Building cuckoo sandbox 2 from source

apt-get install sudo
adduser cuckoo
usermod -G sudo cuckoo
apt-get install python-pip build-essential git python-all-dev python-setuptools
apt-get install python python-sqlalchemy python-bson python-dpkt python-jinja2 python-magic python-pymongo python-gridfs python-libvirt python-bottle python-pefile bridge-utils python-pyrex
pip install jinja2 pymongo bottle pefile cybox maec django chardet
apt-get install jinja2 pymongo bottle pefile cybox maec django chardet python-lxml
pip install jinja2 pymongo bottle pefile cybox maec django chardet
apt-get install tcpdump
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
getcap /usr/sbin/tcpdump
wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.12/ssdeep-2.12.tar.gz
tar xvzf ssdeep-2.12.tar.gz
cd ssdeep-2.12/
./configure
make
make install
git clone https://github.com/kbandla/pydeep
cd pydeep/
python setup.py build
python setup.py install
cd
wget https://yara-project.googlecode.com/files/yara-1.7.tar.gz
tar -xvf yara-1.7.tar.gz
cd yara-1.7
./configure
apt-get install libpcre3 libpcre3-dev
./configure
make
make install
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
wget https://yara-project.googlecode.com/files/yara-python-1.7.tar.gz
tar xvzf yara-python-1.7.tar.gz
cd yara-python-1.7/
python setup.py build
python setup.py install
wget https://distorm.googlecode.com/files/distorm3.zip
unzip distorm3.zip
cd distorm3
python setup.py build
python setup.py install
wget https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz
tar xvzf volatility-2.3.1.tar.gz
python setup.py build
python setup.py install
cd
apt-get install dkms libgsoap5 libvncserver0 linux-headers-amd64 virtualbox virtualbox-dkms
virtualbox-qt libvpx1
VBoxManage hostonlyif create
ip link set vboxnet0 up
ip addr add 192.168.56.1/24 dev vboxnet0
echo "VBoxManage list vms 2>&1 >> /dev/null" >> /etc/rc.local

Not quite - now: nano /etc/rc.local' and switch exit 0 to the final line

create a virtual machine -base- image loaded with obsolete software. I chose adobe reader 10.0.12 and flash 10.2.1 for the initial VMs. As I run the sandbox in production I will add more groups of VMs. Cuckoo lets you organise groups logically. You can select individual or multiple groups for testing too.

At this point I seemed to have a dependency mismatch:

Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

apt-get -f install

Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following extra packages will be installed:
libqt4-network libqt4-opengl
The following NEW packages will be installed:
libqt4-network libqt4-opengl
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 948 kB of archives.
After this operation, 3,293 kB of additional disk space will be used.
Do you want to continue? [Y/n]

Y

Get:1 http://ftp.uk.debian.org/debian/ jessie/main libqt4-network amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 [605 kB]
 Get:2 http://ftp.uk.debian.org/debian/ jessie/main libqt4-opengl amd64 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 [343 kB]
 Fetched 948 kB in 8s (114 kB/s)
 Selecting previously unselected package libqt4-network:amd64.
 (Reading database ... 116950 files and directories currently installed.)
 Preparing to unpack .../libqt4-network_4%3a4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_amd64.deb ...
 Unpacking libqt4-network:amd64 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1) ...
 Selecting previously unselected package libqt4-opengl:amd64.
 Preparing to unpack .../libqt4-opengl_4%3a4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_amd64.deb ...
 Unpacking libqt4-opengl:amd64 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1) ...
 Setting up libqt4-network:amd64 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1) ...
 Setting up libqt4-opengl:amd64 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1) ...
 Setting up virtualbox-5.0 (5.0.0~rc3-101436~Debian~jessie) ...
 Adding group `vboxusers' (GID 125) ...
 Done.
 Processing triggers for libc-bin (2.19-18+deb8u4) ...
 Processing triggers for systemd (215-17+deb8u4) ...

usermod -G vboxusers cuckoo
 git clone git://github.com/cuckoobox/cuckoo.git

Reload your shell using su or exit + reconnect to reflect group memberships.

Actually at this point my bash skills became useless as virtualbox has a very extensive commandline interface (which I don't know) and we want to skip the OS loading part of starting each VM by snapshotting all the guests at a state perfectly ripe for incoming malware injection - not something I fancy doing using bash just yet.

apt-get install task-lxde-desktop
 startx

login as cuckoo

import all VMS, make sure they have the python agent installed and a fixed IP that won't conflict - they should all be set to use vboxnet0 which is the virtualbox 192.168.56.1/24 default network.

once all your VMS are in a saved snapshotted state,

cd /home/cuckoo/cuckoo

# Start the engine
 ./cuckoo.py
 # Start the web UI
 utils/web.py runserver 0.0.0.0:8888

Have fun.