Date: Fri, 11 May 2001 19:48:38 +0100 From: Mark Drayton <mark.drayton@4thwave.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Building a Trusted Rootkit Message-ID: <20010511194838.A13410@tethys.valhalla.net> In-Reply-To: <200105111423.AA4456760@mail.joemagee.com>; from lists@joemagee.com on Fri, May 11, 2001 at 02:23:38PM -0400 References: <200105111423.AA4456760@mail.joemagee.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Magee (lists@joemagee.com) wrote: > Hello all.. I'm working on a project to gather trusted binarys for BSD > releases... I'm building a Forensics Toolkit which will have trusted > copies of ps, ls, netstat, ifconfig, etc... so that these trusted > commands can be ran on a compromised machine via floppy or cdrom. > > I obviously can't just copy these files from a default install because > I want them to be staticly compiled them so they don't attempt to > access library files or anything like that... All the binaries in /bin and /sbin *are* statically linked by default. Just copy them over. > Can anyone point me in the right direction as to where to fine the > source files to complie them? Is there a perticular tarball i should > be looking for? If you install the source distribution (or cvsup) the whole system source will be in /usr/src; for example the source for ls is under /usr/src/bin/ls. The handbook/FAQ has instructions on how to cvsup, or use /stand/sysinstall to install the source distribution from ftp or cd. -- Mark Drayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010511194838.A13410>