I'm interested in cyber security and CTFs, within CTFs you need a variety of tools to help along the way. For example, John The Ripper, a password cracking tool. I'm not sure I really want to have John be command accessible from anywhere on my computer, I don't want things to get cluttered. Luckily in this example, (I don't know all the technical terms to don't crucify me), I installed John with git and configured the program just in one directory and then execute the commands from that directory. If I do "ls" it just gives me a list of the commands at my disposal and I can operate from there. Is there this option for all tools? Typically tutorials suggest pip install or snap install but these seemingly install to my entire computer, so the commands from the program I installed are accessible from everywhere. Is there a way I can use pip or snap such that it only installs to one directory like when I used git to install John?
-
virtualenv and virtualenvwrapper .It might be the answer you want – mfuuzy Jul 25 '19 at 11:13
2 Answers
Not really the way you envision - packaged software is usually intended for all users.
You can, after install, move the binary from a public location like /usr/bin/foo to a private location like /home/USERNAME/bin/foo. And you can chmod the permission so only you can execute it. However, these actions will break (for example) apt: No package upgrades, no simple path to clean uninstall, and any error aborts the entire apt queue.
Consider instead either 1) Manually installing from source, so you can contain your customizations, 2) Using AppImage versions the software, which do remain in one place, or 3) Using a private LXC/D container or VM so you can use apt/pip.
Of course, with Python, you can also use 4) virtualenv (venv).
- 62,253
I'm interested in cyber security and CTFs, within CTFs you need a variety of tools to help along the way.
That's what a Python virtual environment like virtualenv (python-virtualenv and python3-virtualenv) is for. The virtualenv utility creates virtual Python instances, each invokable with its own Python executable. Each instance can have different sets of modules. Virtual Python instances can also be created without root access.
To set up and use a Python virtual environment follow the instructions in How to set up and use a virtual python environment in Ubuntu? or the more up-to-date instructions in this answer.
pip usually gets its packages from the Python Package Index (PyPI). The Python Package Index (PyPI) is a repository of software for the Python programming language. Anyone can upload their own Python packages to PyPI. There is not much oversight on what packages are available in PyPI, so your protection is to install packages with pip inside a python virtual environment instead of globally with sudo unless you're absolutely sure what you're doing. Otherwise you're potentially giving root access to some developer's programming errors. This defeats your objective of installing programs to just one directory, but what you get in return is a more secure system, which is what you should want from a cyber security point of view.
From: When installing user applications, where do "best practices" suggest they be located?:
Occasionally I install applications manually, rather than using apt or another package manager. What location (
/usr/,/usr/local/,/opt/,/home/, etc.) is suggested by "best practices" for the installation of user applications?
According top the accepted answer: If the application has a makefile, or for example for python apps if the application uses distutils (e.g., has a setup.py file), or a similar build/install system, you should install it into /usr/local/. This is often the default behavior.
- 114,770