what does the ps command do?

[wustrong]

pve version 8.3.1
I kill this process id, and it still alive, my pve even can not reboot

reboot
Failed to set wall message, ignoring: Connection timed out
Call to Reboot failed: Connection timed out

 

[Johannes S]

You could enter man ps in the console to see the manual page. Alternativiely google for "linux ps command", first result I got was the manual page:
https://man7.org/linux/man-pages/man1/ps.1.html

Another result: https://www.ionos.com/digitalguide/...AG18bIBTb8abgt3JG8f9zdMEgtmeK5xDxZmmNBm5DJLas

Basically ps is a program to list the processes currently executed (quasi a non-interactive top). It's normally run manually by a user so I'm wondering how you ended up with it.
Here is a basic introduction in managing processes in Linux (including how to kill them):
https://www.digitalocean.com/community/tutorials/process-management-in-linux

Please note that the mentioned kill -9 switch should be used with caution: Normally kill would take care that any data still used by the process is written so nothing is lost due to the termination. kill -9 doesn't do it. For ps (since it doesn't write any data) this is not so important, but for another programs this might be quite different so -9 shoud only be used in emergencies and with great caution.
This article discusses the different kill switches: https://www.liquidweb.com/blog/linux-kill-commands/

 

[waltar]

The funny think is why the ps cmd takes more than 13 or 18 (red line onto) min cpu time to collect the just 335 total tasks which normally should just take ms ... and so the question means what is it doing all that time there instead if be ready ... but sorry don't know either as never seen somethink like that. Maybe do a "strace -p 44576" to see what the process is doing.

 

[bbgeek17]

"ps" command reads the /proc tree (depending on the *ix OS) and outputs the information it finds there. The 100% CPU utilization of the "ps" is a symptom of a larger issue with system's health.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[BobhWasatch]

"ps" command reads the /proc tree (depending on the *ix OS) and outputs the information it finds there. The 100% CPU utilization of the "ps" is a symptom of a larger issue with system's health.

You mean like maybe he's been hacked and a fake "ps" is mining bitcoin or something?

 

[bbgeek17]

You mean like maybe he's been hacked and a fake "ps" is mining bitcoin or something?

I was thinking systemd/udev went haywire, but I like your guess more!

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[fba]

Good suggestions so far

When running top command like in the screenshot shown, just hit c to view full process path instead of name only. It should be /usr/bin/ps
Test with command dpkg -V procpsif your ps is same like provided by packages. No output is good. If you get a difference shown apt reinstall procps and hopefully you have backup ready anyway, if the host was mining something.

nothing in this post is truly meant for fixing compromised hosts

 

[bbgeek17]

My first action would be to yank the network cable out of the NIC

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[waltar]

My first action would be to yank the network cable out of the NIC

When doing so take the power cable too and then come up again without the network cable ... but hopefully that isn't that bad to the reason for cpu consuming ps ...

 

[wustrong]

systemd/udev went haywi

"ps" command reads the /proc tree (depending on the *ix OS) and outputs the information it finds there. The 100% CPU utilization of the "ps" is a symptom of a larger issue with system's health.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

my host just link to my lan: 192.168.xx.xxx, may not

You mean like maybe he's been hacked and a fake "ps" is mining bitcoin or something?

my host just link to my lan: 192.168.xx.xxx, may not be mining, but some big issues

 

[fba]

[...]my pve even can not reboot

reboot
Failed to set wall message, ignoring: Connection timed out
Call to Reboot failed: Connection timed out

echo s > /proc/sysrq-trigger
echo u > /proc/sysrq-trigger
echo b > /proc/sysrq-trigger

This will sync all mounted filesystems, remount them in read-only mode and then a reboot will happen.

 

[bbgeek17]

This will sync all mounted filesystems, remount them in read-only mode and then a reboot will happen.

OP seems to have access to iDRAC, that would be another option for achieving a reboot/reset.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[Kingneutron]

I would backup your VMs and LXCs, make notes about your network config and storage, and reinstall Proxmox