From 3b8788bb4d1f1c71eeea3b3cdb269bd0d4e99997 Mon Sep 17 00:00:00 2001 From: fyodor Date: Sun, 13 Jul 2008 09:07:42 +0000 Subject: [PATCH] did a careful editing of Ch2; these are my changes for the first 11 pages --- docs/nmap-install.xml | 234 ++++++++++++++++++++++++------------------ 1 file changed, 134 insertions(+), 100 deletions(-) diff --git a/docs/nmap-install.xml b/docs/nmap-install.xml index b7aadb83e..71eae11d2 100644 --- a/docs/nmap-install.xml +++ b/docs/nmap-install.xml @@ -5,9 +5,9 @@ Introduction Nmap can often be installed or upgraded with a single command, -so don't let the length of this guide scare you. Most readers will +so don't let the length of this chapter scare you. Most readers will use the table of contents to skip -directly sections that concern them. This guide describes how to install +directly sections that concern them. This chapter describes how to install Nmap on many platforms, including both source code compilation and binary installation methods. Graphical and command-line versions of Nmap are described and contrasted. @@ -18,7 +18,7 @@ mind. Nmapchecking if installed The first step toward obtaining Nmap is to check whether you already have it. Many free operating system distributions (including most -Linux and BSD systems) come with Nmap, although it may not be +Linux and BSD systems) come with Nmap packages, although they may not be installed by default. On Unix systems, open a terminal window and try executing the command nmap . If Nmap exists and is in your @@ -34,7 +34,7 @@ you should see output similar to . felix~>nmap --version -Nmap version 4.65 ( http://nmap.org ) +Nmap version 4.68 ( http://nmap.org ) felix~> @@ -43,7 +43,7 @@ exist on the system (or if your PATH is incorrectly set), an error message such as nmap: Command not found is reported. As the example above shows, Nmap responds to the command by printing its -version number (here 4.65). +version number (here 4.68). Even if your system already has a copy of Nmap, you should consider upgrading to the latest version available from Command-line and Graphical Interfaces -Nmap has traditionally been a command-line application run from +Nmap has traditionally been a command-line tool run from a Unix shell or (more recently) Windows command prompt. This allows experts to quickly execute a command that does exactly what they want without having to maneuver through a bunch of configuration panels and @@ -74,13 +74,13 @@ Nmap offers more than a hundred command-line options, although many are obscure features or debugging controls that most users can ignore. Many graphical frontends have been created for those users who prefer a GUI interface. Nmap has traditionally included a simple GUI for Unix named NmapFENmapFE, but that was replaced in 2007 by Zenmap, -which we had been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort +which we have been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort results, and also browse them in several ways (host details, raw Nmap -output, and ports/hosts). It works on Microsoft Windows, Linux, Mac -OS X, and other platforms. Zenmap is covered in depth in . The rest of this book focuses on command-line invocations of Nmap. +output, and ports/hosts). It works on Linux, Windows, Mac +OS X, and other platforms. Zenmap is covered in depth in . The rest of this book focuses on command-line Nmap invocations. Once you understand how the command-line options work and can interpret the output, using Zenmap or -the other available Nmap GUIs is easy. Nmap's options are all the same +the other available Nmap GUIs is easy. Nmap's options work the same way whether you choose them from radio buttons and menus or type them at a command-line. @@ -92,7 +92,7 @@ command-line. Nmap.Org is the official source for downloading Nmap source code and binaries for Nmap and Zenmap. Source code is distributed in bzip2 and gzip compressed tar files, and binaries are available for -Windows and Linux (RPM format). Find all of this at .dmg disk image). Find all of this at . @@ -105,9 +105,9 @@ integrity of files downloaded from the Internet. Popular packages such as Sendmail (example), +url="http://cert.org/advisories/CA-2002-28.html">example), OpenSSH (example), +url="http://cert.org/advisories/CA-2002-24.html">example), Sendmail (see . @@ -129,14 +129,14 @@ url="http://nmap.org/dist/sigs/?C=M&O=D"/>. signatures. As the signing key is never stored on production servers, even someone who successfully compromises the web server couldn't forge and properly sign a trojan release. While