A remediation might require a full system reboot in order for the patch or update to take effect. Occasionally, a remediation might even require a second reboot.
As an administrator, to determine if an advisory or minion requires a reboot as part of a remediation, first run an assessment.
Then to determine whether a reboot is needed:
| For |
Refer to |
| Advisory |
On the Advisories tab of the policy dashboard, check the Install Behavior column for the advisory's status:
- Never requires reboot - The advisory does not require a reboot when it is remediated.
- Always requires a reboot - The advisory always requires a reboot when it is remediated.
- Can require reboot - The advisory could possibly require a reboot under certain conditions as part of remediation.
- (-) - The null value. This displays for Linux minions. Detecting whether a reboot is required is not supported for Linux minions.
|
| Minion |
On the Minions tab of the policy dashboard, check the Needs Reboot column for the minion's status:
- false - The minion either does not need a reboot for remediation or the minion has successfully rebooted.
- true - The status is true if:
- The minion needs a reboot and a reboot has not been started.
- The minion is currently rebooted and has not yet finished rebooting.
- The minion has rebooted but it will need a second reboot to apply additional changes.
|
If you detemine your system or minion needs a reboot follow these steps:
Procedure
- On the Minions tab of the policy dashboard, click the checkbox next to a minion that shows true in the Needs Reboot column.
- Click Run Command.
- In the Function menu, select the system.reboot command.
- In the Arguments field, add the necessary arguments.
- For Windows nodes, the system.reboot command needs two arguments: timeout and in_seconds. Set the first argument to 0 and the second argument to true. See the win_system.reboot module documentation for more information about these arguments.
- For Linux nodes, the system.reboot command takes one argument: at_time. See the system.reboot module documentation for more information about these arguments.
- (Optional) If you want to schedule a reboot for a specific time, create a job that reboots the minion and then set that job to run at a scheduled time. See Automation Config jobs workflow for more information.
- Click Run Command to run this command on the select minion.
Results
After initiating a reboot, the minion might take several minutes to reboot and come back online.
To check whether the minion is back online after a reboot, refresh the Minions tab in the Vulnerability workspace and check the minion’s presence. See Minion presence for more information.
What to do next
After rebooting a minion as part of a remediation, you must run another assessment to verify the remediation was successful.
