On Sat, Jan 11, 2003 at 04:01:20PM -0700, Steve Wampler wrote: > > I'm trying to build a CD that has all the binaries and libraries > needed to run chkrootkit on it (so I can be more confident that > I'm running good binaries when checking possibly compromized > systems...).
I suppose you will also compile and "install" other software on the CD as well... You will need much more programs than chkrootkit to do a full analysis. > No real problem locating all the binaries and libraries, and > the CD I build works just fine on the (RH 8.0) system I built > it on, but when I try it on another system (happens to be > RH 7.3). I get: > > /bin/sh: /lib/ld-linux.so.2: version `GLIBC_PRIVATE' not found > (required by /mnt/cdrom/bin/Chkrootkit/lib/libc.so.6) You should never use dynamicaly linked programs for a security analysis: 1) the library might not be on the system you are doing the audit on 2) the library might be altered by an intruder > I've gone googling for GLIBC_PRIVATE and, while a number of people > have encountered this error in other contexts, I haven't found > a solution. The solution is to build statically linked binaries of all programs you are installing on the CD. This will blow them up, but then you can be sure that you are not using any binaries, libraries or other files from the harddrives! Put also all tools you could need to do full analysis of a running system on this CD. > Anyone got one? > > Thanks in advance! > Steve > > -- > Steve Wampler <[EMAIL PROTECTED]> good chance and bye Pierre Spielmann
