From da8dc9a8ffb2fc7f14897f324037a2a714060561 Mon Sep 17 00:00:00 2001 From: Jonathan Abrahamy Date: Tue, 12 Sep 2023 15:58:30 +0200 Subject: [PATCH] chore: Remove custom installers --- intezer_cape2.sh | 1391 ----------------------------------- kvm-qemu.sh | 1264 ------------------------------- utils/community.py | 17 +- utils/intezer_signatures.py | 71 -- 4 files changed, 2 insertions(+), 2741 deletions(-) delete mode 100755 intezer_cape2.sh delete mode 100755 kvm-qemu.sh delete mode 100644 utils/intezer_signatures.py diff --git a/intezer_cape2.sh b/intezer_cape2.sh deleted file mode 100755 index 9f50f1c77ba..00000000000 --- a/intezer_cape2.sh +++ /dev/null @@ -1,1391 +0,0 @@ -#!/bin/bash -# By @doomedraven - https://twitter.com/D00m3dR4v3n - -# Copyright (C) 2011-2021 DoomedRaven. -# This file is part of Tools - https://github.com/doomedraven/Tools -# See the file 'LICENSE.md' for copying permission. - -# Huge thanks to: @NaxoneZ @kevoreilly @ENZOK @wmetcalf @ClaudioWayne - - -# Static values -# Where to place everything -NETWORK_IFACE=virbr0 -# for tor -IFACE_IP="192.168.1.1" -# DB password -PASSWD="change password" -DIST_MASTER_IP=X.X.X.X -USER="cape" -nginx_version=1.19.6 -prometheus_version=2.20.1 -grafana_version=7.1.5 -node_exporter_version=1.0.1 -guacamole_version=1.2.0 - -TOR_SOCKET_TIMEOUT="60" - -function issues() { -cat << EOI -Problems with PyOpenSSL? - sudo rm -rf /usr/local/lib/python3.8/dist-packages/OpenSSL/ - sudo rm -rf /home/${USER}/.local/lib/python3.8/site-packages/OpenSSL/ - sudo apt install --reinstall python-openssl - -Problem with PIP? - sudo python -m pip3 uninstall pip3 && sudo apt install python3-pip --reinstall - -Problem with pillow: - * ValueError: jpeg is required unless explicitly disabled using --disable-jpeg, aborting - * ValueError: zlib is required unless explicitly disabled using --disable-zlib, aborting -Solution: - # https://askubuntu.com/a/1094768 - # you may need to adjust version of libjpeg-turbo8 - sudo apt install zlib1g-dev libjpeg-turbo8-dev libjpeg-turbo8=1.5.2-0ubuntu5 -EOI -} - -function usage() { -cat << EndOfHelp - You need to edit NETWORK_IFACE, IFACE_IP and PASSWD for correct install - - * This ISN'T a silver bullet, we can't control all changes in all third part software, you are welcome to report updates - - Usage: $0 cape | tee $0.log - Example: $0 all cape 192.168.1.1 | tee $0.log - Commands - are case insensitive: - Base - Installs dependencies, CAPE, systemd, see code for full list - All - Installs everything - (don't use it if you don't know what will be installed ;)) - Sandbox - Install CAPE - Dependencies - Install all dependencies with performance tricks - Systemd - Install systemd config for cape, we suggest to use systemd - Nginx - Install NGINX with realip plugin and other goodies, pass your domain as argument - LetsEncrypt - Install LetsEncrypt for your site, pass your domain as argument - Supervisor - Install supervisor config for CAPE # depricated - Suricata - Install latest suricata with performance boost - PostgreSQL - Install latest PostgresSQL - Yara - Install latest yara - Volatility3 - Install Volatility3 and windows symbols - Mongo - Install latest mongodb - LetsEncrypt - Install dependencies and retrieves certificate - Dist - will install CAPE distributed stuff - ClamAv - Install ClamAV and unofficial signatures - redsocks2 - install redsocks2 - logrotate - install logrotate config to rotate daily or 10G logs - prometheus - Install Prometheus and Grafana - node_exporter - Install node_exporter to report data to Prometheus+Grafana, only on worker servers - jemalloc - Install jemalloc, required for CAPE to decrease memory usage - Details: https://zapier.com/engineering/celery-python-jemalloc/ - crowdsecurity - Install CrowdSecurity for NGINX and webgui - docker - install docker - osslsigncode - Linux alternative to Windows signtool.exe - modsecurity - install Nginx ModSecurity plugin - Issues - show some known possible bugs/solutions - - Useful links - THEY CAN BE OUTDATED; RTFM!!! - * https://cuckoo.sh/docs/introduction/index.html - * https://medium.com/@seifreed/how-to-deploy-cuckoo-sandbox-431a6e65b848 - * https://infosecspeakeasy.org/t/howto-build-a-cuckoo-sandbox/27 - Cuckoo V2 customizations neat howto - * https://www.adlice.com/cuckoo-sandbox-customization-v2/ -EndOfHelp -} - -function install_crowdsecurity() { - sudo apt-get install bash gettext whiptail curl wget - cd /tmp || return - if [ ! -d crowdsec-release.tgz ]; then - curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4 | wget -i - - fi - tar xvzf crowdsec-release.tgz - directory=$(ls | grep "crowdsec-v*") - cd "$directory" || return - sudo ./wizard.sh -i - sudo cscli collections install crowdsecurity/nginx - sudo systemctl reload crowdsec - install_docker - sudo cscli dashboard setup -l 127.0.0.1 -p 8448 - - wget https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/v0.0.4/cs-nginx-bouncer.tgz - tar xvzf cs-nginx-bouncer.tgz - directory=$(ls | grep "cs-nginx-bouncer*") - cd "$directory" || return - sudo ./install.sh -} - -function install_docker() { - # https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04 - sudo apt install apt-transport-https ca-certificates curl software-properties-common - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" - sudo apt update - sudo apt install docker-ce - sudo usermod -aG docker ${USER} -} - -function install_jemalloc() { - - # https://zapier.com/engineering/celery-python-jemalloc/ - if ! $(dpkg -l "libjemalloc*" | grep -q "ii libjemalloc"); then - apt install -f checkinstall curl build-essential jq autoconf libjemalloc-dev -y - fi -} - -function install_modsecurity() { - # Tested on nginx 1.