Posts Tagged ‘pacman’

Pacman and cleaning out old packages

Tuesday, May 1st, 2012

Just found this out, and thought it may benefit someone else, so here you go :)

In my netbook install of Archlinux I was running out of disk space on / because the package cache (/var/cache/pacman/pkg/) was always filling up with old versions of packages. The reason for this obviously being that whenever I would upgrade a package, it wouldn’t be until next reboot I’d know if something was amiss or not, so pacman -Sc wasn’t really an option. And at next reboot, did I remember to run pacman -Sc? Of course not.

But, as it has been said before, and will be said again countless times: the arch wiki is fantastic!

Take for instance the pacman page, where it gives a hint that if you don’t really like pacman -Sc, you could try cacheclean (found in the AUR).

It takes at least one parameter, or, I guess, two at the most. The required one is a number, indicating how many previous versions you wish to keep. And on top of that you could add -p for preview, in which case it will only simulate removing the packages, and instead printing their names, so you have a chance to spot any mistake you might have made. With -v, cacheclean will perform the task, and tell you what it has done.

Since it will operate on /var/ you’ll need to execute it as root.

Simple as that. The only gotcha is that it is a python3 script, but since that is the standard in arch these days anyway, it shouldn’t make much of a difference anyhow.

:wq

rkhunter and pacman on arch

Tuesday, May 31st, 2011

I read a notice, or a post, somewhere the other week, and it planted a seed in my head, so today I installed chkrootkit and rkhunter.

chkrootkit revealed nothing of interest, while rkhunter did find potential problems.

At first I found it rather unsettling. rkhunter pointed at specific files which it obviously didn’t think should be there.

On my desktop that was /usr/lib/libtty.a which could be a part of a rootkit named “fuck `it“. Cleverly putting that grave accent in the name of the rootkit, the original authors have effectively made it impossible to search for (at least using Google).

Resisting the urge to panic and do something rash (like formatting the system) I instead booted up my netbook as well, installing rkhunter and executing it there as well.

The two installs are almost identical, and if anything, the netbook, at times operating outside my own network, should run a higher risk of getting infected with stuff (or so my reasoning goes anyway).

The report on my netbook came back with other things, mostly sshd configuration stuff, but sshd is never running on the netbook (I edited the config options anyway as they were reasonable and would protect the system if the ssh daemon was ever started on the netbook), an entry in /etc/rc.local (which I know I put there), and a hidden compressed man-page which rkhunter had reported on the desktop as well.

Back to libtty.a. the good news was that I could list it, it wasn’t hiding, well the file was one amonst a plethora of files in /usr/lib/ but having pinpointed it, it didn’t try to hide from me.

So my next thought was: “It must have come from somewhere.”

There are few things I have installed from source, so the most obvious place to look was towards packages installed from AUR.

Which means that I could ask pacman which package this file belonged to.

pacman -Qo /usr/lib/libtty.a revealed that the package it came from was termrec, a packaged I had installed because I at one time or another had an idea.

termrec is used to record and replay a terminal session, but I never got around to trying it out.

It is entirely possible that the behaviour of termrec is close enough to that of a malware to be identified as such, but once I realized the connection I was a lot calmer.

Then again, I haven’t used termrec, and have no reason to keep it around, so I uninstalled it, and with it, /usr/lib/libtty.a disappeared as well, so I don’t believe there ever was a threat.

As for the hidden, compressed man-page, it turned out to belong to krb5, so I am pretty sure that is harmless as well.

All in all, it was a pretty nice experience, especially the fact that I was mindful enough to keep cool :)

:wq