Why is server restart required? [duplicate]
Solution 1:
Any number of different updates can require you to reboot.
- Kernel upgrades
- Some core C/C++ library changes
- Updates which can only be applied with a reboot to fully close an affected service's code that is part of the core OS
- Certain undefined library updates which Security Team suggests a reboot to fix (the latest glibc vulnerability for instance, or some SSL library updates)
Unfortunately it is impossible to state what specifically is causing your system to say it needs rebooted, because there's so many potential causes for a reboot to be needed.
Solution 2:
Inspect the content of /var/log/dpkg.log and see what packages have been installed recently. There have been a lot of kernel and openssl/openssh/etc vulnerabilities patched, and any services that are already running will have loaded copies of the old libraries into ram, and they will stay there continuing to be vulnerable until you either manually restart the affected services, or you simply reboot the host. If the package that was upgraded was a kernel package (linux-image, etc) then a reboot is the only way to get the new kernel runnning.
sudo zgrep -h 'status installed' /var/log/dpkg.log* | sort | tail -n 100
will show you the last 100 packages installed on your host. It's up to you to decide if you want to reboot it or not.
I believe there is a setting you can add to the unattended-upgrades package that will allow it to reboot automatically when the update is complete. If you can set the upgrades to occur at, say, 3am when you know load is light, the impact of such a reboot may be minimal.
Unattended-upgrades does, as I understand, only install packages where there is a security impact, so I wouldn't put off rebooting the server very long if it's exposed to the public internet.