(16|18).X Based on https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/ with fixes - apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev - git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity - cd ModSecurity || return - git submodule init - git submodule update - ./build.sh - ./configure - make -j"$(nproc)" - checkinstall -D --pkgname="ModSecurity" --default - - cd .. || return - git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git - - # this step is required to install plugin for existing setup - if [ ! -d nginx-"$nginx_version" ]; then - wget http://nginx.org/download/nginx-"$nginx_version".tar.gz - wget http://nginx.org/download/nginx-"$nginx_version".tar.gz.asc - gpg --verify "nginx-$nginx_version.tar.gz.asc" - tar zxf nginx-"$nginx_version".tar.gz - fi - - cd nginx-"$nginx_version" || return - ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx - make modules - cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/ngx_http_modsecurity_module.so - cd .. || return - - mkdir /etc/nginx/modsec - wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended - mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf - cp ModSecurity/unicode.mapping /etc/nginx/modsec - sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf - echo 'Include "/etc/nginx/modsec/modsecurity.conf"' >/etc/nginx/modsec/main.conf - - echo ''' - - 1. Add next line to the top of /etc/nginx/nginx.conf - * load_module modules/ngx_http_modsecurity_module.so; - 2. Add next 2 rules to enabled-site under server section - modsecurity on; - modsecurity_rules_file /etc/nginx/modsec/main.conf; - ''' - -} - -function install_nginx() { - - if [ ! -d nginx-$nginx_version ]; then - wget http://nginx.org/download/nginx-$nginx_version.tar.gz - wget http://nginx.org/download/nginx-$nginx_version.tar.gz.asc - gpg --verify "nginx-$nginx_version.tar.gz.asc" - tar zvf nginx-$nginx_version.tar.gz - fi - - # PCRE version 8.42 - wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && tar xzvf pcre-8.42.tar.gz - - # zlib version 1.2.11 - wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz - - # OpenSSL version 1.1.0h - wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz && tar xzvf openssl-1.1.0h.tar.gz - - sudo add-apt-repository -y ppa:maxmind/ppa - sudo apt update && sudo apt upgrade -y - sudo apt install -y perl libperl-dev libgd3 libgd-dev libgeoip1 libgeoip-dev geoip-bin libxml2 libxml2-dev libxslt1.1 libxslt1-dev - - cd nginx-$nginx_version || return - - sudo cp man/nginx.8 /usr/share/man/man8 - sudo gzip /usr/share/man/man8/nginx.8 - ls /usr/share/man/man8/ | grep nginx.8.gz - - ./configure --prefix=/usr/share/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/tmp/nginx.pid \ - --lock-path=/var/lock/nginx.lock \ - --user=www-data \ - --group=www-data \ - --build=Ubuntu \ - --http-client-body-temp-path=/var/lib/nginx/body \ - --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ - --http-proxy-temp-path=/var/lib/nginx/proxy \ - --http-scgi-temp-path=/var/lib/nginx/scgi \ - --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ - --with-openssl=../openssl-1.1.0h \ - --with-openssl-opt=enable-ec_nistp_64_gcc_128 \ - --with-openssl-opt=no-nextprotoneg \ - --with-openssl-opt=no-weak-ssl-ciphers \ - --with-openssl-opt=no-ssl3 \ - --with-pcre=../pcre-8.42 \ - --with-pcre-jit \ - --with-zlib=../zlib-1.2.11 \ - --with-compat \ - --with-file-aio \ - --with-threads \ - --with-http_addition_module \ - --with-http_auth_request_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_mp4_module \ - --with-http_random_index_module \ - --with-http_realip_module \ - --with-http_slice_module \ - --with-http_ssl_module \ - --with-http_sub_module \ - --with-http_stub_status_module \ - --with-http_v2_module \ - --with-http_secure_link_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-stream \ - --with-stream_realip_module \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-debug \ - --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \ - --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' - #--with-http_v3_module \ - - make -j"$(nproc)" - checkinstall -D --pkgname="nginx-$nginx_version" --pkgversion="$nginx_version" --default - sudo ln -s /usr/lib/nginx/modules /etc/nginx/modules - sudo adduser --system --home /nonexistent --shell /bin/false --no-create-home --disabled-login --disabled-password --gecos "nginx user" --group nginx - - install_modsecurity - - sudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_temp - sudo chmod 700 /var/cache/nginx/* - sudo chown nginx:root /var/cache/nginx/* - - if [ ! -f /lib/systemd/system/nginx.service ]; then - cat >> /lib/systemd/system/nginx.service << EOF -[Unit] -Description=nginx - high performance web server -Documentation=https://nginx.org/en/docs/ -After=network-online.target remote-fs.target nss-lookup.target -Wants=network-online.target - -[Service] -Type=forking -PIDFile=/tmp/nginx.pid -ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf -ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf -ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s TERM $MAINPID - -[Install] -WantedBy=multi-user.target -EOF - fi - - sudo systemctl enable nginx.service - sudo systemctl start nginx.service - sudo systemctl is-enabled nginx.service - - sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled} - sudo chmod 640 /var/log/nginx/* - sudo chown nginx:adm /var/log/nginx/access.log /var/log/nginx/error.log - - - if [ ! -f /etc/logrotate.d/nginx ]; then - cat >> /etc/logrotate.d/nginx << EOF -/var/log/nginx/*.log { - daily - missingok - rotate 52 - compress - delaycompress - notifempty - create 640 nginx