The Cuckoo Rooter
is a new concept, providing root
access for various commands to Cuckoo (which itself generally speaking runs as non-root). This command is currently only available for Ubuntu and Debian-like systems.
In particular, the rooter
helps Cuckoo out with running network-related commands in order to provide per-analysis routing options. For more information on that, please refer to the routing
document. Cuckoo and the rooter
communicate through a UNIX socket for which the rooter
makes sure that Cuckoo can reach it.
Its usage is as follows:
$ cuckoo rooter --help
Usage: cuckoo rooter [OPTIONS] [SOCKET]
Options:
-g, --group TEXT Unix socket group
--ifconfig PATH Path to ifconfig(8)
--service PATH Path to service(8) for invoking OpenVPN
--iptables PATH Path to iptables(8)
--ip PATH Path to ip(8)
--sudo Request superuser privileges
--help Show this message and exit.
By default the rooter
will default to chown
'ing the cuckoo
user as user and group for the UNIX socket, as recommended when installing
. If you're running Cuckoo under a user other than cuckoo
, you will have to specify this to the rooter
as follows:
$ sudo cuckoo rooter -g <user>
The other options are fairly straightforward - you can specify the paths to specific Linux commands. By default one shouldn't have to do this though, as the rooter
takes the default paths for the various utilities as per a default setup.
Due to the fact that the rooter
must be run as root
user, there are some slight complications when using a virtualenv
to run Cuckoo. More specifically, when running sudo cuckoo rooter
, the $VIRTUAL_ENV
environment variable will not be passed along, due to which Python will not be executed from the same virtualenv
as it would have been normally.
To resolve this one simply has to execute the cuckoo
binary from the virtualenv
session directly. E.g., if your virtualenv
is located at ~/venv
, then running the rooter
command could be done as follows:
$ sudo ~/venv/bin/cuckoo rooter
Alternatively one may use the --sudo
flag which will call sudo
on the correct cuckoo
binary with all the provided flags. In turn the user will have to enter his or her password and, assuming all is fine, the Cuckoo Rooter will be started properly, e.g.:
(venv)$ cuckoo rooter --sudo
Using the Cuckoo Rooter
is actually pretty easy. If you know how to start it, you're basically good to go. Even though Cuckoo talks with the Cuckoo Rooter for each analysis with a routing option other than routing_none
, the Cuckoo Rooter does not keep any state or attach to any Cuckoo instance in particular.
It is therefore that once the Cuckoo Rooter has been started you may leave it be - the Cuckoo Rooter will take care of itself from that point onwards, no matter how often you restart your Cuckoo instance.