[CentOS] ps error

Bill Campbell centos at celestial.com
Thu Apr 30 16:54:26 UTC 2009


On Thu, Apr 30, 2009, P.A wrote:
>
>   Hi does anyone know what the problem here is
>
>   [root at dnstest lib]# ps
>
>   ps: error while loading shared libraries: libproc-3.2.3.so: cannot
>   open shared object file: No such file or directory

When programs like ps, sed, find, etc. start showing shared
library problems, it is usually an indication that the box has
been partially cracked.  I say partially since the cracker will
install/replace versions of /bin/ps et al with ones that are
built for another version of Linux.

As other have noted, ``rpm -V'' is usually useful to detect
changed files.

Frequently crackers put their programs under /tmp, /var/tmp, or
the /dev directories with directory names such as ``..    '' that
are not easily seen.  They try to install versions of find, ps,
netstat, etc. that are designed to hide their processes.

If you have a good system to monitor changes on *ALL* critical
files and directories, and can identify changed, added, or
deleted files, it is possible to restore a cracked system without
a complete reinstall.  Otherwise the only safe method is to take
the system off line, do a fresh install, and try to figure out
how the system was cracked.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

If you have to choose between trusting the natural stability of gold and
the honesty and intelligence of members of the government, with due respect
for these gentlemen, I advise you, as long as the capitalist system lasts,
to vote for gold. -- George Bernard Shaw



More information about the CentOS mailing list