Package: harden-doc
Version: 3.11
Severity: wishlist
Hi!
Section 4.2.1 _Security update of libraries_[1] suggest the following one-liner
to detect programs that need to be restarted in order to benefit from a library
security update:
# lsof | grep <the_upgraded_library> | awk '{print $1, $9}' | uniq | sort +0
Firstoff, when I execute this pipeline on a Debian testing system, sort
complains that the +NUMBER option is deprecated and that the '-k NUMBER' option
should be used instead.
Hence, I would say
s/sort +0/sort -k 1/
if understand the -k syntax correctly...
Secondly, on older versions of the manual, the suggested one-liner used to be:
# lsof | grep dpkg- | awk '{print $1, $8}' | sort +0
Grepping for a fixed string is certainly muuuuch more practical than having to
issue one different one-liner for each upgraded package.
Why does the current one-liner grep for the library name?
Doesn't grepping for dpkg- work anymore?
Could you please explain?
[1] which is inside
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-security-update
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
