def check_configs():
"""Checks if config files exist.
@raise CuckooStartupError: if config files do not exist.
"""
configs = [
os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"),
os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"),
os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf")
]
for config in configs:
if not os.path.exists(config):
raise CuckooStartupError("Config file does not exist at "
"path: {0}".format(config))
return True
def create_structure():
"""Creates Cuckoo directories."""
folders = [
"log",
"storage",
os.path.join("storage", "analyses"),
os.path.join("storage", "binaries"),
os.path.join("data", "feeds"),
os.path.join("data", "guacrecordings"),
]
try:
create_folders(root=CUCKOO_ROOT, folders=folders)
except CuckooOperationalError as e:
raise CuckooStartupError(
f"Can't create folders. Ensure that you executed CAPE with proper USER! Maybe should be cape user?. %s",
str(e))
def check_signatures():
"""Checks if user pulled in community signature modules
@raise CuckooStartupError: if community signature modules not installed.
"""
sigpath = os.path.join(CUCKOO_ROOT, "modules", "signatures")
bad = False
if os.path.exists(sigpath):
path, dirs, files = os.walk(sigpath).next()
if len(files) < 20:
bad = True
else:
bad = True
if bad:
raise CuckooStartupError("Signature modules are not installed. Please run: utils/community.py --force --rewrite --all")
def check_configs():
"""Checks if config files exist.
@raise CuckooStartupError: if config files do not exist.
"""
configs = (
"auxiliary.conf", "avd.conf", "cuckoo.conf", "esx.conf", "kvm.conf",
"memory.conf", "physical.conf", "processing.conf", "qemu.conf",
"reporting.conf", "virtualbox.conf", "vmware.conf", "vpn.conf",
"vsphere.conf", "xenserver.conf",
)
for config in [os.path.join(CUCKOO_ROOT, "conf", f) for f in configs]:
if not os.path.exists(config):
raise CuckooStartupError("Config file does not exist at "
"path: {0}".format(config))
return True
def init_binaries():
"""Inform the user about the need to periodically look for new analyzer
binaries. These include the Windows monitor etc."""
monitor = os.path.join(CUCKOO_ROOT, "data", "monitor", "latest")
# Checks whether the "latest" symlink is available as well as whether
# it points to an existing directory.
if not os.path.exists(monitor):
raise CuckooStartupError(
"The binaries used for Windows analysis are updated regularly, "
"independently from the release line. It appears that you're "
"not up-to-date. This can happen when you've just installed "
"Cuckoo or when you've updated your Cuckoo version by pulling "
"the latest changes from our Git repository. In order to get "
"up-to-date, please run the following "
"command: `./utils/community.py -wafb monitor` or "
"`./utils/community.py -wafb 2.0` if you'd also like to download "
"over 300 Cuckoo signatures.")
def check_configs():
"""Checks if config files exist.
@raise CuckooStartupError: if config files do not exist.
"""
configs = [
os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf"),
os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"),
os.path.join(CUCKOO_ROOT, "conf", "auxiliary.conf"),
]
for config in configs:
if not os.path.exists(config):
raise CuckooStartupError("Config file does not exist at path: {0}".format(config))
if cuckoo.resultserver.ip in ("127.0.0.1", "localhost"):
log.error("Bad resultserver address. You need to listen on virtual machines range. Ex: 10.0.0.1 not 127.0.0.1")
return True
def init_yara():
"""Generates index for yara signatures."""
categories = ("binaries", "urls", "memory", "CAPE", "macro")
log.debug("Initializing Yara...")
# Generate root directory for yara rules.
yara_root = os.path.join(CUCKOO_ROOT, "data", "yara")
# We divide yara rules in three categories.
# CAPE adds a fourth
# Loop through all categories.
for category in categories:
# Check if there is a directory for the given category.
category_root = os.path.join(yara_root, category)
if not os.path.exists(category_root):
log.warning("Missing Yara directory: %s?", category_root)
continue
rules, indexed = {}, []
for category_root, _, filenames in os.walk(category_root, followlinks=True):
for filename in filenames:
if not filename.endswith((".yar", ".yara")):
continue
filepath = os.path.join(category_root, filename)
try:
# TODO Once Yara obtains proper Unicode filepath support we
# can remove this check. See also this Github issue:
# https://github.com/VirusTotal/yara-python/issues/48
assert len(str(filepath)) == len(filepath)
except (UnicodeEncodeError, AssertionError):
log.warning("Can't load Yara rules at %r as Unicode filepaths are " "currently not supported in combination with Yara!", filepath)
continue
rules["rule_%s_%d" % (category, len(rules))] = filepath
indexed.append(filename)
# Need to define each external variable that will be used in the
# future. Otherwise Yara will complain.
externals = {
"filename": "",
}
try:
File.yara_rules[category] = yara.compile(filepaths=rules, externals=externals)
except yara.Error as e:
raise CuckooStartupError("There was a syntax error in one or more Yara rules: %s" % e)
# ToDo for Volatility3 yarascan
# The memory.py processing module requires a yara file with all of its
# rules embedded in it, so create this file to remain compatible.
# if category == "memory":
# f = open(os.path.join(yara_root, "index_memory.yar"), "w")
# for filename in sorted(indexed):
# f.write('include "%s"\n' % os.path.join(category_root, filename))
indexed = sorted(indexed)
for entry in indexed:
if (category, entry) == indexed[-1]:
log.debug("\t `-- %s %s", category, entry)
else:
log.debug("\t |-- %s %s", category, entry)
def init_routing():
"""Initialize and check whether the routing information is correct."""
