def unroute_network(self):
if self.interface:
rooter("forward_disable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_disable", self.rt_table, self.machine.ip)
def unroute_network(self):
if self.interface:
rooter("forward_disable", self.machine.interface, self.interface,
self.machine.ip)
if self.rt_table:
rooter("srcroute_disable", self.rt_table, self.machine.ip)
def init_rooter():
"""If required, check whether the rooter is running and whether we can
connect to it."""
cuckoo = Config()
# The default configuration doesn't require the rooter to be ran.
if not Config("vpn").vpn.enabled and cuckoo.routing.route == "none":
return
cuckoo = Config()
s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
try:
s.connect(cuckoo.cuckoo.rooter)
except socket.error as e:
if e.strerror == "No such file or directory":
raise CuckooStartupError(
"The rooter is required but it is either not running or it "
"has been configured to a different Unix socket path.")
if e.strerror == "Connection refused":
raise CuckooStartupError(
"The rooter is required but we can't connect to it as the "
"rooter is not actually running.")
if e.strerror == "Permission denied":
raise CuckooStartupError(
"The rooter is required but we can't connect to it due to "
"incorrect permissions. Did you assign it the correct group?")
raise CuckooStartupError("Unknown rooter error: %s" % e)
# Do not forward any packets unless we have explicitly stated so.
rooter("forward_drop")
def init_routing():
"""Initialize and check whether the routing information is correct."""
cuckoo = Config()
vpn = Config("vpn")
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if vpn.vpn.enabled:
for name in vpn.vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(vpn, name):
raise CuckooStartupError(
"Could not find VPN configuration for %s" % name
)
entry = vpn.get(name)
if not rooter("nic_available", entry.interface):
raise CuckooStartupError(
"The network interface that has been configured for "
"VPN %s is not available." % entry.name
)
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Check whether the default VPN exists if specified.
if cuckoo.routing.route not in ("none", "internet"):
if not vpn.vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for "
"VMs, but VPNs have not been enabled in vpn.conf"
)
if cuckoo.routing.route not in vpns:
raise CuckooStartupError(
"The VPN defined as default routing target has not been "
"configured in vpn.conf."
)
# Check whether the dirty line exists if it has been defined.
if cuckoo.routing.internet != "none":
if not rooter("nic_available", cuckoo.routing.internet):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available."
)
# Enable NAT for this network interface.
rooter("enable_nat", cuckoo.routing.internet)
def init_rooter():
"""If required, check whether the rooter is running and whether we can
connect to it."""
cuckoo = Config()
# The default configuration doesn't require the rooter to be ran.
if not Config("vpn").vpn.enabled and cuckoo.routing.route == "none":
return
cuckoo = Config()
s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
try:
s.connect(cuckoo.cuckoo.rooter)
except socket.error as e:
if e.strerror == "No such file or directory":
raise CuckooStartupError(
"The rooter is required but it is either not running or it "
"has been configured to a different Unix socket path. "
"(In order to disable the use of rooter, please set route "
"and internet to none in cuckoo.conf and enabled to no in "
"vpn.conf)."
)
if e.strerror == "Connection refused":
raise CuckooStartupError(
"The rooter is required but we can't connect to it as the "
"rooter is not actually running. "
"(In order to disable the use of rooter, please set route "
"and internet to none in cuckoo.conf and enabled to no in "
"vpn.conf)."
)
if e.strerror == "Permission denied":
raise CuckooStartupError(
"The rooter is required but we can't connect to it due to "
"incorrect permissions. Did you assign it the correct group? "
"(In order to disable the use of rooter, please set route "
"and internet to none in cuckoo.conf and enabled to no in "
"vpn.conf)."
)
raise CuckooStartupError("Unknown rooter error: %s" % e)
# Do not forward any packets unless we have explicitly stated so.
rooter("forward_drop")
def unroute_network(self):
if self.interface:
rooter("forward_disable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_disable", self.rt_table, self.machine.ip)
if self.route == "inetsim":
rooter("inetsim_disable", self.machine.ip, self.cfg.routing.inetsim_server,
str(self.cfg.resultserver.port))
if self.route == "tor":
rooter("tor_disable", self.machine.ip, str(self.cfg.resultserver.port),
str(self.cfg.routing.tor_dnsport), str(self.cfg.routing.tor_proxyport))
if self.route == "none":
rooter("drop_disable", self.machine.ip, str(self.cfg.resultserver.port))
def unroute_network(self):
if self.interface:
rooter("forward_disable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_disable", self.rt_table, self.machine.ip)
if self.route == "inetsim":
rooter("inetsim_disable", self.machine.ip, self.routing_cfg.inetsim.server, self.machine.interface,
str(self.cfg.resultserver.port), self.routing_cfg.inetsim.ports)
if self.route == "tor":
rooter("tor_disable", self.machine.ip, str(self.cfg.resultserver.port),
str(self.routing_cfg.tor.dnsport), str(self.routing_cfg.tor.proxyport))
if self.route == "none":
rooter("drop_disable", self.machine.ip, str(self.cfg.resultserver.port))
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
route = self.task.options.get("route", self.cfg.routing.route)
if route == "none":
self.interface = None
elif route == "internet":
self.interface = self.cfg.routing.internet
elif route in vpns:
self.interface = vpns[route].interface
else:
log.warning("Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", route)
self.interface = None
if self.interface:
rooter("forward_enable", self.machine.interface,
self.interface, self.machine.ip)
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
route = self.task.options.get("route", self.cfg.routing.route)
if route == "none":
self.interface = None
self.rt_table = None
elif route == "internet" and self.cfg.routing.internet != "none":
self.interface = self.cfg.routing.internet
self.rt_table = self.cfg.routing.rt_table
elif route in vpns:
self.interface = vpns[route].interface
self.rt_table = vpns[route].rt_table
else:
log.warning(
"Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", route)
self.interface = None
self.rt_table = None
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface)
route = "none"
self.task.options["route"] = "none"
self.interface = None
self.rt_table = None
if self.interface:
rooter("forward_enable", self.machine.interface, self.interface,
self.machine.ip)
if self.rt_table:
rooter("srcroute_enable", self.rt_table, self.machine.ip)
# Propagate the taken route to the database.
self.db.set_route(self.task.id, route)
def init_rooter():
"""If required, check whether the rooter is running and whether we can
connect to it."""
# The default configuration doesn't require the rooter to be ran.
if (
not routing.vpn.enabled
and not routing.tor.enabled
and not routing.inetsim.enabled
and not routing.socks5.enabled
and routing.routing.route == "none"
):
return
s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
try:
s.connect(cuckoo.cuckoo.rooter)
except socket.error as e:
if e.strerror == "No such file or directory":
raise CuckooStartupError(
"The rooter is required but it is either not running or it "
"has been configured to a different Unix socket path. "
"(In order to disable the use of rooter, please set route "
"and internet to none in cuckoo.conf and enabled to no in "
"routing.conf)."
)
if e.strerror == "Connection refused":
raise CuckooStartupError(
"The rooter is required but we can't connect to it as the "
"rooter is not actually running. "
"(In order to disable the use of rooter, please set route "
"and internet to none in routing.conf)."
)
if e.strerror == "Permission denied":
raise CuckooStartupError(
"The rooter is required but we can't connect to it due to "
"incorrect permissions. Did you assign it the correct group? "
"(In order to disable the use of rooter, please set route "
"and internet to none in routing.conf)."
)
raise CuckooStartupError("Unknown rooter error: %s" % e)
rooter("cleanup_rooter")
# Do not forward any packets unless we have explicitly stated so.
rooter("forward_drop")
rooter("state_disable")
rooter("state_enable")
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
route = self.task.options.get("route", self.cfg.routing.route)
if route == "none":
self.interface = None
self.rt_table = None
elif route == "internet" and self.cfg.routing.internet != "none":
self.interface = self.cfg.routing.internet
self.rt_table = self.cfg.routing.rt_table
elif route in vpns:
self.interface = vpns[route].interface
self.rt_table = vpns[route].rt_table
else:
log.warning("Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", route)
self.interface = None
self.rt_table = None
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface
)
route = "none"
self.task.options["route"] = "none"
self.interface = None
self.rt_table = None
if self.interface:
rooter("forward_enable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_enable", self.rt_table, self.machine.ip)
# Propagate the taken route to the database.
self.db.set_route(self.task.id, route)
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
route = self.task.options.get("route", self.cfg.routing.route)
if route == "none":
self.interface = None
elif route == "internet" and self.cfg.routing.internet != "none":
self.interface = self.cfg.routing.internet
elif route in vpns:
self.interface = vpns[route].interface
else:
log.warning("Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", route)
self.interface = None
if self.interface:
rooter("forward_enable", self.machine.interface,
self.interface, self.machine.ip)
