Safe Non-Rootkit Utilities?

[spacebass5000]

I am looking for a manner in which to test a system for rootkit's. Basically, I want to create a Read Only medium which houses all of the tools I need to inspect my machine (ie. netstat, ps, ls, du, df, etc...).

How would I set about doing this? I have tried creating a test directory to house all the binaries and libraries needed and then chrooting to this directory in order to use them. Problem is, as soon as I do this, I run into problems seeing the other partitions/drives... Other issues popped up which stopped me from pursuing this course of action.

Any ideas on how to do this? Are there utility disks already out there?

Thanks as always!

 

[pansophic]

I just statically link chkrootkit on a clean machine, and then use the binary on the system(s) under test.

You can do the same thing with the other utilities that you desire, you just have to download source and compile with the -static option in gcc.


pansophic

 

[spacebass5000]

very interesting... I will look into this...