Deploying a configured version of Cuckoo Sandbox on a remote/local server automatically can save a lot of time during the process of migrating between servers in future and also helps up in CI/CD process.
Please change the following parameters for the remote-server you want to install Cuckoo.
- Please add your host IP address under
[webservers]directive in hosts file. - Copy your SSH public-key to the authorized_keys under
~/.ssh/authorized_keysof remote machine- You can use the following command to do the job for you.
ssh-copy-id ubuntu@192.168.40.128
- Finally, so as to start the deployment process, issue the following:
ansible-playbook -i hosts test.yml -vvv --ask-become-pass
if your ssh_key is protected by password, you need to install ssh-askpass on your local, in this way your key will be loaded inside ssh-agent of the current session you're already in and it will be used to SSH forward your agent to securely clone the private repo of the vmcloak project into your deployment environment.
sudo apt-get install ssh-askpass
In case you received an error regarding pyopenssl:
sudo python -m easy_install --upgrade pyOpenSsl
- Installing cuckoo pip under virtualenv
- Installing volatility plugin and profiles for memory forensics
- Configuring VBox environment for cuckoo user
- Configuring tcpdump to use CAPs
- iptable fw rules for guest iface internet-access
- jinja2 temaplte for cuckoo.conf added!
- add vbox config profile based on our needs (configurable)
- vmclock for auto-generating cuckoo sandbox VMs
- VMWare -auto installation w/o user interaction
- md5sum samples
- host ssh-agent forwarding to clone vmcloak repo code
- QEMU source code compilation + patching, KVM, libvirt apparmor config