InformIT: Mac OS X Unleashed > Recommended Command-Line Software Installations

Table of Contents

Recommended Command-Line Software Installations

As we've mentioned several times previously, there are thousands of freely available Unix programs that can be downloaded as source and compiled for your machine. We've included a small sample of these in this section—some that we've used in this book, and some that are simply useful utilities to have available. If you browse the FTP sites and Web directories where you can find these sources, you'll discover many more programs that might be of interest.

`libtermcap`

For some reason, Apple has not included a copy of libtermcap.a with OS X. This resource is required by programs so that they can look up, and make use of, the differing screen format controls that different types of terminals provide.

You can download a copy of the libtermcap source from any GNU mirror, such as ftp.gnu.org, although we strongly recommend that you follow the instructions provided immediately after connection, and use a local mirror of the FTP site rather than the parent GNU site. The source should be in /pub/gnu/termcap/.

Installation is straightforward: gunzip, tar -xf termcap-1.3.tar, cd termcap-1.3, cp /usr/libexec/config.* ./, ./configure, make, make install.

A problem with the install will be that it wants to put termcap.h into /usr/include/termcap.h. Because only the super user can write to that directory, you will have to make install as root, or you will have to change the permissions on /usr/include so that your software maintenance user can write to the directory.

It also might help some software installations if you ln -s /usr/share/misc/termcap /etc/termcap, and ln -s /usr/share/misc/termcap.db /etc/termcap.db.

`spell` and `ispell`

spell is the spelling checker program that we used as an example for the discussion of STDIN/STDOUT and pipes. The ispell program is actually the base driver for the spell program, and can do a number of things that we didn't demonstrate in the pipes section. You're encouraged to check out the man pages for more information.

This software has a somewhat convoluted install, but not because it's inherently difficult to install. The problem exists because the dictionaries that it uses are copyrighted, and can't be legally distributed by the author of the spell program. This necessitates a separate download for the dictionaries, and some fiddling with the source to point it at the downloaded dictionaries.

The ispell homepage is located at http://www.cs.ucla.edu/ficus-members/geoff/ispell.html.

ln -s /var/tmp /usr/tmp

(Lots of software will expect /usr/tmp to exist.)

lynx -dump ftp://ftp.tue.nl/pub/tex/GB95/ispell-english.zip > english.zip
lynx -dump ftp://ftp.cs.ucla.edu/pub/ispell-3.1/ispell-3.1.20.tar.gz > ispell-3.1.20.tar.gz
lynx -dump http://www.ibiblio.org/pub/gnu/spell/spell-1.0.tar.gz > spell-1.0.tar.gz

unzip english.zip
gunzip ispell-3.1.20.tar.gz
gunzip spell-1.0.tar.gz
tar -xf ispell-3.1.20.tar
tar -f spell-1.0.tar
cd ispell-english
mv american.med+ american.med
mv british.med+ british.med
mv * ../ispell-3.1/languages/english/
cd ./ispell-3.1
make all

This will compile for a little while, and then die with errors. After it does, edit the file local.h, and add the following line on the first empty line:

#define LANGUAGES "{ american,MASTERDICTS=american.med, HASHFILES=americanmed.hash} "

make all
make install

The make install step will need a number of directories, and permissions to write into them, in the /usr/local tree. If they don't all exist on your system, create them and rerun the make install step.

cd ../spell-1.0/
cp /usr/libexec/config.* ./
./configure
make
make install

Now you can run both the ispell program and the spell program as shown in Chapter 14, "Advanced Shell Concepts and Commands."

You're supposed to be able to compile this with the capability to add words to the dictionary. Unfortunately, the script that builds the dictionaries requires that sort accept a different syntax than OS X's sort. The adventurous are encouraged to attempt the repair—it's not too difficult, but it does require a number of changes to accomplish.

