Upgrading to IPSO 4.2
You might already have a previous IPSO release installed on your Nokia platform and simply want to upgrade to IPSO 4.2. You can upgrade directly to Nokia IPSO 4.2 from the following IPSO versions:
3.7, 3.7.1,3.8, 3.8.1, 3.9, 4.0, 4.0.1, 4.1
Notes from the Underground…
Words of Caution When Upgrading
As with any software, there might be some caveats or warnings you should review before starting the upgrade process. Nokia IPSO is no exception and has some issues you should know about before proceeding with an upgrade.
Upgrading from IPSO 3.7.1 and Earlier
If you upgrade to IPSO 4.2 from IPSO 3.7, IPSO 3.7.1, or earlier and want to use disk mirroring, you must first install the 4.2 boot manager and then install IPSO 4.2 from the new boot manager. If you do not, you might receive messages that show the mirror set is 100 percent complete or that the sync process is complete when in fact the disks are still syncing. You do not need to follow this procedure if you upgrade to IPSO 4.2 from IPSO 3.8, 3.8.1, 3.9, 4.0, 4.0.1, or 4.1.
Upgrading from IPSO 4.1
Avoid using the IPSO boot manager to install IPSO 4.2 on a platform running IPSO 4.1 Build 016 or 019 if you installed the 4.1 build using the boot manager. If you attempt to upgrade in this way, the system might repeatedly panic and reboot. To upgrade these systems to IPSO 4.2, use Network Voyager, the CLI, or the newimage shell command.
Space Requirements
You need at least 140MB of free disk space in your root partition to install an IPSO 4.2 image. To determine the available disk space, log in to the IPSO shell through a terminal or console connection and enter df -k. If the first number in the Avail column (which shows the available space in the root partition) is less than 140000Kbytes, you should make more space available by deleting the temporary files specified in the following command if they are present. (These files might not be present, depending on how the upgrades were done on your system.) Execute the following commands to delete the list of unwanted files:
mount -uw /
rm -f /image/*/bootmgr/*.sav
rm -f /image/*/bootmgr/*.tmp
sync
mount -ur /
If you use the df command after you install IPSO 4.2 as a third image, you might see that the root partition is more than 100-percent full. If no errors were displayed while you installed IPSO 4.2, you can safely ignore this output from df.
Other upgrade-specific issues are covered in greater detail in the Getting Started and Release Notes for IPSO 4.2 document available on the Checkpoint support site:
http://support.checkpoint.com
There are several ways to copy the IPSO installation image used to upgrade your Nokia
IPSO version to your Nokia appliance. You can:
1. Use the Nokia Network Voyager to fetch the IPSO image from a remote FTP server.
2. Use the Nokia Network Voyager to upload the IPSO image from a local workstation using HTTP.
3. Use an FTP client to push the IPSO image to the Nokia appliance (if the FTP server is enabled).
4. Use secure copy (SCP) to push the IPSO image to the Nokia appliance (if the SSH server is enabled).
5. Use secure copy (SCP) to pull the IPSO image to the Nokia appliance from another server.
6. Use a floppy or CD-ROM to copy the image to the Nokia appliance (if the appliance has a floppy or CD-ROM drive).
As you can see, there is no shortage of installation image transfer mechanisms. Upgrading the image using Nokia Network Voyager (options 1 and 2) is covered in detail in Chapter 4. If you decide to transfer the IPSO image manually (options 3, 4, 5, and 6) you can use the newimage command to upgrade from the CLI. The syntax of the newimage command is as
follows:
newimage [[-i | -l localfile] [-b] [-R | -T]] [-r | -t imagename]
newimage Command-Line Switches
Switch Description
-b Force upgrade of bootmanager.
-i Load a new image interactively.
-l localfile Extract the new image from an extant file.
-r imagename Specify imagename to run at the next boot.
-t imagename Specify imagename to run at the next test boot.
-R Use a newly installed image to run at the next boot.
-T Test boot using a newly installed image.
