On Thu, Apr 30, 2009, P.A wrote:>
> Hi does anyone know what the problem here is
>
> [root at dnstest lib]# ps
>
> ps: error while loading shared libraries: libproc-3.2.3.so: cannot
> open shared object file: No such file or directory
When programs like ps, sed, find, etc. start showing shared
library problems, it is usually an indication that the box has
been partially cracked. I say partially since the cracker will
install/replace versions of /bin/ps et al with ones that are
built for another version of Linux.
As other have noted, ``rpm -V'' is usually useful to detect
changed files.
Frequently crackers put their programs under /tmp, /var/tmp, or
the /dev directories with directory names such as ``.. '' that
are not easily seen. They try to install versions of find, ps,
netstat, etc. that are designed to hide their processes.
If you have a good system to monitor changes on *ALL* critical
files and directories, and can identify changed, added, or
deleted files, it is possible to restore a cracked system without
a complete reinstall. Otherwise the only safe method is to take
the system off line, do a fresh install, and try to figure out
how the system was cracked.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
If you have to choose between trusting the natural stability of gold and
the honesty and intelligence of members of the government, with due respect
for these gentlemen, I advise you, as long as the capitalist system lasts,
to vote for gold. -- George Bernard Shaw