From owner-freebsd-questions Fri May 11 11:56:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cache0-boot.infase.es (cache0-boot.infase.es [212.87.192.192]) by hub.freebsd.org (Postfix) with ESMTP id 544FE37B423 for ; Fri, 11 May 2001 11:56:22 -0700 (PDT) (envelope-from arnaiz@encomix.es) Received: from LAPTOP (dynamic.193.es.encomix.com [194.143.193.219]) by cache0-boot.infase.es (Postfix) with SMTP id AADB855DC3D; Fri, 11 May 2001 20:52:39 +0200 (CEST) From: =?us-ascii?Q?Jesus_Arnaiz?= To: Cc: Subject: RE: Building a Trusted Rootkit Date: Fri, 11 May 2001 20:57:32 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: <200105111423.AA4456760@mail.joemagee.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > -----Mensaje original----- > De: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]En nombre de Joe Magee > Enviado el: viernes, 11 de mayo de 2001 20:24 > Para: questions@FreeBSD.ORG > Asunto: Building a Trusted Rootkit > > > Hello all.. I'm working on a project to gather trusted binarys for BSD > releases... I'm building a Forensics Toolkit which will have trusted copies > of ps, ls, netstat, ifconfig, etc... so that these trusted commands can be > ran on a compromised machine via floppy or cdrom. > > I obviously can't just copy these files from a default install because I > want them to be staticly compiled them so they don't attempt to access > library files or anything like that... > > Can anyone point me in the right direction as to where to fine the source > files to complie them? Is there a perticular tarball i should be looking for? > You have a "install.sh" script in the "sources" or "src" directory of the #1 CD of FreeBSD, use: # ./install.sh bin Or use # /stand/sysinstall Configuration->Installation->Sources->Bin (or similar) > Thanks! > > Joe Magee > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Regards! -- Jesus Arnaiz 0z0ne Inc I+D/IT Manager http://www.0z0ne.com mailto:jesus@0z0ne.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message