Hello.
On Tue, 10 Jul 2012 21:15:45 +0200 "Lentes, Bernd" <bernd.lentes_AT_helmholtz-muenchen.de> wrote:
> Hi,
>
> i'm new to stali and hope this is the right place for my question.
> Currently i'm creating a tool cd with static compiled binaries. I'd like to use the cd when i have a possible compromised system. The cd would provide me with tools i can rely on and which i can use for investigation, because it does not use any software from the possible compromised system.
> I succeeded already in creating a static version of netcat. With other binaries i have problems. While searching on the web, i come across stali.
> I thought this might be very useful for my purpose. I downloaded http://dl.suckless.org/stali/stali.tar.bz2 and mounted it following the guide in the readme file. Finally i chrooted in it.
> But when i try now ldd on some binaries, it shows me the needed *.so files. I thought using static binaries don't need shared objects. Am i wrong ?
> And all the binaries in /bin and /sbin are symlinks to busybox.
> Can anyone explain me if i can use stali for my purpose ? Do i have to compile every binary i'd like to have ? Or is there a possibility to extract static binaries from busybox ?
There is no real result of sta.li yet, due to the lack of manpower.
You might look at:
https://github.com/pikhq/bootstrap-linux
https://github.com/chneukirchen/sabotage
They have a working simple framework to create the bootstrap environā
ment to build more static packages.
I'd like to hear how far you get.
Sincerely,
Christoph Lohmann
Received on Tue Jul 10 2012 - 21:15:45 CEST