forked from PingTrip/Ansible_Cuckoo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall_cuckoo.yml
202 lines (170 loc) · 5.4 KB
/
install_cuckoo.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# ansible-playbook -i "192.168.0.42," -e "ansible_ssh_user=admin" --ask-pass --ask-sudo-pass install_cuckoo.yml
---
- hosts: all
gather_facts: False
become: yes
vars:
cuckoo_user: 'cuckoo'
cuckoo_dir: '/opt/cuckoo'
build_dir: "/usr/local/src/cuckoo_build"
yara_ver: '3.5.0'
volatility_ver: '2.6'
tasks:
- name: Install python 2
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
- name: Create cuckoo user
user:
name: "{{ cuckoo_user }}"
shell: /bin/bash
- name: Create build directory
file:
path: "{{ build_dir }}"
state: directory
owner: "{{ cuckoo_user }}"
group: "{{ cuckoo_user }}"
mode: 0755
- name: Install required Ubuntu packages
apt: pkg={{ item }} state=installed update_cache=no
with_items:
- build-essential
- python
- python-pip
- python-dev
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- libjpeg-dev
- mongodb
- qemu-kvm
- libvirt-bin
- ubuntu-vm-builder
- bridge-utils
- python-libvirt
- ssdeep
- libfuzzy-dev
### Java and Elasticsearch ###
- name: Add Java repo to apt sources
apt_repository:
repo: ppa:webupd8team/java
state: present
update_cache: no
- name: Add Elasticsearch apt key
apt_key:
url: "https://packages.elastic.co/GPG-KEY-elasticsearch"
state: present
- name: Add Elasticsearch repository.
apt_repository:
repo: deb http://packages.elastic.co/elasticsearch/2.x/debian stable main
state: present
update_cache: no
- name: java | Accept Oracle license before JDK installation
shell: echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections; echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections
args:
creates: /usr/lib/jvm/java-8-oracle
- name: Install Java
apt:
name: "oracle-java8-installer"
state: present
update_cache: yes
- name: Install elasticsearch
apt:
name: elasticsearch
state: present
update_cache: no
- name: Enable and restart elasticsearch service
service: name=elasticsearch state=restarted enabled=yes
### Cuckoo ###
- name: Add Cuckoo user to additional groups
user:
name: "{{ cuckoo_user }}"
groups: libvirtd
append: yes
- name: Install required Python packages
pip: name={{ item }}
with_items:
- pyvmomi
- pydeep
- name: Download and uncompress Cuckoo
unarchive:
src: https://downloads.cuckoosandbox.org/cuckoo-current.tar.gz
dest: "{{ cuckoo_dir | dirname }}"
remote_src: True
- name: Change owner of Cuckoo directory
file: path={{ cuckoo_dir }} state=directory owner={{ cuckoo_user }} group={{ cuckoo_user }} recurse=yes
- name: Install Python requirements
pip: requirements=requirements.txt chdir={{ cuckoo_dir }}
- name: Copy local Cuckoo config files to host
copy:
src: "{{ item }}"
dest: "{{ cuckoo_dir }}/conf"
owner: "{{ cuckoo_user }}"
group: "{{ cuckoo_user }}"
mode: 0644
with_fileglob:
- ./conf_files/*
- name: Install Cuckoo signature modules
become_user: "{{ cuckoo_user }}"
shell: "{{ cuckoo_dir }}/utils/community.py --force --rewrite --all"
- name: Setcap tcpdump binary
shell: setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
### Yara ###
- name: Install Debian packages for building Yara
apt: pkg={{ item }} state=installed update_cache=no
with_items:
- autoconf
- libtool
- libjansson-dev
- libmagic-dev
- name: Download and uncompress Yara
become_user: "{{ cuckoo_user }}"
unarchive:
src: https://github.com/VirusTotal/yara/archive/v{{ yara_ver }}.zip
dest: "{{ build_dir }}"
remote_src: True
- name: Bootstrap Yara
become_user: "{{ cuckoo_user }}"
shell: ./bootstrap.sh
args:
chdir: "{{ build_dir }}/yara-{{ yara_ver }}"
- name: Configure Yara
become_user: "{{ cuckoo_user }}"
shell: "./configure --enable-cuckoo --enable-magic"
args:
chdir: "{{ build_dir }}/yara-{{ yara_ver }}"
- name: Compile Yara
become_user: "{{ cuckoo_user }}"
shell: make
args:
chdir: "{{ build_dir }}/yara-{{ yara_ver }}"
- name: Install Yara
shell: make install
args:
chdir: "{{ build_dir }}/yara-{{ yara_ver }}"
- name: Install yara-python
pip: name=yara-python version={{ yara_ver }}
### Volatility ###
- name: Install required Python packages
pip: name={{ item }}
with_items:
- distorm3
- pycrypto
- name: Download and uncompress Volatility
become_user: "{{ cuckoo_user }}"
unarchive:
src: http://downloads.volatilityfoundation.org/releases/{{ volatility_ver }}/volatility-{{ volatility_ver }}.zip
dest: "{{ build_dir }}"
remote_src: True
- name: Rename Volatility source directory
command: mv {{ build_dir }}/volatility-master {{ build_dir }}/volatility-{{ volatility_ver }}
args:
creates: "{{ build_dir }}/volatility-{{ volatility_ver }}"
- name: Build Volatility
become_user: "{{ cuckoo_user }}"
shell: python setup.py build
args:
chdir: "{{ build_dir }}/volatility-{{ volatility_ver }}"
- name: Install Volatility
shell: python setup.py install
args:
chdir: "{{ build_dir }}/volatility-{{ volatility_ver }}"