-
Notifications
You must be signed in to change notification settings - Fork 8
/
Cuckoo_Odoriba_Install.txt
executable file
·148 lines (114 loc) · 3.67 KB
/
Cuckoo_Odoriba_Install.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
Cuckoo Odoriba Install
Install Examples.
[ System ]
Host OS : OS X ElCapitan
CPU: Intel core i7
Mem: 16GB
HDD: 2TB
**** Cuckoo Install Part
>>>>>>> HOST OS
1. Install home brew
$ ruby -v
$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
$ brew doctor
2. Preparation for cuckoo2.0 rc1 install
2.0 Git Clone
$ git clone https://github.com/Recruit-CSIRT/odoriba.git
2.1 apt-get install(for mongodb(linux) and tcpdump.) not need if you use/usr/sbin/tcpdump and brew install mongodb.
flink helper script
<http://www.finkproject.org/download/srcdist.php>
$ chmod +x flink_helperscript.sh
$ xcode install
$ java install http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
jdk-8u91-macosx-x64.dmg
$ ./flink_helperscript.sh
xquaz install
$ ./flink_helperscript.sh
flink install :Enter
lastly update 「3: rsync」
2.2 python 2.7.11 install
$ brew install python
$ pip install --upgrade pip
2.3 pyenv install
$ brew install pyenv-virtualenv
< addition ~/.bash_profile >
export PYENV_ROOT=${HOME}/.pyenv
if [ -d "${PYENV_ROOT}" ]; then
export PATH=${PYENV_ROOT}/bin:$PATH
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
fi
2.4 cuckoo requirement install
Ref: http://docs.cuckoosandbox.org/en/latest/installation/host/requirements/
$ sudo apt-get install mongodb
sudo mkdir -p /data/db
sudo mongod
$ sudo pip install -r cuckoo/requirements.txt
#cryptography==1.0 # Comments Out
cryptography-1.3.2 was installed instead.
$ brew install yara
$ brew install ssdeep
# download https://pypi.python.org/pypi/pydeep/
$ tar xzvf Downloads/pydeep-0.2.tar.gz
$ cd pydeep-0.2/
$ python setup.py build
$ python setup.py install
$ sudo apt-get install tcpdump
$ brew install tesseract # for screen shot
$ sudo pip install pycrypto ( if you use volatility 2.5 later)
* volatility install (brew install volatility ; does't work from cuckoo)
# download volatility from https://github.com/volatilityfoundation
$ python setup.py install
https://pypi.python.org/pypi/distorm3
$ unzip distorm3-3.3.0.zip
$ cd distorm3-3.3.0
$ sudo python setup.py build install
cuckoo user create 〜 register vboxusers
$ System Preference -> User and Group -> cuckoo user create(Pass: cuckoo)
$ sudo dscl . -create /Groups/vboxusers
$ sudo dscl . -append /Groups/vboxusers PrimaryGroupID 999
$ sudo dscl . -append /Groups/vboxusers GroupMembership cuckoo
>>>>>>>> GUEST OS
http://docs.cuckoosandbox.org/en/latest/installation/guest/
>>>>>>> HOST OS Configuration
■conf settings at least
http://docs.cuckoosandbox.org/en/latest/installation/host/configuration/
# cuckoo conf
check result server's ip and vboxnet0 interface
memory_dump = on
# virtualbox.conf
# vmware.conf
# reporting.conf
[mongodb]
enabled = yes
# auxiliary.conf
tcpdump = /sw/sbin/tcpdump
# processing.conf
[baseline]
enabled = yes
[memory]
enabled = yes
[screenshots]
enabled = yes
tesseract = /usr/local/bin/tesseract
**** Odoriba Custom settings
# preparations(optional)
$ touch ~/odoriba/log/got_seedslist.csv
$ chmod 766 ~/odoriba/log/got_seedslist.csv
# Database Deletion
> cuckooDB
$ ~/odoriba/cuckoo.py —-clean
if you clean cuckoo db ,
-> please delete /odoriba/web/static/json/*
and db.dropDatabase() against intel db ,real db
>Customize DB
$ mongo
$ use intel
$ db.dropDatabase()
$ use real
$ db.dropDatabase()
Memo
■ Browser
http://127.0.0.1:8001
■ Signature update
~/odoriba/utils/community.py --signatures --force --rewrite