| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Wed, Jan 18, 2006 at 10:29:47AM -0500, Douglas Breault Jr wrote: |
| 5 |
|
| 6 |
> I need to run this CSA in order to gain access to the network. I don't |
| 7 |
> trust the network much either, but I am always using OpenVPN, which I |
| 8 |
> trust completely. Currently I can access the network, and ergo my vpn |
| 9 |
> without this, but after the 26th that all changes. |
| 10 |
> |
| 11 |
> I will definitely look into grsec but it seems complicated. Regardless I |
| 12 |
> require a viable solution and I will take the steps necessary, |
| 13 |
> regardless of complication. |
| 14 |
|
| 15 |
I've used grsec in the past (something like 1-2 years ago) and it wasn't that |
| 16 |
complicated. I've also experimented with the hardened project running on a |
| 17 |
multi-user server. We ran into issues with software breakage so we backed off. |
| 18 |
I'm sure they've gotten lots of those problems fixed by now and might be quite |
| 19 |
useful in a hostile environment. You could also explore machine virtualization, |
| 20 |
ie Xen/"User Mode Linux". That'd give you the "clean room" environment needed to |
| 21 |
explore what your binary might do during operation. |
| 22 |
|
| 23 |
> Is there a way to try and trace what the binary wants to do? I'm aware i |
| 24 |
> could run strace on it and ethereal to capture what it transmits... But |
| 25 |
> is there more I can do? |
| 26 |
|
| 27 |
Your basic tools for analyzing binaries are strace, lstrace, lsof, netcat, |
| 28 |
strings. That binary is hopefully statically compiled so ltrace won't be as |
| 29 |
useful. Definitely make sure to run strings on it and see if you can spot any |
| 30 |
pertinent comments. You might get some use out of gdb if they left some |
| 31 |
debugging symbols when compiling. |
| 32 |
|
| 33 |
Brandon Edens |
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
Version: GnuPG v1.4.2 (GNU/Linux) |
| 36 |
|
| 37 |
iD8DBQFDzmym4fsYS1VDj0gRAnXoAKCas91U0nGckitZeLhPUlDdVnVhNACfWxbt |
| 38 |
1CqzJdp64x0aDOI/QXjUTVo= |
| 39 |
=ahLf |
| 40 |
-----END PGP SIGNATURE----- |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-security@g.o mailing list |
Archives