-k Do not deactivate existing packages.
-v Verbose ftp.
Note
On some appliances, installing the image can take some time. The newimage command might display the message “Setting up new image…” for several minutes with no other sign of activity.
The test boot option -t imagename is a method to test the newly installed image when you reboot your Nokia appliance. If it fails to boot, your Nokia appliance reverts to the previous IPSO image the next time it is started.
To add an IPSO image from the local file system, use the following newimage syntax:
NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
You should see a response similar to the following:
ipso.tgz Validating image. . .done.
Version tag stored in image: IPSO-4.2-BUILD029-releng-1515-01.05.2007-222742
Installing new image. . .done [example]
You are then prompted to choose the image to load after the next reboot. At the
prompt, reboot your platform. If for some reason the package is not present, you will see
a message similar to the following when trying to run the newimage command:
NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
tar: can’t open archive /var/emhome/admin/ipso.tgz : No such file or directory
tar: child returned status 3
tar: VERSION not found in archive
No version file in /var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting
Jul 27 12:13:44 NOKIA_IPSO [LOG_ERR] Upgrade: No version file in
/var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting. . .
If the IPSO image is corrupt, you will see an image similar to the following when trying
to run the newimage command:
NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
gzip: stdin: unexpected end of file
tar: child returned status 1
tar: VERSION not found in archive
No version file in /var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting
Jul 27 12:15:52 NOKIA_IPSO [LOG_ERR] Upgrade: No version file in /var/emhome/admin/ipso.
tgz. Possibly corrupted. Exiting. . .
To verify the integrity of an IPSO image archive you can use the openssl command as
follows:
NOKIA_IPSO[admin]# openssl sha1 ipso.tgz
You should see a response that displays the same SHA1 value that matches the SHA1
value shown at the Nokia support site. For example, you should see something like the
following:
SHA1 (ipso.tgz)=390366ED8C53A9F1F516D2DC742331E7FE5A11C0
Thursday, February 18, 2010
Wednesday, February 17, 2010
IPSO Scratch Installation
Couple of Months before I got a call from my Senior, he said they are transferring me to a Data center, to administrate a CheckPoint Cluster which is installed on IPSO..
Grrr... Now what is IPSO!!!
IPSO is a a FreeBSD fork developed originally by IPSILLION Networks, later acquired by Nokia and now with CheckPoint (Nokia IP devices has been acquired by Nokia one year back)
Following is the procedure to install IPSO in a Nokia Box...
Cheers!!
Manu B alias Karthik...
Installing IPSO
Performing a clean installation of IPSO is a relatively simple process. The installer configures
the system based on the selections you make during the process. The standard installation
procedure is as follows:
1. Power on the appliance and enter the boot manager (Bootmgr).
2. Initiate the installation process.
3. Answer the configuration questions when prompted.
4. Reboot the appliance when the initial installation is complete.
5. Continue with the initial configuration of your appliance.
Let’s walk through these steps.
Booting into the Boot Manager
When the appliance is powered on, after the memory test completes, you will be presented
with a menu that presents you with a boot manager (1 Bootmgr) option and an IPSO
(2 IPSO) option.
Entering 2 starts the standard boot process into the IPSO operating system.
Because you want to perform a clean installation, you must enter the boot manager and
launch the installation process. Do this by entering 1.
1 Bootmgr
2 IPSO
Default: 1
Starting bootmgr
Loading boot manager..
Boot manager loaded.
Entering autoboot mode.
Type any character to enter command mode.
BOOTMGR[1]>
You are now presented with the BOOTMGR[1]> prompt. To begin the installation
process, enter install.
BOOTMGR[1]> install
The IPSO installer will warn you that you will be expected to enter information during
the initial configuration process, such as client IP address, netmask, system serial number,
and so on. You will also be reminded that the clean installation will destroy any existing files
and data on your disk. To proceed with the clean installation, enter y.
############## IPSO Full Installation ###############
You will need to supply the following information:
Client IP address/netmask, FTP server IP address and filename,
system serial number, and other license information.
This process will DESTROY any existing files and data on your disk.
#################################################################
Continue? (y/n) [n] y
Part of the installation process is entering the chassis serial number. This is very important
in identifying your appliance should you ever need to call into Nokia for technical support.
The serial number is typically located on the back of the appliance but has been known to be
on the bottom in some of the older appliances.
Enter your serial number.
Motherboard serial number is NONE.
The chassis serial number can be found on a
sticker on the back of the unit with the letters
Note
Of course, you have already written down the serial number prior to racking the appliance.
S/N in front of the serial number.
Please enter the serial number: 12345678
Please answer the following licensing questions.
Depending on your requirements, an enhanced license can be purchased to support
IGRP and BGP routing protocols. If you do not require these routing protocols, like
most Nokia installations, you can enter n when presented with the IGRP and BGP
questions.
Will this node be using IGRP ? [y] n
Will this node be using BGP ? [y] n
Because we are performing a clean installation, it does not make sense to pull the installation image from the disk you are looking to overwrite. What the installation script does allow you to do, however, is fetch the IPSO image from a remote FTP server.
Depending on your FTP server configuration, you can select from one of two options: You can install from an anonymous FTP server where no user credentials are required, by entering
1, or you can install from an FTP server that requires a username and password, by entering 2.
Regardless of the option you select, you are prompted to enter an IP address for your Nokia IP appliance, the IP address of the FTP server, and the default gateway your communications will use for routing. The only additional entries that require user input, if using the second menu option, are the username and password fields. To simplify the installation steps, and based on what most customers use, we will continue with the anonymous FTP server method. When prompted to choose an installation method, enter 1 and then the IP addresses you want to use. Each IP address field requires that you press Enter to move to the next option.
1. Install from anonymous FTP server.
2. Install from FTP server with user and password.
Choose an installation method (1-2): 1
Enter IP address of this client (10.3.2.5/24): 192.168.200.10/24
Enter IP address of FTP server (0.0.0.0): 192.168.200.50
Enter IP address of the default gateway (0.0.0.0): 192.168.200.1
After you have supplied the IP address and subnet mask information, you must
select a physical interface to assign it to. Select the interface you wish to use for the FTP
communications by typing the corresponding number and pressing Enter.
Choose an interface from the following list:
1) eth1
2) eth2
3) eth3
4) eth4
Enter a number [1-4]: 4
Select the speed of the chosen interface by entering the corresponding number.
Choose interface speed from the following list:
1) 10 Mbit/sec
2) 100 Mbit/sec
Enter a number [1-2]: 2
Select the duplex settings for the interface using h for half duplex or f for full duplex.
The duplex settings of your interface will vary depending on the device it is connected to.
Half or full duplex? [h/f] [h] f
Note
The interface list may appear differently on your Nokia since it depends
entirely on the types of network interface cards (NICs) installed.
Now that your interface is configured, you must provide the path to, and the name of,
the IPSO installation package on the remote FTP server. Enter the full path to the IPSO
installation package. If the installation package is located in the root directory of the FTP
server you can press Enter or type the / character and press Enter.
Enter path to ipso image on FTP server [/]: /
Accept the default IPSO installation package name by pressing Enter or typing the full
package name and pressing Enter.
Enter ipso image filename on FTP server [ipso.tgz]: ipso.tgz
After the installation script connects to the FTP server, you have the option of telling
it what to retrieve. You can retrieve all valid packages it finds on the server, retrieve the
packages it finds one at a time and prompt you to accept or reject the package, or retrieve
no additional packages and only install the IPSO operating system. Select your option by
entering the associated menu number.
1. Retrieve all valid packages, with no further prompting.
2. Retrieve packages one-by-one, prompting for each.
3. Retrieve no packages.
Enter choice [1-3] [1]: 3
A final confirmation screen lets you verify all of your configuration settings before
proceeding. Check this carefully to ensure you have not added any incorrect information.