# Propagate the taken route to the database.
self.db.set_route(self.task.id, route)
def unroute_network(self):
if self.interface:
self.rooter_response = rooter("forward_disable",
self.machine.interface,
self.interface, self.machine.ip)
self._rooter_response_check()
if self.reject_segments:
self.rooter_response = rooter("forward_reject_disable",
self.machine.interface,
self.interface, self.machine.ip,
self.reject_segments)
self._rooter_response_check()
log.info("Disabled route '%s'", self.route)
if self.rt_table:
self.rooter_response = rooter("srcroute_disable", self.rt_table,
self.machine.ip)
self._rooter_response_check()
if self.route == "inetsim":
self.rooter_response = rooter(
"inetsim_disable",
self.machine.ip,
routing.inetsim.server,
str(routing.inetsim.dnsport),
str(self.cfg.resultserver.port),
str(routing.inetsim.ports),
)
elif self.route == "tor":
self.rooter_response = rooter(
"socks5_disable",
self.machine.ip,
str(self.cfg.resultserver.port),
str(routing.tor.dnsport),
str(routing.tor.proxyport),
)
elif self.route in self.socks5s:
self.rooter_response = rooter(
"socks5_disable",
self.machine.ip,
str(self.cfg.resultserver.port),
str(self.socks5s[self.route]["dnsport"]),
str(self.socks5s[self.route]["port"]),
)
elif self.route in ("none", "None", "drop"):
self.rooter_response = rooter("drop_disable", self.machine.ip,
str(self.cfg.resultserver.port))
self._rooter_response_check()
def unroute_network(self):
if self.interface:
rooter("forward_disable", self.machine.interface, self.interface,
self.machine.ip)
log.info("Disabled route '%s'", self.route)
if self.rt_table:
rooter("srcroute_disable", self.rt_table, self.machine.ip)
if self.route in vpns:
rooter("vpn_disable", self.route)
time.sleep(1)
if self.route == "inetsim":
rooter("inetsim_disable", self.machine.ip,
self.cfg.routing.inetsim_server,
str(self.cfg.routing.inetsim_dnsport),
str(self.cfg.resultserver.port))
if self.route == "tor":
rooter("tor_disable", self.machine.ip,
str(self.cfg.resultserver.port),
str(self.cfg.routing.tor_dnsport),
str(self.cfg.routing.tor_proxyport))
def initialize(self):
"""Initialize the machine manager."""
global machinery, machine_lock
machinery_name = self.cfg.cuckoo.machinery
max_vmstartup_count = self.cfg.cuckoo.max_vmstartup_count
if max_vmstartup_count:
machine_lock = threading.Semaphore(max_vmstartup_count)
else:
machine_lock = threading.Lock()
log.info(
'Using "%s" machine manager with max_analysis_count=%d, '
"max_machines_count=%d, and max_vmstartup_count=%d",
machinery_name,
self.cfg.cuckoo.max_analysis_count,
self.cfg.cuckoo.max_machines_count,
self.cfg.cuckoo.max_vmstartup_count,
)
# Get registered class name. Only one machine manager is imported,
# therefore there should be only one class in the list.
plugin = list_plugins("machinery")[0]
# Initialize the machine manager.
machinery = plugin()
# Find its configuration file.
conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % machinery_name)
if not os.path.exists(conf):
raise CuckooCriticalError("The configuration file for machine "
'manager "{0}" does not exist at path:'
" {1}".format(machinery_name, conf))
# Provide a dictionary with the configuration options to the
# machine manager instance.
machinery.set_options(Config(machinery_name))
# Initialize the machine manager.
try:
machinery.initialize(machinery_name)
except CuckooMachineError as e:
raise CuckooCriticalError("Error initializing machines: %s" % e)
# At this point all the available machines should have been identified
# and added to the list. If none were found, Cuckoo needs to abort the
# execution.
if not len(machinery.machines()):
raise CuckooCriticalError("No machines available.")
else:
log.info("Loaded %s machine/s", len(machinery.machines()))
if len(machinery.machines()) > 1 and self.db.engine.name == "sqlite":
log.warning("As you've configured Cuckoo to execute parallel "
"analyses, we recommend you to switch to a MySQL "
"a PostgreSQL database as SQLite might cause some "
"issues.")
# Drop all existing packet forwarding rules for each VM. Just in case
# Cuckoo was terminated for some reason and various forwarding rules
# have thus not been dropped yet.
for machine in machinery.machines():
if not machine.interface:
log.info(
"Unable to determine the network interface for VM "
"with name %s, Cuckoo will not be able to give it "
"full internet access or route it through a VPN! "
"Please define a default network interface for the "
"machinery or define a network interface for each "
"VM.",
machine.name,
)
continue
# Drop forwarding rule to each VPN.
for vpn in vpns.values():
rooter("forward_disable", machine.interface, vpn.interface,
machine.ip)
# Drop forwarding rule to the internet / dirty line.
if routing.routing.internet != "none":
rooter("forward_disable", machine.interface,
routing.routing.internet, machine.ip)
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
self.route = routing.routing.route
# Allow overwrite default conf value
if self.task.options:
for option in self.task.options.split(","):
if "=" in option:
key, value = option.split("=")
if key == "route":
self.route = value
break
if self.route in ("none", "None", "drop"):
self.interface = None
self.rt_table = None
elif self.route == "inetsim":
self.interface = routing.inetsim.interface
elif self.route == "tor":
self.interface = routing.tor.interface
elif self.route == "internet" and routing.routing.internet != "none":
self.interface = routing.routing.internet
self.rt_table = routing.routing.rt_table
elif self.route in vpns:
self.interface = vpns[self.route].interface
self.rt_table = vpns[self.route].rt_table
elif self.route in self.socks5s:
self.interface = ""
else:
log.warning(
"Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", self.route)
self.interface = None
self.rt_table = None
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface,
)
self.route = "none"
self.interface = None
self.rt_table = None
if self.route == "inetsim":
self.rooter_response = rooter(
"inetsim_enable",
self.machine.ip,
str(routing.inetsim.server),
str(routing.inetsim.dnsport),
str(self.cfg.resultserver.port),
str(routing.inetsim.ports),
)
elif self.route == "tor":
self.rooter_response = rooter("socks5_enable", self.machine.ip,
str(self.cfg.resultserver.port),
str(routing.tor.dnsport),
str(routing.tor.proxyport))
elif self.route in self.socks5s:
self.rooter_response = rooter(
"socks5_enable",
self.machine.ip,
str(self.cfg.resultserver.port),
str(self.socks5s[self.route]["dnsport"]),
str(self.socks5s[self.route]["port"]),
)
elif self.route in ("none", "None", "drop"):
self.rooter_response = rooter("drop_enable", self.machine.ip,
str(self.cfg.resultserver.port))
self._rooter_response_check()
if self.interface:
self.rooter_response = rooter("forward_enable",
self.machine.interface,
self.interface, self.machine.ip)
self._rooter_response_check()
log.info("Enabled route '%s'", self.route)
if self.rt_table:
self.rooter_response = rooter("srcroute_enable", self.rt_table,
self.machine.ip)
self._rooter_response_check()
def initialize(self):
"""Initialize the machine manager."""
global machinery, machine_lock
machinery_name = self.cfg.cuckoo.machinery
max_vmstartup_count = self.cfg.cuckoo.max_vmstartup_count
if max_vmstartup_count:
machine_lock = threading.Semaphore(max_vmstartup_count)
else:
machine_lock = threading.Lock()
log.info("Using \"%s\" as machine manager", machinery_name)
# Get registered class name. Only one machine manager is imported,
# therefore there should be only one class in the list.
plugin = list_plugins("machinery")[0]
# Initialize the machine manager.
machinery = plugin()
# Find its configuration file.
conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % machinery_name)
if not os.path.exists(conf):
raise CuckooCriticalError("The configuration file for machine "
"manager \"{0}\" does not exist at path:"
" {1}".format(machinery_name, conf))
# Provide a dictionary with the configuration options to the
# machine manager instance.
machinery.set_options(Config(machinery_name))
# Initialize the machine manager.
try:
machinery.initialize(machinery_name)
except CuckooMachineError as e:
raise CuckooCriticalError("Error initializing machines: %s" % e)
# At this point all the available machines should have been identified
# and added to the list. If none were found, Cuckoo needs to abort the
# execution.
if not len(machinery.machines()):
raise CuckooCriticalError("No machines available.")
else:
log.info("Loaded %s machine/s", len(machinery.machines()))
if len(machinery.machines()) > 1 and self.db.engine.name == "sqlite":
log.warning("As you've configured Cuckoo to execute parallel "
"analyses, we recommend you to switch to a MySQL or"
"a PostgreSQL database as SQLite might cause some "
"issues.")
if len(machinery.machines()) > 4 and self.cfg.cuckoo.process_results:
log.warning("When running many virtual machines it is recommended "
"to process the results in a separate process.py to "
"increase throughput and stability. Please read the "
"documentation about the `Processing Utility`.")
# Drop all existing packet forwarding rules for each VM. Just in case
# Cuckoo was terminated for some reason and various forwarding rules
# have thus not been dropped yet.
for machine in machinery.machines():
if not machine.interface:
log.info("Unable to determine the network interface for VM "
"with name %s, Cuckoo will not be able to give it "
"full internet access or route it through a VPN! "
"Please define a default network interface for the "
"machinery or define a network interface for each "
"VM.", machine.name)
continue
# Drop forwarding rule to each VPN.
for vpn in vpns.values():
rooter("forward_disable", machine.interface,
vpn.interface, machine.ip)
# Drop forwarding rule to the internet / dirty line.
if self.cfg.routing.internet != "none":
rooter("forward_disable", machine.interface,
self.cfg.routing.internet, machine.ip)
def init_routing():
"""Initialize and check whether the routing information is correct."""
routing = Config("routing").routing
vpn = Config("routing").vpn
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if vpn.enabled:
for name in vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(vpn, name):
raise CuckooStartupError(
"Could not find VPN configuration for %s" % name
)
entry = Config("routing").get(name)
add = 1
if not rooter("nic_available", entry.interface):
raise CuckooStartupError(
"The network interface that has been configured for "
"VPN %s is not available." % entry.name
)
add = 0
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for "
"VPN %s is not available." % entry.name
)
if add:
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Populate routing table with entries from main routing table.
if routing.auto_rt:
rooter("flush_rttable", entry.rt_table)
rooter("init_rttable", entry.rt_table, entry.interface)
# Check whether the default VPN exists if specified.
if routing.route not in ("none", "internet"):
if not Config("routing").vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for "
"VMs, but VPNs have not been enabled in vpn.conf"
)
if routing.route not in vpns:
raise CuckooStartupError(
"The VPN defined as default routing target has not been "
"configured in vpn.conf."
)
# Check whether the dirty line exists if it has been defined.
if routing.internet != "none":
if not rooter("nic_available", routing.internet):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available."
)
if not rooter("rt_available", routing.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for dirty "
"line interface is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.internet)
rooter("enable_nat", routing.internet)
# Populate routing table with entries from main routing table.
if routing.auto_rt:
rooter("flush_rttable", routing.rt_table)
rooter("init_rttable", routing.rt_table,
routing.internet)
# Check if tor interface exists, if yes then enable nat
if routing.tor_interface:
if not rooter("nic_available", routing.tor_interface):
raise CuckooStartupError(
"The network interface that has been configured as tor "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.tor_interface)
rooter("enable_nat", routing.tor_interface)
# Populate routing table with entries from main routing table.
if routing.auto_rt:
rooter("flush_rttable", routing.rt_table)
rooter("init_rttable", routing.rt_table,
routing.internet)
# Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
if routing.inetsim_interface and routing.inetsim_interface != routing.tor_interface:
if not rooter("nic_available", routing.tor_interface):
raise CuckooStartupError(
"The network interface that has been configured as tor "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.tor_interface)
rooter("enable_nat", routing.tor_interface)
# Populate routing table with entries from main routing table.
if routing.auto_rt:
rooter("flush_rttable", routing.rt_table)
rooter("init_rttable", routing.rt_table,
routing.internet)
def route_network(self):
"""Enable network routing if desired."""
self.routing_cfg = Config("routing")
# Determine the desired routing strategy (none, internet, VPN).
self.route = "none"
if self.task.options:
for option in self.task.options.split(","):
key, value = option.split("=")
if key == "route":
self.route = value
break
if self.route == "none":
self.interface = None
self.rt_table = None
elif self.route == "inetsim":
self.interface = None
self.rt_table = None
elif self.route == "tor":
self.interface = None
self.rt_table = None
elif self.route == "internet" and self.routing_cfg.internet != "none":
self.interface = self.routing_cfg.internet
self.rt_table = self.routing_cfg.rt_table
elif self.route in vpns:
self.interface = vpns[self.route].interface
self.rt_table = vpns[self.route].rt_table
else:
log.warning("Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", self.route)
self.interface = None
self.rt_table = None
self.route = "none"
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface
)
self.route = "tor"
self.interface = self.routing_cfg.tor_interface
self.rt_table = None
if self.route == "inetsim":
rooter("inetsim_enable", self.machine.ip, self.routing_cfg.inetsim.server, self.machine.interface,
str(self.cfg.resultserver.port), self.routing_cfg.inetsim.ports)
if self.route == "tor":
rooter("tor_enable", self.machine.ip, str(self.cfg.resultserver.port),
str(self.routing_cfg.tor.dnsport), str(self.routing_cfg.tor.proxyport))
if self.route == "none":
rooter("drop_enable", self.machine.ip, str(self.cfg.resultserver.port))
if self.interface:
rooter("forward_enable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_enable", self.rt_table, self.machine.ip)
def init_routing():
"""Initialize and check whether the routing information is correct."""
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if vpn.vpn.enabled:
for name in vpn.vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(vpn, name):
raise CuckooStartupError(
"Could not find VPN configuration for %s" % name
)
entry = vpn.get(name)
#add = 1
#if not rooter("nic_available", entry.interface):
#raise CuckooStartupError(
# "The network interface that has been configured for "
# "VPN %s is not available." % entry.name
#)
# add = 0
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for "
"VPN %s is not available." % entry.name
)
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", entry.rt_table)
rooter("init_rttable", entry.rt_table, entry.interface)
# Check whether the default VPN exists if specified.
if cuckoo.routing.route not in ("none", "internet", "tor", "inetsim"):
if not vpn.vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for "
"VMs, but VPNs have not been enabled in vpn.conf"
)
if cuckoo.routing.route not in vpns:
raise CuckooStartupError(
"The VPN defined as default routing target has not been "
"configured in vpn.conf."
)
# Check whether the dirty line exists if it has been defined.
if cuckoo.routing.internet != "none":
if not rooter("nic_available", cuckoo.routing.internet):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available."
)
if not rooter("rt_available", cuckoo.routing.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for dirty "
"line interface is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.internet)
rooter("enable_nat", cuckoo.routing.internet)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
# Check if tor interface exists, if yes then enable nat
if cuckoo.routing.tor and cuckoo.routing.tor_interface:
if not rooter("nic_available", cuckoo.routing.tor_interface):
raise CuckooStartupError(
"The network interface that has been configured as tor "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.tor_interface)
rooter("enable_nat", cuckoo.routing.tor_interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
# Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
#if cuckoo.routing.inetsim_interface and cuckoo.routing.inetsim_interface != cuckoo.routing.tor_interface:
# Check if inetsim interface exists, if yes then enable nat
if cuckoo.routing.inetsim and cuckoo.routing.inetsim_interface:
if not rooter("nic_available", cuckoo.routing.inetsim_interface):
raise CuckooStartupError(
"The network interface that has been configured as inetsim "
"line is not available."
)
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", cuckoo.routing.inetsim_interface)
rooter("enable_nat", cuckoo.routing.inetsim_interface)
# Populate routing table with entries from main routing table.
if cuckoo.routing.auto_rt:
rooter("flush_rttable", cuckoo.routing.rt_table)
rooter("init_rttable", cuckoo.routing.rt_table,
cuckoo.routing.internet)
def vpn_status():
status = rooter("vpn_status")
if status is None:
return json_error(500, "Rooter not available")
return jsonify({"vpns": status})
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
if self.task.options:
for option in self.task.options.split(","):
key, value = option.split("=")
if key == "route":
self.route = value
break
if self.route == "none" or self.route == "None":
self.interface = None
self.rt_table = None
elif self.route == "inetsim":
self.interface = self.cfg.routing.inetsim_interface
elif self.route == "tor":
self.interface = self.cfg.routing.tor_interface
elif self.route == "internet" and self.cfg.routing.internet != "none":
self.interface = self.cfg.routing.internet
self.rt_table = self.cfg.routing.rt_table
elif self.route in vpns:
self.interface = vpns[self.route].interface
self.rt_table = vpns[self.route].rt_table
#startup the configured vpn
rooter("vpn_enable", self.route)
timeout = 0
while timeout < 30:
if not rooter("nic_available", self.interface):
time.sleep(1)
timeout += 1
log.info("Waiting for VPN interface '%s' to be enabled.",
self.interface)
else:
log.info("Enabled VPN interface '%s'", self.interface)
break
else:
log.warning(
"Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", self.route)
self.interface = None
self.rt_table = None
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface)
self.route = "none"
self.interface = None
self.rt_table = None
if self.route == "inetsim":
rooter("inetsim_enable", self.machine.ip,
str(self.cfg.routing.inetsim_server),
str(self.cfg.routing.inetsim_dnsport),
str(self.cfg.resultserver.port))
if self.route == "tor":
rooter("tor_enable", self.machine.ip,
str(self.cfg.resultserver.port),
str(self.cfg.routing.tor_dnsport),
str(self.cfg.routing.tor_proxyport))
if self.interface:
rooter("forward_enable", self.machine.interface, self.interface,
self.machine.ip)
log.info("Enabled route '%s'", self.route)
if self.rt_table:
rooter("srcroute_enable", self.rt_table, self.machine.ip)
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
self.route = "none"
if self.task.options:
for option in self.task.options.split(","):
key, value = option.split("=")
if key == "route":
self.route = value
break
if self.route == "none":
self.interface = None
self.rt_table = None
elif self.route == "inetsim":
self.interface = self.cfg.routing.inetsim_interface
elif self.route == "tor":
self.interface = self.cfg.routing.tor_interface
elif self.route == "internet" and self.cfg.routing.internet != "none":
self.interface = self.cfg.routing.internet
self.rt_table = self.cfg.routing.rt_table
elif self.route in vpns:
self.interface = vpns[self.route].interface
self.rt_table = vpns[self.route].rt_table
else:
log.warning("Unknown network routing destination specified, "
"ignoring routing for this analysis: %r", self.route)
self.interface = self.cfg.routing.inetsim_interface
self.rt_table = None
self.route = "tor"
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode.",
self.interface
)
self.route = "tor"
self.interface = self.cfg.routing.tor_interface
self.rt_table = None
if self.route == "inetsim":
rooter("inetsim_enable", self.machine.ip, self.cfg.routing.inetsim_server,
str(self.cfg.resultserver.port))
if self.route == "tor":
rooter("tor_enable", self.machine.ip, str(self.cfg.resultserver.port),
str(self.cfg.routing.tor_dnsport), str(self.cfg.routing.tor_proxyport))
if self.route == "none":
rooter("drop_enable", self.machine.ip, str(self.cfg.resultserver.port))
if self.interface:
rooter("forward_enable", self.machine.interface,
self.interface, self.machine.ip)
if self.rt_table:
rooter("srcroute_enable", self.rt_table, self.machine.ip)
def vpn_status():
status = rooter("vpn_status")
if status is None:
return json_error(500, "Rooter not available")
return jsonify({"vpns": status})
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("server", nargs="?", default="/tmp/cuckoo-rooter", help="Unix socket path of the server")
parser.add_argument("client", nargs="?", default="/tmp/cuckoo-vpncheck", help="Unix socket path of this client")
parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose logging")
args = parser.parse_args()
if os.path.exists(args.client):
os.unlink(args.client)
init_rooter()
init_routing()
error = 0
for vpn, status in rooter("vpn_status").items():
if vpn not in vpns:
print "Not a configured VPN", vpn
continue
if not rooter("nic_available", vpns[vpn].interface):
print>>sys.stderr, "VPN is no longer available", vpn
error = 1
continue
ipaddr = get_ip_address(vpns[vpn].interface)
rooter("forward_enable", vpns[vpn].interface, vpns[vpn].interface, ipaddr)
rooter("srcroute_enable", vpns[vpn].rt_table, ipaddr)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def route_network(self):
"""Enable network routing if desired."""
# Determine the desired routing strategy (none, internet, VPN).
self.route = routing.routing.route
if self.task.route:
self.route = self.task.route
if self.route in ("none", "None", "drop", "false"):
self.interface = None
self.rt_table = None
elif self.route == "inetsim":
self.interface = routing.inetsim.interface
elif self.route == "tor":
self.interface = routing.tor.interface
elif self.route == "internet" and routing.routing.internet != "none":
self.interface = routing.routing.internet
self.rt_table = routing.routing.rt_table
elif self.route in vpns:
self.interface = vpns[self.route].interface
self.rt_table = vpns[self.route].rt_table
elif self.route in self.socks5s:
self.interface = ""
else:
log.warning("Unknown network routing destination specified, ignoring routing for this analysis: %s", self.route)
self.interface = None
self.rt_table = None
# Check if the network interface is still available. If a VPN dies for
# some reason, its tunX interface will no longer be available.
if self.interface and not rooter("nic_available", self.interface):
log.error(
"The network interface '%s' configured for this analysis is "
"not available at the moment, switching to route=none mode",
self.interface,
)
self.route = "none"
self.interface = None
self.rt_table = None
if self.route == "inetsim":
self.rooter_response = rooter(
"inetsim_enable",
self.machine.ip,
str(routing.inetsim.server),
str(routing.inetsim.dnsport),
str(self.cfg.resultserver.port),
str(routing.inetsim.ports),
)
elif self.route == "tor":
self.rooter_response = rooter(
"socks5_enable",
self.machine.ip,
str(self.cfg.resultserver.port),
str(routing.tor.dnsport),
str(routing.tor.proxyport),
)
elif self.route in self.socks5s:
self.rooter_response = rooter(
"socks5_enable",
self.machine.ip,
str(self.cfg.resultserver.port),
str(self.socks5s[self.route]["dnsport"]),
str(self.socks5s[self.route]["port"]),
)
elif self.route in ("none", "None", "drop"):
self.rooter_response = rooter("drop_enable", self.machine.ip, str(self.cfg.resultserver.port))
self._rooter_response_check()
# check if the interface is up
if HAVE_NETWORKIFACES and routing.routing.verify_interface and self.interface and self.interface not in network_interfaces:
raise CuckooNetworkError(f"Network interface {self.interface} not found")
if self.interface:
self.rooter_response = rooter("forward_enable", self.machine.interface, self.interface, self.machine.ip)
self._rooter_response_check()
log.info("Enabled route '%s'", self.route)
if self.rt_table:
self.rooter_response = rooter("srcroute_enable", self.rt_table, self.machine.ip)
self._rooter_response_check()
help="Unix socket path of this client")
parser.add_argument("name", required=True, help="VPN name")
parser.add_argument("-v",
"--verbose",
action="store_true",
help="Enable verbose logging")
args = parser.parse_args()
if os.path.exists(args.client):
os.unlink(args.client)
init_rooter()
init_routing()
error = 0
for vpn, status in rooter("vpn_status", "args.name").items():
if vpn not in vpns:
print "Not a configured VPN", vpn
continue
if not rooter("nic_available", vpns[vpn].interface):
print >> sys.stderr, "VPN is no longer available", vpn
error = 1
continue
ipaddr = get_ip_address(vpns[vpn].interface)
rooter("forward_enable", vpns[vpn].interface, vpns[vpn].interface,
ipaddr)
rooter("srcroute_enable", vpns[vpn].rt_table, ipaddr)
def initialize(self):
"""Initialize the machine manager."""
global machinery, machine_lock
machinery_name = self.cfg.cuckoo.machinery
max_vmstartup_count = self.cfg.cuckoo.max_vmstartup_count
if max_vmstartup_count:
machine_lock = threading.Semaphore(max_vmstartup_count)
else:
machine_lock = threading.Lock()
log.info(
"Using \"%s\" machine manager with max_analysis_count=%d, "
"max_machines_count=%d, and max_vmstartup_count=%d",
machinery_name, self.cfg.cuckoo.max_analysis_count,
self.cfg.cuckoo.max_machines_count,
self.cfg.cuckoo.max_vmstartup_count)
# Get registered class name. Only one machine manager is imported,
# therefore there should be only one class in the list.
plugin = list_plugins("machinery")[0]
# Initialize the machine manager.
machinery = plugin()
# Find its configuration file.
conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % machinery_name)
if not os.path.exists(conf):
raise CuckooCriticalError("The configuration file for machine "
"manager \"{0}\" does not exist at path:"
" {1}".format(machinery_name, conf))
# Provide a dictionary with the configuration options to the
# machine manager instance.
machinery.set_options(Config(machinery_name))
# Initialize the machine manager.
try:
machinery.initialize(machinery_name)
except CuckooMachineError as e:
raise CuckooCriticalError("Error initializing machines: %s" % e)
# At this point all the available machines should have been identified
# and added to the list. If none were found, Cuckoo needs to abort the
# execution.
if not len(machinery.machines()):
raise CuckooCriticalError("No machines available.")
else:
log.info("Loaded %s machine/s", len(machinery.machines()))
if len(machinery.machines()) > 1 and self.db.engine.name == "sqlite":
log.warning("As you've configured Cuckoo to execute parallel "
"analyses, we recommend you to switch to a MySQL "
"a PostgreSQL database as SQLite might cause some "
"issues.")
if len(machinery.machines()) > 4 and self.cfg.cuckoo.process_results:
log.warning("When running many virtual machines it is recommended "
"to process the results in a separate process.py to "
"increase throughput and stability. Please read the "
"documentation about the `Processing Utility`.")
# Drop forwarding rule to each VPN.
for vpn in vpns.values():
rooter("forward_disable", machine.interface, vpn.interface,
machine.ip)
# Drop forwarding rule to the internet / dirty line.
if self.cfg.routing.internet != "none":
rooter("forward_disable", machine.interface,
self.cfg.routing.internet, machine.ip)
def init_routing():
"""Initialize and check whether the routing information is correct."""
# Check whether all VPNs exist if configured and make their configuration
# available through the vpns variable. Also enable NAT on each interface.
if routing.socks5.enabled:
for name in routing.socks5.proxies.split(","):
name = name.strip()
if not name:
continue
if not hasattr(routing, name):
raise CuckooStartupError("Could not find socks5 configuration for %s" % name)
entry = routing.get(name)
socks5s[entry.name] = entry
if routing.vpn.enabled:
for name in routing.vpn.vpns.split(","):
name = name.strip()
if not name:
continue
if not hasattr(routing, name):
raise CuckooStartupError("Could not find VPN configuration for %s" % name)
entry = routing.get(name)
# add = 1
# if not rooter("nic_available", entry.interface):
# raise CuckooStartupError(
# "The network interface that has been configured for "
# "VPN %s is not available." % entry.name
# )
# add = 0
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError("The routing table that has been configured for VPN %s is not available." % entry.name)
vpns[entry.name] = entry
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", entry.interface)
rooter("enable_nat", entry.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", entry.rt_table)
rooter("init_rttable", entry.rt_table, entry.interface)
# If we are storage and webgui only but using as default route one of the workers exitnodes
if repconf.distributed.master_storage_only:
return
# Check whether the default VPN exists if specified.
if routing.routing.route not in ("none", "internet", "tor", "inetsim"):
if not routing.vpn.enabled:
raise CuckooStartupError(
"A VPN has been configured as default routing interface for VMs, but VPNs have not been enabled in routing.conf"
)
if routing.routing.route not in vpns and routing.routing.route not in socks5s:
raise CuckooStartupError(
"The VPN/Socks5 defined as default routing target has not been configured in routing.conf. You should use name field"
)
# Check whether the dirty line exists if it has been defined.
if routing.routing.internet != "none":
if not rooter("nic_available", routing.routing.internet):
raise CuckooStartupError("The network interface that has been configured as dirty line is not available.")
if not rooter("rt_available", routing.routing.rt_table):
raise CuckooStartupError("The routing table that has been configured for dirty line interface is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.routing.internet)
rooter("enable_nat", routing.routing.internet)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
# Check if tor interface exists, if yes then enable nat
if routing.tor.enabled and routing.tor.interface:
if not rooter("nic_available", routing.tor.interface):
raise CuckooStartupError("The network interface that has been configured as tor line is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.tor.interface)
rooter("enable_nat", routing.tor.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)
# Check if inetsim interface exists, if yes then enable nat, if interface is not the same as tor
# if routing.inetsim.interface and cuckoo.routing.inetsim_interface != routing.tor.interface:
# Check if inetsim interface exists, if yes then enable nat
if routing.inetsim.enabled and routing.inetsim.interface:
if not rooter("nic_available", routing.inetsim.interface):
raise CuckooStartupError("The network interface that has been configured as inetsim line is not available.")
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", routing.inetsim.interface)
rooter("enable_nat", routing.inetsim.interface)
# Populate routing table with entries from main routing table.
if routing.routing.auto_rt:
rooter("flush_rttable", routing.routing.rt_table)
rooter("init_rttable", routing.routing.rt_table, routing.routing.internet)