From owner-freebsd-questions Fri May 11 11:48:42 2001 Delivered-To: freebsd-questions@freebsd.org Received: from tethys.valhalla.net (tethys.valhalla.net [195.26.32.112]) by hub.freebsd.org (Postfix) with ESMTP id 31C1C37B43F for ; Fri, 11 May 2001 11:48:39 -0700 (PDT) (envelope-from mark@tethys.valhalla.net) Received: by tethys.valhalla.net (Postfix, from userid 500) id 84F3233009; Fri, 11 May 2001 19:48:38 +0100 (BST) Date: Fri, 11 May 2001 19:48:38 +0100 From: Mark Drayton To: freebsd-questions@freebsd.org Subject: Re: Building a Trusted Rootkit Message-ID: <20010511194838.A13410@tethys.valhalla.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <200105111423.AA4456760@mail.joemagee.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105111423.AA4456760@mail.joemagee.com>; from lists@joemagee.com on Fri, May 11, 2001 at 02:23:38PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joe Magee (lists@joemagee.com) wrote: > Hello all.. I'm working on a project to gather trusted binarys for BSD > releases... I'm building a Forensics Toolkit which will have trusted > copies of ps, ls, netstat, ifconfig, etc... so that these trusted > commands can be ran on a compromised machine via floppy or cdrom. > > I obviously can't just copy these files from a default install because > I want them to be staticly compiled them so they don't attempt to > access library files or anything like that... All the binaries in /bin and /sbin *are* statically linked by default. Just copy them over. > Can anyone point me in the right direction as to where to fine the > source files to complie them? Is there a perticular tarball i should > be looking for? If you install the source distribution (or cvsup) the whole system source will be in /usr/src; for example the source for ls is under /usr/src/bin/ls. The handbook/FAQ has instructions on how to cvsup, or use /stand/sysinstall to install the source distribution from ftp or cd. -- Mark Drayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message