numerous applications -are able to verify PGP signatures, I recommend the GNU Privacy Guard (GPG). keys, cryptographic Nmap releases are signed with a special Nmap Project Signing Key,Nmap Project Signing Key -which can be obtained from they major keyservers or . My key is included in that file too. The keys can be imported with the command gpg --import nmap_gpgkeys.txt. You only need to do @@ -161,10 +161,10 @@ sub 2048g/A50A6A94 2005-04-24 For every Nmap package download file -(e.g. nmap-3.95.tar.bz2 and -nmap-3.95-win32.zip), there is a corresponding +(e.g. nmap-4.68.tar.bz2 and +nmap-4.68-win32.zip), there is a corresponding file in the sigs directory with .gpg.txt appended -to the name (e.g. nmap-3.95.tar.bz2.gpg.txt). +to the name (e.g. nmap-4.68.tar.bz2.gpg.txt). This is the detached signature file. With the proper PGP key in your keyring and the detached @@ -177,21 +177,17 @@ linkend="ex-gpg-verify-nmap-release-bad"/>. Verifying PGP Key Fingerprints (Successful) -flog~> gpg --verify nmap-3.95.tar.bz2.gpg.txt nmap-3.95.tar.bz2 -gpg: Signature made Thu 08 Dec 2005 12:26:23 AM PST - using DSA key ID 6B9355D0 -gpg: Good signature from - "Nmap Project Signing Key (http://insecure.org/)" +flog> gpg --verify nmap-4.68.tar.bz2.gpg.txt nmap-4.68.tar.bz2 +gpg: Signature made Sun 29 Jun 2008 02:40:34 AM PDT using DSA key ID 6B9355D0 +gpg: Good signature from "Nmap Project Signing Key (http://www.insecure.org/)" Detecting a bogus file -flog~> gpg --verify nmap-3.95.tar.bz2.gpg.txt nmap-3.95-hacked.tar.bz2 -gpg: Signature made Thu 08 Dec 2005 12:26:23 AM PST - using DSA key ID 6B9355D0 -gpg: BAD signature from - "Nmap Project Signing Key (http://insecure.org/)" +flog> gpg --verify nmap-4.68.tar.bz2.gpg.txt nmap-4.68-hacked.tar.bz2 +gpg: Signature made Sun 29 Jun 2008 02:40:34 AM PDT using DSA key ID 6B9355D0 +gpg: BAD signature from "Nmap Project Signing Key (http://www.insecure.org/)" While PGP signatures are the recommended validation technique, @@ -206,7 +202,7 @@ Nmap.Org hashes if you obtain Nmap from a third party or feel it might have been accidentally corrupted. For every Nmap package download file, there is a corresponding file in the sigs directory with .digest.txt appended to the name -(e.g. nmap-3.95.tar.bz2.digest.txt). An example +(e.g. nmap-4.68.tar.bz2.digest.txt). An example is shown in . This is the detached signature file. The hashes from the digest file can be verified using common tools such as sha1sum, md5sum, @@ -256,19 +252,30 @@ downloads. In addition to regular stable and development releases, the latest Nmap source code is always available using the Subversion (SVN) revision control -system. This brings new features and version/OS detection -database updates immediately upon development. The downside is that -SVN head revisions aren't always as stable as official release. So +system. This delivers new features and version/OS detection +database updates immediately as they are developed. The downside is that +SVN head revisions aren't always as stable as official releases. So SVN is most useful for Nmap developers and users who need a fix which hasn't yet been formally released. -SVN write access is strictly limited to a few top Nmap +SVN write access is strictly limited to a top Nmap developers, but everyone has read access to the repository. Check out the latest code using the command svn co --username guest --password "" svn://svn.insecure.org/nmap/. Then you can later update your source code by typing svn up in your -working directory. The guest username is required due to a bug in SVN. +working directory. The guest username is required due to an svnserve authorization bug. + +While most users only follow the /nmap +directory in svn (which pulls +in /nbase, /nsock, +and /zenmap on its own), there is one other +interesting directory: /nmap-exp. This directory +contains experimental Nmap branches which Nmap +developers create when they wish to try new things without +destabilizing Nmap proper. When developers feel that an experimental +branch is ready for wider-scale testing, they will generally email the +location to the nmap-dev mailing list. Once Nmap is checked out, you can build it from source code just as you would with the Nmap tarball (described later in this chapter @@ -314,15 +321,46 @@ quicker and easier to install, and allow for consistent management bzip2 -cd nmap-VERSION.tar.bz2 | tar xvf - -If you downloaded the .tgz version, replace +With GNU tar, the simpler command tar xvjf +nmap-VERSION.tar.bz2 does the +trick. If you downloaded the .tgz version, replace bzip2 with gzip -in the command above. With GNU tar, the simpler -command tar xvjf nmap-VERSION.tar.bz2 does the -trick. +in the decompression command. Change into the newly created directory: cd nmap-VERSION -Configure the build system: ./configure +Configure the build system: ./configure + +If the configuration succeeds, an ASCII art dragon appears to congratulate you on successful configuration and warn you to be careful, as shown in . + + +Successful configuration screen + ./configure +checking build system type... x86_64-unknown-linux-gnu +[hundreds of lines cut] +configure: creating ./config.status +config.status: creating Makefile +config.status: creating nsock_config.h +config.status: nsock_config.h is unchanged + ( ) /\ _ ( + \ | ( \ ( \.( ) _____ + \ \ \ ` ` ) \ ( ___ / _ \ + (_` \+ . x ( .\ \/ \____-----------/ (o) \_ +- .- \+ ; ( O \____ + ) \_____________ ` \ / +(__ +- .( -'.- <. - _ VVVVVVV VV V\ \/ +(_____ ._._: <_ - <- _ (-- _AAAAAAA__A_/ | + . /./.+- . .- / +-- - . \______________//_ \_______ + (__ ' /x / x _/ ( \___' \ / + , x / ( ' . / . / | \ / + / / _/ / + / \/ + ' (__/ / \ + NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND RESPONSIBLY +Configuration complete. Type make (gmake on some *BSD machines) to compile. +]]> + + Build Nmap (and the Zenmap GUI if its requirements are met): make @@ -331,9 +369,17 @@ this is often installed as gmake. So if make returns a bunch of errors such as Makefile, line 1: Need an operator, try running gmake instead. + -Become a privileged user for system-wide install: su root +Become a privileged user for system-wide install: su root + +This step may be skipped if you only have an unprivileged shell +account on the system. In that case, you will likely need to pass +the option to configure +in step four as described in the next section. + + Install Nmap, support files, docs, etc.: make install @@ -349,7 +395,7 @@ install. However, there are a number of options available to configure directives -Most of the Unix build options are controlled by the configure script, as used in step number four above. There are dozens of command-line parameters and environmental variables which affect the way Nmap is built. Run ./configure --help for a huge list with brief descriptions. Here are the ones that are specific to Nmap or particularly important: +Most of the Unix build options are controlled by the configure script, as used in step number four above. There are dozens of command-line parameters and environmental variables which affect the way Nmap is built. Run ./configure --help for a huge list with brief descriptions. These are not applicable to building Nmap on Windows. Here are the options which are specific to Nmap or particularly important: @@ -376,14 +422,14 @@ I would run ./configure --prefix=/home/fyodorZenmapdisablingThis option prevents the Zenmap graphical frontend from being installed. Normally the build system checks your system for requirements such as the Python scripting language and then installs Zenmap if they are all available. -OpenSSLdisablingThe version detection subsystem of Nmap is able to probe SSL-encrypted services using the free OpenSSL libraries. Normally the Nmap build system looks for these libraries on your system and include this capability if they are found. If they are in a location your compiler does not search for by default, but you still want them to be used, specify . Nmap then looks in directoryname/libs for the OpenSSL libraries themselves and directoryname/include for the necessary header files. Specify to disable SSL entirely. +OpenSSLdisablingThe version detection system and Nmap Scripting Engine are able to probe SSL-encrypted services using the free OpenSSL libraries. Normally the Nmap build system looks for these libraries on your system and include this capability if they are found. If they are in a location your compiler does not search for by default, but you still want them to be used, specify . Nmap then looks in directoryname/libs for the OpenSSL libraries themselves and directoryname/include for the necessary header files. Specify to disable SSL entirely. Nmap uses the Libpcap library for capturing raw IP packets. Nmap normally looks for an existing copy of Libpcap on your system and uses that if the version number and platform is appropriate. Otherwise Nmap includes its own recent copy of Libpcap, which has been modified for improved Linux functionality. The specific changes are described in libpcap/NMAP_MODIFICATIONS in the Nmap source directory. Because of these Linux-related changes, Nmap always uses its own Libpcap by default on that platform. If you wish to force Nmap to link with your own Libpcap, pass the option to configure. Nmap then expects the Libpcap library to be in directoryname/lib/libpcap.a and the include files to be in directoryname/include. Nmap will always use the version of Libpcap included in its tarball if you specify . -PCRE is a Perl-compatible regular expression library available from . Nmap normally looks for a copy on your system, and then fall back to its own copy if that fails. If your PCRE library is not in your compiler's standard search path, Nmap probably will not find it. In that case you can tell Nmap where it can be found by specifying the option to configure. Nmap then expects the library files to be in directoryname/lib and the include files to be in directoryname/include. In some cases, you may wish to use the PCRE libraries included with Nmap in preference to those already on your system. In that case, specify . +PCRE is a Perl-compatible regular expression library available from . Nmap normally looks for a copy on your system, and then falls back to its own copy if that fails. If your PCRE library is not in your compiler's standard search path, Nmap probably will not find it. In that case you can tell Nmap where it can be found by specifying the option to configure. Nmap then expects the library files to be in directoryname/lib and the include files to be in directoryname/include. In some cases, you may wish to use the PCRE libraries included with Nmap in preference to those already on your system. In that case, specify . Libdnet is an excellent networking library that Nmap uses for sending raw ethernet frames. The version in the Nmap tree is heavily modified (particularly the Windows code), so the default is to use that included version. If you wish to use a version already installed on your system instead, specify . Nmap then expects the library files to be in directoryname/lib and the include files to be in directoryname/include. @@ -396,7 +442,7 @@ I would run ./configure --prefix=/home/fyodorIf You Encounter Compilation Problems compilationproblems with -In an ideal world, software would always compile perfectly (and quickly) on every system you maintain. Unfortunately, society has not yet reached that state of nirvana. Despite all the efforts to make Nmap portable, compilation issues occasionally arise. Here are some suggestions in case the source distribution compilation fails. +In an ideal world, software would always compile perfectly (and quickly) on every system. Unfortunately, society has not yet reached that state of nirvana. Despite all our efforts to make Nmap portable, compilation issues occasionally arise. Here are some suggestions in case the source distribution compilation fails. Upgrade to the latest Nmap @@ -410,36 +456,29 @@ the error message carefully, as it could indicate a system problem such as low disk space or a broken compiler. Users with programming skills may be able to resolve a wider range of problems themselves. If you make code changes to fix the problem, please send a patch -(created with diff -uw oldfile newfile) and any details about your problem and platform to me at fyodor@insecure.org. Integrating the change into the base Nmap distribution allows many other users to benefit, and prevents you from having to make the changes with each new Nmap version. +(created with diff -uw oldfile newfile) and any details about your problem and platform to nmap-dev as described in . Integrating the change into the base Nmap distribution allows many other users to benefit, and prevents you from having to make the changes with each new Nmap version. Ask Google and other Internet resources Try searching for the exact error message on Google or other search engines. You might also want to browse recent activity on the Nmap development (nmap-dev)nmap-dev mailing list -list—archives are available at . +list—archives and a search interface are available at . Ask nmap-dev -If none of your research has led to a solution for -your problem, try sending a report to the Nmap development (nmap-dev) -list. If you subscribe first, your message gets through faster -because it does not go through moderation. Subscribe by -sending a blank email to -nmap-dev-subscribe@insecure.org and post to the list by -mailing nmap-dev@insecure.org. Be sure to describe -your problem in full, including the Nmap version number, platform you are -running on, and any relevant output snippets showing the -error. +If none of your research leads to a solution, try +sending a report to the Nmap development +(nmap-dev) mailing list, as described in +. Consider binary packages binary packages -Binary packages of Nmap are available on most -platforms and are usually easy to install. The downsides are that -they may not be as up-to-date and you lose some of the flexibility of -self-compilation. Previous sections of this chapter describe how to -find binary packages on many platforms, and even more are available -via Internet searching. Obviously you need to make sure the source is -reputable before installing binary -packages. +Binary packages of Nmap are available on most platforms and are +usually easy to install. The downsides are that they may not be as +up-to-date and you lose some of the flexibility of self-compilation. +Later sections of this chapter describe how to find binary packages on +many platforms, and even more are available via Internet searching. +Obviously you should only install binary packages from reputable +sources. @@ -447,25 +486,25 @@ packages. Linux Distributions -Linux is far and away the most popular platform for running -Nmap. In one user survey, 86% said that Linux was at -least one of the platforms on which they run -Nmap. +Linux is the most popular platform for running Nmap. In one user +survey, 86% said that Linux was at least one of the platforms on which +they run Nmap. The first release of Nmap in +1997 only ran on Linux. Linux users can choose between a source code install or using -binary packages provided by their distribution. The binary packages -are generally quicker and easier to install, and are often slightly -customized to use the distribution's standard directory paths and -such. These packages also allow for consistent management in terms of -upgrading, removing, or surveying software on the system. A downside -is that packages created by the distributions are necessarily behind -the Nmap.Org source releases. Most Linux distributions -(particularly Debian and Gentoo) keep their Nmap package relatively -current, though a few are way out of date. Choosing the source -install allows for more flexibility in determining how Nmap is built -and optimized for your system. To build Nmap from source, see . Here are simple package instructions for -the most common distributions. +binary packages provided by their distribution or Insecure.Org. The +binary packages are generally quicker and easier to install, and are +often slightly customized to use the distribution's standard directory +paths and such. These packages also allow for consistent management +in terms of upgrading, removing, or surveying software on the system. +A downside is that packages created by the distributions are +necessarily behind the Nmap.Org source releases. Most Linux +distributions (particularly Debian and Gentoo) keep their Nmap package +relatively current, though a few are way out of date. Choosing the +source install allows for more flexibility in determining how Nmap is +built and optimized for your system. To build Nmap from source, see +. Here are simple package instructions +for the most common distributions. RPM-based Distributions (Red Hat, Mandrake, Suse, Fedora) RPM @@ -480,43 +519,42 @@ the Nmap download page at . I build two packages: The nmap package contains just the command-line executable and data files, while the zenmap package contains the optional Zenmap -graphical frontend (see . -The zenmap package is optional and only -necessary for those who want a GUI interface to Nmap. It does require +graphical frontend (see ). +The zenmap package requires that the nmap package be installed first. One down side to installing the RPMs rather than compiling from source is that -the RPMs don't support OpenSSL for version detection of SSL services. +the RPMs don't support OpenSSL for version detection and Nmap Scripting Engine probing of SSL services. RPMinstalling from Installing via RPM is quite easy—it -even downloads the package for you when given the proper URLs. The following example downloads and installs Nmap 4.62, including the frontend. Of course you should use the latest version at the download site above instead. Any existing RPM-installed versions are +even downloads the package for you when given the proper URLs. The following example downloads and installs Nmap 4.68, including the frontend. Of course you should use the latest version at the download site above instead. Any existing RPM-installed versions are upgraded. demonstrates this installation process. Installing Nmap from binary RPMs -# rpm -vhU http://nmap.org/dist/nmap-4.62-1.i386.rpm -Retrieving http://nmap.org/dist/nmap-4.62-1.i386.rpm +# rpm -vhU http://nmap.org/dist/nmap-4.68-1.i386.rpm +Retrieving http://nmap.org/dist/nmap-4.68-1.i386.rpm Preparing... ########################################### [100%] 1:nmap ########################################### [100%] -# rpm -vhU http://nmap.org/dist/zenmap-4.62-1.noarch.rpm -Retrieving http://nmap.org/dist/zenmap-4.62-1.noarch.rpm +# rpm -vhU http://nmap.org/dist/zenmap-4.68-1.noarch.rpm +Retrieving http://nmap.org/dist/zenmap-4.68-1.noarch.rpm Preparing... ########################################### [100%] 1:zenmap ########################################### [100%] -As the filenames above imply, these binary RPMs were created for normal PCs (x86 architecture).x86 architecture I also distribute x86_64x86_64 architecture binaries of some releases for users with 64-bit Linux running on an AMD Opteron or Athlon64 processor. These binaries won't work for the relatively few Linux users on other platforms such as SPARC, Alpha, or PowerPC. They also may refuse to install if your library versions are sufficiently different from what the RPMs were initially built on. One option in these cases would be to find binary RPMs prepared by your Linux vendor for your specific distribution. The original install CDs or DVD are a good place to start. Unfortunately, those may not be current or available. Another option is to install Nmap from source code as described previously, though you lose the binary package maintenance consistency benefits. A third option is to build and install your own binary RPMs from the source RPMs distributed from the download page above. demonstrates this technique with Nmap 4.62. +As the filenames above imply, these binary RPMs were created for normal PCs (x86 architecture).x86 architecture I also distribute x86_64x86_64 architecture binaries for 64-bit Linux users. These binaries won't work for the relatively few Linux users on other platforms such as SPARC, Alpha, or PowerPC. They also may refuse to install if your library versions are sufficiently different from what the RPMs were initially built on. One option in these cases would be to find binary RPMs prepared by your Linux vendor for your specific distribution. The original install CDs or DVD are a good place to start. Unfortunately, those may not be current or available. Another option is to install Nmap from source code as described previously, though you lose the binary package maintenance consistency benefits. A third option is to build and install your own binary RPMs from the source RPMs distributed from the download page above. demonstrates this technique with Nmap 4.68. Building and installing Nmap from source RPMs -> rpmbuild --rebuild http://nmap.org/dist/nmap-4.62-1.src.rpm +> rpmbuild --rebuild http://nmap.org/dist/nmap-4.68-1.src.rpm [ hundreds of lines cut ] -Wrote: /home/fyodor/rpmdir/RPMS/i386/nmap-4.62-1.i386.rpm +Wrote: /home/fyodor/rpmdir/RPMS/i386/nmap-4.68-1.i386.rpm [ cut ] > su Password: -# rpm -vhU /home/fyodor/rpmdir/RPMS/i386/nmap-4.62-1.i386.rpm +# rpm -vhU /home/fyodor/rpmdir/RPMS/i386/nmap-4.68-1.i386.rpm Preparing... ########################################### [100%] 1:nmap ########################################### [100%] # @@ -552,7 +590,7 @@ running a two-year old Linux release, Yum will often give you a two-year-old version of Nmap. Even the latest version of distributions often take months to update to a new Nmap release. So for the latest version of Nmap on these systems, try the RPMs we -distribute as described in . But if our +distribute as described in the previous section. But if our RPMs aren't compatible with your system or you are in a great hurry, installing Nmap from Yum is usually as simple as executing yum install nmap (run yum install nmap zenmap @@ -573,9 +611,7 @@ Resolving Dependencies --> Running transaction check ---> Package nmap.x86_64 2:4.52-1.fc8 set to be updated --> Finished Dependency Resolution - Dependencies Resolved - ============================================================================= Package Arch Version Repository Size ============================================================================= @@ -592,9 +628,7 @@ Total download size: 1.0 M Is this ok [y/N]: y Downloading Packages: (1/1): nmap-4.52-1.fc8.x8 100% |=========================| 1.0 MB 00:02 -Running rpm_check_debug Running Transaction Test -Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: nmap ######################### [1/1]