I’ve run into an issue with the Backup & Restore module not running a scheduled backup. The backup can be successfully run manually. When it doesn’t run, the backup failure notification email doesn’t get sent either. I only clued in on the failure since I run a script on the backup storage server that checks for fresh backups and notifies if they aren’t there.
I found that the job disappears from /var/spool/cron/asterisk, and I’m not sure what is removing it. If I change the timing on the backup by a minute and save it, it gets put back into the cron config, works for a couple days, then disappears again. This started happening on one system, but yesterday started happening on a 2nd system.
Both systems are FreePBX 22.214.171.124 and use the Backup & Restore module version 126.96.36.199.
The backup job (after being updated and saved in the modue, which adds it the cron config again) was the last item in the cron config yesterday. No longer the case today. So whatever is automatically updating this file strips out the backup job sometimes.
Unless you are very confident that you have purged EVERY part of that compromise (and that is not trivial) , I suggest you consider your system failed, restore a backup taken prior to the compromise or rebuild from scratch, and know that all your ‘family jewels’ are now compromised and need to be replaced piecemeal but completely.
I would take the opportunity to install a rootkit detector at this point in time ‘just in case’/‘before’ it happens again