def check_configs(): """Checks if config files exist. @raise CuckooStartupError: if config files do not exist. """ configs = [ os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"), os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"), os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf") ] for config in configs: if not os.path.exists(config): raise CuckooStartupError("Config file does not exist at " "path: {0}".format(config)) return True
def create_structure(): """Creates Cuckoo directories.""" folders = [ "log", "storage", os.path.join("storage", "analyses"), os.path.join("storage", "binaries"), os.path.join("data", "feeds"), os.path.join("data", "guacrecordings"), ] try: create_folders(root=CUCKOO_ROOT, folders=folders) except CuckooOperationalError as e: raise CuckooStartupError( f"Can't create folders. Ensure that you executed CAPE with proper USER! Maybe should be cape user?. %s", str(e))
def check_signatures(): """Checks if user pulled in community signature modules @raise CuckooStartupError: if community signature modules not installed. """ sigpath = os.path.join(CUCKOO_ROOT, "modules", "signatures") bad = False if os.path.exists(sigpath): path, dirs, files = os.walk(sigpath).next() if len(files) < 20: bad = True else: bad = True if bad: raise CuckooStartupError("Signature modules are not installed. Please run: utils/community.py --force --rewrite --all")
def check_configs(): """Checks if config files exist. @raise CuckooStartupError: if config files do not exist. """ configs = ( "auxiliary.conf", "avd.conf", "cuckoo.conf", "esx.conf", "kvm.conf", "memory.conf", "physical.conf", "processing.conf", "qemu.conf", "reporting.conf", "virtualbox.conf", "vmware.conf", "vpn.conf", "vsphere.conf", "xenserver.conf", ) for config in [os.path.join(CUCKOO_ROOT, "conf", f) for f in configs]: if not os.path.exists(config): raise CuckooStartupError("Config file does not exist at " "path: {0}".format(config)) return True
def init_binaries(): """Inform the user about the need to periodically look for new analyzer binaries. These include the Windows monitor etc.""" monitor = os.path.join(CUCKOO_ROOT, "data", "monitor", "latest") # Checks whether the "latest" symlink is available as well as whether # it points to an existing directory. if not os.path.exists(monitor): raise CuckooStartupError( "The binaries used for Windows analysis are updated regularly, " "independently from the release line. It appears that you're " "not up-to-date. This can happen when you've just installed " "Cuckoo or when you've updated your Cuckoo version by pulling " "the latest changes from our Git repository. In order to get " "up-to-date, please run the following " "command: `./utils/community.py -wafb monitor` or " "`./utils/community.py -wafb 2.0` if you'd also like to download " "over 300 Cuckoo signatures.")
def check_configs(): """Checks if config files exist. @raise CuckooStartupError: if config files do not exist. """ configs = [ os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"), os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"), os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf"), ] for config in configs: if not os.path.exists(config): raise CuckooStartupError("Config file does not exist at path: {0}".format(config)) if cuckoo.resultserver.ip in ("127.0.0.1", "localhost"): log.error("Bad resultserver address. You need to listen on virtual machines range. Ex: 10.0.0.1 not 127.0.0.1") return True
def init_yara(): """Generates index for yara signatures.""" categories = ("binaries", "urls", "memory", "CAPE", "macro") log.debug("Initializing Yara...") # Generate root directory for yara rules. yara_root = os.path.join(CUCKOO_ROOT, "data", "yara") # We divide yara rules in three categories. # CAPE adds a fourth # Loop through all categories. for category in categories: # Check if there is a directory for the given category. category_root = os.path.join(yara_root, category) if not os.path.exists(category_root): log.warning("Missing Yara directory: %s?", category_root) continue rules, indexed = {}, [] for category_root, _, filenames in os.walk(category_root, followlinks=True): for filename in filenames: if not filename.endswith((".yar", ".yara")): continue filepath = os.path.join(category_root, filename) try: # TODO Once Yara obtains proper Unicode filepath support we # can remove this check. See also this Github issue: # https://github.com/VirusTotal/yara-python/issues/48 assert len(str(filepath)) == len(filepath) except (UnicodeEncodeError, AssertionError): log.warning("Can't load Yara rules at %r as Unicode filepaths are " "currently not supported in combination with Yara!", filepath) continue rules["rule_%s_%d" % (category, len(rules))] = filepath indexed.append(filename) # Need to define each external variable that will be used in the # future. Otherwise Yara will complain. externals = { "filename": "", } try: File.yara_rules[category] = yara.compile(filepaths=rules, externals=externals) except yara.Error as e: raise CuckooStartupError("There was a syntax error in one or more Yara rules: %s" % e) # ToDo for Volatility3 yarascan # The memory.py processing module requires a yara file with all of its # rules embedded in it, so create this file to remain compatible. # if category == "memory": # f = open(os.path.join(yara_root, "index_memory.yar"), "w") # for filename in sorted(indexed): # f.write('include "%s"\n' % os.path.join(category_root, filename)) indexed = sorted(indexed) for entry in indexed: if (category, entry) == indexed[-1]: log.debug("\t `-- %s %s", category, entry) else: log.debug("\t |-- %s %s", category, entry)
def init_routing(): """Initialize and check whether the routing information is correct.""" # Check whether all VPNs exist if configured and make their configuration # available through the vpns variable. Also enable NAT on each interface. if vpn.vpn.enabled: for name in vpn.vpn.vpns.split(","): name = name.strip() if not name: continue if not hasattr(vpn, name): raise CuckooStartupError( "Could not find VPN configuration for %s" % name ) entry = vpn.get(name) #add = 1 #if not rooter("nic_available", entry.interface): #raise CuckooStartupError( # "The network interface that has been configured for " # "VPN %s is not available." % entry.name #) # add = 0 if not rooter("rt_available", entry.rt_table): raise CuckooStartupError( "The routing table that has been configured for " "VPN %s is not available." % entry.name ) vpns[entry.name] = entry # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", entry.interface) rooter("enable_nat", entry.interface) # Populate routing table with entries from main routing table. if cuckoo.routing.auto_rt: rooter("flush_rttable", entry.rt_table) rooter("init_rttable", entry.rt_table, entry.interface) # Check whether the default VPN exists if specified. if cuckoo.routing.route not in ("none", "internet", "tor", "inetsim"): if not vpn.vpn.enabled: raise CuckooStartupError( "A VPN has been configured as default routing interface for " "VMs, but VPNs have not been enabled in vpn.conf" ) if cuckoo.routing.route not in vpns: raise CuckooStartupError( "The VPN defined as default routing target has not been " "configured in vpn.conf." ) # Check whether the dirty line exists if it has been defined. if cuckoo.routing.internet != "none": if not rooter("nic_available", cuckoo.routing.internet): raise CuckooStartupError( "The network interface that has been configured as dirty " "line is not available." ) if not rooter("rt_available", cuckoo.routing.rt_table): raise CuckooStartupError( "The routing table that has been configured for dirty " "line interface is not available." ) # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", cuckoo.routing.internet) rooter("enable_nat", cuckoo.routing.internet) # Populate routing table with entries from main routing table. if cuckoo.routing.auto_rt: rooter("flush_rttable", cuckoo.routing.rt_table) rooter("init_rttable", cuckoo.routing.rt_table, cuckoo.routing.internet) # Check if tor interface exists, if yes then enable nat if cuckoo.routing.tor and cuckoo.routing.tor_interface: if not rooter("nic_available", cuckoo.routing.tor_interface): raise CuckooStartupError( "The network interface that has been configured as tor " "line is not available." ) # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", cuckoo.routing.tor_interface) rooter("enable_nat", cuckoo.routing.tor_interface) # Populate routing table with entries from main routing table. if cuckoo.routing.auto_rt: rooter("flush_rttable", cuckoo.routing.rt_table) rooter("init_rttable", cuckoo.routing.rt_table, cuckoo.routing.internet) # Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor #if cuckoo.routing.inetsim_interface and cuckoo.routing.inetsim_interface != cuckoo.routing.tor_interface: # Check if inetsim interface exists, if yes then enable nat if cuckoo.routing.inetsim and cuckoo.routing.inetsim_interface: if not rooter("nic_available", cuckoo.routing.inetsim_interface): raise CuckooStartupError( "The network interface that has been configured as inetsim " "line is not available." ) # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", cuckoo.routing.inetsim_interface) rooter("enable_nat", cuckoo.routing.inetsim_interface) # Populate routing table with entries from main routing table. if cuckoo.routing.auto_rt: rooter("flush_rttable", cuckoo.routing.rt_table) rooter("init_rttable", cuckoo.routing.rt_table, cuckoo.routing.internet)
