This is the second and the last blog post of a whole article to explain how to install Cuckoo Sandbox.
If you haven’t read first article yet please read it first here.
Preparing the guest:
Creation of the Virtual Machine
Once you have properly installed your virtualization software, you can proceed on creating all the virtual machines you need to execute the samples.
Python is a strict requirement for the Cuckoo guest component (analyzer) in order to run properly.
Python version 2.7 must be downloaded: https://www.python.org/downloads/
It is used for taking screenshots of the Windows desktop during the analysis.
Depending on the files to analyze, other software needs to be installed:
- Microsoft Office
- Pdf reader
- Other browsers
Windows SettingsIn order to work properly the Windows virtual machine needs all security controls deactivated nor automatic software updates:
- Disable updates
- Disable firewall
- Disable Windows User Access Control (UAC)
- Virtual Networking
**Configure network interface**
VirtualBox configured as host-only and using vboxnet0
Installing the Agent
In the $CWD/agent/ directory you will find the agent.py file.
Copy this file to the Guest operating system startup folder.
If you want to hide the agent’s window, you can rename the file from agent.py to agent.pyw that will prevent the console window from spawning.
Saving the Virtual Machine
$ VBoxManage snapshot "Win7" take "Win7_snapshot" –pause $ VBoxManage controlvm "Win7" poweroff $ VBoxManage snapshot "Win7" restorecurrent
Add the snapshot name into the virtualbox.conf configuration file:
# (Optional) Specify the snapshot name to use. If you do not specify a snapshot # name, the VirtualBox MachineManager will use the current snapshot. # Example (Snapshot1 is the snapshot name): snapshot = Name of snapshot
Web InterfaceTo be able to use the Cuckoo Sandbox interface we need some extra package requirements.
$ sudo apt-get install uwsgi uwsgi-plugin-python nginx apache2-utils
Create an uWSGI configuration file at /etc/uwsgi/apps-available/cuckoo-web.ini that contains the actual configuration as reported by the cuckoo web –uwsgi
Enable the app configuration and start the server.
$ sudo ln -s /etc/uwsgi/apps-available/cuckoo-web.ini /etc/uwsgi/apps-enabled/ $ sudo service uwsgi start cuckoo-web # or reload, if already running
Keep in mind that logs for the application are found in the standard directory for distribution app instances, i.e., /var/log/uwsgi/app/cuckoo-web.log
Create a nginx configuration file at /etc/nginx/sites-available/cuckoo-web that contains the actual configuration as reported by the cuckoo web –nginx command.
$ sudo adduser www-data cuckoo $ sudo ln -s /etc/nginx/sites-available/cuckoo-web /etc/nginx/sites-enabled/ $ sudo service nginx start # or reload, if already running
Nginx server shall listen in port 8000.
Modify cuckoo web service previously created in order to configure it. (Add it in the server section)
`$ sudo vim /etc/nginx/sites-available/cuckoo-web`
The correct value to add is: listen 8000.
Setup basic authentication
Cuckoo’s web interface has no authentication mechanism of its own, so we will use nginx’s basic auth.
To create a user, use:
$ sudo htpasswd -c /etc/nginx/htpasswd exampleuser
If htpasswd file is already created, do not use –c option or the file will be regenerated every time.
Where exampleuser is the name of the user you want to add.
Secure the permissions of the httpasswd file:
$ sudo chown root:www-data /etc/nginx/htpasswd $ sudo chmod u=rw,g=r,o= /etc/nginx/htpasswd
To modify the user’s password type:
# htpasswd /etc/nginx/htpasswd userid
$ sudo service nginx restart
This tutorial will be on ongoing updating.
So stay tuned.