`gdbm`

This is the GNU dbm (database management) library. Software authors have chosen at least three different dbm flavors to support their applications. gdbm is the GNU-supported variant. These libraries don't conflict with each other, so it doesn't hurt to have extras installed, and gdbm is required for some installs.

The source can be downloaded from any GNU mirror (see libtermcap for suggestions).

Read the READMEs

./configure
make
make progs
make install

The make progs step makes test and conversion programs. Among other things, this step makes comparisons between the behavior of the gdbm and other dbm libraries installed on your machine. It is expected to fail on systems that do not have dbm or ndbm libraries (currently, Apple doesn't provide these, but this could change in the future).

Python

Python is a programming language designed for building "smart" applications. Some software authors use the Python libraries to build expert-system applications, and it has been growing in popularity in recent years. If you'd like to either experiment with writing applications in Python, or need to install it to support other applications you'd like to run, this should get you started.

Available from http://www.python.org/

Read the READMEs

./configure —with-suffix=.exe —with-dyld

Edit the Modules/Setup file if there are any modules that you know you want to use. For example, if you are thinking about installing HostSentry, you should uncomment the lines for gdbm and syslog. If you discover later that there are some modules you want to use, you can edit the Modules/Setup file as appropriate, recompile and reinstall python.

make

If you edited Modules/Setup you will see a comment in the early make output that you might have to rerun make. If you see the comment, rerun make. Otherwise, you can run make test next.

make test

You might find that the make test step fails, even though the make step does not. Try installing your compiled python anyway. So far, people are reporting success in using p y thon on OS X anyway.

make install

PortSentry

PortSentry, available at http://www.psionic.com/, is a connection-monitoring program that attempts to determine if your machine is being attacked via the network, and blocks access from machines that appear to be attempting malicious connections. We will be covering the setup and monitoring of this program in Chapter 31, "Server Security and Advanced Network Configuration."

Read the READMEs.

Edit, if needed, the portsentry_config.h file for the following location definitions: CONFIG_FILE, WRAPPER_HOSTS_DENY, SYSLOG_FACILITY, SYSLOG_LEVEL. The software author recommends leaving the settings alone.

Edit portsentry.conf. This is the file you edit to set the scan and response level.

Edit portsentry.ignore. This is the file that contains a listing of hosts that portsentry should ignore.

make generic

As root, run make install.

Start portsentry for TCP and UDP:

/usr/local/psionic/portsentry/portsentry –tcp
/usr/local/psionic/portsentry/portsentry –udp

Adjust configuration settings until you are happy with them.

Add PortSentry to the system's startup scripts if you want PortSentry to start at boot.

`nmap`

nmap, available from http://www.insecure.com/, is a tool that can be used to scan ports on your machine or other machines. You may or may not be interested in nmap if you are already using some combination of ipfw and/or PortSentry. The latest version of nmap has an OS X port available. The config.guess and config.sub files that come with it are even more up to date than the OS X default config.guess and config.sub files.

Read the READMEs.

./configure
make
make install

Tripwire 1.3.1 (Academic Source Release)

Tripwire, available from http://www.tripwire.com/, monitors the integrity of whatever important directories or files you configure it to monitor. Regular use of Tripwire can alert you to any unauthorized changes that have been made to files on your system.

Go to the GNU Darwin porting page at http://gnu-darwin.sourceforge.net/ports/ and follow the directions for setting up the porting engine. Don't start the bootstrap process. The current source is located at http://elisa.utopianet.net/~rlucia/devel/darwin_ports/. This package is intended to do much the same thing as the GNU Darwin porting engine, but both have minor problems, and seem to overlay and work better in tandem than either alone.

If you have not already done so, make a user called man. Follow the same method that you used for making a bin user. The porting engine used in FreeBSD expects certain user IDs to exist, and won't run properly without them.

These packages will enable you to compile and install far more software than just the Tripwire monitor.

Notes on compiling Tripwire via the ports system:

Tripwire wants to be compiled in /usr/ports/security/tripwire-131/.

Run bsdmake in that directory after you have installed the ports system, and it will tell you where to get the actual Tripwire source. You might need to run bsdmake again if it doesn't unpack the source after downloading.

This is all supposed to work straight from the bsdmake command, but it doesn't work cleanly as of this writing. Fixing it isn't too strenuous, but is somewhat annoying.

cd to work/tw_ASR_1.3.1_src/. Edit the Makefile. Add a # in front of the line that says

# LDFLAGS= -static        # Most systems, Linux / RedHat 5.2 and previous

and remove the # from in front of the line that says

# LDFLAGS= -ldl          # Solaris 2.x, Redhat 6.0

You need to make sure that the LDFLAGS has no spaces in front of it.

Run bsdmake in work/tw_ASR_1.3.1_src/.

The compiler provided by Apple doesn't like the compiler directive #if (TW_TYPE32 == int). You can look for these and replace them with #if (0). You'll need to do this for each of several subdirectories of the sigs subdirectory.

Depending on the state of the Darwin ports system, whichever you choose to use, you might need to build bits and pieces of the downloaded parts, such as the dlcompat library, and install them. There's an effort underway to get this all into a single clean install, but it's not quite there yet.

Eventually, you should get to a point that the make builds two executables: tripwire and siggen. make install, and if all goes well, it's time to read the instructions and learn how to use it (or, wait until Chapter 31, when we'll get you started on Tripwire configuration, along with a number of other network security topics). If the make install doesn't work, it'll be because of missing directories, or a need to create the man user for the installation to proceed.

Note that this make install moves files when it installs them, rather than copying them. If you need to reinstall, either to place it somewhere else or because the install didn't finish properly, you'll need to bsdmake it all again.

Edit tw.config. This is the file where you specify what files or directories you want Tripwire to monitor.

Initialize the Tripwire database:

tripwire –initialize

Run tripwire:

tripwire

Add tripwire to a daily cron job so that Tripwire regularly checks the integrity of your important files and sends you the results.

`restore`

The restore command is part of the dump/restore pair of traditional Unix commands used for creating and managing backups. Apple, for reasons yet unknown, has provided the dump command with the system, but not the restore command. Chapter 32, "Maintenance and Troubleshooting," details the use of the dump and restore commands.

The adventurous and intrepid can try their hand at building restore straight from the FreeBSD sources:

localhost work 230% setenv CVSROOT :pserver:anoncvs@anoncvs.FreeBSD.org:/home/ncvs
localhost work 231% cvs login

     (Logging in to anoncvs@anoncvs.FreeBSD.org)
CVS password: anoncvs

localhost work 232% cvs co restore

     cvs server: Updating restore
     U restore/Makefile
     U restore/dirs.c
     U restore/extern.h
     U restore/interactive.c
     U restore/main.c
     U restore/restore.8
     U restore/restore.c
     U restore/restore.h
     U restore/symtab.c
     U restore/tape.c
     U restore/utilities.c

localhost work 233% ls

     restore

localhost work 234% cvs co dump

     cvs server: Updating dump
     U dump/Makefile
     U dump/dump.8
     U dump/dump.h
     U dump/dumprmt.c
     U dump/itime.c
     U dump/main.c
     U dump/optr.c
     U dump/pathnames.h
     U dump/tape.c
     U dump/traverse.c
     U dump/unctime.c
localhost rawrestore 235% cvs logout

     (Logging out of anoncvs@anoncvs.FreeBSD.org)

localhost work 237% ls

     dump      restore

This shows downloads for both dump and restore because the compilation of r e store requires one of the dump source files as well. You can start hacking away in the restore directory using bsdmake. Expect to have to modify at least one .h file and a couple of the .c files. The fix isn't terribly difficult, but it's a bit uglier than we feel it would be educational to discuss here.

Those less adventurous can download our patched source from http://www.osxunleashed.com/fixes/, and we're hoping that Apple will start distributing this as part of the standard software package soon.