[LINUX] - MANAGING PACKAGES AND SOFTWARE

Red Hat Installation vs. Debian Installation vs. Compiling

Two dominant package managers:

  • Red Hat Package Manager (RPM)
  • Debian Package (dpkg)


Managing Software with RPM and YUM

Scenario

One of the other Develetech administrators has asked you to demonstrate the software management lifecycle on a CentOS server. You will use the KornShell (ksh) as an example of how to use the rpm command, and then the Very Secure FTP daemon (vsftpd) to demonstrate the yum command.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 2.1 Given a scenario, conduct software installations, configurations, updates, and removals

Use the rpm command to manage the software lifecycle

  1. Log in as student01 with Pa22w0rd as the password.

  2. Open a terminal.

  3. Enter rpm -qi ksh to view information on the ksh package.

    ksh is another shell environment, similar to bash. It is common on Unix servers.

  4. Enter sudo rpm -Vv ksh to verify the ksh installation.

  5. Enter sudo rpm -ql ksh to list the files in the ksh package.

  6. Enter sudo rpm -e ksh to "erase" or uninstall the ksh package.

  7. Enter sudo rpm -ivh /Packages/ksh-20120801-139.el7.x86_64.rpm to install the ksh package in verbose mode and with a hash progress bar.

    Don't forget to use tab completion for long filenames!



Use the yum command to manage the software lifecycle

  1. Enter yum info vsftpd to discover information about the vsftpd package.

    vsftpd is the Very Secure FTP service.

  2. Enter sudo yum localinstall /Packages/vsftpd-3.0.2-25.el7.x86_64.rpm to install the vsftpd package.

    You may receive a repeating messages that says an "Existing lock /var/yum/yum.pid: another copy is running." Open a second tab in the terminal (or a second instance of a terminal), and then enter the following command:

    sudo systemctl kill packagekit

  3. Enter y when prompted to complete the installation.

    If you include a -y option with yum, it will automatically answer yes to this prompt regarding installing dependencies and not pause the installation.

  4. Enter yum info vsftpd to view information on the vsftpd package.

  5. Enter yum provides /etc/vsftpd/vsftpd.conf to discover what package the configuration file belongs to.

  6. Enter sudo yum -y remove vsftpd to uninstall the vsftpd package.




Managing Software with dpkg and APT

Scenario

Some Linux systems in Develetech run Ubuntu and other versions of Debian. Just like your Red Hat-based systems, these need to undergo network troubleshooting from time-to-time. So, you'll download and install the nmap package on these machines to ensure you have the right toolset for the job. You'll use dpkg and APT.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 2.1 Given a scenario, conduct software installations, configurations, updates, and removals

Load the Ubuntu VM

  1. From the desktop menu, select Applications→System Tools→Virtual Machine Manager.

  2. Enter the root password.

  3. Right-click ubuntu-vm and select Run.

  4. Right-click ubuntu-vm and select Open.

  5. Wait for the VM to load.

  6. Select the student account, then enter Pa22w0rd as the password.

    Recall that there are two primary branches to the Linux family: those distributions derived from Red Hat and those derived from Debian. One of the key differences between the two branches is software management. The Red Hat distributions use rpm and yum, while the Debian distributions use dpkg and apt.

Update the APT database with current package version information

  1. Right-click the desktop and select Open Terminal.

  2. Enter sudo apt update

  3. Enter the password when prompted.

    If the Ubuntu VM has no Internet connectivity, you may need to restart your CentOS host and then reload the VM.

  4. Verify that the database update operation completed.

    You're presented with the number of packages that can be upgraded. If you wanted to upgrade an existing package, you could use the apt upgrade {package name} command. For now, you'll install a new package.

Download and install the nmap package

  1. Enter sudo apt install nmap

    If you receive a "Could not get lock…" error, it means the APT package manager is automatically checking for updates. You could wait a few moments or enter the following commands to clear the lock:

    sudo ps aux | grep apt

    Observe the process ID number for the process related to /var/lib/apt/apt.systemd.daily

    sudo kill -9 PID where PID refers to the process ID number identified above

    sudo rm /var/lib/dpkg/lock

  2. If necessary, repeat the sudo apt install nmap command.

  3. Enter y to confirm the operation.

    You might need to maximize the VM window or scroll to see the prompt asking you to confirm the operation.

