Re: weird - rsync get removed from system. presumably after last update?
On 30/06/11 15:54, Juan R. de Silva wrote:
> On Thu, 30 Jun 2011 14:16:02 +1000, Scott Ferguson wrote:
>
>> I run rsync on headless web and mail servers as well as desktops. None
>> of them lost rsync (none of them run Symantec).
>
> I meant Synaptic. Sorry for a typo.
>
> I used Symantec last time probably in Windows 95 or 98. But somehow until
> today I quite often mistype it for Synaptic. Very persistent
> infection. :-)
:-D
>
>> 90 packages!
>> Do your have "everything" installed? ;-p
>
> Well, I have a default Squeeze install here, whatever comes with it.
>
> However now the size of update I've mentioned worries me. I actually was
> surprised by the size of the update at the time it appeared too.
>
>> None of mine/ours received that many packages in the last point release.
>> Perhaps you had not been regularly upgrading prior to the 6.0.2 release?
>
> My Update Manager is set up to update daily, and so it does. One more
> point to be worried for me.
No reason to be concerned just yet.
>
>> Do you mean just "rsync", the daemon, or some sort of gui for it?
>
> No, I do not use gui. But neither I use a daemon. I usually just install
> rsync on my workstation and then run via cron my own script for daily
> backup and once a couple of weeks I run manually another script. Both
> scripts just invoke rsync. I do a snapshot like backup with rsync.
>
>> Have you tried re-installing rsync using apt? Any interesting messages?
>
> Yes, I re-install rsync but did not see anything unusual.
>
>> Please post the output of:-
>> $ dpkg --get-selections | grep deinstall
>
> http://www.pastie.org/2143341
Nothing in that list that I'd expect would pull off rsync with it. My
only thought are that maybe something like deborphan/foster/bleachbit or
similar "may" have removed it as unneeded... which would be a worry.
>
>> and your cron log
>
> Last day I have a good backup
>
> http://www.pastie.org/2143359
>
> Then following 2 days when backup failed due to rsync was mysteriously
> removed:
>
> http://www.pastie.org/2143354
> http://www.pastie.org/2143375
I'd expect that (no rsync, no backup).
>
> Nothing special.
>
>> plus any relevant messages in /var/log
>
> Nothing relevant AFAICS.
>
>> Also check your system for unread system mail.
>
> There is mail reporting cron job failed starting 2 days ago and this from
> rkhunter:
>
> http://www.pastie.org/2143404
rkhunter - McAfee for Linux :-(
To check:-
cat /bin/netstat | strings | grep "/dev/caca"
>
> rkhunter seem to be known false positives, unless I'm mistaken.
Aah - I'd add rkhunter to possible causes of the removal of rysync..
If you had logging enabled - take a look at /var/log/rkhunter.log
eg:-
cat /var/log/rkhunter.log | grep rsync
>
> Well, I start thinking about reinstall. I do not like mysteries. :-(
Probably best to solve this mystery before re-installing.
NOTE: this is when remote logging and tripwire is handy.
>
> And thanks for your reply.
>
Cheers
--
"This is where we are at right now, as a whole. No one is left out of
the loop.
We are experiencing a reality based on a thin veneer of lies and illusions.
A world where greed is our God and wisdom is sin, where division is key
and unity is fantasy, where the ego-driven cleverness of the mind is
praised, rather than the intelligence of the heart."
~ Bill Hicks
Reply to: