Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone give me any pointers about how I might accomplish this? I've spent hours searching Google and only found a few links about a guy named Joe Magee who was trying to do the same thing but couldn't find his email addy. I searched the FreeBSD archives but get: None of the archives you requested (freebsd-questions, freebsd-security and freebsd-stable) are available at this time. Please try again later, or return to the search page and select a different archive. Thanks Joe
On Sun, 3 Aug 2003 09:20:45 -0600 Joe Warner <rootman22@comcast.net> wrote:> Hi, > > I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from. > > I'd like to build a CD that would work on -RELEASE versions > of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. > > Can anyone give me any pointers about how I might accomplish > this? > > I've spent hours searching Google and only found a few links about > a guy named Joe Magee who was trying to do the same thing but > couldn't find his email addy. I searched the FreeBSD archives but > get:Joe, Try Google-Groups, works great for me, but not all FreeBSD lists are archived (freebsd-gnome is one that I miss that is not there) http://groups.google.com/groups?hl=en&group=mailing.freebsd Regards, Stephen Hilton nospam@hiltonbsd.com
On Sun, 03 Aug 2003, Joe Warner wrote:> Hi, > > I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from.It would probably need to be a bootable CD-ROM, so that you could trust the kernel wasn't modified to hide information from ps/netstat/ls/etc.> I'd like to build a CD that would work on -RELEASE versions > of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. > > Can anyone give me any pointers about how I might accomplish > this? > > I've spent hours searching Google and only found a few links about > a guy named Joe Magee who was trying to do the same thing but > couldn't find his email addy. I searched the FreeBSD archives but > get: > > None of the archives you requested (freebsd-questions, freebsd-security and > freebsd-stable) are available at this time. > > Please try again later, or return to the search page and select a different > archive. >I think there's other archives of the lists on the mailman site now, but I'm not too sure. -- David Taylor davidt@yadt.co.uk "The future just ain't what it used to be"
On Sun, 3 Aug 2003 09:20:45 -0600 Joe Warner <rootman22@comcast.net> wrote:> Hi, > > I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from. >I'd suggest using FreeSBIE. It's a set of scripts to let you create a complete FreeBSD to be put on CD and you can include all the programs you want, right from your pkg_info. Go to www.freesbie.org org cd to /usr/ports/sysutils/freesbie/ and make install. If you want more help about it, just send me a private e-mail. I'm a doc writer for the project. -- Stucchi Massimiliano | Gruppo Utenti FreeBSD Italia WillyStudios.com | http://www.gufi.org stucchi@willystudios.com | max@gufi.org "People who make no mistakes do not usually make anything"
On Sun, Aug 03, 2003 at 09:20:45AM -0600, Joe Warner wrote:> > I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from.1. It would be fairly rare for the bin's from iso-2 (the bootable live filesystem) from a release not to work on the corresponding -stable. 2. However you should certainly be booting from the cd, for reasons already noted. 3. make release will enable you to create the equivalent of iso-2 for your -stable, if you really insist. 4. You should investigate The Coroner's Toolkit, available (free) from porcupine.org to really do forensics work. It comes from Dan Farmer & Wiese Venema, who need no endorsement from me. I've used it (on Solaris) with very gratifying results. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Joe,> I'd like to build a toolkit CD specifically for conducting > forensics on FreeBSD. I'm not talking about a bootable > CD but rather one that I could pop into a CD ROM drive > and run trusted commands like ps, netstat, ls, etc., from.there's a project called snarl at http://snarl.eecue.com/articles but this seems to be sleeping. Perhaps it's helpful for your project. -volker
Does a current ISO for 4.8 exist with the lastest Security Advisory patch? Nothing is listed at www.freebsd.org/security/ . Leland
At 13:14 24/09/2003 -0700, Leland wrote:>Does a current ISO for 4.8 exist with the lastest Security Advisory patch? > >Nothing is listed at www.freebsd.org/security/ .Security "releases" are not published by the FreeBSD project at present. For installing new systems, I suggest installing from the official 4.8-RELEASE ISO or FTP distributions, and then using FreeBSD Update (ports/security/freebsd-update) to apply binary updates. As a side note, if you specifically want the latest ARP fix, you'll have to wait a few hours... I'm holding off on uploading the binary update in case I hear some clarification of the problems Scott Lambert reported. Colin Percival