adm - sharedscripts - postrotate - if [ -f /tmp/nginx.pid ]; then - kill -USR1 $(cat /tmp/nginx.pid) - fi - endscript -} -EOF -fi - - sudo ln -s /etc/nginx/sites-available/"$1" /etc/nginx/sites-enabled/ - #sudo wget https://support.cloudflare.com/hc/en-us/article_attachments/201243967/origin-pull-ca.pem -O - - if [ ! -f /etc/nginx/sites-enabled/capesandbox ]; then - cat >> /etc/nginx/sites-enabled/capesandbox << EOF -server { - listen 80 default_server; - server_name $1; - return 301 https://$host$request_uri; -} - -server { - if ($http_user_agent = "") { - return 444; - } - # SSL configuration - listen 443 ssl http2; - //listen [::]:443 ssl http2; - //listen 443 http3 reuseport; # UDP listener for QUIC+HTTP/3 - ssl on; - //ssl_protocols TLSv1.3; # QUIC requires TLS 1.3 - ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem; - ssl_client_certificate /etc/ssl/certs/cloudflare.crt; - ssl_verify_client on; - - //add_header Alt-Svc 'quic=":443"'; # Advertise that QUIC is available - //add_header QUIC-Status $quic; # Sent when QUIC was used - - server_name $1 www.$1; - location / { - try_files $uri $uri/ =404; - } -}: -EOF -fi - - if [ ! -f /etc/ssl/certs/cloudflare.crt ]; then - cat >> /etc/ssl/certs/cloudflare.crt << EOF ------BEGIN CERTIFICATE----- -MIIGBjCCA/CgAwIBAgIIV5G6lVbCLmEwCwYJKoZIhvcNAQENMIGQMQswCQYDVQQG -EwJVUzEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjEUMBIGA1UECxMLT3JpZ2lu -IFB1bGwxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3Ju -aWExIzAhBgNVBAMTGm9yaWdpbi1wdWxsLmNsb3VkZmxhcmUubmV0MB4XDTE1MDEx -MzAyNDc1M1oXDTIwMDExMjAyNTI1M1owgZAxCzAJBgNVBAYTAlVTMRkwFwYDVQQK -ExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmlnaW4gUHVsbDEWMBQGA1UE -BxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEjMCEGA1UEAxMa -b3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDdsts6I2H5dGyn4adACQRXlfo0KmwsN7B5rxD8C5qgy6spyONr -WV0ecvdeGQfWa8Gy/yuTuOnsXfy7oyZ1dm93c3Mea7YkM7KNMc5Y6m520E9tHooc -f1qxeDpGSsnWc7HWibFgD7qZQx+T+yfNqt63vPI0HYBOYao6hWd3JQhu5caAcIS2 -ms5tzSSZVH83ZPe6Lkb5xRgLl3eXEFcfI2DjnlOtLFqpjHuEB3Tr6agfdWyaGEEi -lRY1IB3k6TfLTaSiX2/SyJ96bp92wvTSjR7USjDV9ypf7AD6u6vwJZ3bwNisNw5L -ptph0FBnc1R6nDoHmvQRoyytoe0rl/d801i9Nru/fXa+l5K2nf1koR3IX440Z2i9 -+Z4iVA69NmCbT4MVjm7K3zlOtwfI7i1KYVv+ATo4ycgBuZfY9f/2lBhIv7BHuZal -b9D+/EK8aMUfjDF4icEGm+RQfExv2nOpkR4BfQppF/dLmkYfjgtO1403X0ihkT6T -PYQdmYS6Jf53/KpqC3aA+R7zg2birtvprinlR14MNvwOsDOzsK4p8WYsgZOR4Qr2 -gAx+z2aVOs/87+TVOR0r14irQsxbg7uP2X4t+EXx13glHxwG+CnzUVycDLMVGvuG -aUgF9hukZxlOZnrl6VOf1fg0Caf3uvV8smOkVw6DMsGhBZSJVwao0UQNqQIDAQAB -o2YwZDAOBgNVHQ8BAf8EBAMCAAYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4E -FgQUQ1lLK2mLgOERM2pXzVc42p59xeswHwYDVR0jBBgwFoAUQ1lLK2mLgOERM2pX -zVc42p59xeswCwYJKoZIhvcNAQENA4ICAQDKDQM1qPRVP/4Gltz0D6OU6xezFBKr -LWtDoA1qW2F7pkiYawCP9MrDPDJsHy7dx+xw3bBZxOsK5PA/T7p1dqpEl6i8F692 -g//EuYOifLYw3ySPe3LRNhvPl/1f6Sn862VhPvLa8aQAAwR9e/CZvlY3fj+6G5ik -3it7fikmKUsVnugNOkjmwI3hZqXfJNc7AtHDFw0mEOV0dSeAPTo95N9cxBbm9PKv -qAEmTEXp2trQ/RjJ/AomJyfA1BQjsD0j++DI3a9/BbDwWmr1lJciKxiNKaa0BRLB -dKMrYQD+PkPNCgEuojT+paLKRrMyFUzHSG1doYm46NE9/WARTh3sFUp1B7HZSBqA -kHleoB/vQ/mDuW9C3/8Jk2uRUdZxR+LoNZItuOjU8oTy6zpN1+GgSj7bHjiy9rfA -F+ehdrz+IOh80WIiqs763PGoaYUyzxLvVowLWNoxVVoc9G+PqFKqD988XlipHVB6 -Bz+1CD4D/bWrs3cC9+kk/jFmrrAymZlkFX8tDb5aXASSLJjUjcptci9SKqtI2h0J -wUGkD7+bQAr+7vr8/R+CBmNMe7csE8NeEX6lVMF7Dh0a1YKQa6hUN18bBuYgTMuT -QzMmZpRpIBB321ZBlcnlxiTJvWxvbCPHKHj20VwwAz7LONF59s84ZsOqfoBv8gKM -s0s5dsq5zpLeaw== ------END CERTIFICATE----- -EOF -fi -} - -function install_letsencrypt(){ - sudo add-apt-repository ppa:certbot/certbot -y - sudo apt update - sudo apt install python3-certbot-nginx -y - echo "server_name $1 www.$1;" > /etc/nginx/sites-available/"$1" - sudo certbot --nginx -d "$1" -d www."$1" -} - -function install_fail2ban() { - sudo apt install fail2ban -y - sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local - sudo sed -i /etc/fail2ban/jail.local - systemctl start fail2ban - systemctl enable fail2ban - - #https://kifarunix.com/how-to-protect-ssh-server-authentication-with-fail2ban-on-ubuntu-18-04/2/ -} - -function install_logrotate() { - # du -sh /var/log/* | sort -hr | head -n10 - # thanks digitalocean.com for the manual - # https://www.digitalocean.com/community/tutorials/how-to-manage-logfiles-with-logrotate-on-ubuntu-16-04 - if [ ! -f /etc/logrotate.d/doomedraven.conf ]; then - cat >> /etc/logrotate.d/doomedraven.conf << EOF -#/var/log/*.log { -# daily -# missingok -# rotate 7 -# compress -# create -# maxsize 10G -#} - -#/var/log/supervisor/*.log { -# daily -# missingok -# rotate 7 -# compress -# create -# maxsize 50M -#} -EOF - fi - - sudo /usr/sbin/logrotate --force /etc/logrotate.conf - du -sh /var/log/* | sort -hr | head -n10 - # wipe kern.log - # cat /dev/null | sudo tee /var/log/kern.log -} - -function redsocks2() { - cd /tmp || return - sudo apt install -y git libevent-dev libreadline-dev zlib1g-dev libncurses5-dev - sudo apt install -y libssl1.0-dev 2>/dev/null - sudo apt install -y libssl-dev 2>/dev/null - git clone https://github.com/semigodking/redsocks redsocks2 && cd redsocks2 || return - DISABLE_SHADOWSOCKS=true make -j"$(nproc)" #ENABLE_STATIC=true - sudo cp redsocks2 /usr/bin/ -} - -function distributed() { - sudo apt install uwsgi -y 2>/dev/null - sudo mkdir -p /data/{config,}db - sudo chown mongodb:mongodb /data/ -R - cat >> /etc/uwsgi/apps-available/sandbox_api.ini << EOL -[uwsgi] - plugins = python3 - callable = application - ;change this patch if is different - chdir = /opt/CAPEv2/utils - master = true - mount = /=api.py - processes = 5 - manage-script-name = true - socket = 0.0.0.0:8090 - http-timeout = 200 - pidfile = /tmp/api.pid - ; if you will use with nginx, comment next line - protocol=http - enable-threads = true - lazy-apps = true - timeout = 600 - chmod-socket = 664 - chown-socket = cape:cape - gui = cape - uid = cape - stats = 127.0.0.1:9191 -EOL - - ln -s /etc/uwsgi/apps-available/sandbox_api.ini /etc/uwsgi/apps-enabled - service uwsgi restart - - if [ ! -f /lib/systemd/system/mongos.service ]; then - cat >> /lib/systemd/system/mongos.service << EOL -[Unit] -Description=Mongo shard service -After=network.target -After=bind9.service -[Service] -PIDFile=/tmp/mongos.pid -User=root -ExecStart=/usr/bin/mongos --configdb cape_config/${DIST_MASTER_IP}:27019 --port 27020 -[Install] -WantedBy=multi-user.target -EOL -fi - systemctl daemon-reload - systemctl enable mongos.service - systemctl start mongos.service - - echo -e "\n\n\n[+] CAPE distributed documentation: https://github.com/kevoreilly/CAPEv2/blob/master/docs/book/src/usage/dist.rst" - echo -e "\t https://docs.mongodb.com/manual/tutorial/enable-authentication/" - echo -e "\t https://docs.mongodb.com/manual/administration/security-checklist/" - echo -e "\t https://docs.mongodb.com/manual/core/security-users/#sharding-security" -} - -function install_suricata() { - echo '[+] Installing Suricata' - - add-apt-repository ppa:oisf/suricata-stable -y - apt install suricata -y - touch /etc/suricata/threshold.config - - # Download etupdate to update Emerging Threats Open IDS rules: - pip3 install suricata-update - mkdir -p "/etc/suricata/rules" - if ! crontab -l | grep -q '15 * * * * /usr/bin/suricata-update'; then - crontab -l | { cat; echo "15 * * * * /usr/bin/suricata-update --suricata /usr/bin/suricata --suricata-conf /etc/suricata/suricata.yaml -o /etc/suricata/rules/ && /usr/bin/suricatasc -c reload-rules /tmp/suricata-command.socket &>/dev/null"; } | crontab - - fi - if [ -d /usr/share/suricata/rules/ ]; then - cp "/usr/share/suricata/rules/*" "/etc/suricata/rules/" - fi - if [ -d /var/lib/suricata/rules/ ]; then - cp "/var/lib/suricata/rules/*" "/etc/suricata/rules/" - fi - - #change suricata yaml - sed -i 's|#default-rule-path: /etc/suricata/rules|default-rule-path: /etc/suricata/rules|g' /etc/default/suricata - sed -i 's|default-rule-path: /var/lib/suricata/rules|default-rule-path: /etc/suricata/rules|g' /etc/suricata/suricata.yaml - sed -i 's/#rule-files:/rule-files:/g' /etc/suricata/suricata.yaml - sed -i 's/# - suricata.rules/ - suricata.rules/g' /etc/suricata/suricata.yaml - sed -i 's/RUN=yes/RUN=no/g' /etc/default/suricata - sed -i 's/mpm-algo: ac/mpm-algo: hs/g' /etc/suricata/suricata.yaml - sed -i 's/mpm-algo: auto/mpm-algo: hs/g' /etc/suricata/suricata.yaml - sed -i 's/#run-as:/run-as:/g' /etc/suricata/suricata.yaml - sed -i "s/# user: suri/ user: ${USER}/g" /etc/suricata/suricata.yaml - sed -i "s/# group: suri/ group: ${USER}/g" /etc/suricata/suricata.yaml - sed -i 's/ depth: 1mb/ depth: 0/g' /etc/suricata/suricata.yaml - sed -i 's/request-body-limit: 100kb/request-body-limit: 0/g' /etc/suricata/suricata.yaml - sed -i 's/response-body-limit: 100kb/response-body-limit: 0/g' /etc/suricata/suricata.yaml - sed -i 's/EXTERNAL_NET: "!$HOME_NET"/EXTERNAL_NET: "ANY"/g' /etc/suricata/suricata.yaml - sed -i 's|#pid-file: /var/run/suricata.pid|pid-file: /tmp/suricata.pid|g' /etc/suricata/suricata.yaml - sed -i 's|#ja3-fingerprints: auto|ja3-fingerprints: yes|g' /etc/suricata/suricata.yaml - #-k none - sed -i 's/#checksum-validation: none/checksum-validation: none/g' /etc/suricata/suricata.yaml - sed -i 's/checksum-checks: auto/checksum-checks: no/g' /etc/suricata/suricata.yaml - - # enable eve-log - python3 -c "pa = '/etc/suricata/suricata.yaml';q=open(pa, 'rb').read().replace(b'eve-log:\n enabled: no\n', b'eve-log:\n enabled: yes\n');open(pa, 'wb').write(q);" - python3 -c "pa = '/etc/suricata/suricata.yaml';q=open(pa, 'rb').read().replace(b'unix-command:\n enabled: auto\n #filename: custom.socket', b'unix-command:\n enabled: yes\n filename: /tmp/suricata-command.socket');open(pa, 'wb').write(q);" - - chown ${USER}:${USER} -R /etc/suricata -} - -function install_yara() { - echo '[+] Checking for old YARA version to uninstall' - dpkg -l|grep "yara-v[0-9]\{1,2\}\.[0-9]\{1,2\}\.[0-9]\{1,2\}"|cut -d " " -f 3|sudo xargs dpkg --purge --force-all 2>/dev/null - - echo '[+] Installing Yara' - - apt install libtool libjansson-dev libmagic1 libmagic-dev jq autoconf checkinstall -y - - cd /tmp || return - yara_info=$(curl -s https://api.github.com/repos/VirusTotal/yara/releases/latest) - yara_version=$(echo "$yara_info" |jq .tag_name|sed "s/\"//g") - yara_repo_url=$(echo "$yara_info" | jq ".zipball_url" | sed "s/\"//g") - if [ ! -f "$yara_version" ]; then - wget -q "$yara_repo_url" - unzip -q "$yara_version" - #wget "https://github.com/VirusTotal/yara/archive/v$yara_version.zip" && unzip "v$yara_version.zip" - fi - directory=$(ls | grep "VirusTotal-yara-*") - cd "$directory" || return - ./bootstrap.sh - ./configure --enable-cuckoo --enable-magic --enable-dotnet --enable-profiling - make -j"$(getconf _NPROCESSORS_ONLN)" - checkinstall -D --pkgname="yara-$yara_version" --pkgversion="$yara_version|cut -c 2-" --default - ldconfig - - cd /tmp || return - git clone --recursive https://github.com/VirusTotal/yara-python - pip3 install ./yara-python -} - -function install_mongo(){ - echo "[+] Installing MongoDB" - - # $(lsb_release -cs) on 20.04 they uses 18.04 repo - wget -qO - https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add - - echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb.list - - apt update 2>/dev/null - apt install libpcre3-dev -y - apt install -y mongodb-org - pip3 install pymongo -U - - apt install -y ntp - systemctl start ntp.service && sudo systemctl enable ntp.service - - if ! grep -q -E '^kernel/mm/transparent_hugepage/enabled' /etc/sysfs.conf; then - sudo apt install sysfsutils -y - echo "kernel/mm/transparent_hugepage/enabled = never" >> /etc/sysfs.conf - echo "kernel/mm/transparent_hugepage/defrag = never" >> /etc/sysfs.conf - fi - - if [ -f /lib/systemd/system/mongod.service ]; then - systemctl stop mongod.service - systemctl disable mongod.service - rm /lib/systemd/system/mongod.service - rm /lib/systemd/system/mongod.service - systemctl daemon-reload - fi - - if [ ! -f /lib/systemd/system/mongodb.service ]; then - crontab -l | { cat; echo "@reboot /bin/mkdir -p /data/configdb && /bin/mkdir -p /data/db && /bin/chown mongodb:mongodb /data -R"; } | crontab - - cat >> /lib/systemd/system/mongodb.service </dev/null; then - echo "user ${USER} already exist" - else - groupadd ${USER} - useradd --system -g ${USER} -d /home/${USER}/ -m ${USER} - fi - # ToDo add current user to ${USER} group - groupadd pcap - usermod -a -G pcap ${USER} - chgrp pcap /usr/sbin/tcpdump - setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump - - # https://www.torproject.org/docs/debian.html.en - echo "deb http://deb.torproject.org/torproject.org $(lsb_release -cs) main" >> /etc/apt/sources.list - echo "deb-src http://deb.torproject.org/torproject.org $(lsb_release -cs) main" >> /etc/apt/sources.list - sudo apt install gnupg2 -y - gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 - #gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 - #gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - - wget -qO - https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add - - sudo apt update 2>/dev/null - apt install tor deb.torproject.org-keyring libzstd1 -y - - sed -i 's/#RunAsDaemon 1/RunAsDaemon 1/g' /etc/tor/torrc - - cat >> /etc/tor/torrc <> /etc/security/limits.conf - - { - echo "fs.file-max = 100000"; - echo "net.ipv6.conf.all.disable_ipv6 = 1"; - echo "net.ipv6.conf.default.disable_ipv6 = 1"; - echo "net.ipv6.conf.lo.disable_ipv6 = 1"; - echo "net.bridge.bridge-nf-call-ip6tables = 0"; - echo "net.bridge.bridge-nf-call-iptables = 0"; - echo "net.bridge.bridge-nf-call-arptables = 0"; - } >> /etc/sysctl.conf - - sudo sysctl -p - - ### PDNS - sudo apt install git binutils-dev libldns-dev libpcap-dev libdate-simple-perl libdatetime-perl libdbd-mysql-perl -y - cd /tmp || return - git clone https://github.com/gamelinux/passivedns.git - cd passivedns/ || return - autoreconf --install - ./configure - make -j"$(getconf _NPROCESSORS_ONLN)" - sudo checkinstall -D --pkgname=passivedns --default - - pip3 install unicorn capstone - - install_osslsigncode -} - -function install_clamav() { - apt-get install clamav clamav-daemon clamav-freshclam clamav-unofficial-sigs -y - pip3 install -U pyclamd - - cat >> /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf << EOF -# This file contains user configuration settings for the clamav-unofficial-sigs.sh -# Script provide by Bill Landry (unofficialsigs@gmail.com). -# Script updates can be found at: http://sourceforge.net/projects/unofficial-sigs -# License: BSD (Berkeley Software Distribution) -PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" -export PATH -clam_user="clamav" -clam_group="clamav" -setmode="yes" -clam_dbs="/var/lib/clamav" -clamd_pid="/var/run/clamd.pid" -reload_dbs="no" -reload_opt="clamdscan --reload" # Default -enable_random="yes" -min_sleep_time="60" # Default minimum is 60 seconds (1 minute). -max_sleep_time="600" # Default maximum is 600 seconds (10 minutes). -# ======================== -# Sanesecurity Database(s) -# ======================== -# http://www.sanesecurity.com/clamav/databases.htm -ss_dbs=" - blurl.ndb - junk.ndb - jurlbl.ndb - phish.ndb - rogue.hdb - sanesecurity.ftm - scam.ndb - sigwhitelist.ign2 - spamattach.hdb - spamimg.hdb - winnow.attachments.hdb - winnow_bad_cw.hdb - winnow_extended_malware.hdb - winnow_malware.hdb - winnow_malware_links.ndb - doppelstern.hdb - bofhland_cracked_URL.ndb - bofhland_malware_attach.hdb - bofhland_malware_URL.ndb - bofhland_phishing_URL.ndb - crdfam.clamav.hdb - phishtank.ndb - porcupine.ndb - foxhole_filename.cdb - foxhole_all.cdb -" -# ======================== -# SecuriteInfo Database(s) -# ======================== -si_dbs=" - honeynet.hdb - securiteinfo.hdb - securiteinfobat.hdb - securiteinfodos.hdb - securiteinfoelf.hdb - securiteinfohtml.hdb - securiteinfooffice.hdb - securiteinfopdf.hdb - securiteinfosh.hdb -" -si_update_hours="4" # Default is 4 hours (6 update checks daily). -mbl_dbs=" - mbl.ndb -" -mbl_update_hours="6" # Default is 6 hours (4 downloads daily). -rsync_connect_timeout="15" -rsync_max_time="60" -curl_connect_timeout="15" -curl_max_time="90" -work_dir="/usr/unofficial-dbs" #Top level working directory -# Sub-directory names: -ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory -si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory -mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory -config_dir="$work_dir/configs" # Script configs sub-directory -gpg_dir="$work_dir/gpg-key" # Sanesecurity GPG Key sub-directory -add_dir="$work_dir/add-dbs" # User defined databases sub-directory -# If you would like to make a backup copy of the current running database -# file before updating, leave the following variable set to "yes" and a -# backup copy of the file will be created in the production directory -# with -bak appended to the file name. -keep_db_backup="no" -# If you want to silence the information reported by curl, rsync, gpg -# or the general script comments, change the following variables to -# "yes". If all variables are set to "yes", the script will output -# nothing except