Focus on Software

David A. Bandel

Issue #72, April 2000

webnotebook, darxite, AoNettool and more.

The RPM standard is a panacea for those who use RPM-based distributions (Red Hat, Caldera, Mandrake, SuSE, etc.). Or is it? You may have noticed that RPMs from one distribution don't always work on another. They don't install due to dependency problems (even though they would run just fine), or they install but segfault (library incompatibilities), etc. So you grab a .src.rpm file, and try to build it. Often, that doesn't work because some distributions have seen fit to make slight alterations to their version of RPM. What about those who can't even build an RPM .spec file and the patches required? Well, you might want to check out http://specs.pananix.net/. The .spec and patch files are thin at the moment, but with help from the RPM community, this could be a great site for grabbing a .spec file and patches that work for your distribution. Hopefully, all that's required is the software archive file, the .spec and patches. The command

rpm -bb && rpm -i ../RPMS/i386/
should do the trick.

webnotebook: http://www.entropia.com.mx/~roadmr/webnotebook/

This is a small web notebook with fields for subject and body. It automatically adds the creation date, modification date and a note number. webnotebook is similar to note, but is used via a web browser (lynx works just fine). You can search for any term, and the notes found will be listed. Searching on nothing returns everything. Unlike note, which sorts on note number, the default sort in webnotebook is the modification date (latest first). It requires MySQL server, web server configured for CGI, Perl and the Perl DBI/DBD module.

darxite: http://darxite.cjb.net/

Much like Downloader for X, this program will download a number of files. While slightly more complex than Downloader for X, darxite runs a daemon in the background, which you can connect to in order to pass URLs for downloading (including downloading directories recursively). Several client programs, for X and the command line, can be used to pass commands, URLs and monitor download progress. This program will continue downloading even after you log out. It requires libpthread and glibc.

AoNettool: 134.130.48.9/~alex/AoNettools-0.9a-rev1.tar.gz

This tool is a Tcl/Tk front end for ping, traceroute, nslookup, finger and whois. Output is displayed in the window and can be saved for future reference. This tool works well for those not accustomed to a command line. I would only add netstat -rn, netstat -an and ifconfig to have a relatively complete set of tools for viewing the network status of the host. It requires Tcl/Tk.

Advanced Packet Sniffer: http://www.swrtec.de/

This packet sniffer provides a wealth of information about packets on your network, as well as a display of the entire packet. The header is put into human-readable form and presented, starting with the MAC address. A number of options are available, such as whether to include or exclude a particular MAC or IP address. This sniffer can be run only by root, but that constitutes a fairly good reason not to allow rogue Linux systems on your network. It requires glibc.

filetraq: http://filetraq.xidus.net/

This particular utility seeks to replace the no-longer-free tripwire, but filetraq works from a slightly different perspective. Rather than track large numbers of files daily, it looks for changes in a few key files at very short intervals. Changes in any of these files are reported via e-mail when the change is detected. Key files include one of /etc/passwd or /etc/shadow and a few others, such as /etc/services and /etc/inetd.conf and easily editable startup files. Basically, filetraq uses diff to compare the file against the database, so you could include /bin/login also. It requires bash and recommends cron.

anteater: http://www.profzone.ch/anteater/

This utility will search through your mail log file using grep and display important statistics gleaned from that file: largest messages, source of most messages, etc. One problem this particular utility suffers from is the lack of a usage message. Both -h and help tell you to read the manual, but the manual isn't installed with the software—an oversight, I'm sure. It requires libstdc++, libm and glibc.

nutcrack: http://www.birdnest.org/zzrhear/

It has been awhile since a new password-cracking program has appeared. The ones currently available are difficult to compile or require mega-swap space and more resources than most modest systems have. nutcrack is quick. One caution: the dictionary used is extremely important. I created a new account, and used the account name as the password—it wasn't caught. So, be sure to add the contents of your password file (user name and GECOS field) to the dictionary. It requires Perl and a good dictionary file.

weedlog: http://www.firepool.com/weedlog/

This particular daemon is yet another IP logger, but with one big difference: unlike many loggers, this one does not rely on promiscuous mode and logs the packets in an easily understood, human-readable format (configurable). This makes for fewer mistakes when manually reading the log, and it can be machine-processed easily. You can choose among logging TCP, UDP, ICMP or IGMP (or any combination). Caution: if you get many simultaneous connections, you will see a weedlog spawned to report each one (it will die, but you could end up with a very large process table). It requires libpthread and glibc.

David A. Bandel (dbandel@pananix.com) is a Linux/UNIX consultant currently living in the Republic of Panama. He is co-author of Que Special Edition: Using Caldera OpenLinux.