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if vpn.vpn.enabled:
for name in vpn.vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(vpn, name):
raise CuckooStartupError(
"Could not find VPN configuration for %s" % name
)
entry = vpn.get(name)
#add = 1
#if not rooter("nic_available", entry.interface):
#raise CuckooStartupError(
# "The network interface that has been configured for "
# "VPN %s is not available." % entry.name
#)
# add = 0
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for "
"VPN %s is not available." % entry.name
)
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", entry.rt_table)
rooter("init_rttable", entry.rt_table, entry.interface)
# Check whether the default VPN exists if specified.
if cuckoo.routing.route not in ("none", "internet", "tor", "inetsim"):
if not vpn.vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for "
"VMs, but VPNs have not been enabled in vpn.conf"
)
if cuckoo.routing.route not in vpns:
raise CuckooStartupError(
"The VPN defined as default routing target has not been "
"configured in vpn.conf."
)
# Check whether the dirty line exists if it has been defined.
if cuckoo.routing.internet != "none":
if not rooter("nic_available", cuckoo.routing.internet):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available."
)
if not rooter("rt_available", cuckoo.routing.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for dirty "
"line interface is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.internet)
rooter("enable_nat", cuckoo.routing.internet)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
# Check if tor interface exists, if yes then enable nat
if cuckoo.routing.tor and cuckoo.routing.tor_interface:
if not rooter("nic_available", cuckoo.routing.tor_interface):
raise CuckooStartupError(
"The network interface that has been configured as tor "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.tor_interface)
rooter("enable_nat", cuckoo.routing.tor_interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
# Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
#if cuckoo.routing.inetsim_interface and cuckoo.routing.inetsim_interface != cuckoo.routing.tor_interface:
# Check if inetsim interface exists, if yes then enable nat
if cuckoo.routing.inetsim and cuckoo.routing.inetsim_interface:
if not rooter("nic_available", cuckoo.routing.inetsim_interface):
raise CuckooStartupError(
"The network interface that has been configured as inetsim "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.inetsim_interface)
rooter("enable_nat", cuckoo.routing.inetsim_interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
def check_python_version():
"""Checks if Python version is supported by Cuckoo.
@raise CuckooStartupError: if version is not supported.
"""
if sys.version_info[:2] < (3, 6):
raise CuckooStartupError("You are running an incompatible version of Python, please use >= 3.6")
def init_routing():
"""Initialize and check whether the routing information is correct."""
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if routing.socks5.enabled:
for name in routing.socks5.proxies.split(","):
name = name.strip()
if not name:
continue
if not hasattr(routing, name):
raise CuckooStartupError("Could not find socks5 configuration for %s" % name)
entry = routing.get(name)
socks5s[entry.name] = entry
if routing.vpn.enabled:
for name in routing.vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(routing, name):
raise CuckooStartupError("Could not find VPN configuration for %s" % name)
entry = routing.get(name)
# add = 1
# if not rooter("nic_available", entry.interface):
# raise CuckooStartupError(
# "The network interface that has been configured for "
# "VPN %s is not available." % entry.name
# )
# add = 0
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError("The routing table that has been configured for VPN %s is not available." % entry.name)
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", entry.rt_table)
rooter("init_rttable", entry.rt_table, entry.interface)
# If we are storage and webgui only but using as default route one of the workers exitnodes
if repconf.distributed.master_storage_only:
return
# Check whether the default VPN exists if specified.
if routing.routing.route not in ("none", "internet", "tor", "inetsim"):
if not routing.vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for VMs, but VPNs have not been enabled in routing.conf"
)
if routing.routing.route not in vpns and routing.routing.route not in socks5s:
raise CuckooStartupError(
"The VPN/Socks5 defined as default routing target has not been configured in routing.conf. You should use name field"
)
# Check whether the dirty line exists if it has been defined.
if routing.routing.internet != "none":
if not rooter("nic_available", routing.routing.internet):
raise CuckooStartupError("The network interface that has been configured as dirty line is not available.")
if not rooter("rt_available", routing.routing.rt_table):
raise CuckooStartupError("The routing table that has been configured for dirty line interface is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.routing.internet)
rooter("enable_nat", routing.routing.internet)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
# Check if tor interface exists, if yes then enable nat
if routing.tor.enabled and routing.tor.interface:
if not rooter("nic_available", routing.tor.interface):
raise CuckooStartupError("The network interface that has been configured as tor line is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.tor.interface)
rooter("enable_nat", routing.tor.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
# Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
# if routing.inetsim.interface and cuckoo.routing.inetsim_interface != routing.tor.interface:
# Check if inetsim interface exists, if yes then enable nat
if routing.inetsim.enabled and routing.inetsim.interface:
if not rooter("nic_available", routing.inetsim.interface):
raise CuckooStartupError("The network interface that has been configured as inetsim line is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.inetsim.interface)
rooter("enable_nat", routing.inetsim.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
def checkConfigs():
'''check for config file and define variables'''
config = os.path.join(CUCKOO_ROOT,"cuckooinbox","cuckooinbox.conf")
if not os.path.exists(config):
raise CuckooStartupError("Config file does not exist at path: %s" % config)
