ONLamp.com    
 Published on ONLamp.com (http://www.onlamp.com/)
 See this if you're having trouble printing code examples


FreeBSD Basics

Browsing through the Ports Collection

01/24/2002

If you're a regular reader of this series, you already know that I'm a big fan of the FreeBSD ports collection. It never ceases to amaze me how over 6000 applications are a mere "make install" away. In today's article, I'll share some of the ports I've discovered in the last six months.

As a reminder, if you'd like to try building any of these ports yourself, make sure you have a /usr/ports directory on your FreeBSD system. If you don't, go to www.freebsd.org/ports and click on the link that says "Download a gzip'd tar file of all ports." After your download, become the superuser and untar the file like so:

su
Password:
mv ports.tar.gz /usr
cd /usr
tar xzvf ports.tar.gz

This process will create the ports directory and all of its subdirectories for you. To actually build a port, cd into its directory as the superuser, and type make install clean while you are connected to the Internet. Once you're finished, leave the superuser account to try out your new application. If you are using the C shell, you may have to type rehash so the newly-installed application will be in your path.

Whenever I have a bit of spare time to build some ports, I always seem to end up in the /usr/ports/net directory first. I have a small LAN at home running various operating systems, and I am always looking for new things to try with my computers. I also like to practice hardening each operating system to make them more secure, so the description of nat caught my eye:

"SMB/CIFS server and file share auditing tool used to gather information and identify misconfigurations in security critical environments."

If you decide to build this port, remember that you NEVER try to audit a computer that is not yours unless you have the explicit, written permission of the owner of that computer.

Since I had recently installed an MS operating system on my LAN, I was curious to see what information it would give before I started applying the required patches to the operating system. So after building the nat port, I became a regular user and ran it like this, where 10.0.0.2 is the IP address of that MS computer on my LAN:

cd /usr/local/share/nat
nat -u userlist.txt -p passlist.txt 10.0.0.2

[*] NAT - NetBIOS Auditing Tool v2.0
    Copyright 1996, 1997, 1998, Secure Networks Inc.
[*] Host 10.0.0.2 (unknown) checked on Sat Jan 19 10:28:31 2002
[*] Trying to connect with '*SMBSERVER'
[*] Connected with NetBIOS name *SMBSERVER
[*] Dialect selected: NT LM 0.12
[*] Server has share level security enabled
[*] Server supports password encryption
[*] Remote server's workgroup: WORKGROUP
[*] Logging in as '' with password ''
[*] Able to login as user '' with password ''
[*] Server Operating System: Windows 5.0
[*] Lan Manager Software   : Windows 2000 LAN Manager
[*] Machine has a browse list
  NOVATECH
      - NetBIOS OS Version 5.0
      - Master browser
      - System is Windows NT
[*] Unable to list shares as '' user
[*] Guessing passwords
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMINISTRATOR'
[*] Trying to login as user 'ADMINISTRATOR' with password 'ADMIN'
[*] Trying to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Trying to login as user 'ADMINISTRATOR' with password 'LOGON'
[*] Guessed: ADMINISTRATOR Password: PASSWORD
[*] Logging in as 'ADMINISTRATOR' with password 'PASSWORD'
[*] Able to login as user 'ADMINISTRATOR' with password 'PASSWORD'
[*] Workstation information
  Computer Name  : NOVATECH
  User Name      :
  Work Group     : WORKGROUP
  Version        : 5.0
  Logon Domain   :
  Other Domains  :
[*] Able to list shares as 'ADMINISTRATOR' user
  C$            DISK       Default share
  ADMIN$        DISK       Remote Admin
  IPC$          IPC        Remote IPC
[*] Verbose share information for C$
  Share Name   : C$
  Comment      : Default share
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 0
  Shared Path  : C:\
[*] WARNING: Able to connect to \\*SMBSERVER\C$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\C$
[*] Verbose share information for ADMIN$
  Share Name   : ADMIN$
  Comment      : Remote Admin
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 0
  Shared Path  : C:\WINNT
[*] WARNING: Able to connect to \\*SMBSERVER\ADMIN$ as 'ADMINISTRATOR' user
[*] WARNING: Able to WRITE to \\*SMBSERVER\ADMIN$
[*] Verbose share information for IPC$
  Share Name   : IPC$
  Comment      : Remote IPC
  Permissions  : 0
  Max Uses     : 65535
  Current Uses : 1
  Shared Path  :
[*] WARNING: Able to connect to \\*SMBSERVER\IPC$ as 'ADMINISTRATOR' user
[*] Trying to get user information for *SMBSERVER
[*] Trying to get user information for NOVATECH$
[*] Trying to get user information for ADMINISTRATOR
[*] User Information for ADMINISTRATOR
  User          : Administrator
  Comment       : Built-in account for administering the computer/domain
  Comment       :
  Full Name     :
  Privilege     : 2 - User has ADMINISTRATOR privilege
  Auth Flags    : 0
  Password Age  : 4 minutes
  Home Directory:
  Parameters    :
  Last Logon    : Sat Jan 19 05:20:27 2002
  Last Logoff   : Never
  Bad Logons    : 0
  Total Logons  : 4
  Logon Server  : \\*
  Country code  : 0
  Workstations  :
  Max storage   : Unlimited
  Code page     : 0
[*] Trying to get user information for GUEST
[*] User Information for GUEST
  User          : Guest
  Comment       : Built-in account for guest access to the computer/domain
  Comment       :
  Full Name     :
  Privilege     : 0 - User has GUEST privilege
  Auth Flags    : 0
  Password Age  : 0 minutes
  Home Directory:
  Parameters    :
  Last Logon    : Never
  Last Logoff   : Never
  Bad Logons    : 54
  Total Logons  : 0
  Logon Server  : \\*
  Country code  : 0
  Workstations  :
  Max storage   : Unlimited
  Code page     : 0
[*] Trying to get user information for IUSR_*SMBSERVER
[*] Trying to get user information for *SMBSERVER$

Whoa. All of this information was garnered in about a second. And I remind myself why you never connect any operating system to the Internet until it is properly hardened, and better yet, is behind a properly-configured firewall.

Related Reading

Learning the Unix Operating System, 5th EditionLearning the Unix Operating System, 5th Edition
By Jerry Peek, Grace Todino & John Strang
Table of Contents
Index
Sample Chapter
Full Description

You'll note that I referred to the built-in password and user lists when I ran the nat utility. And that I was also negligent in choosing the obvious password of "password," even though I was just playing around with an install on my home LAN.

This utility could prove useful in checking the security of computers under your control. Simply add the usernames you've created in your network to the userlist.txt file and add obvious passwords that you hope your users aren't using to the passlist.txt file. Then run the utility against the IPs running in your own network, and redirect the output to a file for analysis. I certainly plan on rerunning this utility once I've hardened that NT computer to check how successful my hardening efforts were.

My second stop in the ports collection is usually the /usr/ports/sysutils directory, as it contains many small but useful utilities. One such useful utility is symlinks, which will find and identify all symlinks on your system. This utility comes with a short little manpage showing all of its switches. I decided to see all the symlinks on my system, so I became the superuser (so I would have permission to scan all directories) and ran the utility like so:

su
Password:
symlinks -vr /

relative: /dev/vga -> ttyv0
relative: /dev/mixer -> mixer0
relative: /dev/sequencer -> sequencer0
relative: /dev/dsp -> dsp0
relative: /dev/audio -> audio0
relative: /dev/dspW -> dspW0
relative: /dev/music -> music0
relative: /dev/pss -> pss0
relative: /dev/dsp0 -> dsp0.0
relative: /dev/audio0 -> audio0.0
relative: /dev/dspW0 -> dspW0.0
absolute: /dev/mouse -> /dev/sysmouse
other_fs: /dev/log -> /var/run/log
absolute: /dev/modem -> /dev/cuaa1
other_fs: /etc/termcap -> /usr/share/misc/termcap
other_fs: /etc/rmt -> /usr/sbin/rmt
relative: /etc/aliases -> mail/aliases
other_fs: /etc/apsfilter/basedir -> /usr/local/share/apsfilter
other_fs: /sys -> usr/src/sys
other_fs: /compat -> /usr/compat
other_fs: /home -> /usr/home

In less than a second, every symlink on my system had been listed. Very handy utility for this purpose.

Another handy utility in the "sysutils" section is pkg_tree, which will list all of the ports and packages installed on your system in a tree-like structure, so you can see their dependencies.

If you've built more than a couple of packages or have built a mega-port such as Gnome or KDE, you'll definitely want to page the output like so:

pkg_tree | more
or
pkg_tree | less

Just to give you an example of its output, I'll show the first ten lines of mine:

pkg_tree | head

Mesa-3.4.2_1
ORBit-0.5.8_1
|\__ pkgconfig-0.8.0
|\__ glib-1.2.10_4
|      \__ pkgconfig-0.8.0
 \__ gettext-0.10.35
OpenSSH-askpass-1.2.2.2001.02.24
aalib-1.2_2
acroread4-4.05
 \__ linux_base-6.1

The last utility I'll mention today in the "sysutils" section is fortunelock. This is a short and sweet program with a short little manpage. If you need to leave a terminal and don't want to log out first, type:

fortunelock

It will prompt you for a password and ask you to repeat it. Once you've done so, it will repeat random fortunes until you return and re-enter the password. Passersby will at least be entertained by your terminal, even if they don't know the password to access it.

