LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 10-22-2007, 05:20 PM   #1
jeff_powell
Member
 
Registered: Oct 2003
Location: Okalhoma
Distribution: Fedora 6,9,10,11, Ubuntu 8.10, 9.04, RHEL es4, es5, AIX, Vmware ESX 3.0
Posts: 36

Rep: Reputation: 15
Question Weirdness: ps -ef not working now?


Has anyone else noticed that ps -ef does not show all the processes on the system anymore?

Fedora 7 something has happened to ps.

This is all that I see now when I type ps -ef. Top still shows everything.

PID TTY STAT TIME COMMAND
3340 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279
3348 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279
7284 ? R 0:00 \_ ps -ef KDE_MULTIHEAD=false SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7A
3356 ? S 0:00 /bin/bash SSH_AGENT_PID=3229 HOSTNAME=ipstulsa-lnx3 GPG_AGENT_INFO=/tmp/gpg-7ADXI5/S.gpg-agent:3279

It looks like procps was updated on 7/13 to version 3.2.7-14.fc7
 
Old 10-22-2007, 06:02 PM   #2
rsashok
Member
 
Registered: Nov 2006
Location: USA, CA
Distribution: RedHat, Debian
Posts: 202

Rep: Reputation: 31
I am using FC 7, and 'ps -ef' works just fine. Are you sure that you don't alias ps somehow? Try:
1. /bin/ps -ef
or
2 \ps -ef
 
Old 10-22-2007, 08:05 PM   #3
jeff_powell
Member
 
Registered: Oct 2003
Location: Okalhoma
Distribution: Fedora 6,9,10,11, Ubuntu 8.10, 9.04, RHEL es4, es5, AIX, Vmware ESX 3.0
Posts: 36

Original Poster
Rep: Reputation: 15
Yeah. I think I've been hacked. My home fedora 7 system also runs fine. When I tried to yum remove procps it was going to remove everything the system has on it. I can't rm it even as root.

I'll need to do a fresh reload.

Good system.
procps version 3.2.7

Bad system.
procps version 2.0.7
 
Old 10-23-2007, 10:59 AM   #4
jeff_powell
Member
 
Registered: Oct 2003
Location: Okalhoma
Distribution: Fedora 6,9,10,11, Ubuntu 8.10, 9.04, RHEL es4, es5, AIX, Vmware ESX 3.0
Posts: 36

Original Poster
Rep: Reputation: 15
This definitely was a "rootkit" hack. /usr/bin had four files with timestamps of July 2003 these were ps, ls, netstat and pico.

Conclusion: disable password access on SSHD (/etc/ssh/sshd_config) otherwise someone can try every possible password then take over your machine.


The following link describes a similar attack.
http://edseek.com/archives/2005/10/1...ndom-drive-by/

I tried ubuntu 7.10 but I didn't like it and I am now re-installing Fedora 7.
 
  


Reply

Tags
hack, security, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MANPATH weirdness johnMG Debian 2 04-04-2006 01:47 PM
Firefox weirdness Slagazor Linux - Software 3 04-17-2005 02:17 PM
Mouse weirdness springsteenfan Linux - Laptop and Netbook 1 03-01-2005 04:47 AM
weirdness with log2() spuzzzzzzz Programming 5 08-08-2004 06:45 PM
Graphical shutdown not working, weirdness seanb Debian 3 03-28-2004 09:01 PM


All times are GMT -5. The time now is 09:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration