Merge pull request scVENUS#53 from michaelweiser/separate-cuckoo

Separate cuckoo

PeekabooAV-install.sh

@@ -119,7 +119,7 @@ bail_unknown_argument() {
 }
 
 quiet=
-pyver=2
+pyver=3
 while [ -n "$1" ] ; do
 	case "$1" in
 		--python=*)

PeekabooAV-install.yml

@@ -111,48 +111,6 @@
           - git
           - curl
           - socat
-    - name: Install Cuckoo and Peekaboo system dependencies
-      apt:
-        name:
-          - python
-          - python-pip
-          - python-dev
-          - libffi-dev
-          - libssl-dev
-          - python-virtualenv
-          - python-setuptools
-          - libjpeg-dev
-          - zlib1g-dev
-          - swig
-          - sqlite3
-          - swig
-          - mongodb
-          # required to install mysql python module in venv using pip
-          - libmysqlclient-dev
-    - name: Install Peekaboo python 3 system dependencies
-      apt:
-        name:
-          - python3
-          - python3-pip
-          - python3-dev
-          - python3-virtualenv
-          - python3-setuptools
-      when: pyver == 3
-
-- name: Install tcpdump and set capability
-  hosts: peekabooav_server
-  gather_facts: no
-  become: true
-  tasks:
-    - name: Install tcpdump
-      apt:
-        name: tcpdump
-        state: latest
-    - name: Set capability
-      capabilities:
-        path: /usr/sbin/tcpdump
-        capability: cap_net_raw,cap_net_admin=eip
-        state: present
 
 - name: Install mysql database and setup users and databases
   hosts: peekabooav_server
@@ -168,6 +126,11 @@
           # to be able to connect to the database in the next step
           - python-mysqldb
 
+    - name: Start database service
+      systemd:
+        name: mysql
+        state: started
+
     - name: Create databases
       mysql_db:
         name: "{{ item }}"
@@ -193,23 +156,45 @@
         priv: 'peekaboo.*:ALL,GRANT'
         state: present
 
-- name: Create a new peekaboo user and group 
-  hosts: peekabooav_server
+- name: Create a new cuckoo user and group
+  hosts: cuckoo_server
   gather_facts: no
   become: true
   tasks:
-    - name: Create a new group peekaboo
+    - name: Create a new group cuckoo
       group:
-        name: peekaboo
+        name: cuckoo
         state: present
-        gid: 150
-    - name: Create a new user peekaboo
+        gid: 151
+    - name: Create a new user cuckoo
       user:
-        name: peekaboo
-        group: peekaboo
-        uid: 150
-        home: /var/lib/peekaboo
+        name: cuckoo
+        group: cuckoo
+        uid: 151
+        home: /var/lib/cuckoo
 
+- name: Install tcpdump and set capability
+  hosts: cuckoo_server
+  gather_facts: no
+  become: true
+  tasks:
+    - name: Install tcpdump
+      apt:
+        name: tcpdump
+        state: latest
+    - name: Restrict access to tcpdump
+      file:
+        path: /usr/sbin/tcpdump
+        # cuckoo stats the sniffer during configuration initialisation so we
+        # need r+x for group cuckoo here
+        mode: 0750
+        owner: root
+        group: cuckoo
+    - name: Set capability
+      capabilities:
+        path: /usr/sbin/tcpdump
+        capability: cap_net_raw,cap_net_admin=eip
+        state: present
 
 - name: Install Cuckoo
   hosts: cuckoo_server
@@ -238,13 +223,28 @@
       - cuckoo-api.service
       - cuckoo-sandbox.service
   tasks:
+    - name: Install Cuckoo system dependencies
+      apt:
+        name:
+          - python
+          - python-dev
+          - python-virtualenv
+          - mongodb
+          - libffi-dev
+          - libssl-dev
+          - libjpeg-dev
+          - zlib1g-dev
+          - swig
+          - build-essential
+          # required to install mysql python module in venv using pip
+          - libmysqlclient-dev
     - name: Install Cuckoo packages
       pip:
         name:
           - pip
           - setuptools
           - cuckoo
-          - mysql
+          - mysqlclient
         virtualenv: /opt/cuckoo
         virtualenv_python: python2.7
 
@@ -285,17 +285,17 @@
 
     - name: Secure storage directory
       file:
-        path: /var/lib/peekaboo
+        path: /var/lib/cuckoo
         mode: 0700
 
-    - name: Copy /var/lib/peekaboo/vboxmanage.conf
+    - name: Copy /var/lib/cuckoo/vboxmanage.conf
       # The configuration contains IP address and username of the
       # target user on the host that owns all virtual box vms.
       copy:
         src: vbox/vboxmanage.conf
-        dest: /var/lib/peekaboo/vboxmanage.conf
-        owner: peekaboo
-        group: peekaboo
+        dest: /var/lib/cuckoo/vboxmanage.conf
+        owner: cuckoo
+        group: cuckoo
         mode: 0644
         backup: true
 
@@ -304,20 +304,20 @@
         name: ssh
         state: latest
 
-    - name: Setup ssh key for peekaboo user
+    - name: Setup ssh key for cuckoo user
       file:
-        path: /var/lib/peekaboo/.ssh
+        path: /var/lib/cuckoo/.ssh
         state: directory
         mode: 0700
-        owner: peekaboo
-        group: peekaboo
+        owner: cuckoo
+        group: cuckoo
 
     - name: This key will have to be allowed on the host to authenticate the vm user
-      become_user: peekaboo
-      command: ssh-keygen -t ed25519 -f /var/lib/peekaboo/.ssh/id_ed25519 -P ''
+      become_user: cuckoo
+      command: ssh-keygen -t ed25519 -f /var/lib/cuckoo/.ssh/id_ed25519 -P ''
       args:
-        chdir: /var/lib/peekaboo
-        creates: /var/lib/peekaboo/.ssh/id_ed25519
+        chdir: /var/lib/cuckoo
+        creates: /var/lib/cuckoo/.ssh/id_ed25519
 
     - name: Create Cuckoo configuration directory /opt/cuckoo/etc
       tags: cuckooconf
@@ -330,8 +330,8 @@
       template:
         src: cuckoo/custom.kv.conf
         dest: /opt/cuckoo/etc/custom.kv.conf
-        owner: peekaboo
-        group: peekaboo
+        owner: cuckoo
+        group: cuckoo
         mode: 0600
         backup: true
 
@@ -342,29 +342,37 @@
     # There does not seem a way to first update the config and then the
     # database. Throwing away the whole old cwd seems too drastic a solution.
     - name: Check if cuckoo config exists
-      stat: path=/var/lib/peekaboo/.cuckoo/conf/cuckoo.conf
+      stat: path=/var/lib/cuckoo/.cuckoo/conf/cuckoo.conf
       register: cuckoo_conf
 
     - name: Potentially hack new DB password into old config
       tags: cuckooconf
       replace:
-        path: /var/lib/peekaboo/.cuckoo/conf/cuckoo.conf
+        path: /var/lib/cuckoo/.cuckoo/conf/cuckoo.conf
         regexp: '^connection = .*'
         replace: "connection = mysql://cuckoo:{{ cuckoo_db_password }}@{{ mariadb_server }}/cuckoo"
       when: cuckoo_conf.stat.exists == True
 
-    - name: Initial run of Cuckoo to create default configuration in peekaboo $HOME
+    - name: Initial run of Cuckoo to create default configuration in cuckoo $HOME
       tags: cuckooconf
-      become_user: peekaboo
+      become_user: cuckoo
       command: /opt/cuckoo/bin/cuckoo init --conf=/opt/cuckoo/etc/custom.kv.conf
       args:
-        chdir: /var/lib/peekaboo
+        chdir: /var/lib/cuckoo
+
+    # cuckoo ignores the api token in custom.kv.conf :(
+    - name: Hack api token into config
+      tags: cuckooconf
+      replace:
+        path: /var/lib/cuckoo/.cuckoo/conf/cuckoo.conf
+        regexp: '^api_token = .*'
+        replace: "api_token = {{ cuckoo_api_token }}"
 
     - name: Install cuckoo community signatures
       command: /opt/cuckoo/bin/cuckoo community
-      become_user: peekaboo
+      become_user: cuckoo
       args:
-        chdir: /var/lib/peekaboo
+        chdir: /var/lib/cuckoo
 
     - name: Start and enable Cuckoo services
       systemd:
@@ -375,13 +383,51 @@
       with_items: "{{ services + processor_services }}"
 
 
+- name: Create a new peekaboo user and group
+  hosts: peekabooav_server
+  gather_facts: no
+  become: true
+  tasks:
+    - name: Create a new group peekaboo
+      group:
+        name: peekaboo
+        state: present
+        gid: 150
+    - name: Create a new user peekaboo
+      user:
+        name: peekaboo
+        group: peekaboo
+        uid: 150
+        home: /var/lib/peekaboo
+
+
 - name: Install Peekaboo
   hosts: peekabooav_server
   gather_facts: no
   become: true
   vars:
     python_exe: "python{{ pyver }}"
   tasks:
+    - name: Install Peekaboo system dependencies
+      apt:
+        name:
+          - build-essential
+          # required to install mysql python module in venv using pip
+          - libmysqlclient-dev
+    - name: Install Peekaboo python 2 system dependencies
+      apt:
+        name:
+          - python
+          - python-dev
+          - python-virtualenv
+      when: pyver == 2
+    - name: Install Peekaboo python 3 system dependencies
+      apt:
+        name:
+          - python3
+          - python3-dev
+          - python3-virtualenv
+      when: pyver == 3
     - name: Check if Peekaboo is switching python versions
       stat: path=/opt/peekaboo/bin/python
       register: peekaboo_python
@@ -403,7 +449,7 @@
     - name: Install Peekaboo optional components
       pip:
         name:
-          - mysql
+          - mysqlclient
         virtualenv: /opt/peekaboo
         virtualenv_python: "{{ python_exe }}"
 
@@ -696,4 +742,5 @@
         path: "{{ item }}"
       with_items:
         - cuckoo_db_password
+        - cuckoo_api_token
         - peekaboo_db_password

cuckoo/custom.kv.conf

@@ -4,6 +4,7 @@ cuckoo.cuckoo.freespace = 256
 cuckoo.resultserver.ip = 192.168.56.5
 cuckoo.processing.resolve_dns = no
 cuckoo.database.connection = mysql://cuckoo:{{ cuckoo_db_password }}@{{ mariadb_server }}/cuckoo
+cuckoo.cuckoo.api_token = {{ cuckoo_api_token }}
 
 reporting.mongodb.enabled = yes
 

group_vars/all.yml

@@ -5,9 +5,10 @@ cuckooapi_server: localhost
 mariadb_server: localhost
 
 cuckoo_db_password: "{{ lookup('password', 'cuckoo_db_password length=15 chars=ascii_letters') }}"
+cuckoo_api_token: "{{ lookup('password', 'cuckoo_api_token length=22 chars=ascii_letters') }}"
 peekaboo_db_password: "{{ lookup('password', 'peekaboo_db_password length=15 chars=ascii_letters') }}"
 
 cuckoo_processors: 5
 
 # default for the python interpreter version to use
-pyver: 2
+pyver: 3