{"id":13509348,"url":"https://github.com/codeyourweb/fastfinder","last_synced_at":"2026-01-24T16:07:00.784Z","repository":{"id":40440801,"uuid":"433206490","full_name":"codeyourweb/fastfinder","owner":"codeyourweb","description":"Incident Response - Fast suspicious file finder","archived":false,"fork":false,"pushed_at":"2022-05-08T19:55:06.000Z","size":3933,"stargazers_count":215,"open_issues_count":1,"forks_count":27,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-02-14T19:31:17.507Z","etag":null,"topics":["dfir","incident-response","investigation","threat-hunting"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codeyourweb.png","metadata":{"files":{"readme":"README.linux-compilation.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-11-29T21:46:04.000Z","updated_at":"2024-02-03T20:53:15.000Z","dependencies_parsed_at":"2022-07-12T00:17:21.469Z","dependency_job_id":null,"html_url":"https://github.com/codeyourweb/fastfinder","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codeyourweb%2Ffastfinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codeyourweb%2Ffastfinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codeyourweb%2Ffastfinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codeyourweb%2Ffastfinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codeyourweb","download_url":"https://codeload.github.com/codeyourweb/fastfinder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222552814,"owners_count":17002160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dfir","incident-response","investigation","threat-hunting"],"created_at":"2024-08-01T02:01:06.477Z","updated_at":"2026-01-12T02:59:55.399Z","avatar_url":"https://github.com/codeyourweb.png","language":"Go","readme":"# Linux Compilation Guide\n\n![Linux](https://img.shields.io/badge/Platform-Linux-orange?style=for-the-badge\u0026logo=linux)\n![Go Version](https://img.shields.io/badge/Go-1.24+-00ADD8?style=for-the-badge\u0026logo=go)\n![GCC](https://img.shields.io/badge/Compiler-GCC-red?style=for-the-badge\u0026logo=gnu)\n\n## 📝 Overview\n\nThis guide provides step-by-step instructions for compiling FastFinder from source on Linux systems. While FastFinder was originally designed for Windows, it works perfectly on Linux with proper dependency setup.\n\n## ⚙️ Prerequisites\n\n### System Requirements\n\n- **Go 1.24+** installed and configured\n- **GCC compiler** and build tools\n- **Root/sudo privileges** for system package installation\n- **4GB+ RAM** recommended for compilation\n\n### Environment Variables\n\nEnsure these are properly configured:\n\n```bash\n# Verify Go installation\ngo version\necho $GOPATH\necho $GOOS     # should be \"linux\"\necho $GOARCH   # typically \"amd64\"\n```\n\n## 🛠️ Step 1: Install System Dependencies\n\n### Ubuntu/Debian\n\n```bash\nsudo apt update\nsudo apt install -y \\\n    build-essential \\\n    automake \\\n    libtool \\\n    make \\\n    gcc \\\n    pkg-config \\\n    git \\\n    libssl-dev\n```\n\n### CentOS/RHEL/Rocky Linux\n\n```bash\nsudo yum groupinstall -y \"Development Tools\"\nsudo yum install -y \\\n    automake \\\n    libtool \\\n    make \\\n    gcc \\\n    pkgconfig \\\n    git \\\n    openssl-devel\n```\n\n### Fedora\n\n```bash\nsudo dnf groupinstall -y \"C Development Tools and Libraries\"\nsudo dnf install -y \\\n    automake \\\n    libtool \\\n    make \\\n    gcc \\\n    pkgconf \\\n    git \\\n    openssl-devel \\\n    zlib-devel\n```\n\n\u003e ⚠️ **Fedora-specific workaround**: Depending on your Fedora version, after installing YARA, you may encounter library linking issues. See the [troubleshooting section](#fedora-library-workaround) below for the required additional steps.\n\n### Arch Linux\n\n```bash\nsudo pacman -S \\\n    base-devel \\\n    automake \\\n    libtool \\\n    make \\\n    gcc \\\n    pkgconfig \\\n    git \\\n    openssl\n```\n\n## 🔧 Step 2: Build YARA Library\n\n### 2.1 Download YARA Source\n\n```bash\n# Create build directory\nmkdir -p ~/build \u0026\u0026 cd ~/build\n\n# Download latest stable release\nYARA_VERSION=\"4.5.5\"  # Check https://github.com/VirusTotal/yara/releases for latest\nwget https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz\ntar -xzf v${YARA_VERSION}.tar.gz\ncd yara-${YARA_VERSION}\n```\n\n### 2.2 Configure and Build YARA\n\n```bash\n# Generate build scripts\n./bootstrap.sh\n\n# Configure with optimization\n./configure --enable-cuckoo --enable-magic --enable-dotnet\n\n# Build with parallel jobs\nmake -j$(nproc)\n\n# Run tests to verify build\nmake check\n\n# Install system-wide\nsudo make install\n\n# Update library cache\nsudo ldconfig\n```\n\n### 2.3 Verify YARA Installation\n\n```bash\n# Test YARA binary\nyara --version\n\n# Verify library linking\nexport PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig\npkg-config --cflags --libs yara\n\n# Test with simple rule\necho 'rule test { condition: true }' | yara /dev/stdin /bin/ls\n```\n\n## 🌐 Step 3: Configure CGO Environment\n\n### 3.1 Set Build Flags\n\nCGO requires specific flags to link with the YARA library:\n\n```bash\n# Add to your ~/.bashrc or ~/.profile\nexport CGO_CFLAGS=\"-I/usr/local/include\"\nexport CGO_LDFLAGS=\"-L/usr/local/lib -lyara\"\n\n# Reload environment\nsource ~/.bashrc\n```\n\n### 3.2 Alternative: Custom Installation Path\n\nIf you installed YARA to a custom prefix:\n\n```bash\n# Example for /opt/yara installation\nexport CGO_CFLAGS=\"-I/opt/yara/include\"\nexport CGO_LDFLAGS=\"-L/opt/yara/lib -lyara\"\nexport PKG_CONFIG_PATH=\"/opt/yara/lib/pkgconfig:$PKG_CONFIG_PATH\"\nexport LD_LIBRARY_PATH=\"/opt/yara/lib:$LD_LIBRARY_PATH\"\n```\n\n## 🚀 Step 4: Build FastFinder\n\n### 4.1 Download Source Code\n\n```bash\n# Option 1: Clone repository\ngit clone https://github.com/codeyourweb/fastfinder.git\ncd fastfinder\n\n# Option 2: Using go modules\ngo mod download github.com/codeyourweb/fastfinder\n```\n\n### 4.2 Build FastFinder\n\n```bash\n# Verify CGO is enabled\ngo env CGO_ENABLED  # should return \"1\"\n\n# Build with static YARA linking\ngo build -tags yara_static -a -ldflags '-s -w' .\n\n# Alternative: Build with dynamic linking\ngo build -ldflags '-s -w' .\n```\n\n### 4.3 Create Optimized Release Build\n\n```bash\n# Static build for distribution\nCGO_ENABLED=1 go build \\\n    -tags yara_static \\\n    -a \\\n    -ldflags '-s -w -extldflags \"-static\"' \\\n    -o fastfinder-linux-amd64 .\n\n# Verify static linking\nldd fastfinder-linux-amd64  # should show \"not a dynamic executable\"\n```\n\n## ✨ Post-Installation\n\n### Verify Installation\n\n```bash\n# Test the binary\n./fastfinder --help\n\n# Check version and build info\n./fastfinder --version\n\n# Run with a simple configuration\n./fastfinder -c examples/example_configuration_linux.yaml\n```\n\n### Install System-Wide (Optional)\n\n```bash\n# Copy to system binary directory\nsudo cp fastfinder /usr/local/bin/\n\n# Make available system-wide\nsudo chmod +x /usr/local/bin/fastfinder\n\n# Verify system installation\nfastfinder --version\n```\n\n## 🔧 Troubleshooting\n\n### Common Issues\n\n| Issue | Solution |\n|-------|----------|\n| `yara.h: No such file or directory` | Install YARA development headers or check CGO_CFLAGS |\n| `undefined reference to 'yr_*'` | Verify YARA library installation and CGO_LDFLAGS |\n| `pkg-config: command not found` | Install pkg-config package |\n| `cgo: C compiler \"gcc\" not found` | Install build-essential or equivalent |\n| `permission denied` | Check file permissions or use sudo for installation |\n\n### Debug Commands\n\n```bash\n# Check YARA installation\nyara --version\npkg-config --exists yara \u0026\u0026 echo \"YARA found\" || echo \"YARA missing\"\n\n# Verify CGO environment\necho \"CGO_CFLAGS: $CGO_CFLAGS\"\necho \"CGO_LDFLAGS: $CGO_LDFLAGS\"\ngo env CGO_ENABLED\n\n# Test CGO compilation\ngo env -w CGO_ENABLED=1\ngo test -v github.com/hillu/go-yara/v4\n```\n\n### Fedora Library Workaround\n\n**Problem**: On Fedora systems, you may encounter the error:\n```\nfastfinder: error while loading shared libraries: libyara.so.10: cannot open shared object file: No such file or directory\n```\n\n**Root Cause**: Fedora installs YARA libraries in `/usr/local/lib` but this path may not be in the system's library search path.\n\n**Solution**:\n\n1. **Verify YARA library location**:\n   ```bash\n   ls -la /usr/local/lib/libyara*\n   # Should show: libyara.a, libyara.la, libyara.so, libyara.so.10, etc.\n   ```\n\n2. **Create library configuration file**:\n   ```bash\n   sudo tee /etc/ld.so.conf.d/yara-x86_64.conf \u003c\u003c EOF\n   /usr/local/lib\n   EOF\n   ```\n\n3. **Update library cache**:\n   ```bash\n   sudo ldconfig\n   ```\n\n4. **Verify library is found**:\n   ```bash\n   ldconfig -p | grep libyara\n   # Should show: libyara.so.10 (libc6,x86-64) =\u003e /usr/local/lib/libyara.so.10\n   ```\n\n5. **Update CGO flags for Fedora**:\n   ```bash\n   export CGO_CFLAGS=\"-I/usr/local/include\"\n   export CGO_LDFLAGS=\"-L/usr/local/lib -lyara\"\n   export PKG_CONFIG_PATH=\"/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH\"\n   export LD_LIBRARY_PATH=\"/usr/local/lib:$LD_LIBRARY_PATH\"\n   ```\n\n\u003e 📖 **Reference**: This workaround addresses the issue documented in [GitHub Issue #5](https://github.com/codeyourweb/fastfinder/issues/5)\n\n### Build Variants\n\n```bash\n# Debug build with symbols\ngo build -tags yara_static -gcflags=\"-N -l\" .\n\n# Cross-compilation for other architectures\nGOOS=linux GOARCH=arm64 CGO_ENABLED=1 CC=aarch64-linux-gnu-gcc \\\n    go build -tags yara_static .\n\n# Build with race detector (development only)\ngo build -race .\n```\n\n## 📚 Additional Resources\n\n- **YARA Documentation**: [https://yara.readthedocs.io/](https://yara.readthedocs.io/)\n- **Go-YARA Bindings**: [https://github.com/hillu/go-yara](https://github.com/hillu/go-yara)\n- **CGO Documentation**: [https://golang.org/cmd/cgo/](https://golang.org/cmd/cgo/)\n\n---\n\n🚀 **Success!** You should now have a working `fastfinder` binary.\n\n🔗 **Next Steps**: See the main [README](README.md) for usage instructions and configuration examples.\n","funding_links":[],"categories":["Tools","Endpoint","Go","threat-hunting"],"sub_categories":["IOC Scanner","Anti-Virus / Anti-Malware"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeyourweb%2Ffastfinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeyourweb%2Ffastfinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeyourweb%2Ffastfinder/lists"}