This is the next part in a series of blog posts focusing on the open-source tool FTimes. This blog post will demonstrate building FTimes with XMagic and an embedded Lua interpreter. In so doing, FTimes will be able to perform more complex searches by utilizing file hooks.

For this exercise, we will be using Kali Linux as our build environment.

One prerequisite for building FTimes with XMagic is PCRE and its associated development libraries. Users can install this on Kali and other Debian based systems using:

sudo apt-get install libpcre3 libpcre3-dev

Another prerequisite for building FTimes for version 3.13.0 and above is to have KLEL installed. As of this blog post, the current version is 1.2.0, and a distribution tar ball can be obtained from the link provided.

tar -zxf libklel-1.2.0.tar.gz
cd libklel-1.2.0
mkdir b
cd b
../configure
make
sudo make install

This will install the header files and libraries with a default prefix of '/usr/local'.

N.B. If you want to change where this software is installed, use the '--prefix' option when running the configure command above.

Due to the fact that operating system package maintainers differ in where and how Lua gets installed, we will be building/installing our own version. As of this blog post, the current version is 5.3.5. We will download directly from the Lua website, compile, and install.

mkdir build && cd build
wget https://www.lua.org/ftp/lua-5.3.5.tar.gz
tar -zxf lua-5.3.5.tar.gz
cd lua-5.3.5
make linux test
sudo make install

Next, untar the FTimes tar ball and change to the ftimes-3.13.0 source directory:

tar -zxf ftimes-3.13.0.tgz
cd ftimes-3.13.0

Create a work directory (e.g., 'b' for build). This is where you will build ftimes. We prefer to create/use a separate work directory so that configuration changes can be made easily without disturbing the original source directories. It also makes cleanup a breeze (i.e., a simple directory removal restores the project to its original state).

mkdir b
cd b

Next, run the configure script providing it the necessary options for building the Lua interpreter along with all associated FTimes tools.

../configure --with-all-tools --with-lua=/usr/local
make
sudo make install

You can now verify that your FTimes executable has been built with Lua embedded in it by running:

ftimes --version

ftimes 3.13.0 64-bit klel(1.2.0),lua(5.3),pcre(8.39),filters(pcre),xmagic

Now that Lua has been embedded in the executable, you can use its interpreter to implement file hooks (via the FileHooks control), which incorporate and utilize the KLEL library. An upcoming blog post in this series will delve into that. We hope you stay tuned.