If you are happy with your configuration settings, enter y to start the installation process.
Client IP address=192.168.200.10/24
Server IP address=192.168.200.50
Default gateway IP address=192.168.200.1
Network Interface=eth1, speed=100M, full-duplex
Server download path=[//]
Package install type=none
Mirror set creation=no
Are these values correct? [y] y
If the Nokia appliance is able to contact the FTP server and find the IPSO installation
package, you will see the installation process status messages as the various steps are
completed.
Downloading compressed tarfile(s) from 192.168.200.50
Hash mark printing on (1048576 bytes/hash mark).
Interactive mode off.
100% 36760 KB 00:00 ETA
Checking validity of image. . .done.
Installing image. . .done.
Image version tag: IPSO-4.2-BUILD069-10.27.2007-035617-1515.
Checking if bootmgr upgrade is needed. . .
Need to upgrade bootmgr. Proceeding..
Upgrading bootmgr. . .
new bootmgr size is 2097152
old bootmgr size is 1474560
Saving old bootmgr.
Installing new bootmgr.
Verifying installation of bootmgr.
When the installation completes, you will see an Installation Completed message and
a final instruction telling you to reset the system or press Enter to reboot.
Installation completed.
Reset system or hit
Post Installation
The first thing you must do is provide a hostname for your Nokia appliance. Typically, this
is a one-word name for the system so you can easily recognize the system when performing
administrative tasks. Type your hostname and press Enter. You will also be prompted to
confirm the setting of the hostname. Enter y to continue.
Please choose the host name for this system. This name will be used
in messages and usually corresponds with one of the network hostnames
for the system. Note that only letters, numbers, dashes, and dots (.)
are permitted in a hostname.
Hostname? pint
Hostname set to “pint”, OK? [y] y
The admin user will require a password to authenticate you to the command line of the
Nokia appliance and for Web-based administration using the Nokia Network Voyager interface.
You will be asked to enter it again for validation. Enter the password you want to use.
Please enter password for user admin: notpassword
Please re-enter password for confirmation: notpassword
With the hostname and admin password set, you will be prompted to select your preferred
configuration method. You can configure an interface and use Nokia Network Voyager to
complete the configuration (the recommended method), or you can configure an interface by
using the CLI.
The easiest, and most popular, configuration method is to configure the appliance using
the Nokia Network Voyager. Enter 1 to select this method.
You can configure your system in two ways:
1) configure an interface and use our Web-based Voyager via a remote browser
2) configure an interface by using the CLI
Please enter a choice [ 1-2, q ]: 1
Select an interface you would like to use to configure your appliance by typing the
associated menu option number and pressing Enter.
Select an interface from the following for configuration:
1) eth1
2) eth2
3) eth3
4) eth4
5) quit this menu
Enter choice [1-11]: 4
Type the IP address and mask length you want to use for this interface. Press Enter for
each option after you have input the correct information.
Enter the IP address to be used for eth4: 192.168.200.10
Enter the masklength: 24
You are asked to configure a default route for this interface to use, and to provide the IP address information for your default router. To configure the default route, enter y. When asked to specify your default router, type the IP address of your default gateway and press Enter.
Do you wish to set the default route [ y ] ? y
Enter the default router to use with eth4: 192.168.200.1
After specifying the IP address and default route information, you have the option to change
the interface speed and duplex settings. Because this interface is configured for 1000 mbs and
full duplex, by default, you can enter n to accept the current settings.
This interface is configured as 1000 mbs by default.
Do you wish to configure this interface for other speeds [ n ] ? n
A final confirmation screen lets you verify all of your configuration settings before proceeding. Check this carefully to ensure you have not added any incorrect information.
If you are happy with your configuration settings, enter y.
You have entered the following parameters for the eth4 interface:
IP address: 192.168.200.10
masklength: 24
Default route: 192.168.200.1
Speed: 1000M
Duplex: full
Is this information correct [ y ] ? y
Optionally, you can configure the virtual local area network (VLAN) settings for this
interface. Typically, you will want to answer no to this question unless the interface needs to
be part of the VLAN for security or routing reasons. Enter n to continue.
Do you want to configure Vlan for this interface[ n ] ? n
You may now configure your interfaces with the Web-based Voyager by
typing in the IP address “192.168.200.10” at a remote browser.
At this point, you should be able to connect to your Nokia appliance using the Nokia
Network Voyager Web interface with the browser of your choice.
A final optional setting is the changing of the default SNMP community string. Because
this is easily performed within Nokia Network Voyager, along with more advanced SNMP
configuration settings, you can type n and press Enter to complete the initial configuration.
Do you want to change SNMP Community string [ n ] ? n
Tuesday, February 16, 2010
my POINT of VIEW
Cluster Down:
Suddenly she's
Leaving
Suddenly the
Promise of love has gone
Suddenly
Breathing seems so hard to do
Trogen Horse Attack:
Carefully you
Planned it
I got to know just
A minute to late, oh girl
now I understand it
All the times we
Made love together
Baby you were thinking of him
Cluster Member Came Up:
Ain't gonna show no
Weakness
I'm gonna smile
And tell the whole world I'm fine
I'm gonna keep my senses
But deep down
When no one can hear me
Baby I'll be crying for you
Preempt is not Enabled and Logging is Set:
Can't go back
Can't erase
Baby your smiling face oh no
I can think of nothing else but you
Suddenly
Kernel Panic:
Why do I love you
Don't even want to
Why do I love you like I do
Like I always do
You should've told me
Why did you have to be untrue
Why do I love you like I do
Monday, February 15, 2010
Check your documents before sharing with Clients........
Check your documents before sharing with Clients........
Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format or else run them through Microsoft's Hidden Data Removal tool.
Remove hidden data and personal information from Office documents:
Office 2K7
http://office.microsoft.com/en-us/help/HA100375931033.aspx
Office 2K3
http://www.microsoft.com/downloads/details.aspx?FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360&displaylang=en
Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format or else run them through Microsoft's Hidden Data Removal tool.
Remove hidden data and personal information from Office documents:
Office 2K7
http://office.microsoft.com/en-us/help/HA100375931033.aspx
Office 2K3
http://www.microsoft.com/downloads/details.aspx?FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360&displaylang=en
Forgot to mention subject, while writing an official mail and feel bad later???????
Don't worry......... just follow the simple steps mentioned below in case you’ve already not done that and see the result.
Below are the steps:
1. Open your outlook (Only For Outlook Users)
2. Press Alt+F11. This opens the Visual Basic editor
3. On the Left Pane, one can see "Microsoft Outlook Objects" or "Project1", expand this. Now one can see the "ThisOutLookSession".
4. Double click on "ThisOutLookSession". It will open up a code pane.
5. Copy and Paste the following code in the right pane.(Code Pane)
'============================================================================
Private Sub Application_ItemSend(ByVal Item As Object, Cancel As Boolean)
Dim strSubject As String
strSubject = Item.Subject
If Len(Trim(strSubject)) = 0 Then
Prompt$ = "Subject is Empty. Are you sure you want to send the Mail?"
If MsgBox(Prompt$, vbYesNo + vbQuestion + vbMsgBoxSetForeground, "Check for Subject") = vbNo Then
Cancel = True
End If
End If
End Sub
'============================================================================
6. Save this and now close the VB Code editor and take a breath. From now on, this macro will make sure you do not make the mistake of sending a mail without a subject.
Below are the steps:
1. Open your outlook (Only For Outlook Users)
2. Press Alt+F11. This opens the Visual Basic editor
3. On the Left Pane, one can see "Microsoft Outlook Objects" or "Project1", expand this. Now one can see the "ThisOutLookSession".
