Can the top command in /usr/bin be replaced? I read on superuser that it can hide processes if compromised. I want to delete top and get a fresh new script using apt-get from Ubuntu official repositories.
Asked
Active
Viewed 77 times
1 Answers
4
top is a part of procps package you can reinstall it using:
sudo apt install --reinstall procps
or install a version from a repository which you trust, run apt-cache policy proccps, which outputs:
procps:
Installed: 2:3.3.10-4ubuntu2.3
Candidate: 2:3.3.10-4ubuntu2.3
Version table:
*** 2:3.3.10-4ubuntu2.3 500
500 http://mirrors.kernel.org/ubuntu xenial-updates/main amd64 Packages
100 /var/lib/dpkg/status
2:3.3.10-4ubuntu2 500
500 http://mirrors.kernel.org/ubuntu xenial/main amd64 Packages
pick a version from a repository which you trust and specifically install that one:
sudo apt remove procps
sudo apt install procps=2:3.3.10-4ubuntu2.3
You can also check and see if this file is compromise using dpkg -V:
run:
dpkg -V procps
If top has been compromised it will show you an output look like:
??5?????? /usr/bin/top
otherwise it show nothing.
Ravexina
- 55,668
- 25
- 164
- 183
-
Shouldn't we take care of probably enabled PPA's, as untrusted PPA's are a common way to compromise the system? – mook765 May 19 '17 at 10:06
-
I updated my answer, however I strongly recommend not using PPA's or sources we don't trust in first place. IMO Once they cause the damage it's hard to discover and fix. – Ravexina May 19 '17 at 10:23
-
-
Thank you, I got a downvote but I couldn't find the answer (procps). Try searching for top ... – imonaboat Jun 05 '17 at 10:06