Compiling Dante Socks v1.4.1

Dante Socks

I have been using Dante Socks for many years now.  It is quite easy to compile.  Although it is probably easier in may respects to simply use a dynamic SSH proxy.  For more information about Dante Socks use the URL below.

http://www.inet.no/dante/

I will be adding a configuration file with comments in another post.  And my goal is to configure Dante Socks to run under systemd.  I need to create a new service unit.  And I want to see how well journald logs.  This will be in separate posts once I have had time to experiment and test.

A Note on Security

As noted on the Dante site, socks does not encrypt your connection, with the exception of compiling in kerberos as an option (gssapi).  It should not be used on an open network.  I have used TACACS+ in the past to login into the Dante Socks server before being able to tunnel my connections.  And that at least will encrypt your ID and password.  Just keep in mind the data will still be unencrypted.  Of course if you are using SSH those packets are secure.  Someone could open the encapsulated packet but then they could not open the encrypted SSH packet within.

Compiling Options

Run './configure --help' for more options.  But to add libwrap (TCP Wrappers), PAM, and gssapi (Kerberos) you need to install the correct headers package first.  The following list is for Raspian 8.  Refer to the official documentation for more information.

  • libwrap0-dev - Headers for librwap
  • libpam0g-dev - Headers for PAM
  • libkrb5-dev - Headers for kerberos

The first time I used socks the binary was located in '/usr/local/sockd/sbin/sockd'.  And the configuration file was in '/etc/sockd/sockd.conf'.  I still compile socks to use these directories.  This of course is completely optional.

  • --prefix=/usr/local/sockd
  • --with-sockd-conf=/etc/sockd/sockd.conf

There is one more optional flag.  If you do not need the client libraries you can add the flag below.  The socksify client will still compile, but the lib directory and the libraries will not be compiled.

  • --disable-client

Listing of the Libraries:

  • libdsocks.la - Textual file that includes a description of the library.  It allows libtool to create platform independant names.
  • libdsocks.so - Shared library which does 'on the fly' socksification.
  • libsocks.la
  • libsocks.so - Shared library - Contains the Rfoo type functions
  • libsocks.a - Static version of libsocks.so

Compile the Code

As stated elsewhere in my posts I came from a mixed UNIX family.  I worked a lot with AIX.  But I also did a lot of work with RHEL, HP-UX and Solaris.  As a result I tend to use commands that work on all platforms.  I know my gzip command below can be simplified with GNU tar.  But that wasn't available on AIX at that time.  Download the code from the URL above.  Place it in '/tmp'.  (/tmp/dante-1.4.1.tar.gz)  Switch to your source directory.  And perform the following steps to compile the code.

  • cd /usr/src
  • umask 022
  • gzip -dc /tmp/dante-1.4.1.tar.gz | tar xvf -
  • cd /usr/src/dante-1.4.1
  • ./configure --prefix=/usr/local/sockd \
    --with-sockd-conf=/etc/sockd/sockd.conf
  • make
  • make install
  • ls -lR /usr/local/sockd (To confirm the existence of the binaries.)
  • [OPTIONAL] strip /usr/local/sockd/sbin/sockd
  • [OPTIONAL] strip /usr/local/sockd/bin/socksify
  • mkdir -m 0755 /etc/sockd
  • cp -p example/sockd.conf /etc/sockd/sockd.conf
  • tar -cvfP - /etc/sockd /usr/local/sockd |gzip >dante-1.4.1-PI.tgz

The '/usr/src/dante-1.4.1/example/sockd.conf' file is a good place to start configuring your Dante socks server.  As stated above I plan to test out some new features of Dante 1.4.1 and post a sample sockd.conf file in the near future.

NOTE:  You must create an INIT script.  This can be either for SysV or systemd init.  If Dante is configured to log to a file the user must also create a log rotation script.  See the Dante FAQ for more information.

Displaying the MAN Pages

There will be four MAN pages.  One for the socksify client.  One for the socksify client configuration (socks.conf).  One for the socks server (sockd).  And one for the socks server configuration (sockd.conf).  You need to update your '/etc/manpath.config' file or use the -M flag with man to read the MAN pages.

  • socksify = man -M/usr/local/sockd/share/man socksify
  • socksify config = man -M/usr/local/sockd/share/man socks.conf
  • sockd = man -M/usr/local/sockd/share/man sockd
  • sockd config = man -M/usr/local/sockd/share/man sockd.conf