#!/bin/bash # This script installs the required apps and dependencies to setup Cuckoo sandbox version 1.1 on Ubuntu 12.04 LTS. Make sure you update your system before running the script. If this script breaks your stuff don't blame me, it is provided as-is with no warranty. # Author: Deron Grzetich (dgrzetich@gmail.com) # Date: June 23, 2014 #Set the font colors I'll be using COLOR='\033[01;31m' WHITE='\033[01;37m' if [ -f /etc/lsb-release ]; then . /etc/lsb-release OS=$DISTRIB_ID VER=$DISTRIB_RELEASE else OS=$(uname -s) VER=$(uname -r) fi OS="$(tr "[:upper:]" "[:lower:]" <<< "$OS")" VER="$(tr "[:upper:]" "[:lower:]" <<< "$VER")" echo -e "${COLOR}Before starting you should have run an apt-get update, apt-get dist-upgrade, and installed pip (easy install). If not stop now and do so or the script may not work correctly on your system. \n Also make sure you're runing this script from your user's home directory. \n\n" read -p "\nReady? Hit [ENTER] to keep going, ctrl-c to stop" if [ "$OS" == 'ubuntu' ] && [ "$VER" == '12.04' ] then echo "OK, I see I'm running on $OS $VER...Let's go!" echo -e "Getting some basics you'll need to complete the install...${WHITE}" sudo apt-get -y install git subversion build-essential mercurial g++ libtool automake sudo apt-get -y install libpcre++-dev libgmp3-dev libpcre3-dev libxml2 libxml2-dev libxslt-dev sudo apt-get -y install mongodb read -p "Basic stuff all setup, hit Enter to continue..." echo -e "\n\n${COLOR}Installing the required Python dependencies...${WHITE}" sudo apt-get -y install python-magic python-dpkt python-sqlalchemy python-jinja2 python-bottle python-bson python-pymongo python-libvirt python-pyrex python-dev read -p "Python dependencies all setup, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing SSDEEP, Pydeep, and other fuzziness...${WHITE}" sudo apt-get -y install ssdeep libfuzzy-dev sudo pip install pydeep read -p "Fuzziness all setup, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing SQLite and other apps...${WHITE}" sudo apt-get -y install sqlite3 virtualbox wireshark sudo pip install pefile django read -p "SQLite and other apps all setup, hit [Enter] to continue..." echo -e "\n\n${COLOR}Moving on the the manual installs and builds...${WHITE}" mkdir cuckoo-install cd cuckoo-install echo -e "\n\n${COLOR}Installing Pyssdeep...${WHITE}" svn checkout http://pyssdeep.googlecode.com/svn/trunk pyssdeep cd pyssdeep sudo python setup.py build sudo python setup.py install cd .. read -p "Pyssdeep built, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing Distorm v3.1...${WHITE}" wget http://distorm.googlecode.com/files/distorm-package3.1.zip unzip distorm-package3.1.zip cd distorm3 sudo python setup.py build sudo python setup.py install cd .. sudo rm -rf distorm-package3.1.zip read -p "Distorm built, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing Volatility...${WHITE}" sudo echo "/usr/local/lib" >> /etc/ld.so.conf sudo ldconfig wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.tar.gz tar -xzf pycrypto-2.6.tar.gz cd pycrypto-2.6 sudo python setup.py build sudo python setup.py install cd .. svn checkout http://volatility.googlecode.com/svn/trunk Volatility read -p "Volatility checked out, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing Cybox and MAEC...${WHITE}" sudo pip install cybox sudo pip install MAEC read -p "Cybox/MAEC installed, hit [Enter] to continue..." echo -e "\n\n${COLOR}Installing YARA v2.1.0...${WHITE}" wget https://github.com/plusvic/yara/archive/v2.1.0.tar.gz tar -xzf v2.1.0.tar.gz cd yara-2.1.0 chmod a+x build.sh sudo ./build.sh sudo make install cd yara-python sudo python setup.py install cd .. cd .. sudo rm -rf v2.1.0.tar.gz read -p "YARA built, hit [Enter] to continue..." echo -e "\n\n${COLOR}Setting TCPDump options...${WHITE}" sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump echo -e "${COLOR}\n\nOutput of getcap...${WHITE}" getcap /usr/sbin/tcpdump echo -e "\n\n${COLOR}Getting Cuckoo...${WHITE}" git clone git://github.com/cuckoobox/cuckoo.git echo -e "\n\n${COLOR}Following this install it is important that you: \n 1. Download the malware.py file from http://code.google.com/p/malwarecookbook/source/browse/trunk malware.py and place it in the Volatility/volatility/plugins directory. \n 2. add your user account to the vboxuser group by running a sudo usermod -G vboxusers . Also check that this account is in the sudoers file (if needed) by running an adduser sudo. \n After that you need to prep your virtual images and set any firewall restrictions you see fit.${WHITE}" else echo "This script was written to run on Ubuntu 12.04 LTS Only" fi tput sgr0