Nmap Security Scanner
Ref Guide
Security Lists
Security Tools
Site News
Advertising
About/Contact
Credits
Sponsors
|

 |
Intro |
Reference Guide |
Book |
Install Guide |
Download |
Changelog |
Zenmap GUI |
Docs |
Bug Reports |
OS Detection |
Propaganda |
Related Projects |
In the Movies |
In the News |
|
 |
Unix Compilation and Installation from Source CodeWhile binary packages
discussed in later sections are available for most platforms, compilation and
installation from source code is the traditional and most powerful way
to install Nmap. This ensures that the
latest version is available and allows Nmap
to adapt to the library availability and directory structure of your
system. For example, Nmap uses the
OpenSSL cryptography libraries for version detection when
available, but most binary packages do not include this
functionality. On the other hand, binary packages are generally
quicker and easier to install, and allow for consistent management
(installation, removal, upgrading, etc.) of all packaged software on the system. Source installation is usually a painless process—the build system is designed to auto-detect as much as possible. Here are the steps required for a default install: Download the latest version of Nmap in .tar.bz2 (bzip2 compression) or .tgz (gzip compression) format from http://nmap.org/download.html Decompress the downloaded tarball with a command such as: bzip2 -cd nmap-VERSION .tar.bz2 | tar xvf - If you downloaded the .tgz version, replace
bzip2 with gzip
in the command above. With GNU tar, the simpler
command tar xvjf
nmap-VERSION .tar.bz2 does the
trick. Change into the newly created directory: cd nmap-VERSION Configure the build system: ./configure Build Nmap (and the Zenmap GUI if its requirements are met):
make Note that GNU Make is required. On BSD-derived Unix systems,
this is often installed as gmake. So if
make returns a bunch of errors such as
“Makefile, line 1: Need an
operator ”, try running gmake instead. Become a privileged user for system-wide install: su root Install Nmap, support files, docs, etc.: make install Congratulations! Nmap is now installed as /usr/local/bin/nmap ! Run it with no arguments for a quick help screen.
As you can see above, a simple source compilation and install
consists of little more than ./configure;make;make
install. However, there are a number of options available to configure that affect the way Nmap is built. Most of the Unix build options are controlled by the configure script, as used in step number four above. There are dozens of command-line parameters and environmental variables which affect the way Nmap is built. Run ./configure --help for a huge list with brief descriptions. Here are the ones that are specific to Nmap or particularly important: --prefix= directoryname This option, which is standard to the
configure scripts of most software,
determines where Nmap and its components
are installed. By default, the prefix is
/usr/local , meaning that
nmap is installed in /usr/local/bin , the
man page (nmap.1 ) is installed in
/usr/local/man/man1 , and the data files
(nmap-os-db ,
nmap-services , nmap-service-probes ,
etc.) are installed under /usr/local/share/nmap .
If you only wish to change the path of certain components, use the
options --bindir , --datadir , and/or
--mandir . An example usage of
--prefix would be to install
Nmap in my account as an unprivileged user.
I would run ./configure
--prefix=/home/fyodor . Nmap creates subdirs like /home/fyodor/man/man1 in the install stage if they do not already exist. --without-zenmap This option prevents the Zenmap graphical frontend from being installed. Normally the build system checks your system for requirements such as the Python scripting language and then installs Zenmap if they are all available. --with-openssl= directoryname The version detection subsystem of Nmap is able to probe SSL-encrypted services using the free OpenSSL libraries. Normally the Nmap build system looks for these libraries on your system and include this capability if they are found. If they are in a location your compiler does not search for by default, but you still want them to be used, specify --with-openssl=directoryname . Nmap then looks in directoryname /libs for the OpenSSL libraries themselves and directoryname /include for the necessary header files. Specify --without-openssl to disable SSL entirely. --with-libpcap= directoryname Nmap uses the Libpcap library for capturing raw IP packets. Nmap normally looks for an existing copy of Libpcap on your system and uses that if the version number and platform is appropriate. Otherwise Nmap includes its own recent copy of Libpcap, which has been modified for improved Linux functionality. The specific changes are described in libpcap-possiblymodified/CHANGES in the Nmap source directory. Because of these Linux-related changes, Nmap always uses its own Libpcap by default on that platform. If you wish to force Nmap to link with your own Libpcap, pass the option --with-libpcap=directoryname to configure. Nmap then expects the Libpcap library to be in directoryname /lib/libpcap.a and the include files to be in directoryname /include . Nmap will always use the version of Libpcap included in its tarball if you specify --with-libpcap=included .