4. Double click on "ThisOutLookSession". It will open up a code pane.
5. Copy and Paste the following code in the right pane.(Code Pane)
'============================================================================
Private Sub Application_ItemSend(ByVal Item As Object, Cancel As Boolean)
Dim strSubject As String
strSubject = Item.Subject
If Len(Trim(strSubject)) = 0 Then
Prompt$ = "Subject is Empty. Are you sure you want to send the Mail?"
If MsgBox(Prompt$, vbYesNo + vbQuestion + vbMsgBoxSetForeground, "Check for Subject") = vbNo Then
Cancel = True
End If
End If
End Sub
'============================================================================
6. Save this and now close the VB Code editor and take a breath. From now on, this macro will make sure you do not make the mistake of sending a mail without a subject.
Monday, December 28, 2009
I do Trust Machines than hu~man ALIAS "Power of | xargs grep"
I do trust Machines than Human.. Here is an example..
One Day I got a call from my senior asking me the path of Checkpoint license file in IPSO. I was sure that in centralized licensing, it takes the smart center server's IP address..
So its sure that that file will contain my smart center server's IP address....:)) but how to search inside a file.... Its just like searching ur girl's mind :-(( quite difficult.. But I stick to the theory... "Nothing is Impossible".. Yea.. xargs will do that..
So the command would be
find . -name "*.*" | xargs grep ipaddress
But I stick to the other theory.. So I do Trust Machines than human
ahhh.. One more..
netstat -an | grep -i 127.0.0.1 is similar to netstat -an | find "127.0.0.1"
One Day I got a call from my senior asking me the path of Checkpoint license file in IPSO. I was sure that in centralized licensing, it takes the smart center server's IP address..
So its sure that that file will contain my smart center server's IP address....:)) but how to search inside a file.... Its just like searching ur girl's mind :-(( quite difficult.. But I stick to the theory... "Nothing is Impossible".. Yea.. xargs will do that..
So the command would be
find . -name "*.*" | xargs grep ipaddress
But I stick to the other theory.. So I do Trust Machines than human
ahhh.. One more..
netstat -an | grep -i 127.0.0.1 is similar to netstat -an | find "127.0.0.1"
How to Install unix programs from Source Code
Preparing the System for Compiling
Before you can proceed with compiling programs on your system, you will need a compiler, libraries and some other basic utilities. Some of the common programs required for most of the programs are:
·GNU coreutils : The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. These are the core utilities which are expected to exist on every operating system. Previously these utilities were offered as three individual sets of GNU utilities, fileutils, shellutils, and textutils. Those three have been combined into a single set of utilities called the coreutils.
·GNU binutils - The GNU Binutils are a collection of binary tools. The main ones are ld ( GNU linker ) and as ( GNU assembler )
·GCC- GCC stands GNU Compiler Collection. GCC is an integrated distribution of compilers for several major programming languages. These languages currently include C, C++, Objective-C, Objective-C++, Java, Fortran, and Ada.
·Make - Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files. Make gets its knowledge of how to build your program from a file called the makefile, which lists each of the non-source files and how to compute it from other files. When you write a program, you should write a makefile for it, so that it is possible to use Make to build and install the program.
·GNU tar/gunzip/bunzip2
These are archiving utility generally used to unpack source tarballs. These are generally in format of .tar, .tar.gz or bz2.
Step1: Get Source
In this example, we are going to install the latest version of NMAP released a few weeks back. We get the source from ..dist/nmap-4.20.tar.bz2 which is the current version. The latest rpm version available at this time was nmap-4.11 version.
To do this, I created another directory “nmap†and used wget to get the latest tarball as shown in the screenshot below.
Step 2: Unzip the Source Tarball
Now we unpack (unzip) the tarball by using the tar command.
This will extract the source code for nmap-4.20 into a folder.
Step 3: Run Configure Script
On different systems, the compiler and other libraries might be in different place than a regular Linux system. For example, you may be different type of bash than other users. Configure program creates a MakeFile which will be later used by make program.
