[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: weird - rsync get removed from system. presumably after last update?

On 30/06/11 15:54, Juan R. de Silva wrote:
> On Thu, 30 Jun 2011 14:16:02 +1000, Scott Ferguson wrote:
> 
>> I run rsync on headless web and mail servers as well as desktops. None
>> of them lost rsync (none of them run Symantec).
> 
> I meant Synaptic. Sorry for a typo.
> 
> I used Symantec last time probably in Windows 95 or 98. But somehow until 
> today I quite often mistype it for Synaptic. Very persistent 
> infection. :-)

:-D

> 
>> 90 packages!
>> Do your have "everything" installed? ;-p
> 
> Well, I have a default Squeeze install here, whatever comes with it.
> 
> However now the size of update I've mentioned worries me. I actually was 
> surprised by the size of the update at the time it appeared too. 
> 
>> None of mine/ours received that many packages in the last point release.
>> Perhaps you had not been regularly upgrading prior to the 6.0.2 release?
> 
> My Update Manager is set up to update daily, and so it does. One more 
> point to be worried for me.

No reason to be concerned just yet.

>  
>> Do you mean just "rsync", the daemon, or some sort of gui for it?
> 
> No, I do not use gui. But neither I use a daemon. I usually just install 
> rsync on my workstation and then run via cron my own script for daily 
> backup and once a couple of weeks I run manually another script. Both 
> scripts just invoke rsync. I do a snapshot like backup with rsync.
> 
>> Have you tried re-installing rsync using apt? Any interesting messages?
> 
> Yes, I re-install rsync but did not see anything unusual.
> 
>> Please post the output of:-
>> $ dpkg --get-selections | grep deinstall
> 
> http://www.pastie.org/2143341

Nothing in that list that I'd expect would pull off rsync with it. My
only thought are that maybe something like deborphan/foster/bleachbit or
similar "may" have removed it as unneeded... which would be a worry.

> 
>> and your cron log
> 
> Last day I have a good backup 
> 
> http://www.pastie.org/2143359
> 
> Then following 2 days when backup failed due to rsync was mysteriously 
> removed:
> 
> http://www.pastie.org/2143354
> http://www.pastie.org/2143375

I'd expect that (no rsync, no backup).

> 
> Nothing special.
> 
>> plus any relevant messages in /var/log 
> 
> Nothing relevant AFAICS.
> 
>> Also check your system for unread system mail.
> 
> There is mail reporting cron job failed starting 2 days ago and this from 
> rkhunter:
> 
> http://www.pastie.org/2143404

rkhunter - McAfee for Linux :-(

To check:-
cat /bin/netstat | strings | grep "/dev/caca"

> 
> rkhunter seem to be known false positives, unless I'm mistaken.

Aah - I'd add rkhunter to possible causes of the removal of rysync..
If you had logging enabled - take a look at /var/log/rkhunter.log

eg:-
cat /var/log/rkhunter.log | grep rsync

> 
> Well, I start thinking about reinstall. I do not like mysteries. :-(

Probably best to solve this mystery before re-installing.
NOTE: this is when remote logging and tripwire is handy.

> 
> And thanks for your reply.
> 

Cheers

-- 
"This is where we are at right now, as a whole. No one is left out of
the loop.
We are experiencing a reality based on a thin veneer of lies and illusions.
A world where greed is our God and wisdom is sin, where division is key
and unity is fantasy, where the ego-driven cleverness of the mind is
praised, rather than the intelligence of the heart."
~ Bill Hicks
Reply to: