Hi all
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/ (cp,rpm,cat and others) on one host, but that was a development machine and I'm not really sure what happened there.
But now I ran into a similar problem (missing at least /bin/vi and /bin/cp) on a host where I'm a lot more certain of all that has been done on the machine.
This is what happened, it's a _complete_ list of what I have done on the host:
- installed centos 6 from dvd .iso, into esxi 4.1 vm - selected "web server" as base packages in install - configured network interface - configured some variables in /etc/profile.d (with vi - note this later) - installed mysqld and some php packages - created a backup script in /etc/cron.daily (just does mysqldump and /var/www gzip'ing) - removed postgresql - put some data in mysql db + apache documentroot - ran yum update - tried to configure an apache virtualhost - noticed that vi is missing - noticed that /bin/cp is missing as well - coreutils & vim-minimal are installed according to rpm
Yum.log shows that during the yum update vim-minimal was updated, coreutils not, no package removals visible. Can't see anything in dmesg, root's history, /var/log/secure, /var/log/messages that would explain this. No one else has access.
I am certain I have not accidentally removed the files.. Anyone seen anything similar? I'm a bit hesitant to say it's a bug or claim that yum update is to blame, because then I'd think a lot of folks were bitten by similar problems.
regards Mikko Koivunen
From: Mikko Koivunen mikko.koivunen@gmail.com
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/ (cp,rpm,cat and others) on one host, but that was a development machine and I'm not really sure what happened there.
- coreutils & vim-minimal are installed according to rpm
Do you miss all coreutils files or just a few...? rpm -qV coreutils
How did you remove postgresql...? rpm -e or yum remove?
JD
On Fri, Oct 21, 2011 at 9:04 AM, John Doe jdmls@yahoo.com wrote:
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/ (cp,rpm,cat and others) on one host, but that was a development machine and I'm not really sure what happened there.
- coreutils & vim-minimal are installed according to rpm
Do you miss all coreutils files or just a few...? rpm -qV coreutils
How did you remove postgresql...? rpm -e or yum remove?
This sounds like a local problem. 'rpm -Va' should show everything that differs from the packages that should be installed and you can use 'yum reinstall' to fix them up. Not sure if there is a handy way to see the packages the damaged/missing files belong to all at once, but 'rpm -q --whatprovides /path/to/file' will check individually.
On Fri, Oct 21, 2011 at 5:39 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Fri, Oct 21, 2011 at 9:04 AM, John Doe jdmls@yahoo.com wrote:
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/
- coreutils & vim-minimal are installed according to rpm
This sounds like a local problem. 'rpm -Va' should show everything that differs from the packages that should be installed and you can use 'yum reinstall' to fix them up. Not sure if there is a handy way to see the packages the damaged/missing files belong to all at once, but 'rpm -q --whatprovides /path/to/file' will check individually.
Thanks. I'll try to reinstall them, but I am a bit nervous because I don't see how this has happened.
For reference, here's the output from rpm -Va:
missing /bin/plymouth S.5....T. c /etc/maven/maven2-depmap.xml S.5....T. c /etc/ssh/sshd_config missing /bin/mountpoint missing /bin/red S.5....T. c /etc/pki/nssdb/pkcs11.txt S.5....T. c /etc/nslcd.conf missing /bin/dbus-daemon missing /bin/vi ....L.... c /etc/pam.d/fingerprint-auth ....L.... c /etc/pam.d/password-auth ....L.... c /etc/pam.d/smartcard-auth ....L.... c /etc/pam.d/system-auth missing /bin/tracepath missing /bin/cgexec missing /bin/cgset S.5....T. c /etc/httpd/conf/httpd.conf missing /bin/unicode_stop missing /bin/nano missing /bin/setserial missing /bin/basename missing /bin/chown missing /bin/cp missing /bin/dd missing /bin/false missing /bin/pwd missing /bin/rm missing /bin/sync missing /bin/touch missing /bin/kill missing /bin/raw ..5....T. c /usr/lib/security/classpath.security
- Mikko
On Fri, Oct 21, 2011 at 5:04 PM, John Doe jdmls@yahoo.com wrote:
From: Mikko Koivunen mikko.koivunen@gmail.com
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/
- coreutils & vim-minimal are installed according to rpm
Do you miss all coreutils files or just a few...? rpm -qV coreutils
Good tip on the -qV option. It shows I am missing: basename, chown, cp, dd, false, pwd, rm, sync, touch
How did you remove postgresql...? rpm -e or yum remove?
Yum remove, /var/log/yum.log shows postgresql "erased", no other packages removed.
- Mikko
Mikko Koivunen wrote:
On Fri, Oct 21, 2011 at 5:04 PM, John Doe jdmls@yahoo.com wrote:
From: Mikko Koivunen mikko.koivunen@gmail.com
Having a weird issue with CentOS 6. I lost a lot of stuff in /bin/
- coreutils & vim-minimal are installed according to rpm
Do you miss all coreutils files or just a few...? rpm -qV coreutils
Good tip on the -qV option. It shows I am missing: basename, chown, cp, dd, false, pwd, rm, sync, touch
How did you remove postgresql...? rpm -e or yum remove?
Yum remove, /var/log/yum.log shows postgresql "erased", no other packages removed.
Maybe it's time to check for rootkits?
mark
-
John Doe -
Les Mikesell -
m.roth@5-cent.us -
Mikko Koivunen