Configure is basically a shell script generally written by GNU Autoconf, which looks at your system settings and tries various things to figure out what works. It takes instructions from MakeFile.in and builds a MakeFile which it thinks would work on the current system.
You can view various program options by running "./configure --help"
On my system I don’t want to install NMAPFE (the front-end for nmap) so I am going to run the configure command again with appropriate options.
Once the configure command finishes, it creates a Makefile which will be used by make program to create binaries of nmap program. Let us now see what configure added to our Makefile which was not there earlier.
[root@localhost nmap-4.20]# diff Makefile.in Makefile
4,11c4,11
< NMAP_PLATFORM=@host@
< prefix = @prefix@
---
> NMAP_PLATFORM=i686-pc-linux-gnu
> prefix = /usr/local
48,49c48,49
< TARGETNMAPFE=@TARGETNMAPFE@
< INSTALLNMAPFE=@INSTALLNMAPFE@
---
> TARGETNMAPFE=
> INSTALLNMAPFE=
The last change shows that it removed NMAPFE, since I use --without-nmapfe in my configure option.
Step 4: Use Make Command
Make utility requires a file named Makefile in the same directory in which you are the command. In our case, the MakeFile has been created by using configure script which we will now use to run make command.
Make command uses the directions present in the Makefile and proceed with the installation. The Makefile indicates the sequence, which it must follow to build various components of nmap. This sequence depends on the way the software is designed by its coder.
Now lets run the make command in nmap folder.
Make command generally takes a while, once complete it will compile nmap’s source code and creates the executables. At this point you can use the nmap program from this folder by just typing ./nmap.
This means that everything done, only the same to copied to the installation path, which will be created by the script in the make file, permission are also given by the same script. J
Step 5: Run Make Install
When make is run without any parameters, it starts reading instructions from MakeFile from the start and start compiling code. However, when you run `make install` the make program reads the install label from Makefile and executes only that section of the makefile.
install-nmap: $(TARGET)
$(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir)
$(INSTALL) -c -m 755 -s nmap $(DESTDIR)$(bindir)/nmap
$(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
$(INSTALL) -c -m 644 docs/nmap.xsl $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 docs/nmap.dtd $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-services $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-rpc $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-fingerprints $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-db $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-service-probes $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-protocols $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-mac-prefixes $(DESTDIR)$(nmapdatadir)/
Install section instructs make to copy files created in previous step to final directories. For example, executables are copied into /usr/local/bin. When we ran only make the executables were created in the same folder where we unzipped the tarball. So, now when we run make install, these executables are copied to their final destinations.
Tip: Keeping a log of what was installed by the program
Many good programs provide you with `make uninstall` section to easily uninstall the program and its executables from the system. If not provided, you can use this tip to find what was installed when you ran `make install`.
Before running `make install`, run the following command on your system. This will create a big list of all files that exist in your system except the following directories: /proc , /tmp and /dev. These directories are transient and not used when installing programs so we can ignore them.
After running the `make install` again run the same command and create a post-install list. Then you can run diff between these 2 files and it will show you list of all the files that were installed during nmap installation.
Preparing the System for Compiling
Before you can proceed with compiling programs on your system, you will need a compiler, libraries and some other basic utilities. Some of the common programs required for most of the programs are:
·GNU coreutils : The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. These are the core utilities which are expected to exist on every operating system. Previously these utilities were offered as three individual sets of GNU utilities, fileutils, shellutils, and textutils. Those three have been combined into a single set of utilities called the coreutils.
·GNU binutils - The GNU Binutils are a collection of binary tools. The main ones are ld ( GNU linker ) and as ( GNU assembler )
·GCC- GCC stands GNU Compiler Collection. GCC is an integrated distribution of compilers for several major programming languages. These languages currently include C, C++, Objective-C, Objective-C++, Java, Fortran, and Ada.
·Make - Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files. Make gets its knowledge of how to build your program from a file called the makefile, which lists each of the non-source files and how to compute it from other files. When you write a program, you should write a makefile for it, so that it is possible to use Make to build and install the program.
