Cuckoo 0.5 Debian Squeeze installation

Posted: 8th enero 2013 by Jano in malware analisys
  • Preparing the host:
  • Get Debian here: http://www.debian.org/distrib/netinst. I used the small CD version. Burn the iso and boot the CD.
    Choose the default options (or as appropriate for your site).
    When you get to the “Software Selection” screen, unselect all options to get a bare minimum install.
    After the install finishes, the CD ejects and the system will reboot. Log back in as root.

  • Requirements:
  • Installing python 2.7
    To install python 2.7, we will need to fix some dependencies first:

    apt-get install libssl-dev libncurses5-dev libsqlite3-dev libbz2-dev libreadline5-dev libgdbm-dev make

    Once the packages have been downloaded an installed, lets download and install python 2.7.

    wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz
    tar -xvzf Python-2.7.3.tgz
    cd Python-2.7.3
    ./configure –prefix=/opt/python2.7
    make
    make install

    Ok, python 2.7 installed, lets link it to our /usr/bin

    cd /usr/bin
    ln -s /opt/python2.7/bin/python2.7 python2.7
    ln -s python2.7 python

    Installing Cuckoo requirements:
    In order to properly function, Cuckoo requires SQLAlchemy to be installed but the version that apt downloads does not work properly so we are going to install setuptools first to install the latest version of SQLAlchemy and other cuckoo requirements.

    Download and installation of setuptools:

    wget http://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg
    sh setuptools-0.6c11-py2.7.egg
    cd /usr/bin
    ln -s /opt/python2.7/bin/easy_install easy_install

    Installation of SQLAlchemy and other Cuckoo requirements (python-magic, bottle, pefile, pymongo, argparse and jinja2):

    easy_install -U pymongo python-magic bottle pefile jinja2 sqlalchemy argparse

    Download and installation of dpkt:

    wget http://dpkt.googlecode.com/files/dpkt-1.7.tar.gz
    tar -xvzf dpkt-1.7.tar.gz
    cd dpkt-1.7
    python setup.py install

    Installing tcpdump

    apt-get install tcpdump libcap2-bin

    Tcpdump requires root privileges, but since you don’t want Cuckoo to run as root you’ll have to set specific Linux capabilities to the binary:

    setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

  • Installing virtualbox 4.2
  • First step, add virtualbox to our source.list file

    nano /etc/apt/sources.list

    And add the following line

    #virtualbox
    deb http://download.virtualbox.org/virtualbox/debian squeeze contrib

    Download and add virtualbox gpg key

    wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | apt-key add –

    Update our debian source and install virtualbox

    apt-get update
    apt-get install virtualbox-4.2

    Virtual will install python 2.6 so we need to reconfigure our python

    cd /usr/bin
    rm python
    ln -s python2.7 python

  • Installing cuckoo:
  • Lets create a user for cuckoo (dont really needed but recomended) and add it to virtualbox user group

    adduser cuckoo
    usermod -a -G vboxusers cuckoo

    Next step, git installation to get the latest cuckoo version

    apt-get install git

    And finally, lets install cuckoo

    su cuckoo
    cd
    git clone git://github.com/cuckoobox/cuckoo.git