Change Log #1 Cuckoo Master Machine - Theory5/CuckooAnalysisManagement GitHub Wiki

Cuckoo Sandbox Change Log In ESXI

  1. Build VM for Cuckoo

1.1 Install Ubuntu 12.04 LTS (for compatibility reasons)

1.2 get packages: autogen gcc make libxml2-dev libgnutls-dev libcurl4-gnutls-dev python-dev libnl-dev build-essential autopoint xsltproc w3c-dtd-xhtml python-dev libxen-dev uuid-dev libdevmapper-dev python-dev libcurl4-gnutls-dev libnl-dev libgnutls-dev libpciaccess-dev libxml2-dev pm-utils ebtables

  1. Installed Git

2.1 Cloned Cuckoo latest (1.0)

2.2 Cloned Libvirt (current as of 4/8/14)

  • built from source with ESX support and used build-dep first (check config summary)
  • When building from source, run sudo ./autogen.sh --with-esx (for esx support on debian)
  • if you have libvirt installed via apt-get or something, you need to remove it and run "make clean"
  1. Installed easy_install

3.1 installed pip

  1. installed libcap2-bin and libcap-dev

  2. Followed page 1 of requirements in the Cuckoo 1.0 Documentation (Installation Section)

  3. Configured Volatility Framework w/o plugins or add-ons

  4. configured cuckoo.conf file, set resultserver on 0.0.0.0 for any interface.

  5. Configure 2nd interface for internal cuckoo communications. 8.1 add to /etc/network/interfaces 8.2 MUST ENSURE ROUTES WORK CORRECTLY...

After typing in "route" I learned that my default and configured routes were messed up, with the new adapter pointed to the outside, which it cannot access.

  1. Setup 2nd internal interface for auxiliary.conf

  2. Setup esx.conf you need to get the machine names that libvirt uses, see here: http://libvirt.org/drvesx.html

  3. setup guests and install the agent (guests need python) STILL NEED TO DO THIS