reboothint
    If we look at
    Code:
    /usr/local/cpanel/bin/needs-restarting-cpanel
    We can get exactly which processes we recommend you reboot for:

    Code:
    # For which package updates we should recommend a reboot
    # Taken from https://access.redhat.com/solutions/27943
    
    REBOOTPKGS = [
        'kernel',
        'glibc',
        'linux-firmware',
        'systemd',
        'udev',
        'openssl-libs',
        'gnutls',
        'dbus',
        ]
    This doesn't mean you MUST reboot though, you can check rpm --changelog for those packages to determine for yourself how you'd like to proceed.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    494
    Likes Received:
    2
    Trophy Points:
    318
    Hello Lauren, and thanks for your reply.

    While I totally understand your reply... what I'd really like to achieve is where WHM is being more helpful, more prescriptive, than at present.

    For example, in my initial post, I'm seeing the very explicit message "Reboot the server to ensure the system benefits from these updates".

    That's a pretty clear statement, very unambiguous!

    My understanding is that you're suggesting that:

    1. I don't *have* to.
    2. If I wish to make my own more informed decision, than I have to "check rpm --changelog for those packages"

    My point being is that I'd prefer NOT to have to dig deeper, using the command line, to make a more detailed evaluation of what to do. I want WHM to tell me, first time :)

    So for WHM to be more prescriptive, more helpful, is it a question of:

    1. Better configuration of the existing settings/alerts already available within WHM
    or
    2. Raising a feature request to make WHM smarter, more configurable, in this regard?

    I'm not expecting WHM to employ special AI/ML techniques to help me with this. Well, not yet, anyway :) I'd just like better, more refined, guidance... i.e. if I should REALLY do a reboot, and when it's not a big deal.

    Thanks,

    Ross
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,835
    Likes Received:
    134
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Yes, you're seeing that because of the following:

    Code:
     "Detected 27 processes that are running outdated executables: 2968 2947 3167 2826 1545 3234 3473 2980 3479 1 2110 3188 2076 3488 2937 2879 3484 3231 136373 3463 2894 3226 3468 136126 436 2064 1576
    Note that PID 1 is in the list this is always systemd or init which is the init process which is the parent process for all other processes running on the server this is directly associated with the system's kernel. If pid 1 is outdated that means there's a kernel update available (you've installed the newer kernel but it's not being used) It is ALWAYS recommended to reboot in the instance of a kernel update. That's explicit on purpose, because you need to reboot to update the kernel and there's no way around that one unless you're running kernelcare.

    As I noted in my response in the instance a restart of the processes is a viable option to update all PID's listed you will receive a notification that says:

    Code:
    You must take one of the following actions to ensure the system is up-to-date:
    Restart the listed processes.
    Reboot the server.
    Being that you can't update the kernel without a reboot you received a very explicit notification that you needed to reboot. This is true and you did need to reboot to update the kernel.

    My suggestion to determine your course of action is based on the notification above. WHM can't tell you what to do in this instance, but it can suggest the only ways to resolve the issue. This is something you need to determine what to do with. You need to decide if you want to restart these processes to update them or if you'd rather restart the server.


    WHM's security advisor in this respect is just a conduit for the information, it's up to you to make an informed decision but if you would like to see this more configurable and "smarter" I would strongly urge you to open a feature request using the link in my signature - if you do open one please post the link here so others can vote on it.

    As a general rule of thumb most don't choose to reboot unless the kernel needs to be updated but again this is your call. I'll also reiterate that you received a explicit you need to reboot to resolve these issues message because your kernel needed to be updated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Infopro likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice