KBTAG: kben10000079
URL: http://www.securityportal.com/lskb/10000050/kben10000079.html
Date created: 17/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Linux - tarball software management
Keywords: Software/tarball
It's 4am, you found an easter egg. Tah. I should go to bed but noooooo, I'm editing the stupid keywords.
Most modern Linux distributions use a package management system to install, keep track of and remove software on the system. There are however many exceptions, Slackware does not use a true package management system per se, but instead has precompiled tarballs (a compressed tar file containing files) that you simply unpack from the root directory to install, some of which have install script to handle any post install tasks such as adding a user. These packages can also be removed, but functions such as querying, comparing installed files against packages files (trying to find tampering, etc.) is pretty much not there. Or perhaps you want to try the latest copy of X, and no-one has yet gotten around to making a nice .rpm or .deb file, so you must grab the source code (also usually in a compressed tarball), unpack it and install it. This present no more real danger then a package as most tarballs have MD5 and/or PGP signatures associated with them you can download and check. The real security concern with these is the difficulty in sometimes tracking down whether or not you have a certain piece of software installed, determining the version, and then removing or upgrading it. I would advise against using tarballs if at all possible, if you must use them it is a good idea to make a list of files on the system before you install it, and one afterwards, and then compare them using 'diff' to find out what file it placed where. Simply run 'find /* > /filelist.txt' before and 'find /* > /filelist2.txt' after you install the tarball, and use 'diff -q /filelist.txt /filelist2.txt > /difflist.txt' to get a list of what changed. Alternatively a 'tar -tf blah.tar' will list the contents of the file, but like most tarballs you'll be running an executable install script/compiling and installing the software, so a simple file listing will not give you an accurate picture of what was installed or modified. Another method for keeping track of what you have installed via tar is to use a program such as stow, stow installs the package to a separate directory (/opt/stow/) for example and then creates links from the system to that directory as appropriate. Stow requires that you have Perl installed and is available from: http://www.gnu.ai.mit.edu/software/stow/stow.html.
Command |
Function |
tar -tf filename.tar |
Lists files in filename.tar |
tar -xf filename.tar |
Extracts files from filename.tar |
No tools found, please tell me if you know of any (although beyond mirroring, automatically unpacking and running ./configure ; make ; make install, nothing really comes to mind, i.e. a ports collection similar to BSD).
Usually when software installs from a source install as opposed to a package it has a tendency to go all over the place. Removing it can be an extremely troublesome task.
installwatch monitor what a program does, and logs any changes it makes to the system to syslog. Its similar to the time program in that it runs the program in a wrapped form so that it can monitor what happens, you run the program as installwatch /usr/src/something/make for example (optionally you can use the o filename to log to a specific file). installwatch is available from: http://datanord.datanord.it/~pdemauro/installwatch/.
instmon is run before and after you install a tarball / tgz package (or any package for that matter). It generates a list of files changed that you can later use to undo any changes. It is available from: http://hal.csd.auth.gr/~vvas/instmon/.
Please see kben10000080 for verifying software and data packages