Wednesday, December 15, 2010

Sleuthkit 3.2.0 on Ubuntu 10.10

Some time ago I have written a short "how-to" in relation to installing the Sleuthkit on Ubuntu. Recently I have tried to install the latest Sleuthkit 3.2.0 on Ubuntu 10.10 (32-bit) and ran into a problem when compiling it. It took me some time to figure out how to get it working.

Step 1:

sudo apt-get install libewf1 libewf-dev zlib1g-dev build-essential libexpat1-dev libfuse2 libfuse-dev fuse-utils gvfs-fuse libncurses5-dev libreadline-dev uuid-dev libssl-dev

Step 2:

Download and extract afflib 3.6.4
In terminal go to the extracted directory and run the usual
./configure
make
sudo make install


Step 3:

Download Sleuthkit 3.2.0 and extract it. Next I had to apply a quick fix by adding LDFLAGS link option to configure.ac file located inside the extracted sleuthkit-3.2.0 directory. Adding the following line LDFLAGS="$LDFLAGS -lsqlite3 -lpthread -ldl" seems to fix the problem.


I then navigated to sleuthkit-3.2.0 directory in terminal and run

./configure
make
sudo make install


DONE

5 comments:

Tyler said...

Worked great. Thanks!

Jay Lepore said...

Andre,

I too am having an install problem on Sleuthkit 3.2 / Ubuntu 10.10 but not getting past an error even after using your LDFLAGS=... fix.

Do you have any thoughts on this error...

make[2]: Entering directory `/cm/sleuthkit3.2/tools/autotools'
/bin/bash ../../libtool --tag=CXX --mode=link g++ -g -O2 -L/usr/local/lib -static -o tsk_loaddb tsk_loaddb.o ../../tsk3/libtsk3.la
libtool: link: g++ -g -O2 -o tsk_loaddb tsk_loaddb.o -L/usr/local/lib ../../tsk3/.libs/libtsk3.a
../../tsk3/.libs/libtsk3.a(sqlite3.o): In function `pthreadMutexTry':
/cm/sleuthkit3.2/tsk3/auto/sqlite3.c:16683: undefined reference to `pthread_mutex_trylock'
../../tsk3/.libs/libtsk3.a(sqlite3.o): In function `pthreadMutexAlloc':
/cm/sleuthkit3.2/tsk3/auto/sqlite3.c:16551: undefined reference to `pthread_mutexattr_init'
/cm/sleuthkit3.2/tsk3/auto/sqlite3.c:16552: undefined reference to `pthread_mutexattr_settype'
/cm/sleuthkit3.2/tsk3/auto/sqlite3.c:16554: undefined reference to `pthread_mutexattr_destroy'

Andre Ross said...

Jay,

I couldn't replicate it. I have tried to install on Updated Ubuntu 10.10 and all worked even without the LDFLAGS fix. Try to update your machine first apt-get update/upgrade and try to install it again. One more thing, don't use Libewf alpha, get stable version otherwise you may get ewf.h:36:error ....

Joseph Kahlich said...

Where in the .ac file do you put the line?

Andre Ross said...

Sorry Joseph,

I don't check the blog comments often nowadays. Plz email me if you still need help with this.

Regards,
A.R.