Re: [suse-security] Patch Noifications

[Bob Vickers <bobv@xxxxxxxxxxxxx>]

On Mon, 9 Jan 2006, John Andersen wrote:
> 
> If as root you do
> lsof |grep "RPMDELETE"  
> 
As Markus says, this needs altering for newer SuSE versions. Here is a 
script which will work on all versions of SuSE I know about:

#! /bin/bash
# Check there are no processes using software that has been updated by
# rpm.

PATH=/bin:/usr/bin

set -o nounset

if [ $# -eq 1 ]
then
    lines=$1
else
    lines=10
fi

# Run lsof and scan the output for libraries that have been updated. Before 
# SuSE 9.1 these will include the string RPMDELETE, but in 9.1 they include 
# a semi-colon.
# In 9.2 and 9.3 they include the string 'path inode='

procs=`lsof | grep -E 'RPMDELETE|;|path inode=' | head -$lines`

if [ -n "$procs" ]
then
    host=`hostname`
cat <<EOF
Host $host has obsolete files still in use by running processes.
This may constitute a security hazard so you should restart daemons where
necessary.
EOF
    echo "$procs"
    exit 1
else
    exit 0
fi
########################end of check_obsolete_running_programs#########


Regards,
Bob
==============================================================
Bob Vickers             
Dept of Computer Science, Royal Holloway, University of London
WWW:    http://www.cs.rhul.ac.uk/home/bobv


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here