Packabit project: building Nmap deb packages for Ubuntu. During the long New Year holidays (30 dec – 8 jan) I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Something like a very simplified build server.
Why might someone want to build Linux packages on their own?
Official repositories of Linux distros usually contain pretty old versions of packages. Let’s take, for example, Nmap. The only version of Nmap available in the repository for Ubuntu 18.04.1 LTS is 7.60 , and the latest stable version of Nmap available on official website is 7.70.
Release dates according Nmap changelog:
- Nmap 7.70 [2018-03-20]
- Nmap 7.60 [2017-07-31]
The latency is more than a year.
Is it really necessary to use the latest version? Actually, yes. Every new version of Nmap contain more banner detects and service detects and produce more adequate results. Nmap project offers official packages only for RPM-based distributions: CentOS, RHEL, Fedora, etc. And if you need packages for DEB-based distributions, Debian, Ubuntu, Kali, etc. you should build them yourself.
What is the Packabit?
Currently it’s just 2 bash scripts for building stable Nmap package for Ubuntu 18.04: one is for creation and launching Vagrant virtual machine, the other runs on guest virtual machine and build Nmap package from the sources.
How to try it
I want this project to be as opensource as possible. If anyone wants to give it a try, get it from Github. For the end-user it looks like this: run the script build_nmap.sh, wait for 10 minutes and get new package from the packages directory. There won’t be any litter in a process. Each time a new virtual machine for building will be automatically created and then destroyed.
If you use Ubuntu 18.04 LTS (bionic) run:
sudo apt-get install virtualbox vagrant
git clone https://github.com/leonov-av/packabit.git
cd packabit/
./build_nmap.sh
How it works
I already described how to create and manage virtual machine using Vagrant in a post here. There are a lot of ways to manage Vagrant virtual machines, but I used simple command: `vagrant ssh -c 'command'
`
How to build a package in the Guest system
We can get a link to the archive with the latest stable version of Nmap sources from the official site:
$ curl https://nmap.org/download.html | egrep "stable.*release tarball" | egrep -o "https://nmap[^\"]*bz2"
https://nmap.org/dist/nmap-7.70.tar.bz2
Let’s build it in interactive mode:
url=`curl https://nmap.org/download.html | egrep "stable.*release tarball" | egrep -o "https://nmap[^\"]*bz2"`
wget "$url"
dir_name=`ls | sed 's/\.tar\.bz2//'`
bzip2 -cd $dir_name.tar.bz2 | tar xvf -
cd $dir_name
./configure
By default the project will be configured this way:
Configured with: ndiff zenmap nping zlib lua ncat
Configured without: localdirs openssl libssh2 nmap-update
Well, nmap-update and libssh2 functions looks to quite useful. That’s why is it better to figure out a what additional packages should be installed and install them:
sudo apt-get update
sudo apt-get install libssh2-1-dev libssl-dev libsvn-dev -y
After installation we can build nmap with the options except localdirs. Of course we will also need a compiler and the checkinstall tool for a actual packaging.
sudo apt-get install g++ checkinstall -y
And now we can compile the code and build the package.
./configure
make
version=`echo $dir_name | sed 's/.*-//'`
sudo checkinstall --pkgname "nmap" --pkgversion "$version" --maintainer "avleonov" -y
Some minutes later we will get a new package at /home/vagrant/nmap-7.70/nmap_7.70-1_amd64.deb
$ dpkg -I /home/vagrant/nmap-7.70/nmap_7.70-1_amd64.deb
new debian package, version 2.0.
size 7196340 bytes: control archive=295 bytes.
0 bytes, 0 lines conffiles
199 bytes, 9 lines control
Package: nmap
Priority: extra
Section: checkinstall
Installed-Size: 36348
Maintainer: avleonov
Architecture: amd64
Version: 7.70-1
Provides: nmap
Description: Package created with checkinstall 1.6.2
But, as you can see, there are no dependencies set in it. Where can we find them? I am getting the dependencies from the existing package in official Ubuntu repository:
curl -s https://packages.ubuntu.com/bionic/amd64/nmap/download | grep "<li>" | head -n 1 | egrep -o "http://[^\"]*" | xargs -i wget -q '{}' -O nmap.deb;
depends=`dpkg -I nmap.deb | grep "Depends" | sed 's/^ *//'`;
rm nmap.deb;
echo "$depends";
Output:
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcap0.8 (>= 0.9.8), libpcre3, libssl1.1 (>= 1.1.0), libstdc++6 (>= 5.2), zlib1g (>= 1:1.1.4)
I also added some additional dependencies:
depends=$depends", libssh2-1-dev, libssl-dev, libsvn-dev";
Now it’s necessary to add them to existing Debian package:
filename=`ls nmap_*.deb`
cp $filename "no_deps_"$filename
sudo rm -rf nmap_dpkg
mkdir nmap_dpkg
dpkg-deb -x $filename nmap_dpkg
dpkg-deb --control $filename nmap_dpkg/DEBIAN
echo "$depends" >> nmap_dpkg/DEBIAN/control
sudo dpkg -b nmap_dpkg $filename
dpkg -I $filename
Output:
new Debian package, version 2.0.
size 6638876 bytes: control archive=480 bytes.
0 bytes, 0 lines conffiles
420 bytes, 10 lines control
Package: nmap
Priority: extra
Section: checkinstall
Installed-Size: 31504
Maintainer: avleonov
Architecture: amd64
Version: 7.70-1
Provides: nmap
Description: Package created with checkinstall 1.6.2
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcap0.8 (>= 0.9.8), libpcre3, libssl1.1 (>= 1.1.0), libstdc++6 (>= 5.2), zlib1g (>= 1:1.1.4), libssh2-1-dev, libssl-dev, libsvn-dev
Now let’s try to install it with the dependencies:
sudo dpkg -i $filename
sudo apt-get install -f -y
It works:
$ nmap -V
Nmap version 7.70 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.3.3 openssl-1.0.1f libssh2-1.4.3 libz-1.2.8 libpcre-8.31 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
$ sudo nmap -sS localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-03 13:10 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds
How to move a package from the guest machine?
By default Vagrant mounts directory with Vagrantfile to /vagrant directory in the Guest machine. So we can do:
cp $filename /vagrant/
What’s next?
Having bash scripts and powerful tool for managing virtual machines we can build and test everything. And the this what I am going to do with OpenVAS, w3af and other security tools.
And the answer to a popular question: why to use Vagrant and not Docker here? There is no a particular reason actually. Currently I feel more comfortable with fully functional virtual machines. I don’t really depend on specific vagrant features and I think it will be quite easy to support Docker as well, if it will be necessary. =)
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes | Alexander V. Leonov