From 8c9a64149b07aafbf089f54c2b6d03510abf861c Mon Sep 17 00:00:00 2001 From: "Robert J. Hansen" Date: Mon, 2 Sep 2019 23:40:48 -0400 Subject: [PATCH] Update index.md --- index.md | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/index.md b/index.md index 76189ad..cc1ad4b 100644 --- a/index.md +++ b/index.md @@ -1,5 +1,5 @@ # nsrlsvr -The latest stable version is [1.6.1](https://github.com/rjhansen/nsrlsvr/archive/1.6.1.tar.gz), also available as [an RPM for Fedora 24 x86_64](https://github.com/rjhansen/nsrlsvr/releases/download/1.6.1/nsrlsvr-1.6.1-1.x86_64.rpm). +The latest stable version is [1.7.0](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz). ## What’s nsrlsvr? The National Institute of Standards and Technology (NIST) maintains the National Software Reference Library (NSRL) — a giant compendium of software contributed by vendors. It’s not a library in the sense that you can check things out from it, though: it’s more a library that you can check to see whether a given file already exists. All the system files from Windows 7 are in the NSRL, as is the latest releases of Firefox and Opera and Chrome, Winamp and… @@ -16,4 +16,36 @@ Forensic investigators, first responders and technical support staff often have It keeps track of 40 million hash values in an in-memory dataset and allows users to query that set at extremely high volume. This allows an investigator using an NSRL tool (such as `nsrllookup`) to winnow through large numbers of files in a very short period of time. ## Who wrote it? -I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr). \ No newline at end of file +I did — Rob Hansen, or rjhansen on GitHub. Feel free to [email me](mailto:rjh@sixdemonbag.org?subject=nsrlsvr). + +## Build instructions + +You will need: + +* The [source code](https://github.com/rjhansen/nsrlsvr/archive/1.7.0.tar.gz) +* A _good_ C++14 compiler. GCC 5.0 will work, barely. On the latest GCC and Clang it hums nicely. +* [CMake](https://www.cmake.org) 3.4 or later +* [Boost](https://boost.org) 1.66 or later +* A copy of the [minimal NSRL RDS](https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/rds_modernm.zip) + +Once you've uncompressed the latest archive, go into that directory and: + +``` +cmake -DPYTHON_EXECUTABLE=`which python3` -DCMAKE_BUILD_TYPE=Release . +make +sudo make install +``` + +You will need a database of hashes to load into `nsrlsvr`. Extract the file `NSRLFile.txt` from `rds_modernm.zip` and run `nsrlupdate`: + +``` +sudo nsrlupdate /path/to/NSRLFile.txt +``` + +Once that's done you should be able to type + +``` +nsrlsvr +``` + +and have it start up.