error conditions. -curl_silence="no" # Default is "no" to report curl statistics -rsync_silence="no" # Default is "no" to report rsync statistics -gpg_silence="no" # Default is "no" to report gpg signature status -comment_silence="no" # Default is "no" to report script comments -# Log update information to '$log_file_path/$log_file_name'. -enable_logging="yes" -log_file_path="/var/log" -log_file_name="clamav-unofficial-sigs.log" -# If necessary to proxy database downloads, define the rsync and/or curl -# proxy settings here. For rsync, the proxy must support connections to -# port 873. Both curl and rsync proxy setting need to be defined in the -# format of "hostname:port". For curl, also note the -x and -U flags, -# which must be set as "-x hostname:port" and "-U username:password". -rsync_proxy="" -curl_proxy="" -# After you have completed the configuration of this file, set the -# following variable to "yes". -user_configuration_complete="no" -################################################################################ -# END OF USER CONFIGURATION # -################################################################################ -add_dbs=" - https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb - https://raw.githubusercontent.com/wmetcalf/clam-punch/master/exexor99.ldb - https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb - https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2 -" -EOF - chown root:root /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf - chmod 644 /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf - usermod -a -G ${USER} clamav - echo "/opt/CAPEv2/storage/** r," | sudo tee -a /etc/apparmor.d/local/usr.sbin.clamd - sudo systemctl enable clamav-daemon - sudo systemctl start clamav-daemon - sudo -u clamav /usr/sbin/clamav-unofficial-sigs -} - -function install_CAPE() { - echo "[+] Installing CAPEv2" - - cd /opt || return - git clone https://github.com/intezer/CAPEv2.git - #chown -R root:${USER} /usr/var/malheur/ - #chmod -R =rwX,g=rwX,o=X /usr/var/malheur/ - # Adapting owner permissions to the ${USER} path folder - chown ${USER}:${USER} -R "/opt/CAPEv2/*" - - CRYPTOGRAPHY_DONT_BUILD_RUST=1 pip3 install -r /opt/CAPEv2/requirements.txt - - sed -i "/connection =/cconnection = postgresql://${USER}:${PASSWD}@localhost:5432/${USER}" /opt/CAPEv2/conf/cuckoo.conf - sed -i "/tor/{n;s/enabled = no/enabled = yes/g}" /opt/CAPEv2/conf/routing.conf - #sed -i "/memory_dump = off/cmemory_dump = on" /opt/CAPEv2/conf/cuckoo.conf - #sed -i "/machinery =/cmachinery = kvm" /opt/CAPEv2/conf/cuckoo.conf - sed -i "/interface =/cinterface = ${NETWORK_IFACE}" /opt/CAPEv2/conf/auxiliary.conf - - cd CAPEv2 || return - python3 utils/community.py -waf -cr -} - -function install_systemd() { - - if [ ! -f /lib/systemd/system/cape-processor.service ]; then - cat >> /lib/systemd/system/cape-processor.service << EOL -[Unit] -Description=CAPEv2 report processor -Documentation=https://github.com/kevoreilly/CAPEv2 -Wants=cape.service -After=cape-rooter.service - -[Service] -WorkingDirectory=/opt/CAPEv2/utils/ -ExecStart=/usr/bin/python3 process.py -p7 auto -pt 900 -User=${USER} -Group=${USER} -Restart=always -RestartSec=5m -LimitNOFILE=100000 - -[Install] -WantedBy=multi-user.target -EOL -fi - - if [ ! -f /lib/systemd/system/cape-rooter.service ]; then - cat >> /lib/systemd/system/cape-rooter.service << EOL -[Unit] -Description=CAPE rooter -Documentation=https://github.com/kevoreilly/CAPEv2 -Wants=network-online.target -After=syslog.target network.target - -[Service] -WorkingDirectory=/opt/CAPEv2/utils/ -ExecStart=/usr/bin/python3 rooter.py --iptables /usr/sbin/iptables --iptables-restore /usr/sbin/iptables-restore --iptables-save /usr/sbin/iptables-save -g ${USER} -User=root -Group=root -Restart=always -RestartSec=5m - -[Install] -WantedBy=multi-user.target -EOL -fi - - if [ ! -f /lib/systemd/system/cape-web.service ]; then - cat >> /lib/systemd/system/cape-web.service << EOL -[Unit] -Description=CAPE WSGI app -Documentation=https://github.com/kevoreilly/CAPEv2 -Wants=cape.service -After=cape.service - -[Service] -WorkingDirectory=/opt/CAPEv2/web -ExecStart=/usr/bin/python3 manage.py runserver 0.0.0.0:8000 -#ExecStart=/opt/CAPEv2/venv/bin/gunicorn -b 127.0.0.1:8000 web.wsgi -User=${USER} -Group=${USER} -Restart=always -RestartSec=5m - -[Install] -WantedBy=multi-user.target -EOL -fi - - if [ ! -f /lib/systemd/system/cape.service ]; then - cat >> /lib/systemd/system/cape.service << EOL -[Unit] -Description=CAPE -Documentation=https://github.com/kevoreilly/CAPEv2 - -[Service] -Environment=LD_PRELOAD=libjemalloc.so -WorkingDirectory=/opt/CAPEv2/ -ExecStart=/usr/bin/python3 cuckoo.py -User=${USER} -Group=${USER} -Restart=always -RestartSec=5m -LimitNOFILE=100000 -[Install] -WantedBy=multi-user.target -EOL -fi - - if [ ! -f /lib/systemd/system/suricata.service ]; then - cat >> /lib/systemd/system/suricata.service << EOL -[Unit] -Description=Suricata IDS/IDP daemon -After=network.target -Requires=network.target -Documentation=man:suricata(8) man:suricatasc(8) -Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki - -[Service] -Type=forking -#Environment=LD_PREDLOAD=/usr/lib/libtcmalloc_minimal.so.4 -#Environment=CFG=/etc/suricata/suricata.yaml -#CapabilityBoundingSet=CAP_NET_ADMIN -ExecStartPre=/bin/rm -f /tmp/suricata.pid -ExecStart=/usr/bin/suricata -D -c /etc/suricata/suricata.yaml --unix-socket -ExecReload=/bin/kill -HUP $MAINPID -ExecStop=/bin/kill $MAINPID -PrivateTmp=no -InaccessibleDirectories=/home /root -ReadOnlyDirectories=/boot /usr /etc -User=root - -[Install] -WantedBy=multi-user.target -EOL -fi - - - systemctl daemon-reload - systemctl enable cape-rooter - systemctl start cape-rooter - - systemctl enable cape - systemctl start cape - - systemctl enable cape-processor - systemctl start cape-processor - - systemctl enable cape-web - systemctl start cape-web - - systemctl enable suricata - systemctl start suricata - -} - -function supervisor() { - pip3 install supervisor -U - #### Cuckoo Start at boot - - if [ ! -d /etc/supervisor/conf.d ]; then - mkdir -p /etc/supervisor/conf.d - fi - - if [ ! -d /var/log/supervisor ]; then - mkdir -p /var/log/supervisor - fi - - if [ ! -f /etc/supervisor/supervisord.conf ]; then - echo_supervisord_conf > /etc/supervisor/supervisord.conf - fi - - if [ ! -f /lib/systemd/system/supervisor.service ]; then - cat >> /lib/systemd/system/supervisor.service <> /etc/supervisor/conf.d/cape.conf </dev/null"; } | crontab - - fi - # Update FLARE CAPA rules and community every 3 hours - if ! crontab -l | grep -q 'community.py -waf -cr'; then - crontab -l | { cat; echo "5 */3 * * * cd /opt/CAPEv2/utils/ && python3 community.py -waf -cr && pip3 install -U flare-capa && systemctl restart cape-processor 2>/dev/null"; } | crontab - - fi - if ! crontab -l | grep -q 'echo signal newnym'; then - crontab -l | { cat; echo "00 */1 * * * (echo authenticate '""'; echo signal newnym; echo quit) | nc localhost 9051 2>/dev/null"; } | crontab - - fi - - - ;; -'all') - dependencies - install_mongo - install_suricata - install_yara - if [ "$sandbox_version" = "upstream" ]; then - pip3 install cuckoo - else - install_CAPE - fi - install_systemd - install_jemalloc - install_logrotate - #socksproxies is to start redsocks stuff - if [ -f /opt/CAPEv2/socksproxies.sh ]; then - crontab -l | { cat; echo "@reboot /opt/CAPEv2/socksproxies.sh"; } | crontab - - fi - if ! crontab -l | grep -q './smtp_sinkhole.sh'; then - crontab -l | { cat; echo "@reboot cd /opt/CAPEv2/utils/ && ./smtp_sinkhole.sh 2>/dev/null"; } | crontab - - fi - # Update FLARE CAPA rules once per day - if ! crontab -l | grep -q 'community.py -cr'; then - crontab -l | { cat; echo "5 0 */1 * * cd /opt/CAPEv2/utils/ && python3 community.py -cr && systemctl restart cape-processor 2>/dev/null"; } | crontab - - fi - ;; -'systemd') - install_systemd;; -'supervisor') - supervisor;; -'suricata') - install_suricata;; -'yara') - install_yara;; -'volatility3') - install_volatility3;; -'postgresql') - install_postgresql;; -'sandbox') - install_CAPE;; -'dist') - distributed;; -'fail2ban') - install_fail2ban;; -'mongo') - install_mongo;; -'redsocks2') - redsocks2;; -'dependencies') - dependencies;; -'logrotate') - install_logrotate;; -'issues') - issues;; -'nginx') - install_nginx;; -'letsencrypt') - install_letsencrypt;; -'clamav') - install_clamav;; -'prometheus') - install_prometheus_grafana;; -'node_exporter') - install_node_exporter;; -'jemalloc') - install_jemalloc;; -'guacamole') - install_guacamole;; -'docker') - install_docker;; -'modsecurity') - install_modsecurity;; -'crowdsecurity') - install_crowdsecurity;; -'osslsigncode') - install_osslsigncode;; -*) - usage;; -esac \ No newline at end of file diff --git a/kvm-qemu.sh b/kvm-qemu.sh deleted file mode 100755 index 5b61ed6c987..00000000000 --- a/kvm-qemu.sh +++ /dev/null @@ -1,1264 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2011-2021 DoomedRaven. -# This file is part of Tools - https://github.com/doomedraven/Tools -# See the file 'LICENSE.md' for copying permission. -# https://www.doomedraven.com/2016/05/kvm.html -# https://www.doomedraven.com/2020/04/how-to-create-virtual-machine-with-virt.html -# Use Ubuntu 20.04 LTS - -#Update date: 08.05.2021 - -: ' -Huge thanks to: - * @SamRSA8 - * @http_error_418 - * @2sec4you - * @seifreed - * @Fire9 - * @abuse_ch - * @wmetcalf - * @ClaudioWayne - * @CplNathan -' - -# ToDo investigate -#https://www.jamescoyle.net/how-to/1810-qcow2-disk-images-and-performance -#when backing storage is attached to virtio_blk (vda, vdb, etc.) storage controller - performance from iSCSI client connecting to the iSCSI target was in my environment ~ 20 IOPS, with throughput (depending on IO size) ~ 2-3 MiB/s. I changed virtual disk controller within virtual machine to SCSI and I'm able to get 1000+ IOPS and throughput 100+ MiB/s from my iSCSI clients. - -#https://linux.die.net/man/1/qemu-img -#"cluster_size" -#Changes the qcow2 cluster size (must be between 512 and 2M). Smaller cluster sizes can improve the image file size whereas larger cluster sizes generally provide better performance. - -# https://github.com/dylanaraps/pure-bash-bible -# https://www.shellcheck.net/ - -# ACPI tables related -# https://wiki.archlinux.org/index.php/DSDT -# Dump on linux -# acpidump > acpidump.out -# Dump on Windows -# https://acpica.org/downloads/binary-tools -# acpixtract -a acpi/4/acpi.dump - -# acpixtract -a acpidump.out -# iasl -d DSDT.dat -# Decompile: iasl -d dsdt.dat -# Recompile: iasl -tc dsdt.dsl - -# strs[0] = "KVMKVMKVM\0\0\0"; /* KVM */ -# strs[1] = "Microsoft Hv"; /* Microsoft Hyper-V or Windows Virtual PC */ -# strs[2] = "VMwareVMware"; /* VMware */ -# strs[3] = "XenVMMXenVMM"; /* Xen */ -# strs[4] = "prl hyperv "; /* Parallels */ -# strs[5] = "VBoxVBoxVBox"; /* VirtualBox */ - -#https://www.qemu.org/download/#source or https://download.qemu.org/ -qemu_version=6.0.0 -# libvirt - https://libvirt.org/sources/ -# changelog - https://libvirt.org/news.html -libvirt_version=7.3.0 -# virt-manager - https://github.com/virt-manager/virt-manager/releases -# autofilled -OS="" -username=$SUDO_USER -MAINTAINER="" - -sudo apt update -sudo apt install aptitude -y -sudo aptitude install -f pcregrep aptitude -cpuspeed=$(pcregrep -Mio '(?s)processor\s+\: 0\s*\n.*?model name\s+\:[^\r\n]*?