  4. Wait for the installation to complete.

  5. Enter apt show nmap to discover information about the nmap package.

  6. Enter nmap localhost to test the utility, confirming that it executes and checks the VM's basic network functionality.

Configuring Repositories

Scenario

While the Linux vendors tend to provide online repositories, one of the concerns with using these is version control of applications. Develetech has decided to manage an internal repository of software packages, making version control much easier. You will configure a local YUM repository on the CentOS server. You will then make a YUM repository available using Apache HTTP Server.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 2.1 Given a scenario, conduct software installations, configurations, updates, and removals

Configure a local YUM repository

  1. If necessary, open a terminal.

  2. Browse to /Packages and view the available .rpm files.

  3. Enter sudo createrepo /Packages to designate that directory as a YUM repository.

    This may take a few minutes.

  4. Using sudo, create a file named /etc/yum.repos.d/local-repo.repo with the text editor of your choice.

  5. Edit this file by providing the following values:

    [local-repo]

    name=Local Repository

    baseurl=file:///Packages

    enabled=1

    gpgcheck=0

    Note that there are three forward slash characters in the baseurl path.

  6. Save and close the file.


Verify the location is recognized as a YUM repository

  1. Enter yum clean all

  2. Enter yum repolist and verify the local-repo is displayed.

  3. Enter sudo yum -y --enablerepo=local-repo install ksh to install the ksh (KornShell) package from the repository.

Install Apache HTTP Server to use as a repository

You can configure an Apache web server as a repository that provides packages to servers on your internal network.

  1. Enter sudo yum -y install httpd

  2. Enter sudo systemctl start httpd to start the Apache service.

  3. Enter systemctl status httpd and verify that Apache is active (running).


Designate Apache as a repository

  1. Enter sudo ln -s /Packages /var/www/html/packages to link the /Packages directory to Apache.

  2. Enter sudo createrepo /var/www/html/packages to designate the location as a YUM repository.

Create the repository reference file

  1. Using sudo, create a file named /etc/yum.repos.d/internal-repo.repo with the text editor of your choice.

  2. Edit this file by providing the following values:

    [internal-repo]

    name=Internal Repository

    baseurl=http://localhost/packages

    enabled=1

    gpgcheck=0

    Note that there are three forward slash characters in the baseurl path.

  3. Save and close the file.

Verify the location is recognized as a YUM repository

  1. Enter yum clean all

  2. Enter yum repolist and verify the internal-repo is displayed.

  3. Enter sudo setenforce 0

    This disables SELinux, an access control mechanism that would otherwise prevent access to the web-hosted packages.

  4. Enter firefox http://localhost/packages to see a list of packages from the Apache web server.

  5. Close Firefox when you're done.

  6. Enter sudo setenforce 1 to re-enable SELinux.

  7. Enter cd ~ to return to your home directory.

Acquiring Software

Scenario

You are investigating ways of downloading software from the web. Specifically, you are considering writing a script to automate the download process. You will use wget and curl to try the downloads manually.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 2.1 Given a scenario, conduct software installations, configurations, updates, and removals

Use the wget utility to download a file from the web

  1. At a terminal, ensure you're in your home directory.

  2. Enter wget https://download.samba.org/pub/samba/samba-latest.tar.gz to download the most recent source code file for the Samba service.

  3. Check your home directory for a file named samba-latest.tar.gz

Use curl to download a file from the web

  1. Enter curl -o nmap-7.70.tar.bz2 https://nmap.org/dist/nmap-7.70.tar.bz2 to download version 7.70 of the Nmap utility.

  2. Check your home directory for a file named nmap-7.70.tar.bz2

Expand a source code tarball so that it is ready to be compiled in a later activity

  1. Enter tar -xvjf nmap-7.70.tar.bz2 to extract the files.

  2. Verify that the source code files were extracted in the ~/nmap-7.70/ directory.

    You will compile the Nmap utility source files in a later activity. Your current objective is just to acquire and unpackage it.




