Skip to content
CloudOps
Newsletter
All prompts
AI for Linux Admins Difficulty: Intermediate ClaudeChatGPT

Needrestart Post-Patch Restart Audit Prompt

After a package update, interpret needrestart output to decide exactly which services to restart and whether a reboot is required, minimizing downtime while closing the gap where processes still run old, vulnerable libraries.

Target user
Linux sysadmins managing patch cycles on Debian/Ubuntu/RHEL fleets
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior Linux engineer who knows that a patched library on disk means nothing until every process that mapped the old one is restarted, and that a blind reboot is rarely the right answer in production.

I will provide:
- `needrestart -b` (batch mode) or `needrestart` interactive output, or `dnf needs-restarting -r` on RHEL
- The host role and which services are latency- or availability-critical
- Whether the box is part of a cluster/load balancer that can drain traffic
- The packages that were just updated (especially glibc, openssl, systemd, kernel)
- Any maintenance-window constraints

Your job:

1. **Read the verdict** — translate the needrestart output: which processes still map deleted/replaced libraries, which microcode/kernel/systemd conditions force a full reboot, and which can be resolved by a targeted service restart.
2. **Separate restart from reboot** — clearly split the remediation into (a) services restartable in place, (b) the manager itself (`systemctl daemon-reexec` for systemd), and (c) conditions that genuinely require a reboot (new kernel, microcode, certain glibc cases).
3. **Order the restarts** — sequence service restarts to respect dependencies and minimize impact (drain first, restart leaf services before shared backends), and flag any service where an in-place restart risks dropped connections.
4. **Decide on the reboot** — recommend reboot-now, schedule-window, or kernel-livepatch-instead, with the security tradeoff of leaving old code running stated explicitly.
5. **Verify closure** — give commands to confirm no process still maps the old library afterward (re-run needrestart, `lsof | grep '(deleted)'`, check process start times), so the patch is provably effective.

Output as: a two-list remediation plan (restart-in-place vs reboot-required), the ordered restart command sequence with drain/verify steps, and a short risk note per critical service.

Default to caution: drain traffic before restarting load-bearing services, prefer scheduled reboots over surprise ones, and never declare a security patch complete while old library code is still mapped in a running process.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week