Keeping Linux Clean - Checkinstall

KEEPING LINUX CLEAN - CHECKINSTALL

A well-known basic rule to help keep your servers secure is to limit the number of open network ports, but this should be taken further. To further secure your server you should ensure that only the needed software is on the server, as any additional software could only help any attacker. Unfortunately when many of us install a package from source (the ./configure ; make ; make install dance), generally we do it to test it out, but how many of us clean our servers of that software afterwards? This is because cleaning up after a source install can be time-consuming and tricky - at best. But lets take a look at this little tool, checkinstall, which can be found here. It allows us to create a package from which we can install, and thus a package which we can remove when we are finished.

What is Needed?
Well you need to download the tool from the download page (I used the source), then extract and run make install. Thats about it.

Using it
The usage is simple as well, you do the normal ./configure ; make ; make install dance, except that instead of the make install step you use the checkinstall tool. Recently I did an article on the tool htpdate (see here), and the installation steps were; make, then make install. Lets try that again with checkinstall..

# gzip -d htpdate-0.9.1.tar.gz # tar -xvf htpdate-0.9.1.tar # cd htpdate-0.9.1 # make gcc -Wall -ansi -Os -DDEBUG -o htpdate htpdate.c
# checkinstall --type=rpm --default checkinstall 1.6.0, Copyright 2002 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: y Preparing package documentation...OK ************************************** **** RPM package creation selected *** ************************************** This package will be built according to these values: 1 - Summary: [ Package created with checkinstall 1.6.0 ] 2 - Name: [ htpdate ] 3 - Version: [ 0.9.1 ] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ Applications/System ] 7 - Architecture: [ i386 ] 8 - Source location: [ htpdate-0.9.1 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ htpdate ] Enter a number to change any of them or press ENTER to continue: Installing with make install... ========================= Installation results =========================== /usr/bin/strip -s htpdate mkdir -p /usr/bin /usr/bin/install -c -m 755 htpdate /usr/bin/htpdate mkdir -p /usr/share/man/man8 /usr/bin/install -c -m 644 htpdate.8.gz /usr/share/man/man8/htpdate.8.gz ======================== Installation successful ========================== Copying documentation directory... ./ ./Changelog ./README Copying files to the temporary directory...OK Striping ELF binaries and libraries...OK Compressing man pages...OK Building file list...OK Building RPM package...OK NOTE: The package will not be installed Erasing temporary files...OK Deleting doc-pak directory...OK Writing backup package...OK Deleting temp dir...OK ********************************************************************** Done. The new package has been saved to /usr/src/redhat/RPMS/i386/htpdate-0.9.1-1.i386.rpm You can install it in your system anytime using: rpm -i htpdate-0.9.1-1.i386.rpm **********************************************************************

The --type=RPM switch creates a rpm package while the --default switch tells the process to accept all defualt settings. As you can see at the end it has created a rpm file, from which you can install and when you are finished, from which you can uninstall.

Final Words
A nice simple solution to a common problem, this is the way things should work. Checkinstall really is a very useful tool, and can do so much more to can create packages for other types and can do documentation options. Check out the man pages for more options. As always have fun and learn.