Bootstrap Example

vmware설정 먼저 하기
settings -> Hardware
Processors에서 가상화 켜주기
virtualize Intel VT-x/EPT or AMD-V/RVI 체크해주고 실행

공유폴더
vmware에서 settings -> Options
Shared Folders -> Always enabled 하고 원하는 폴더 add
우분투에서
vmware-hgfsclient
이름 확인
su
nano /etc/fstab 맨밑에 추가
vmhgfs-fuse /mnt/hgfs fuse defaults,allow_other 0 0
cd /mnt/hgfs
exit

공유폴더 참고 주소
https://developern.tistory.com/entry/VMware-ubuntu-vm%EC%9D%98-%EA%B3%B5%EC%9C%A0%ED%8F%B4%EB%8D%94-Shared-Folders-%EC%84%A4%EC%A0%95-%EB%B0%A9%EB%B2%95

쿡쿠샌드박스 설치
VMware설치
Ubuntu22.04설치 > 스냅샵 만들기
DHCP > IP : 192.168.0.131
sudo apt -y install openssh-server
sudo systemctl enable ssh
sudo apt -y install net-tools
sudo apt -y install unzip
sudo apt -y install lrzsz

아나콘다 설치
Anaconda3-2024.10-1-Linux-x86_64.sh 실행해서 설치(아나콘다 파일 넣기)
root로 reboot
conda create -n py27 python=2.7
conda activate py27

sudo apt -y install python2-dev
sudo apt -y install libssl-dev
sudo apt -y install libjpeg-dev
sudo apt -y install zlib1g-dev
sudo apt -y install tcpdump
sudo apt -y install apparmor-utils
sudo apt -y install vim
sudo apt -y install iptables-persistent

sudo apt -y install python2-dev libssl-dev libjpeg-dev zlib1g-dev tcpdump
apparmor-utils vim iptables-persistent

sudo aa-disable /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

VBox설치
echo deb http://download.virtualbox.org/virtualbox/debian xenial contrib | sudo tee -a /etc/apt/sources.list.d/virtualbox.list

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

sudo apt update
sudo apt -y install virtualbox

sudo apt-get install -y libjpeg-dev zlib1g-dev libfreetype6-dev
sudo apt-get install python2.7-dev tk-dev
sudo apt-get install build-essential

sudo apt -y install curl
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
python2 get-pip.py
python2 -m pip install cuckoo==2.0.7

cuckoo

ls -al
cd /home/master/.cuckoo
cd /home/master/.cuckoo/conf

/home/master/.cuckoo 여기 안에 agent.py 밖으로 빼기 -> 플라스크 flask

윈도우 7에 agent.py 넣기 실행시킨상태에서 스냅샷걸어놓기

스케줄링 데이터베이스 구성

웹 서비스 데이터베이스 구성
쿠쿠와 연동돼 사용되는 웹 서버 : 장고 웹 프레임 워크 (Django Web Framework)
웹 서버가 사용할 데이터베이스 NoSQL인 몽고 DB사용중
버전때문에 설치가 안될수 있음 수정해야함

[new 수정(몽고 5.0.31버전, 6,7에러발생)]
sudo apt install gnupg wget apt-transport-https ca-certificates software-properties-common

echo "deb http://security.ubuntu.com/ubuntu impish-security main" | sudo tee /etc/apt/sources.list.d/impish-security.list
sudo apt-get update
sudo apt-get install libssl1.1
sudo apt-get install curl
curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
sudo apt update
sudo apt install mongodb-org -y

mongosh
use cuckoo
db.createUser({user:"master",pwd:"123456",roles:[{role:"readWrite",db:"cuckoo"}]})
exit

.cuckoo 가서 reporting.conf에 mongodb 수정
enabled = yes
host = 본인 IP
port = 27017
db = cuckoo
store_memdump = yes
paginate = 100
username = master
password = 123456

스케줄링 데이터베이스 구성(12버전)
sudo apt -y install postgresql libpq-dev
sudo passwd postgres
123456

sudo -u postgres createuser --interactive
master
n
y
y
createdb cuckoo
psql cuckoo
alter user master with password '123456';
\q
sudo nano /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'

sudo nano /etc/postgresql/12/main/pg_hba.conf
host all all 본인ip md5
맨밑에 추가
host cuckoo master 127.0.0.1/32 trust
sudo systemctl restart postgresql@12-main.service
sudo systemctl enable postgresql@12-main.service

python2 -m pip install psycopg2

sudo nano /etc/mongod.conf
bindIp: 0.0.0.0

cuckoo --cwd ~/test

systemctl restart mongod

VBox에서 호스트온리 설정해주고 실행해주기
스냅샷 생성해주기
pip install pillow

VBoxManage snapshot "cuckoo1" take "Snapshot 1" --pause
VBoxManage controlvm "cuckoo1" poweroff
VBoxManage snapshot "cuckoo1" restorecurrent

cuckoo -d

cuckoo web -H 본인IP
cuckoo web -H 192.168.0.131

echo "export cwd=/home/\"\$USER\"/.cuckoo" >> ~/profile
source ~/.profile
env | grep cwd

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms
unzip ~/Downloads/IE8.Win7.VirtualBox.zip
virtualbox

가상머신 이름은 반드시 cuckoo1 으로 해야 함

vm은 브릿지로 두고 실행
0번사용 이더넷 연결 카드 선택

만약 mongodb를 다른버젼을 설치했다면

# MongoDB 패키지 제거
sudo apt-get purge mongodb-org*

# MongoDB 관련 디렉토리 삭제
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongodb

# 패키지 목록 정리
sudo apt-get autoremove
sudo apt-get clean

echo "deb http://security.ubuntu.com/ubuntu impish-security main" | sudo tee /etc/apt/sources.list.d/impish-security.list
sudo apt-get update
sudo apt-get install libssl1.1
sudo apt-get install curl
curl -fsSL https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
sudo apt update
sudo apt install mongodb-org -y

22.04
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
sudo dpkg -i libssl1.1_1.1.0g-2ubuntu4_amd64.deb

echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list

sudo apt-get update
sudo apt-get install libssl1.1

스냅샷 생성
실행한 vm을 일지정지해주고
VBoxManage snapshot "cuckoo1" take "Snapshot 1" --pause
VBoxManage controlvm "cuckoo1" poweroff
VBoxManage snapshot "cuckoo1" restorecurrent

추가설치
ssdeep파이썬 라이브러 설치
sudo apt -y install libfuzzy-dev
sudo apt -y install swig
python -m pip install pydeep
python2 -m pip install m2crypto==0.24.0 (x)

49일차