·GNU tar/gunzip/bunzip2
These are archiving utility generally used to unpack source tarballs. These are generally in format of .tar, .tar.gz or bz2.
Step1: Get Source
In this example, we are going to install the latest version of NMAP released a few weeks back. We get the source from ..dist/nmap-4.20.tar.bz2 which is the current version. The latest rpm version available at this time was nmap-4.11 version.
To do this, I created another directory “nmap†and used wget to get the latest tarball as shown in the screenshot below.
Step 2: Unzip the Source Tarball
Now we unpack (unzip) the tarball by using the tar command.
This will extract the source code for nmap-4.20 into a folder.
Step 3: Run Configure Script
On different systems, the compiler and other libraries might be in different place than a regular Linux system. For example, you may be different type of bash than other users. Configure program creates a MakeFile which will be later used by make program.
Configure is basically a shell script generally written by GNU Autoconf, which looks at your system settings and tries various things to figure out what works. It takes instructions from MakeFile.in and builds a MakeFile which it thinks would work on the current system.
You can view various program options by running "./configure --help"
On my system I don’t want to install NMAPFE (the front-end for nmap) so I am going to run the configure command again with appropriate options.
Once the configure command finishes, it creates a Makefile which will be used by make program to create binaries of nmap program. Let us now see what configure added to our Makefile which was not there earlier.
[root@localhost nmap-4.20]# diff Makefile.in Makefile
4,11c4,11
< NMAP_PLATFORM=@host@
< prefix = @prefix@
---
> NMAP_PLATFORM=i686-pc-linux-gnu
> prefix = /usr/local
48,49c48,49
< TARGETNMAPFE=@TARGETNMAPFE@
< INSTALLNMAPFE=@INSTALLNMAPFE@
---
> TARGETNMAPFE=
> INSTALLNMAPFE=
The last change shows that it removed NMAPFE, since I use --without-nmapfe in my configure option.
Step 4: Use Make Command
Make utility requires a file named Makefile in the same directory in which you are the command. In our case, the MakeFile has been created by using configure script which we will now use to run make command.
Make command uses the directions present in the Makefile and proceed with the installation. The Makefile indicates the sequence, which it must follow to build various components of nmap. This sequence depends on the way the software is designed by its coder.
Now lets run the make command in nmap folder.
Make command generally takes a while, once complete it will compile nmap’s source code and creates the executables. At this point you can use the nmap program from this folder by just typing ./nmap.
This means that everything done, only the same to copied to the installation path, which will be created by the script in the make file, permission are also given by the same script. J
Step 5: Run Make Install
When make is run without any parameters, it starts reading instructions from MakeFile from the start and start compiling code. However, when you run `make install` the make program reads the install label from Makefile and executes only that section of the makefile.
install-nmap: $(TARGET)
$(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir)
$(INSTALL) -c -m 755 -s nmap $(DESTDIR)$(bindir)/nmap
$(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
$(INSTALL) -c -m 644 docs/nmap.xsl $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 docs/nmap.dtd $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-services $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-rpc $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-fingerprints $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-os-db $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-service-probes $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-protocols $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 nmap-mac-prefixes $(DESTDIR)$(nmapdatadir)/
Install section instructs make to copy files created in previous step to final directories. For example, executables are copied into /usr/local/bin. When we ran only make the executables were created in the same folder where we unzipped the tarball. So, now when we run make install, these executables are copied to their final destinations.
Tip: Keeping a log of what was installed by the program
Many good programs provide you with `make uninstall` section to easily uninstall the program and its executables from the system. If not provided, you can use this tip to find what was installed when you ran `make install`.
Before running `make install`, run the following command on your system. This will create a big list of all files that exist in your system except the following directories: /proc , /tmp and /dev. These directories are transient and not used when installing programs so we can ignore them.
After running the `make install` again run the same command and create a post-install list. Then you can run diff between these 2 files and it will show you list of all the files that were installed during nmap installation.