Preparing the Host in Debian

In this Page:

• Installing Python Libraries
• Install MongoDB
• Install PostgreSQL
• Install Pydeep
• Install Virtual Box
• Install tcpdump
• Install Git
• Install Volatility
• Install M2Crypto
• Install guacd
• Install Virtual Box Extension Pack

Installing Python Libraries

Note: Cuckoo only fully supports Python 2.7 at the time of this writing.

The following software packages from the apt repositories are required to get Cuckoo to install and run properly:

 $ sudo apt-get install python python-pip python-dev libffi-dev libssl-dev
 $ sudo apt-get install python-virtualenv python-setuptools
 $ sudo apt-get install libjpeg-dev zlib1g-dev swig

Install MongoDB

In order to use the Django-based Web Interface, MongoDB is required

$ sudo apt-get install mongodb

Install PostgreSQL

In order to use PostgreSQL as database (our recommendation), PostgreSQL will have to be installed as well:

$ sudo apt-get install postgresql libpq-dev

Install Pydeep

First install Ssdeep:

$ wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.13/ssdeep-2.13.tar.gz/download -O ssdeep-2.13.tar.gz
$ tar -zxf ssdeep-2.13.tar.gz
$ cd ssdeep-2.13
$ ./configure
$ make
$ sudo make install

Then confirm SSdeep is installed by exiting the directory with the cd command:

$ cd
$ ssdeep -V 

Now you can install Pydeep:

$pip install pydeep

Verify that Pydeep has been installed:

$ pip show pydeep

The command above should give a result looking like this (without _ NOT CODE!):_

_ NOT CODE!_
Name: pydeep
Version: 0.2 
Location: /usr/local/lib/python2.7/dist-packages 
Requires:
_ NOT CODE!_

Install Virtual Box

Virtual Box was already installed, so I skipped the VM install process.

Note: Cuckoo only works with Virtual Box Edtions up to 5.2.

Install tcpdump

$ sudo apt-get install tcpdump

Tcpdump requires root privileges, but since you don’t want Cuckoo to run as root you’ll have to set specific Linux capabilities to the binary:

$ sudo groupadd pcap
$ sudo usermod -a -G pcap cuckoo
$ sudo chgrp pcap /usr/sbin/tcpdump
$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

Make sure you have setcap in case you don't already:

$ sudo apt-get install libcap2-bin

Verification for tcdump on Cuckoo documentation did not work for me, but it was:

$ sudo getcap /usr/sbin/tcpdump

RESULT:

/usr/sbin/tcpdump = cap_net_admin,cap_net_raw+eip

Install Git

$ sudo apt install git-all

Install Volatility

Before installing Volatility, type the following commands:

$ pip install openpyxl
$ pip install ujson
$ pip install pycrypto
$ pip install distorm3
$ pip install pytz

Now you can install Volatility by typing the following commands:

$ git clone https://github.com/volatilityfoundation/volatility.git
$ cd volatility
$ python setup.py build
$ sudo python setup.py install

To validate if you have installed Volatility, type the following command without exiting the Volatility directory:

$ python vol.py -h

Install M2Crypto

$ sudo apt-get install swig
$ sudo pip install m2crypto==0.24.0

If the last command gives you a failure, try the following:

$ pip install m2crypto

Install guacd

$ sudo apt install libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd

Install Virtual Box Extension Pack

The Virtual Box Extension Pack must also be installed to take advantage of the Cuckoo Control functionality exposed by Guacamole (guacd). Also, Cuckoo only works with Virtual Box Edtions up to 5.2.

$ cd /tmp
$ wget https://download.virtualbox.org/virtualbox/5.2.22/Oracle_VM_VirtualBox_Extension_Pack-5.2.22.vbox-extpack