Re: Ghost cronjob
Mart van de Wege <mart@vdwege.eu> writes:
> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>
>> Mart van de Wege [2021-05-03 20:11:25] wrote:
>>> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>>>> root@galahad:~# grep btrbk /etc/ -rl
>>>>
>>>> Have you `grep`d in `/var/` as well?
>>>> [ E.g. `/var/spool/crontabs` ]
>>>>
>>> Yep, nothing there, aside from the usual suspects (apt & dpkg files).
>>>
>>>>> And yet I find this in /var/log/btrbk.log:
>>>>>
>>>>> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command
>>>>> line client, version 0.24.0
>>>>
>>>> Any other mention of activity around that time in some other log file?
>>>>
>>>>
>>> Not that I can see. I am going to see what patching btrbk to log PPID
>>> shows up tonight.
>>
>> My usual "trick" is to log a full `ps --forest -ef`.
>
> Hmmm. If the PPID turns out to be ephemeral, then that is a good second
> option.
>
Nope, not ephemeral at all, it's PID 1. Since I don't have timers
running this job, apparently there's a zombie process somewhere?
Mart
--
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.
Reply to: