What is Cuckoo Sandbox?
In three words, Cuckoo Sandbox is a malware analysis system.
What does that mean?
It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
CuckooAutoInstall was created to avoid wasting time installing Cuckoo Sandbox in Debian Stable .
It installs by default Cuckoo sandbox with the ALL optional stuff: yara, ssdeep, django ...
It installs the last versions of: ssdeep, yara, pydeep-master & jansson.
It tries to solve common problems during the installation: ldconfigs, autoreconfs...
It installs by default virtualbox and creates the hostonlyif .
It creates the iptables rules and the ip forward to enable internet in the cuckoo virtual machines:
sudo iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -t nat -j MASQUERADE sudo sysctl -w net.ipv4.ip_forward=1
It enables run tcpdump from nonroot user:
sudo apt-get -y install libcap2-bin sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
It creates the 'cuckoo' user in the system and it is also added this user to vboxusers group.
It enables mongodb in conf/reporting.conf
It fix the "TEMPLATE_DIRS setting must be a tuple" error when running python manage.py from the DJANGO version >= 1.6 . Replacing in web/web/settings.py :
TEMPLATE_DIRS = ( "templates" ) For: TEMPLATE_DIRS = ( ("templates"), )