--with-libpcre= directoryname LibPCRE is a Perl-compatible regular expression library available from http://www.pcre.org Nmap normally looks for a copy on your system, and then fall back to its own copy if that fails. If your PCRE library is not in your compiler's standard search path, Nmap probably will not find it. In that case you can tell Nmap where it can be found by specifying the option --with-libpcre=directoryname to configure. Nmap then expects the library files to be in directoryname /lib and the include files to be in directoryname /include . In some cases, you may wish to use the PCRE libraries included with Nmap in preference to those already on your system. In that case, specify --with-libpcre=included . --with-libdnet= directoryname Libdnet is an excellent networking library that Nmap uses for sending raw ethernet frames. The version in the Nmap tree is heavily modified (particularly the Windows code), so the default is to use that included version. If you wish to use a version already installed on your system instead, specify --with-libdnet=directoryname . Nmap then expects the library files to be in directoryname /lib and the include files to be in directoryname /include . --with-localdirs This simple option tells Nmap to look in /usr/local/lib and /usr/local/include for important library and header files. This should never be necessary, except that some people put such libraries in /usr/local without configuring their compiler to find them. If you are one of those people, use this option.
If You Encounter Compilation ProblemsIn an ideal world, software would always compile perfectly (and quickly) on every system you maintain. Unfortunately, society has not yet reached that state of nirvana. Despite all the efforts to make Nmap portable, compilation issues occasionally arise. Here are some suggestions in case the source distribution compilation fails. - Upgrade to the latest Nmap
Check http://nmap.org/download.html to make sure you are using the latest version of Nmap. The problem may have already been fixed. - Read the error message carefully
Scroll up in the output screen and examine the error
messages given when commands fail. It is often best to find the first
error message, as that often causes a cascade of further errors. Read
the error message carefully, as it could indicate a system problem
such as low disk space or a broken compiler. Users with programming
skills may be able to resolve a wider range of problems themselves.
If you make code changes to fix the problem, please send a patch
(created with diff -uw oldfile newfile) and any details about your problem and platform to me at <fyodor@insecure.org> . Integrating the change into the base Nmap distribution allows many other users to benefit, and prevents you from having to make the changes with each new Nmap version. - Ask Google and other Internet resources
Try searching for the exact error message on Google or other search engines. You might also want to browse recent activity on the Nmap development (nmap-dev) list—archives are available at http://seclists.org - Ask nmap-dev
If none of your research has led to a solution for
your problem, try sending a report to the Nmap development (nmap-dev)
list. If you subscribe first, your message gets through faster
because it does not go through moderation. Subscribe by
sending a blank email to
<nmap-dev-subscribe@insecure.org> and post to the list by
mailing <nmap-dev@insecure.org> . Be sure to describe
your problem in full, including the Nmap version number, platform you are
running on, and any relevant output snippets showing the
error. - Consider binary packages
Binary packages of Nmap are available on most
platforms and are usually easy to install. The downsides are that
they may not be as up-to-date and you lose some of the flexibility of
self-compilation. Previous sections of this chapter describe how to
find binary packages on many platforms, and even more are available
via Internet searching. Obviously you need to make sure the source is
reputable before installing binary
packages.
|
|