Tuesday, September 4, 2012

NETASQ: Using External tools inside the FW

Hi folks,

so i need some tools on my unix FW, netasq comes with some, but lacks a lot of others. Great example is : wget.

So you need to figure it out which freebsd version you're netasq is running on:

Normaly for a V9, it is a Freebsd 7.3:

# uname -a
NS-BSD VUXXXA1GXXXXXX 9.0.3- NS-BSD 9.0.3- #0: Mon Apr  2 21:15:37 CEST 2012     build@buildmajclipp.netasq.com:/usr/home/build/fw-9.0.3/sys-7.3/work/sys/i386/compile/NETASQ.XL.FULLVIRT.RELEASE  i386

For a v8, it is a 6.3:

# uname -a
NS-BSD V50XXA0A0000001 8.1.0- NS-BSD 8.1.0- #0: Wed Mar 31 13:14:10 CEST 2010     build@81maj.netasq.com:/usr/home/build/fw-8.1.0/sys-6.3/work/sys/i386/compile/NETASQ.M.FULLVIRT.RELEASE  i386

In the following command:

root@linux$ Is the Prompt of the Linux Host ( yes, sure ! :- )
VUXXXXXX0000000>Is the Prompt of the Netasq FW ( huh ?? )

Download the packages from a Distribution server, for wget you will need:

Wget : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/wget-1.12.tbz

gettext: http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/gettext-0.17_1.tbz

libiconv : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/libiconv-1.13.1_1.tbz

unpack the files in a directory:

root@linux$ tar -jxvf wget-1.12.tbz

root@linux$ tar -jxvf gettext-0.17_1.tbz

root@linux$ tar -jxvf libiconv-1.13.1_1.tbz

So you have the tool, somes libs that will be used later on, now, transfer the wget binary from bin/wget to a netasq fw, in /log/wget-bsd73 for example:

VUXXXXXX0000000> mkdir /log/wget-bsd73

root@linux$ scp bin/wget mynetasqfw:/log/wget-bsd73

We'll test if all the shared libs are available

VUXXXXXX0000000>ldd wget
        libssl.so.5 => not found (0x0)
        libcrypto.so.5 => not found (0x0)
        libiconv.so.3 => not found (0x0)
        libintl.so.8 => not found (0x0)
        libc.so.7 => /lib/libc.so.7 (0x280cc000)

Well.... we miis a lot ? In fact no, we just miss 2 libs: libiconv.so and libintl.so.

Transfer the 2 libs:

root@linux$ scp lib/libiconv.so.3 mynetasqfw:/log/wget-bsd73

 root@linux$ scp lib/libintl.so.8 mynetasqfw:/log/wget-bsd73

For the rest we just need to create symlinks:

ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.5

ln -s /usr/lib/libssl.so /usr/lib/libssl.so.5

ln -s $PWD/libiconv.so.3 /usr/lib/libiconv.so.3

ln -s $PWD/libintl.so.8 /usr/lib/libintl.so.8

So, check again the shared libs:

VUXXXXXX0000000>ldd wget
        libssl.so.5 => /usr/lib/libssl.so.5 (0x280cc000)
        libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x2811d000)
        libiconv.so.3 => /usr/lib/libiconv.so.3 (0x28288000)
        libintl.so.8 => /usr/lib/libintl.so.8 (0x2837e000)
        libc.so.7 => /lib/libc.so.7 (0x28387000)

Everything is here !

To end this proc, just copy the wget binary to the  /usr/Firewall/sbin/ directory:

VUXXXXXX0000000>cp wget /usr/Firewall/sbin/wget


Now we can test the wget:

--2011-09-04 10:14:42--
Connecting to connected.
HTTP request sent, awaiting response... 200 OK
Length: 72 [application/octet-stream]
Saving to: `na_pack_updates_kasperskyStandard.md5'

100%[===========================================================================>] 72          --.-K/s   in 0s

2011-09-04 10:14:43 (1.05 MB/s) - `na_pack_updates_kasperskyStandard.md5' saved [72/72]

That's all Folks !








No comments: