ps 命令无法执行

lihn

ps 命令无法执行：
ps -aux 执行后显示：
Bus error
怎么回事？文件被替换了？

chinaux

possible. It could be due to H/W issues as well.

lihn

ps命令和H/W有关系？

chinaux

Bus error - usually indicates a H/W issue.

If your O.S. supports rpm, then you may verify whether "ps" is modified in the way as the following:
[root@sea root]# type ps
ps is /bin/ps
[root@sea root]# rpm -qf /bin/ps
procps-2.0.17-10
[root@sea root]# rpm --verify procps-2.0.17-10
SM5....T   /bin/ps


( I copied another file to /bin/ps purposely; if "ps" not modified, "rpm -verify" outputs nothing)

lihn

我的ps验证：
rpm --verify procps-2.0.11-6
SM5..UG.   /bin/ps
SM5..UG.   /usr/bin/top

lovelypp

硬件措，无法链接之类

lihn

我找到了procps-2.0.11-6安装文件，请问怎么替换机器里的文件呢？

chinaux

try "rpm -ivh --force procps-2.0.11-6.XXX.rpm"

lihn

已经安装好了，ps查看一下有2个进程以前没见过：
root      3298  0.0  0.0  1856  628 ?        S    Jan20   0:00 /sbin/ttyload -q
root      3300  0.0  0.0  1504  532 ?        S    Jan20   0:00 ttymon tymon
有问题？

chinaux

your system is likely hacked.

1. verify your system:

# for i in `rpm -qa`; do rpm --verify  $i ; done >> /tmp/verification

If some other commands are replaced, I can say you have been hacked.

2. if hacked, kill the 2 daemons at first; or, shut down the system.

3. reinstall your O.S. + the latest updates from the vendor (e.g., Redhat)

4. harden your O.S. (.e.g., disable/stop/remove all necessary network services); run nesus ( a security tool) to find out any security vernerabilities and fix them.

5. verify your other systems with "for i in `rpm -qa`; do rpm --verify  $i ; done >> /tmp/verification". repeat the above steps.