- Preparing the host:
- Requirements:
- Installing virtualbox 4.2
- Installing cuckoo:
Get Debian here: http://www.debian.org/distrib/netinst. I used the small CD version. Burn the iso and boot the CD.
Choose the default options (or as appropriate for your site).
When you get to the “Software Selection” screen, unselect all options to get a bare minimum install.
After the install finishes, the CD ejects and the system will reboot. Log back in as root.
Installing python 2.7
To install python 2.7, we will need to fix some dependencies first:
apt-get install libssl-dev libncurses5-dev libsqlite3-dev libbz2-dev libreadline5-dev libgdbm-dev make
Once the packages have been downloaded an installed, lets download and install python 2.7.
wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz
tar -xvzf Python-2.7.3.tgz
cd Python-2.7.3
./configure –prefix=/opt/python2.7
make
make install
Ok, python 2.7 installed, lets link it to our /usr/bin
cd /usr/bin
ln -s /opt/python2.7/bin/python2.7 python2.7
ln -s python2.7 python
Installing Cuckoo requirements:
In order to properly function, Cuckoo requires SQLAlchemy to be installed but the version that apt downloads does not work properly so we are going to install setuptools first to install the latest version of SQLAlchemy and other cuckoo requirements.
Download and installation of setuptools:
wget http://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg
sh setuptools-0.6c11-py2.7.egg
cd /opt/bin
ln -s /opt/python2.7/bin/easy_install easy_install
Installation of SQLAlchemy and other Cuckoo requirements (python-magic, bottle, pefile, pymongo, argparse and jinja2):
easy_install -U pymongo python-magic bottle pefile jinja2 sqlalchemy argparse
Download and installation of dpkt:
wget http://dpkt.googlecode.com/files/dpkt-1.7.tar.gz
tar -xvzf dpkt-1.7.tar.gz
cd dpkt-1.7
python setup.py install
Installing tcpdump
apt-get install tcpdump libcap2-bin
Tcpdump requires root privileges, but since you don’t want Cuckoo to run as root you’ll have to set specific Linux capabilities to the binary:
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
First step, add virtualbox to our source.list file
nano /etc/apt/sources.list
And add the following line
#virtualbox
deb http://download.virtualbox.org/virtualbox/debian squeeze contrib
Download and add virtualbox gpg key
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | apt-key add -
Update our debian source and install virtualbox
apt-get update
apt-get install virtualbox-4.2
Virtual will install python 2.6 so we need to reconfigure our python
cd /usr/bin
rm python
ln -s python2.7 python
Lets create a user for cuckoo (dont really needed but recomended) and add it to virtualbox user group
adduser cuckoo
usermod -a -G vboxusers cuckoo
Next step, git installation to get the latest cuckoo version
apt-get install git
And finally, lets install cuckoo
su cuckoo
cd
git clone git://github.com/cuckoobox/cuckoo.git
'툴 정보 및 사용법 > ETC' 카테고리의 다른 글
| vim 기본 설정하기 (0) | 2013.04.22 |
|---|---|
| vSphere 프로비저닝 개념 (0) | 2013.01.31 |
| 아파치에서 파이썬 돌리기(Configuring the Apache Web Server to Run Python) (0) | 2013.01.23 |
| Cuckoo :: Installing Cuckoo Sandbox on Ubuntu 12.04 LTS for Malware Analysis Leave a comment (0) | 2012.06.28 |
| Linux에서 파일 내에 특정 문자열을 검색 (0) | 2012.03.07 |