def check_python_version(): """Checks if Python version is supported by Cuckoo. @raise CuckooStartupError: if version is not supported. """ if sys.version_info[:2] < (3, 6): raise CuckooStartupError("You are running an incompatible version of Python, please use >= 3.6")
def init_routing(): """Initialize and check whether the routing information is correct.""" # Check whether all VPNs exist if configured and make their configuration # available through the vpns variable. Also enable NAT on each interface. if routing.socks5.enabled: for name in routing.socks5.proxies.split(","): name = name.strip() if not name: continue if not hasattr(routing, name): raise CuckooStartupError("Could not find socks5 configuration for %s" % name) entry = routing.get(name) socks5s[entry.name] = entry if routing.vpn.enabled: for name in routing.vpn.vpns.split(","): name = name.strip() if not name: continue if not hasattr(routing, name): raise CuckooStartupError("Could not find VPN configuration for %s" % name) entry = routing.get(name) # add = 1 # if not rooter("nic_available", entry.interface): # raise CuckooStartupError( # "The network interface that has been configured for " # "VPN %s is not available." % entry.name # ) # add = 0 if not rooter("rt_available", entry.rt_table): raise CuckooStartupError("The routing table that has been configured for VPN %s is not available." % entry.name) vpns[entry.name] = entry # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", entry.interface) rooter("enable_nat", entry.interface) # Populate routing table with entries from main routing table. if routing.routing.auto_rt: rooter("flush_rttable", entry.rt_table) rooter("init_rttable", entry.rt_table, entry.interface) # If we are storage and webgui only but using as default route one of the workers exitnodes if repconf.distributed.master_storage_only: return # Check whether the default VPN exists if specified. if routing.routing.route not in ("none", "internet", "tor", "inetsim"): if not routing.vpn.enabled: raise CuckooStartupError( "A VPN has been configured as default routing interface for VMs, but VPNs have not been enabled in routing.conf" ) if routing.routing.route not in vpns and routing.routing.route not in socks5s: raise CuckooStartupError( "The VPN/Socks5 defined as default routing target has not been configured in routing.conf. You should use name field" ) # Check whether the dirty line exists if it has been defined. if routing.routing.internet != "none": if not rooter("nic_available", routing.routing.internet): raise CuckooStartupError("The network interface that has been configured as dirty line is not available.") if not rooter("rt_available", routing.routing.rt_table): raise CuckooStartupError("The routing table that has been configured for dirty line interface is not available.") # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", routing.routing.internet) rooter("enable_nat", routing.routing.internet) # Populate routing table with entries from main routing table. if routing.routing.auto_rt: rooter("flush_rttable", routing.routing.rt_table) rooter("init_rttable", routing.routing.rt_table, routing.routing.internet) # Check if tor interface exists, if yes then enable nat if routing.tor.enabled and routing.tor.interface: if not rooter("nic_available", routing.tor.interface): raise CuckooStartupError("The network interface that has been configured as tor line is not available.") # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", routing.tor.interface) rooter("enable_nat", routing.tor.interface) # Populate routing table with entries from main routing table. if routing.routing.auto_rt: rooter("flush_rttable", routing.routing.rt_table) rooter("init_rttable", routing.routing.rt_table, routing.routing.internet) # Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor # if routing.inetsim.interface and cuckoo.routing.inetsim_interface != routing.tor.interface: # Check if inetsim interface exists, if yes then enable nat if routing.inetsim.enabled and routing.inetsim.interface: if not rooter("nic_available", routing.inetsim.interface): raise CuckooStartupError("The network interface that has been configured as inetsim line is not available.") # Disable & enable NAT on this network interface. Disable it just # in case we still had the same rule from a previous run. rooter("disable_nat", routing.inetsim.interface) rooter("enable_nat", routing.inetsim.interface) # Populate routing table with entries from main routing table. if routing.routing.auto_rt: rooter("flush_rttable", routing.routing.rt_table) rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
def checkConfigs(): '''check for config file and define variables''' config = os.path.join(CUCKOO_ROOT,"cuckooinbox","cuckooinbox.conf") if not os.path.exists(config): raise CuckooStartupError("Config file does not exist at path: %s" % config)