Compiling and Installing an Application

Scenario

Develetech will be relying on Nmap to troubleshoot its networked systems and perform vulnerability assessments. You know that compiling Nmap from source code enables greater flexibility and control. You will do a basic software compile of Nmap.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 2.1 Given a scenario, conduct software installations, configurations, updates, and removals

Install the GCC compiler

  1. Enter rpm -qi nmap to confirm nmap is not already installed.

  2. Enter sudo yum -y install gcc-c++ --disablerepo=internal-repo to install the necessary GCC compiler for Nmap.

  3. Wait for the package to finish installing.

Compile the Nmap source code

  1. Change to the ~/nmap-7.70 directory.

  2. Enter ./configure to generate a makefile based on your system's configuration. This may take a few minutes.

    Note the ./ characters in the above command. These characters tell bash to "look here" for the executable. By default, bash only checks certain directories for executable commands. Home directories are not usually checked.

  3. Enter make to compile the software based on the makefile instructions.

  4. Enter sudo make install to install the binaries on the system.

  5. Enter /usr/local/bin/nmap and verify that it is installed.

    The help file for nmap will print to the screen, indicating that the program is installed.

  6. Enter /usr/local/bin/nmap localhost to scan the local computer.





Comments

Post a Comment

Popular posts from this blog

Install Gophish and Start Your Phishing Campaign

Image
Install Gophish on Kali Linux and Start Your Phishing Campaign  Installing go programming language # source ~/.bashrc # sudo apt install -y golang # sudo vim helloworld.go  # go run helloworld.go # sudo vim ~/.bashrc Add the following paths to the end of the file export GOPATH=/root/go-workspace export GOROOT=/usr/local/go PATH=$PATH:$GOROOT/bin/:$GOPATH/bin Installing gophish using pre-built binaries Download the  gophish installer  and extract the contents of the zip file # unzip gophish-v0.11.0-linux-64bit.zip -d /home/kali/Downloads/gophish Give Gophish necessary permissions Give the gophish the necessary permissions to run without permission restrictions: # sudo chmod +x gophish Running gophish # ./gophish Logging into gophish  Go to the admin server at https://127.0.0.0:3333. Setting up gophish sending profile New Sending Profile Note : Create an application-specific password on Gmail. First, enable 2-step verification: Send Test Email Received the test em...
Read more

Hướng dẫn cách đọc và hiểu thông số firewall - tường lửa

Image
  Hướng dẫn cách hiểu thông số firewall - tường lửa 17/01/2021 09:00 Chắc hẳn trong chúng ta khi tìm hiểu các mẫu mã và thông số firewalls (tường lửa) để mua cho công ty, ai cũng thấy bối rối khi đọc các thông số kỹ thuật. Vậy làm cách nào để có thể hiểu được các thông số cơ bản của firewalls? Firewall Throughput Thông thường, chỉ số này được ghi là Mbps (megabits per second) hoặc Gbps (gigabits per second). Đây chính là lượng traffic có thể đi qua tường lửa tài một thời điểm. Thông số này có vẻ quan trọng, nhưng thực ra nó...không có ý nghĩa gì lắm. Thực ra con số này chỉ là con số thô, chỉ đo lượng traffic đi qua firewall mà không tính đến việc quét virus, lọc nội dung (content filtering), ngăn chặn xâm nhập (intrusion prevention), kiểm tra thất thoát dữ liệu và các bước tương tự. Con số còn có thể thay đổi theo giao thức (protocol) và kích cỡ gói tin (packet). Thông số Throughput thậm chí quan trọng hơn cho việc chia lớp mạng nội bộ (network segmentation). Khi tường lửa được sử ...
Read more

How to install GVM/OpenVAS to scan vulnerabilities on Kali Linux?

Image
How to install GVM/OpenVAS to scan vulnerabilities on Kali Linux? First, you need to upgrade your Kali Linux environment. Before conducting an upgrade, it is recommended that you enter the following command so that the list of available packages and their versions is updated beforehand (without installing or upgrading any packages): # sudo apt-get update After that, installing newer versions of the packages you have (As mentioned previously, because the lists have bee updated, the package manager is aware of available updates for the software you have installed): # sudo apt full-upgrade -y Note: you can use the combo command " apt-get update && apt-get upgrade"  to do both steps after each other. After that, install gvm or openvas (opevas used to be the name for this scanning tool, and it was then changed to gvm. Currently, openvas refers to scan engine. However, if you choose to install opevas, it will refer to gvm): # sudo apt install gvm Then, check the prerequisit...
Read more