Security Incidents mailing list archives
Re: clean binaries
From: Mike Parkin <mparkin () CISCO COM>
Date: Tue, 7 Nov 2000 13:48:10 -0800
At 01:40 PM 11/6/2000 -0500, pW wrote:
Hello all... What is the best way to make a disk full of clean binaries so that should a machine be compromised you can use system binaries that you know are clean as opposed to using the ones on the system that may be compromised. Basically I am looking for the best way to get a CD full of binaries such as ifconfig, ps, login, and so on... the systems are already in production so I would prefer getting them from somewhere else because I don't want to assume that these systems are completely clean.
In general all it takes is comparable iron, a CD burner, and source code. Set up a box off the LAN with a fresh install. Compile a set of statically linked binaries (to avoid the possibility of the libraries on the afflicted host being compromised) and burn them to CD. Assuming the system's binaries are corrupt is wise.
Is it best to get these from the installation media that was used to install all of the systems?
Depends on the source, but probably. Though getting a more recent version may not be bad, as are additional tools you may not have on a production box. If you run with the philosophy that production machines should be stripped of all non-essential tools, all the best tools will have to be in your jump kit anyway. Mike
Current thread:
- clean binaries pW (Nov 08)
- Re: clean binaries Jay D. Dyson (Nov 08)
- Re: clean binaries Tim Walberg (Nov 08)
- Re: clean binaries Mike Parkin (Nov 08)
- Re: clean binaries //Stany (Nov 08)
- Re: clean binaries Rob Shein (Nov 09)