Re: odd `ps` behavior

To: debian-user@lists.debian.org
Subject: Re: odd `ps` behavior
From: paul@mackinney.net
Date: Thu, 5 Jun 2003 09:55:39 -0700
Message-id: <[🔎] 20030605165539.GA907@dog>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.55.0306032039450.7296@watson>
References: <[🔎] Pine.LNX.4.55.0306032039450.7296@watson>

Patrick Wiseman declaimed:
> Whenever one of the basic utilities behaves weirdly, I worry I may have
> been hacked, but this is on a 2-day old Debian install:
> 
> ~$ ps
> {module_list} {module_list_R__ver_module_list}
> Warning: /boot/System.map-2.2.20-compact does not match kernel data.
> 
> I've made no kernel changes on that system.  Any idea what might be up?
> 
> Patrick
> 

When my RedHat system was hacked by a 'sub7' attack, the primary symptom
was that ps displayed weird output. I believe that the vulnerability was
in the ftp server (something I no longer run). However, the output was
quite different that what you're getting.

I'd check your log files carefully, if you've only been running for two
days you should have everything since the install. A dead giveaway for
being hack is a bunch of ^A chars, other control characters, or weird
omissions in the logs.

Here's a listing of my 'ps' on a Testing system:

-rwxr-xr-x    1 root     root        57164 Mar 31 17:23 /bin/ps

HTH, PM
-- 
Paul Mackinney
paul@mackinney.net

Reply to:

References:
- odd `ps` behavior
  - From: Patrick Wiseman <pwiseman@mindspring.com>

Prev by Date: Re: Server - no video card
Next by Date: Re: [Alsa-user] Re: bizarre ALSA problems with SBLive... -- SOLVED
Previous by thread: odd `ps` behavior
Next by thread: Debian GNU/Linux on an IBM ThinkPad T40p
Index(es):
- Date
- Thread