def start(self, interface="eth0", host="", file_path=""): """Start sniffing. @param interface: network interface name. @param host: guest host IP address. @param file_path: tcpdump path. @return: operation status. """ if not os.path.exists(self.tcpdump): log.error("Tcpdump does not exist at path \"%s\", network capture " "aborted" % self.tcpdump) return False mode = os.stat(self.tcpdump)[stat.ST_MODE] if mode and stat.S_ISUID != 2048: log.error("Tcpdump is not accessible from this user, network " "capture aborted") return False if not interface: log.error("Network interface not defined, network capture aborted") return False pargs = [self.tcpdump, '-U', '-q', '-i', interface, '-n'] pargs.extend(['-w', file_path]) pargs.extend(['host', host]) # Do not capture XMLRPC agent traffic. pargs.extend([ 'and', 'not', '(', 'host', host, 'and', 'port', str(CUCKOO_GUEST_PORT), ')' ]) # Do not capture ResultServer traffic. pargs.extend([ 'and', 'not', '(', 'host', str(Config().resultserver.ip), 'and', 'port', str(Config().resultserver.port), ')' ]) try: self.proc = subprocess.Popen(pargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE) except (OSError, ValueError) as e: log.exception("Failed to start sniffer (interface=%s, host=%s, " "dump path=%s)" % (interface, host, file_path)) return False log.info("Started sniffer (interface=%s, host=%s, dump path=%s)" % (interface, host, file_path)) return True
def check_version(): """Checks version of Cuckoo.""" cfg = Config() if not cfg.cuckoo.version_check: return print(" Checking for updates...") url = "http://api.cuckoosandbox.org/checkversion.php" data = urllib.urlencode({"version" : CUCKOO_VERSION}) try: request = urllib2.Request(url, data) response = urllib2.urlopen(request) except (urllib2.URLError, urllib2.HTTPError): print(red(" Failed! ") + "Unable to establish connection.\n") return try: response_data = json.loads(response.read()) except ValueError: print(red(" Failed! ") + "Invalid response.\n") return if not response_data["error"]: if response_data["response"] == "NEW_VERSION": print(red(" Outdated! ") + "Cuckoo Sandbox version %s is " "available now.\n" % response_data["current"]) else: print(green(" Good! ") + "You have the latest version available.\n")
def init_logging(): """Initializes logging.""" cfg = Config() formatter = logging.Formatter("%(asctime)s [%(name)s] %(levelname)s: %(message)s") fh = logging.handlers.WatchedFileHandler(os.path.join(CUCKOO_ROOT, "log", "cuckoo.log")) fh.setFormatter(formatter) log.addHandler(fh) ch = ConsoleHandler() ch.setFormatter(formatter) log.addHandler(ch) dh = DatabaseHandler() dh.setLevel(logging.ERROR) log.addHandler(dh) if cfg.graylog.enabled: if HAVE_GRAYPY: gray = graypy.GELFHandler(cfg.graylog.host, cfg.graylog.port) try: level = logging.getLevelName(cfg.graylog.level.upper()) except ValueError: level = logging.ERROR gray.setLevel(level) log.addHandler(gray) else: raise CuckooDependencyError("Graypy is not installed") log.setLevel(logging.INFO)
def _load_conf(self, conf): """Loads a configuration from a string. @param conf: configuration string. """ f = open(self.file, "w") f.write(conf) f.close() self.m.set_options(Config(self.file))
def setUp(self): self.tmp = tempfile.mkdtemp() self.cfg = tempfile.mkstemp()[1] f = open(self.cfg, "w") f.write(self.CONFIG) f.close() self.r = Reporter(self.tmp) self.r.cfg = Config(self.cfg)
def __init__(self, task): """@param task: task object containing the details for the analysis.""" Thread.__init__(self) Thread.daemon = True self.task = task self.cfg = Config() self.storage = "" self.binary = ""
def __init__(self): self.module_name = "" self.options = None self.options_globals = Config( os.path.join(CUCKOO_ROOT, "conf", "cuckoo.conf")) # Database pointer. self.db = Database() # Machine table is cleaned to be filled from configuration file at each start. self.db.clean_machines()
def _dns_gethostbyname(self, name): """Get host by name wrapper. @param name: hostname. @return: IP address or blank """ if Config().processing.resolve_dns: ip = resolve(name) else: ip = "" return ip
def init_modules(): """Initializes plugins.""" log.debug("Importing modules...") # Import all processing modules. import_package(modules.processing) # Import all signatures. import_package(modules.signatures) # Import only enabled reporting modules. report_cfg = Config(cfg=os.path.join(CUCKOO_ROOT, "conf", "reporting.conf")) prefix = modules.reporting.__name__ + "." for loader, name, ispkg in pkgutil.iter_modules(modules.reporting.__path__): if ispkg: continue try: options = report_cfg.get(name) except AttributeError: log.debug("Reporting module %s not found in " "configuration file" % module_name) if not options.enabled: continue import_plugin("%s.%s" % (modules.reporting.__name__, name)) # Import machine manager. import_plugin("modules.machinemanagers.%s" % Config().cuckoo.machine_manager) for category, mods in list_plugins().items(): log.debug("Imported \"%s\" modules:" % category) for mod in mods: if mod == mods[-1]: log.debug("\t `-- %s" % mod.__name__) else: log.debug("\t |-- %s" % mod.__name__)
def __init__(self, task_id): """@param analysis_path: analysis folder path. """ self.task = Database().view_task(task_id).to_dict() self.analysis_path = os.path.join(CUCKOO_ROOT, "storage", "analyses", str(task_id)) self.cfg = Config(cfg=os.path.join(CUCKOO_ROOT, "conf", "reporting.conf"))
def __init__(self, vm_id, ip, platform="windows"): """@param ip: guest's IP address. @param platform: guest's operating system type. """ self.id = vm_id self.ip = ip self.platform = platform self.cfg = Config() self.timeout = self.cfg.timeouts.critical self.server = TimeoutServer("http://{0}:{1}".format(ip, CUCKOO_GUEST_PORT), allow_none=True, timeout=self.timeout)
def __init__(self, *args, **kwargs): self.cfg = Config() self.analysistasks = {} self.analysishandlers = {} try: SocketServer.ThreadingTCPServer.__init__( self, (self.cfg.resultserver.ip, self.cfg.resultserver.port), Resulthandler, *args, **kwargs) except Exception as e: log.error("Unable to bind result server on %s:%s: %s", self.cfg.resultserver.ip, self.cfg.resultserver.port, e) else: self.servethread = Thread(target=self.serve_forever) self.servethread.setDaemon(True) self.servethread.start()
def _run_report(self, module, results): """Run a single reporting module. @param module: reporting module. @param results: results results from analysis. """ # Initialize current reporting module. current = module() # Give it the path to the analysis results folder. current.set_path(self.analysis_path) # Load the content of the analysis.conf file. current.cfg = Config(current.conf_path) # Extract the module name. module_name = inspect.getmodule(current).__name__ if "." in module_name: module_name = module_name.rsplit(".", 1)[1] options = self.cfg.get(module_name) # If the reporting module is disabled in the config, skip it. if not options.enabled: return # Give it the content of the relevant section from the reporting.conf # configuration file. current.set_options(options) current.set_task(self.task) try: # Run report, for each report a brand new copy of results is # created, to prevent a reporting module to edit global # result set and affect other reporting modules. current.run(results) log.debug("Executed reporting module \"%s\"" % current.__class__.__name__) except CuckooReportError as e: log.warning("The reporting module \"%s\" returned the following " "error: %s" % (current.__class__.__name__, e)) except Exception as e: log.exception("Failed to run the reporting module \"%s\":" % (current.__class__.__name__))
def __init__(self, dsn=None): """@param dsn: database connection string.""" cfg = Config() if dsn: self.engine = create_engine(dsn, poolclass=NullPool) elif cfg.database.connection: self.engine = create_engine(cfg.database.connection, poolclass=NullPool) else: db_file = os.path.join(CUCKOO_ROOT, "db", "cuckoo.db") if not os.path.exists(db_file): db_dir = os.path.dirname(db_file) if not os.path.exists(db_dir): try: create_folder(folder=db_dir) except CuckooOperationalError as e: raise CuckooDatabaseError("Unable to create database " "directory: %s" % e) self.engine = create_engine("sqlite:///%s" % db_file, poolclass=NullPool) # Disable SQL logging. Turn it on for debugging. self.engine.echo = False # Connection timeout. if cfg.database.timeout: self.engine.pool_timeout = cfg.database.timeout else: self.engine.pool_timeout = 60 # Create schema. try: Base.metadata.create_all(self.engine) except SQLAlchemyError as e: raise CuckooDatabaseError("Unable to create or connect to " "database: %s" % e) # Get db session. self.Session = sessionmaker(bind=self.engine)
def initialize(self): """Initialize the machine manager.""" global mmanager mmanager_name = self.cfg.cuckoo.machine_manager log.info("Using \"%s\" machine manager", mmanager_name) # Get registered class name. Only one machine manager is imported, # therefore there should be only one class in the list. plugin = list_plugins("machinemanagers")[0] # Initialize the machine manager. mmanager = plugin() # Find its configuration file. conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % mmanager_name) if not os.path.exists(conf): raise CuckooCriticalError( "The configuration file for machine " "manager \"{0}\" does not exist at path: " "{1}".format(mmanager_name, conf)) # Provide a dictionary with the configuration options to the # machine manager instance. mmanager.set_options(Config(conf)) # Initialize the machine manager. mmanager.initialize(mmanager_name) # At this point all the available machines should have been identified # and added to the list. If none were found, Cuckoo needs to abort the # execution. if mmanager.machines().count() == 0: raise CuckooCriticalError("No machines available") else: log.info("Loaded %s machine/s", mmanager.machines().count())
def test_get_option_not_found_in_file_not_found(self): self.c = Config("bar") self.c.get("foo")
def test_config_file_not_found(self): assert Config("foo")
def setUp(self): self.file = tempfile.mkstemp()[1] self._load_conf(self.CONF_EXAMPLE) self.c = Config(self.file)
def __init__(self): self.running = True self.cfg = Config() self.db = Database()