Re: clean binaries

[Mike Parkin <mparkin () CISCO COM>]

At 01:40 PM 11/6/2000 -0500, pW wrote:
> Hello all...
>
> What is the best way to make a disk full of clean binaries so that should
> a machine be compromised you can use system binaries that you know are
> clean as opposed to using the ones on the system that may be
> compromised. Basically I am looking for the best way to get a CD full of
> binaries such as ifconfig, ps, login, and so on... the systems are already
> in production so I would prefer getting them from somewhere else because I
> don't want to assume that these systems are completely clean.

In general all it takes is comparable iron, a CD burner, and source
code.  Set up a box off the LAN with a fresh install.  Compile a set of
statically linked binaries (to avoid the possibility of the libraries on
the afflicted host being compromised) and burn them to CD.

Assuming the system's binaries are corrupt is wise.


> Is it best to get these from the installation media that was used to
> install all of the systems?

Depends on the source, but probably.  Though getting a more recent version
may not be bad, as are additional tools you may not have on a production
box.  If you run with the philosophy that production machines should be
stripped of all non-essential tools, all the best tools will have to be in
your jump kit anyway.


Mike