Sunday, July 06, 2008

PTK on Fedora 8

Wow, this was a painful install... and I'm not even sure if it's completely over :-/ Though I haven't been able to get this working completely with all of my practice images, PTK looks somewhat promising. Update: PTK works see update at the end.

Anyway, before you get started, you should make sure to install all of the packages you need:


mysql
mysql-server
php
php-mysql
php-mbstring
httpd
Sleuthkit



In addition, according to the help forums, you also need the following libraries for Sleuthkit (I must have had a previous version because I haven't had to do this before):


afflib
libewf



The following package is not *required* but can help you a lot if you are not used to command line management of mysql databases:


phpMyAdmin


With all of the above packages, just do a ``yum install''. After you start MySql and httpd you should be set. I have already gone over how to set up MySQL and will not repeat it here. If you want to make sure that everything has installed correctly, you can see the php information by created a file called info.php in the /var/log/www/html directory that contains:


<?php
phpinfo();
?>



To see the information, open a browser and go to http://127.0.0.1/info.php. Scroll down until you see the following:





Now, download the PTK sourcecode. After you extract it, you should have a folder that contains a license file, Setup file, PTK.sql file and another tarball. Make sure that the md5 hash values are correct:


$ cat md5sums.txt
76b10e2f1c8bfd25a7128e1ca4f3009a ptk-beta_0.1.tar.gz
15d83f58161f816db660c65cf12c717e PTK.sql
e7cebc317dda69f2df81856118d924f3 Setup
$ md5sum -c md5sums.txt
ptk-beta_0.1.tar.gz: OK
PTK.sql: OK
Setup: OK



I tried just using the Setup file and failed miserably. I would get the nice welcome screen, but couldn't log in to PTK. Then I tried the manual install shown in the tutorial... It also didn't work. Things were getting installed in the wrong directories, even after I had told it where to install correctly using the original Setup script. Also, the Setup script looks for files called md5 and sha1, which are called md5sum and sha1sum on my machine...

So after analyzing the Setup file, I wrote a patch and finally got PTK working which you can find here. To apply the patch type:


patch -b Setup fedora-patch.txt


This will make a backup of the Setup file in case things go awry.

Make sure that you pay attention to output of the Setup script and check to see if there are any errors. If things go well, you should see the following screens:







If everything goes ok, you should have PTK installed in your /var/www/html/ptk directory. You can start it by going to: http://127.0.0.1/ptk. You have to log in using the ``admin'' account, and hopefully you don't forget your password you used for this!



Issues All but the last issue are resolved:
I am not yet sure of the cause of all of these issues, but I thought I would list things here.
  • fatv images do not seem to be recognized and I am unable to browse the file system at all.
  • I am unable to get an initial correct hash of the image without running the browser as root
  • After the initial hash is taken, verification yields an incorrect hash (see pic below) and I suspect it is hashing the symbolic link and not the image itself. The top md5sum hash is correct, the second verification one is not.
  • If you have SELinux working, you will have to use workarounds to let this program work (which is an SELinux thing, not a PTK thing exactly)
  • When you search for images, you are initially directed to the /var/log/www/ptk/images folder, which is fine. If you add a disk image there, you do not see it. You have to go back 2 directories and then forward again before the disk image appears




Edit: PTK Works

As I wrote previously, I managed to get PTK installed on Fedora 8. I had a few issues with seeing the images at the end, however. It was a permissions problem. I can't believe I missed that. But it works and it seems fun. So if you are installing PTK on Fedora, follow the earlier instructions and use the patch I made and then check the permissions of the ptk folder to make sure that it is owned by apache (or whatever user you have as your webserver). If it isn't then do a recursive chown:


# chown -R apache.apache /var/www/html/ptk









I have only a couple of complaints: The folders are kind of hard to see on the left hand side, but there may be some way to remedy that. Also, I'm still having the problem of having to go back two folders and then forwards when importing an image, but I guess it's not that bad... Still, PTK has some nice options, like the gallery view, and the interface is nice. So far I like it :-)

5 comments:

Unknown said...

yo, i am gonna link your precious post from my blog. Next time i'll get to nyc i'll owe you a glass of wine somewhere in tribeca :) DF

Jamie Levy said...

Sure, sounds like fun :-)

JeffSoh said...

Nice site, good stuff.

Anonymous said...

Have you tried PRK with Fedora 10?

Jamie Levy said...

@Anonymous

Assuming you meant "PTK", not yet ;-) I've run it on F9, but haven't tried it on F10 yet. Perhaps it's time to give it a spin.