存档

文章标签 ‘forensics’

linux静态编译工具包

2013年8月1日 没有评论

一个朋友的服务器CPU在半夜总是跑的很高,但是却看不到是哪个进程导致的。要我帮他检查下这个linux系统,很久没干这个活了,工具都丢的差不多,重新收集一下。

http://www.stearns.org/staticiso/ 编译好的32位静态工具包,但libc有点老,centos6 64下运行直接seg fault了

ps: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, stripped

http://sourceforge.net/projects/costars/ 代码包,有静态编译的脚本 可能里面的app版本有点老,但应该还凑合能用,自己编译下也不错。

Build a recovery toolkit

2013年8月1日 没有评论

Introduction

All security guides recommend you should have a security audit toolkit (or forensic toolkit or recovery toolkit). This toolkit is constituted by a set of static-linked binaries (grep,w,netstat,ls,nc,strace,ps … etc). The problem it that these security guides tell you to build this toolkit but never show you how to do it (they just tell it can be really difficult…). In this article I will explain why we need this toolkit then I will show how to build it.

Note : The “build the toolkit” part of this article uses the apt-get package installer (for Debian-like distribs). I tested this code with success on Ubuntu, and with Debian (however some package are different and the described method may not always work).

阅读全文…