-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Three Questions #264
Comments
Devs / @digitalsleuth (sorry bud to always tag you) |
Hey, sorry I'm just now seeing this, not sure how I missed it :) I'll do my best to answer your questions in order:
Since there are a few things on the docket here, it might take a week or so to get to them, but I'll be looking at them this weekend (as well as peepdf). Cheers! |
@digitalsleuth As for the other things: Cheers! |
Not sure if the dev's have someone familiar with both Salt and Go but the integration does not seem easy from what I'm finding so far. I think I found a package that can tie them together to be able to run Go commands in Salt to build the package. It requires Ruby and Docker to run it but it looks like those are already install requirements for the current Remnux package so nothing super extra there. https://github.com/saltstack-formulas/golang-formula/. |
Ok so it has been a pain so far but here is what I got for this golang package I linked above:
It seems like it may be a complex path to try to build a Salt to make this to work with the Remnux package just to get a newer version of Docker Compose to work with it. Again not sure if just sticking with the old v1 in Python may be the best bet just to lessen complications. But I'm stuck at this point and will leave it to someone else to see if they can find a simpler way or if they continue forward, a way to Salt all of this. |
The golang build shouldn't be an issue at all, it's more along the lines of how compose is used and the support for various versions of the compose files. There is a compose binary which can simply be installed and bypass these issues. |
Ah, glad you have a simpler solution than what I tried to figure out. I'm sure you got this. |
Just an update (haven't forgotten about this):
|
@digitalsleuth Hey buddy, It's all good. I know we all got life and other things going on and you would get to these issues when you could. But I am glad to see you managed to find some fixes through everything else you may currently have going on. I'm on vacation for a while longer but I'll do a pull for updates to Remnux once I get back to see if there is any issues that I can find. Thank you for the update and Happy New Years! |
@geeksailor Enjoy the rest of your vacation, and thanks and Happy New Years to you too! |
@geeksailor With recent releases, you should find that the questions you asked above should now all be answered. Please let us know if you have any other concerns, and if this issue can be closed. Cheers! |
@digitalsleuth Sounds good! I'll close this thread out. I am back at work this week so I'm pushing updates to my system today and then I'll see if find any new issues after that (which I hopefully I shouldn't). If I do find anything though I'll start up a new thread. |
I have three questions about the Python salt-states and how they are written for the sake of pure curiosity.
I noticed that all the Python salts install to /usr/bin as root. Why is everything installed as root? Do they all need to be ran as root? Could they be installed as user in the future to say the ~/.local/lib/ so they don't give certain malware elevated privileges while running analysis?
Some of Python salts use git links to install from when some are on PyPi and at the same version or maybe even newer. Would it be more beneficial to pull from PyPi for installs rather than git? The one's I found were:
Unfurl
(I believe they are different forks between the git and PyPi but the PyPi is a month newer on updates)Ioc-parser(Git) vs ioc-parser-ng(PyPi)
(Git was last updated in 2017 and PyPi in 2020)virustotal-api(Git) vs virustotalapi3(PyPi)
(PyPi is just 2 months older but both are still 3 years old since last update)Conflicting dependency[dep it is required by(req vers)]
PyYAML [docker-compose(>=3.10, <6.0), Qiling(>=6.0), python-fx (==6.0.0){needed for qiling}]
NOTE: I think because docker-compose requires <6 and not =<6.0, it balks at installing 6.0)
Unicorn [qiling(>=2.0.1), speakeasy-emulator(==1.0.2)]
pillow [python-fx(==9.2.0), thug(==10.0.1), pytesseract(>=8.0.0)]
python-magic [droidlysis(==0.4.12), thug(==0.4.27)]
antlr4-python3-runtime [python-fx(==4.8), stix2-patterns(~=4.9.0)]
NOTE: Not sure if stix2-patterns is used for Remnux but found it installed and conflicting. It is a dep of a dep of mwcp if this helps.
Thug, python-fx, and qiling seem to come up a lot and seem to be very specific on what it needs. I would say those may need to be put in a virtualenv so they can have the the specific dependencies they need.
I think the only programs i have had noticeable issues with so far with these dependency issues are between trying to use qiling and speakeasy. Their dependency requirements for unicorn breaks one or the other. I have not noticed any issues so far with any of the other dependency requirements but I will make submit a bug report if I do. But hopefully noting these conflicting dependencies might head off any possible future issues.
If you are in the U.S. have a very Happy Thanksgiving!
Cheers!
The text was updated successfully, but these errors were encountered: