Security Incidents mailing list archives
Re: clean binaries
From: Tim Walberg <tewalberg () mediaone net>
Date: Tue, 7 Nov 2000 14:59:39 -0600
I don't know that it's necessarily "the best" way, but the approach I would take would be to build a new system, then burn a CD with the contents of /sbin, /usr/sbin, /bin, and /usr/bin, and possibly stuff from /usr/local or some other locations (you'll have to determine on your own what you would need). I'd probably also download a few additional tools that would be useful for forensic or post-mortem analysis and put them on the disk too. If you were feeling mor ambitious, you could put everything you needed to make the disc bootable on it, so you could boot off CD for post-mortem analysis (then mount file systems r/o, etc.). Not necessarily the most well thought out plan, but it should give you somewhere to start... tw On 11/06/2000 13:40 -0500, pW wrote:
Hello all... What is the best way to make a disk full of clean binaries so that should a machine be compromised you can use system binaries that you know are clean as opposed to using the ones on the system that may be compromised. Basically I am looking for the best way to get a CD full of binaries such as ifconfig, ps, login, and so on... the systems are already in production so I would prefer getting them from somewhere else because I don't want to assume that these systems are completely clean. Is it best to get these from the installation media that was used to install all of the systems? any help would be appreciated! thanks shawn
End of included message -- +--------------------------+------------------------------+ | Tim Walberg | tewalberg () mediaone net | | 828 Marshall Ct. | www.concentric.net/~twalberg | | Palatine, IL 60074 | | +--------------------------+------------------------------+
Attachment:
_bin
Description:
Current thread:
- clean binaries pW (Nov 08)
- Re: clean binaries Jay D. Dyson (Nov 08)
- Re: clean binaries Tim Walberg (Nov 08)
- Re: clean binaries Mike Parkin (Nov 08)
- Re: clean binaries //Stany (Nov 08)
- Re: clean binaries Rob Shein (Nov 09)