Has anyone else noticed that ps -ef does not show all the processes on the system anymore?

Fedora 7 something has happened to ps.

This is all that I see now when I type ps -ef. Top still shows everything.

PID TTY STAT TIME COMMAND
3340 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279
3348 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279
7284 ? R 0:00 \_ ps -ef KDE_MULTIHEAD=false SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7A
3356 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279

It looks like procps was updated on 7/13 to version 3.2.7-14.fc7

I am using FC 7, and 'ps -ef' works just fine. Are you sure that you don't alias ps somehow? Try:
1. /bin/ps -ef
or
2 \ps -ef

Yeah. I think I've been hacked. My home fedora 7 system also runs fine. When I tried to yum remove procps it was going to remove everything the system has on it. I can't rm it even as root.

I'll need to do a fresh reload.

Good system.
procps version 3.2.7

Bad system.
procps version 2.0.7

This definitely was a "rootkit" hack. /usr/bin had four files with timestamps of July 2003 these were ps, ls, netstat and pico.

Conclusion: disable password access on SSHD (/etc/ssh/sshd_config) otherwise someone can try every possible password then take over your machine.


The following link describes a similar attack.
http://edseek.com/archives/2005/10/1...ndom-drive-by/

I tried ubuntu 7.10 but I didn't like it and I am now re-installing Fedora 7.