blog.dideriksen.org: MacPorts

I thought this post should be about Kali-Linux. Because I wanted to install kali in a virtualbox on my MacBook. But it turns out that the rTorrent port cannot build out of the box using the macport-gcc-4.8 compiler. There is a port ticket discussing this issue.

So, instead of installing and configuring Kali, I ended up fixing the compiler issues on the Portfiles for libtorrent and rTorrent locally on my box.

Yes I know I could download Kali using http. But that download takes forever (+ 5hours)! So, fixing and downloading using rTorrent seems to be way faster.

First the Portfiles for libtorrent and rTorrent needs to be updated with the macports-gcc-4.9 compiler, this is done by:

$ echo "config.compiler macports-gcc-4.9" >> /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/libtorrent/Portfile
$echo "config.compiler macports-gcc-4.9" >> /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/rtorrent/Portfile

The command appends the compiler configuration to thePportfiles. Once, the files are 'patched' the ports can be installed using:

$ sudo port install rtorrent

Rtorrent must be configured, there's tons of information on configuration else where. I simply created a rtorrent session directory, and added my download and session directories to the ~/.rtorrent.rc file.

$ mkdir ~/Downloads/rtorrent_session

Edit (create) the rtorrent.rc file using you favorite editor.

$ emacs ~/.rtorrent.rc

Just add the following content, changing the session and directory entries to the folders you decided to use.

port_range = 26000-26999
directory = ~/Downloads/
session = ~/Downloads/rtorrent_session/
encryption = allow_incoming,try_outgoing,enable_retry

In rTorrent you can add torrents from within the running client. But it is way easier to just throw the torrent file as an argument on the command line, (besides I only needed the one torrent).

$ rtorrent ~/Downloads/kali-linux-2016.1-amd64.torrent

The downloads starts, and once it finishes simly press ^q (ctrl + q) in the rTorrent window and the program quit. The files you downloaded should be present in the specified download folder. Don't forget to check the sha1sum, to verify you got the corrent file. Jump (cd) into the download directory and execute:

$ shasum -a 1 -c kali-linux-2016.1-amd64.txt.sha1sum kali-linux-2016.1-amd64.iso: OK

ClamAv is a command line virus scanner. It runs on all the major platforms, Windown,Linux, and OSX. You can download the source and install it from there, or you can follow these simple steps to install it using MacPorts.

To install ClamAv check the ports including clam by listing these:

port search clam

Then to install the files issue:

sudo port install clamav clam-server clamsmtp p5-mail-clamav

Once the ports are installed you'll need to configure ClamAv. The following is an extract from the port installation echo:

To configure clamd and freshclam look for the following files:
    /opt/local/etc/clamd.conf
    /opt/local/etc/freshclam.conf

If these files do not exist you can copy the sample conf files into place:
    sudo cp /opt/local/etc/clamd.conf.sample /opt/local/etc/clamd.conf
    sudo cp /opt/local/etc/freshclam.conf.sample /opt/local/etc/freshclam.conf

Edit /opt/local/etc/clamd.conf to your liking, example:
# Comment out 'Example' near the top if it exists
    #Example
    LogFile /opt/local/var/log/clamav/clamd.log
    PidFile /opt/local/var/run/clamav/clamd.pid
    LocalSocket /opt/local/var/run/clamav/clamd.socket
TCPSocket 3310
TCPAddr 127.0.0.1
    Foreground yes

Edit /opt/local/etc/freshclam.conf to your liking, example:
# Comment out 'Example' near the top if it exists
    #Example
    UpdateLogFile /opt/local/var/log/clamav/freshclam.log
    PidFile /opt/local/var/run/clamav/freshclam.pid
    NotifyClamd /opt/local/etc/clamd.conf

The important thing when editing these configuration files, is that the directories for clams and freshclam points to the same directories. I let mine point to:

/opt/local/var/log/clamav/
/opt/local/var/run/clamav/

And, make sure that the TCPSocket and TCPAddr are set, enabling you to use ClamAv from within other programs. After installation you'll need to create an entry in the ports share directory. The reason for this is that ClamAv runs in this directory and the directory is not created on installation. Create it like this:

sudo mkdir -p /opt/local/share/clamav
sudo chown clamav:clamav /opt/local/share/clamav

Now you're ready to create a fresh clam, issue:

sudo freshclam -v

Current working dir is /opt/local/share/clamav
Max retries == 3
ClamAV update process started at Thu Mar 24 00:01:09 2016
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 632
Software version from DNS: 0.99.1
main.cvd version from DNS: 57
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
daily.cvd version from DNS: 21470
daily.cld is up to date (version: 21470, sigs: 83891, f-level: 63, builder: neo)
bytecode.cvd version from DNS: 275
bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)

ClamAv will generate a new virus signature file. When it is done, you're ready to scan your box. This is done by:

clamscan -ro ~/

----------- SCAN SUMMARY -----------
Known viruses: 4297361
Engine version: 0.99.1
Scanned directories: 132235
Scanned files: 595659
Infected files: 0
Total errors: 4
Data scanned: 72096.62 MB
Data read: 136687.80 MB (ratio 0.53:1)
Time: 22133.709 sec (368 m 53 s)

It'll take loads of time to finish. As, almost, all other codlin tools --help or man clamscan displays all the options you can pass to the program. Next, you'll need to get ClamAv running automatically. Following the installation instructions, another extract:

Two launchd startup items have been installed.
To load clamd and freshclam do the following:
sudo launchctl load -w /Library/LaunchDaemons/org.macports.clamd.plist
sudo launchctl load -w /Library/LaunchDaemons/org.macports.freshclam.plist

To unload clamd and freshclam do the following:
sudo launchctl unload -w /Library/LaunchDaemons/org.macports.clamd.plist
sudo launchctl unload -w /Library/LaunchDaemons/org.macports.freshclam.plist

Issue both of the commands that loads the deamons, then check that the clamd is running.

ps -aef | grep clamd

The result should look somewhat like this:

0 25965 1 0 4:52PM ?? 0:07.78 /opt/local/sbin/clamd

If your are using Thunderbird and Firefox you can use ClamAv to scan your downloads and your mails. Install the firefox add-on Fireclam, and the Thunderbird add-on clamdrip LIN.

The clam drip LIN extension if meant for Linux only, but it's all runnable using the port version of ClamAv. simply press the: Download for Linux anyway link anyhu!

And import the add on in Thunderbird. Ignore the *beware* message, if you do not trust me, check the contents of the plugin file, using unzip to extract it and inspect the code. It, doesn't look malicious to me.

Next, go to the Thunderbird add on, and select the clam drib preferences. Configure it to listen to the clamd available on localhost:3310.