Installing Yara on Ubuntu 10.04

Installation for YARA on Ubuntu 10.04. First you will need the PCRE development and runtime libraries.

$ sudo apt-get install libpcre3 libpcre3-dev

Now acquire the YARA source code.

$ wget http://yara-project.googlecode.com/files/yara-1.4.tar.gz
$ wget http://yara-project.googlecode.com/files/yara-python-1.4.tar.gz

Untar and configure YARA.

$ tar xvfz yara-1.4.tar.gz
$ cd yara-1.4.tar.gz
$ ./configure

If there are no errors, make the executables.

$ make
$ make check
$ sudo make install

Now add python support.

$ cd ..
$ tar xvfz yara-python-1.4.tar.gz
$ cd yara-python-1.4.tar.gz
$ python setup.py build
$ sudo python setup.py install

You should now be able to call YARA from a shell prompt.

$ yara
usage: yara [OPTION]... [RULEFILE]... FILE
options:
-t print rules tagged as and ignore the rest. Can be used more than once.
-i print rules named and ignore the rest. Can be used more than once.
-n print only not satisfied rules (negate).
-g print tags.
-m print metadata.
-s print matching strings.
-d = define external variable.
-r recursively search directories.
-f fast matching mode.
-v show version information.

Report bugs to:

Installing log2timeline on Ubuntu

Here is a script to ease installation of Kristinn Gudjonsson's Log2Timeline tool on Ubuntu hosts. Tested on Ubuntu Lucid 10.04.

############################################
# log2timeline_ubuntu_deps.sh
############################################
#!/bin/sh
sudo apt-get install libdigest-crc-perl libnetpacket-perl libparse-win32registry-perl libarchive-zip-perl libtimedate-perl libcarp-assert-perl libclass-dbi-perl libdatetime-perl libhtml-scrubber-perl libnet-pcap-perl libparams-validate-perl libimage-exiftool-perl libdbd-sqlite3-perl libdate-manip-perl libdatetime-format-strptime-perl
sudo perl -MCPAN -e 'install File::Mork'
sudo perl -MCPAN -e 'install Data::Hexify'