Installs for Ubuntu?

[cfossace]

Yum installer doesn't really work that well on Ubuntu.....but using apt-get I can't find the repositories. I keep getting "Unable to locate".

I can post pictures if necessary...has anyone been able to install on Ubuntu?

[jxb5151]

Hello cfossace:

Thanks for giving this a shot! I hopped on and installed the latest version of Ubuntu Server (14.04.3) on a VM and then documented my install process as best I could. Please give this a shot and let me know how it works for you, this went well on my instance. I will make a point to update the documentation with these more detailed steps to support people on different platforms. Thanks for raising this issue.

; Installing Yara
; Base Install
wget https://github.com/plusvic/yara/archive/v3.4.0.tar.gz
tar -xvzf v3.4.0.tar.gz
cd yara-3.4.0/
sudo apt-get install autoconf dh-autoreconf python-dev
./bootstrap.sh
./configure
make
sudo make install
; Python Install
cd yara-python/
python setup.py build
sudo python setup.py install
; Ensure those new libraries can be found
sudo vim /etc/ld.so.conf.d/yara.conf
; add the line '/usr/local/lib' (no quotes)
sudo ldconfig

; Get base packages
sudo apt-get install libpython2.7-stdlib python-pip libffi-dev ssdeep upx unrar libfuzzy-dev unzip

; Setup Python packages
sudo easy_install -U setuptools
sudo pip install czipfile pefile hachoir-parser hachoir-core hachoir-regex hachoir-metadata hachoir-subfile ConcurrentLogHandler pypdf2 xmltodict rarfile ssdeep pylzma oletools

; Get fsf
cd ~
wget https://github.com/EmersonElectricCo/fsf/archive/master.zip
unzip master.zip
vim fsf-master/fsf-server/conf/config.py
; Point YARA_PATH to full path to rules.yara, in my case /home/cartman/fsf-master/fsf-server/yara/rules.yara
cd fsf-master/fsf-server
./main.py start
; Check how it is being locally hosted (netstat -na | grep 5800), by default it is 127.0.0.1, but sometimes that needs to change, like here :)
netstat -na | grep 5800
tcp        0      0 127.0.1.1:5800          0.0.0.0:*               LISTEN
; If necessary, change IP_ADDRESS in client config
vim ../fsf-client/conf/config.py
; Finally, test it out!
cd ../fsf-client/
./fsf_client.py ~/fsf-master/docs/Test.zip
; Get all subobjects!
./fsf_client.py ~/fsf-master/docs/Test.zip --full
; You should get a bunch of pretty JSON and a dump of subobjects if you use --full
; Problems? Check out /tmp/daemon.log and or /tmp/dbg.log
; Success? Awesome! If you have any ideas or desire to contribute modules or Yara signatures please share them!

[jxb5151]

Please see the recent changes made to the documentation to better support users on different platforms.

https://github.com/EmersonElectricCo/fsf/blob/master/CHANGELOG.md https://github.com/EmersonElectricCo/fsf/blob/master/docs/INSTALL.md

[cfossace]

You're creating yara.conf for the first time right? I think because I chose to use gedit over vim, that is why I got this weird error, but the error didn't affect anything, because yara.conf was still created, and I had no further issues after that. :) I think this new error is some root permission thing with gedit, even though it's more of a warning because everything happens as expected.

Thank you so much for your help! This step by step was really useful, as well as the sample files you provided for testing.

[jxb5151]

Anytime, glad it was useful.

I'm not expert on gedit, but from poking around real quick it seems like the preferred method for invoking gedit as with superuser privs is to use gksudo. The warnings can be safely ignored, however you might be able to remedy that completely by updating gtk according to this:

http://askubuntu.com/questions/419783/gtk-warning-calling-inhibit-failed-gdbus-errororg

Happy to see you were able to get things going. Closing this out!