# bash: ps: command not found

## naraku9333

First off I appologize if I am posting this in the wrong section. I got on my computer tonite to find the error in the title when I try to run ps. I haven't used this system in almost 24 hours (it runs 24/7), and the command was working then (I use it frequently). I cant for the life of me think of a reason for this to happen except the package being removed (I dont know what package ps is part of, but do know I haven't removed anything in days) or someone cracked me and removed it (I have nothing anyone would want). This is a new install (about two weeks) and I dont have iptables or firestarter set up (will be shortly). I looked through my /var/log/messages and .bash_histories of regular user and root but saw nothing out of the ordinary. I know I am being paranoid even considering a hack, but I would rather err on the side of caution. Any suggestions on anything I should check, I also would like the name of the package that contains ps, thank you.

----------

## brims

Before you reemerge it, ls -lh /bin/ps and see if your $PATH got changed or the permissions got changed.

```
# ls -lh /bin/ps

-r-xr-xr-x  1 root root 64K Jan 27 13:56 /bin/ps
```

```
# equery b /bin/ps

[ Searching for file(s) /bin/ps in *... ]

sys-process/procps-3.2.5-r1 (/bin/ps)
```

----------

## JeliJami

 *naraku9333 wrote:*   

> .. or someone cracked me and removed it (I have nothing anyone would want).

 

you have a machine with CPU power, hard disk space and network access, don't you

who wouldn't want to use that?

ideal for a spam relay, or attack zombie, or whatelse

 *Quote:*   

> I also would like the name of the package that contains ps, thank you.

 

```
$ equery belongs $(which ps)

[ Searching for file(s) /bin/ps in *... ]

sys-process/procps-3.2.5-r1 (/bin/ps)

```

[EDIT] beaten in speed by brims  :Crying or Very sad: 

----------

## naraku9333

 *brims wrote:*   

> Before you reemerge it, ls -lh /bin/ps and see if your $PATH got changed or the permissions got changed.
> 
> ```
> # ls -lh /bin/ps
> 
> ...

 

```
$ ls -lh /bin/ps

ls: /bin/ps: No such file or directory
```

```
Gentoo64 naraku # emerge -p procps

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] sys-process/procps-3.2.6

```

Thank you for the suggestions, I still have no clue what has happened here.

----------

## brims

Well something happened to /bin/ps I don't know what. Try reemerging it.

----------

## naraku9333

Apparently whatever happend to ps also happened to pidof. Im reemerging now.

----------

## brims

That's really odd. Could you have been sleep computing? I'm just kidding, but imagine the possibilities.

Anyways, 

```
emerge rkhunter
```

, if you haven't already, then run 

```
rkhunter --update && rkhunter -c
```

You'll have to monitor the scan as you are required to hit enter a few times. If you have sshd running, I hope you have root login disabled.

----------

## naraku9333

Yes root logins through ssh are disabled. Rkhunter came up clean, as did chkrootkit. ClamAV found a WMF exploit in /tmp but thats it.

----------

## brims

That's a really odd problem. You are taking a lot of precautions against attack and those 2 programs disappear. Wonder how that happened.

----------