One of my favorite ports is in the /usr/ports/textproc directory and is called glimpse. I have a lot of articles and whitepapers stashed away in my home directory, and this utility is indispensible for finding a certain line of text. It is similar to the locate utility in that it builds a database; because of this database, searches are blazingly fast, almost instantaneous.

The first time you want to use glimpse, go to your home directory (I'm assuming the information you want to find is somewhere in your home directory and its subdirectories) and build the database like so:

cd
glimpseindex -o 

This is glimpseindex version 4.12, 1999.
Indexing "/home/genisis" ...
Size of files being indexed = 6437564 B, Total #of files = 850
Index-directory: "/usr/home/genisis"
Glimpse-files created here:
-rw-------  1 genisis  wheel   35658 Jan 13 19:52 .glimpse_filenames
-rw-------  1 genisis  wheel    3400 Jan 13 19:52 .glimpse_filenames_index
-rw-------  1 genisis  wheel       0 Jan 13 19:51 .glimpse_filetimes
-rw-------  1 genisis  wheel  510659 Jan 13 19:52 .glimpse_index
-rw-------  1 genisis  wheel     863 Jan 13 19:52 .glimpse_messages
-rw-------  1 genisis  wheel  342572 Jan 13 19:52 .glimpse_partitions
-rw-------  1 genisis  wheel     130 Jan 13 19:52 .glimpse_statistics
-rw-------  1 genisis  wheel  262144 Jan 13 19:52 .glimpse_turbo

The indexing will churn along for a few minutes, depending on how large your home directory is. You'll note that it will make several hidden files in your home directory that all begin with ".glimpse". Once you've made the database, try to find something. As an example, I know that somewhere I have a file that tells me the modem code for "auto answer," but I can't remember which file, so I'll try:

glimpse "auto answer"

/home/genisis/unix:     no result codes (Q1), and auto answer (&S0=1).     Then write the
/home/genisis/unix:     at&s0=1     turn on auto answer

Not only is the modem code located in /home/genisis/unix, I don't even have to read the file as, it also returned the modem code I was looking for. See why this is one of my favorite utilities?

The manpage for glimpse has several examples on how to fine-tune your search. If you use this utility often and are constantly creating and removing files from your home directory, you may want to consider running glimpseindex as a cron job. I'm pretty lazy, so I usually just rerun glimpseindex whenever I can't find what I'm looking for.

While I was in the "textproc" section, I also came across an interesting utility known as dadadodo. Even if you decide not to build this port, I highly recommend checking out the homepage of this utility's creator; it's well worth a visit.

To run the utility, simply type:

dadadodo name_of_a_file

I've found that saved emails, especially boring, overly technical ones, make great input files. With a utility like this, one could quit their day job to become either a poet or a fortuneteller.

The last port I built from the "textproc" section really impressed me. It was the gutenbook port. If you haven't heard about the Gutenberg Project, you can check it out here.

A separate project, known as the Gutenbook project, is a very user-friendly utility for accessing and reading the etexts available at Project Gutenberg. You may also want to check out the URL for Gutenbook and see the screenshots for yourself.

Once you've built this port, start it from an X Windows session. If you click on the "Browse Gutenberg (L)ibrary" button and wait a few seconds, you'll get a list of all of the available etexts. The titles are in alphabetical order and there are tabs so you can go to the section you are interested in. Or, use the "Search in Title/Author" section to search for a specific etext. Once you find one you're interested in, highlight it, click "Read Selected Etext," and wait a few seconds as it downloads it for you. You know it's finished when a zip file appears under the "Local Copy" column. Close that window and your selected etext will be loaded and ready for you to read. Not only can you read it, but you can jump to a certain page or search for a specific bit of text. You may never want to read a book the old-fashioned way again. One last note: you'll notice that a new directory named "Gutenberg_Library" will be created in your home directory to store your downloaded etexts.

The last port I'll mention today is a Keyboard Practicer found in /usr/ports/misc/kp.

This is a very user-friendly GUI interface to practice your typing skills. Run it from an X Windows session and it will look like this:

Screen shot.

The default mode is to show a Dvorak layout; if you're using a regular keyboard, go to "Options-->Keyboard" and choose "Qwerty".

Then, just start typing what you see in the top section without looking at your fingers. If you're not sure where the key is located, don't look at your fingers; instead, notice which key is highlighted on your monitor. This program will keep track of your mistakes and your speed in wpm. If you want to practice typing another file, go to "File-->Load file" which will show you all of the files in your home directory. Highlight one to practice typing and to see if you can improve your speed.

I hope you enjoyed this latest tour through the ports collection and will check out some ports yourself to make your own discoveries.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.


Read more FreeBSD Basics columns.

Return to the BSD DevCenter.

Copyright © 2009 O'Reilly Media, Inc.