diff --git a/files/nrpe/check_needrestart b/files/nrpe/check_needrestart
new file mode 100644
index 0000000..662c088
--- /dev/null
+++ b/files/nrpe/check_needrestart
@@ -0,0 +1,45 @@
+#!/bin/bash
+#
+# Nagios plugin to check for services needing restart using the 'needrestart' package.
+#
+# Copyright (c) 2025, GitHub Copilot
+#
+# This script is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This script is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+# Nagios exit codes
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+
+# Check if needrestart is installed
+if ! dpkg -s needrestart >/dev/null 2>&1; then
+ echo "UNKNOWN: The 'needrestart' package is not installed."
+ exit $STATE_UNKNOWN
+fi
+
+# Run needrestart in batch/list mode and grep for service lines.
+# The '|| true' prevents the script from exiting if grep finds no matches.
+services_to_restart=$(sudo needrestart -b -l 2>/dev/null | grep '^NEEDRESTART-SVC:' || true)
+
+if [ -z "$services_to_restart" ]; then
+ echo "OK: No services need to be restarted."
+ exit $STATE_OK
+else
+ # Count the number of services and format the list for the output.
+ num_services=$(echo "$services_to_restart" | wc -l)
+ service_list=$(echo "$services_to_restart" | sed 's/NEEDRESTART-SVC: //' | tr '\n' ' ')
+ echo "WARNING: $num_services service(s) need to be restarted: $service_list"
+ exit $STATE_WARNING
+fi
diff --git a/templates/nrpe.j2 b/templates/nrpe.j2
index c75b45c..5a55032 100644
--- a/templates/nrpe.j2
+++ b/templates/nrpe.j2
@@ -16,6 +16,7 @@ command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.
command[check_proc_fail2ban]=/usr/lib/nagios/plugins/check_procs -a fail2ban -w 1: -c 1:
command[check_proc_age]=/usr/lib/nagios/plugins/check_proc_age -p -w 400 -c 600
command[check_systemd_failed]=/usr/lib/nagios/plugins/check_systemd_failed
+command[check_needrestart]=/usr/lib/nagios/plugins/check_needrestart
# check_disk_usage
# -w <%>: Warning threshold for block usage.
diff --git a/templates/nrpe.sudoers.j2 b/templates/nrpe.sudoers.j2
index 543c886..d10cdd3 100644
--- a/templates/nrpe.sudoers.j2
+++ b/templates/nrpe.sudoers.j2
@@ -1,3 +1,4 @@
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_raid
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/needrestart -b -l