\K\s+@\s+\d+\.\d+GHz' < /proc/cpuinfo) -cpuspeedsz=${#cpuspeed} - - -#replace all occurances of CPU's in qemu with our fake one -cpuid="Intel(R) Core(TM) i3-4130 CPU" -#cpuid="AMD FX(tm)-4300 Quad-Core Processor" - -#KVMKVMKVM\\0\\0\\0 replacement -hypervisor_string_replacemnt="GenuineIntel" -#hypervisor_string_replacemnt="AuthenticAMD" - -#QEMU HARDDISK -#qemu_hd_replacement="SanDisk SDSSD" -qemu_hd_replacement="SAMSUNG MZ76E120" -#QEMU DVD-ROM -#qemu_dvd_replacement="HL-DT-ST WH1" -#qemu_dvd_replacement="HL-PV-SG WB4" -qemu_dvd_replacement="HL-PQ-SV WB8" - -#BOCHSCPU -bochs_cpu_replacement="INTELCPU" -#bochs_cpu_replacement="AMDCPU" - -#QEMU\/Bochs -qemu_bochs_cpu='INTEL\/INTEL' -qemu_bochs_cpu='AMD\/AMD' - -#qemu -qemu_space_replacement="intel " -#qemu_space_replacement="amd " - -#06\/23\/99 -src_misc_bios_table="07\/02\/18" - -#04\/01\/2014 -src_bios_table_date2="11\/03\/2018" - -#01\/01\/2011 -src_fw_smbios_date="11\/03\/2018" - -if (( "$cpuspeedsz" > 0 )); then - cpuid+="$cpuspeed" -fi -echo "$cpuid" - -# if you want all arches support in QEMU, just set QTARGETS to empty -QTARGETS="--target-list=i386-softmmu,x86_64-softmmu,i386-linux-user,x86_64-linux-user" - -# ToDO add to see if cpu supports VTx -# egrep '(vmx|svm)' --color=always /proc/cpuinfo -#* If your CPU is Intel, you need activate in __BIOS__ VT-x -# * (last letter can change, you can activate [TxT ](https://software.intel.com/en-us/blogs/2012/09/25/how-to-enable-an-intel-trusted-execution-technology-capable-server) too, and any other feature, but VT-* is very important) - -NC='\033[0m' -RED='\033[0;31m' -echo -e "${RED}[!] ONLY for UBUNTU 20.04${NC}" -echo -e "${RED}\t[!] NEVER install packages from APT that installed by this script${NC}" -echo -e "${RED}\t[!] NEVER use 'make install' - it poison system and no easy way to upgrade/uninstall/cleanup, use checkinstall${NC}" -echo -e "${RED}\t[!] NEVER run 'python setup.py install' DO USE 'pip intall .' the same as APT poisoning/upgrading${NC}\n" - -function usage() { -cat << EndOfHelp - Usage: $0 | tee $0.log - Commands - are case insensitive: - All - - Execs QEMU/SeaBios/KVM, username is optional - QEMU - Install QEMU from source, - DEFAULT support are x86 and x64, set ENV var QEMU_TARGERS=all to install for all arches - SeaBios - Install SeaBios and repalce QEMU bios file - Libvirt - install libvirt, username is optional - KVM - this will install intel-HAXM if you on Mac - HAXM - Mac Hardware Accelerated Execution Manager - GRUB - add IOMMU to grub command line - tcp_bbr - Enable TCP BBR congestion control - * https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ - Mosh - mobile shell - https://mosh.org/ - WebVirtMgr - Install WebManager for KVM - Clone - <#vm_to_create> - * Example Win7x64 /VMs/Win7x64.qcow2 0 5 /var/lib/libvirt/images/ 192.168.1 linked - https://wiki.qemu.org/Documentation/CreateSnapshot - Libvmi - install LibVMI - Virtmanager - install virt-manager - Libguestfs - install libguestfs - Replace_qemu - only fix antivms in QEMU source - Replace_seabios - only fix antivms in SeaBios source - Issues - will give you error - solution list - noip - Install No-ip deamon and enable on boot - SysRQ - enable SysRQ - https://sites.google.com/site/syscookbook/rhel/rhel-sysrq-key - jemalloc - install Jemalloc google if you need details ;) - - Tips: - * Latest kernels having some KVM features :) - * apt search linux-image - * QCOW2 allocations types performance - * https://www.jamescoyle.net/how-to/1810-qcow2-disk-images-and-performance - * https://www.jamescoyle.net/how-to/2060-qcow2-physical-size-with-different-preallocation-settings -EndOfHelp -} - -function grub_iommu(){ - # ToDo make a sed with regex which works on all cases - echo "[+] Updating GRUB for IOMMU support" - if ! sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="intel_iommu=on"/g' /etc/default/grub; then - echo "[-] GRUB patching failed, add intel_iommu=on manually" - return 1 - fi - sudo update-grub - echo "[+] Please reboot" -} - -function _sed_aux(){ - # pattern path error_msg - if [ -f "$2" ] && ! sed -i "$1" "$2"; then - echo "$3" - fi -} - -function _enable_tcp_bbr() { - #ToDo check if already there - # https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/ - # grep 'CONFIG_TCP_CONG_BBR' /boot/config-$(uname -r) - # grep 'CONFIG_NET_SCH_FQ' /boot/config-$(uname -r) - # egrep 'CONFIG_TCP_CONG_BBR|CONFIG_NET_SCH_FQ' /boot/config-$(uname -r) - if ! grep -q -E '^net.core.default_qdisc=fq' /etc/security/limits.conf; then - echo "net.core.default_qdisc=fq" >> /etc/security/limits.conf - echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/security/limits.conf - fi - - modprobe br_netfilter - echo "br_netfilter" >> /etc/modules - { - echo "net.bridge.bridge-nf-call-arptables = 1"; - echo "net.bridge.bridge-nf-call-ip6tables = 1"; - echo "net.bridge.bridge-nf-call-iptables = 1"; - echo "net.core.rmem_max = 16777216"; - echo "net.core.wmem_max = 16777216"; - echo "net.ipv4.tcp_rmem = 4096 87380 16777216"; - echo "net.ipv4.tcp_wmem = 4096 65536 16777216"; - echo "net.ipv4.tcp_syncookies = 0" ; - echo "net.ipv4.tcp_mem = 50576 64768 98152" ; - echo "net.core.netdev_max_backlog = 2500" ; - echo "vm.swappiness = 1" ; - echo "vm.dirty_ratio = 15"; - } >> /etc/sysctl.conf - sudo sysctl -p - - sudo sysctl --system -} - -function _check_brew() { - if [ ! -f /usr/local/bin/brew ]; then - /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" - fi -} - -function install_haxm_mac() { - _check_brew - brew cask install intel-haxm - brew tap jeffreywildman/homebrew-virt-manager - brew cask install xquartz - brew install virt-manager virt-viewer - mkdir -p $("brew --prefix libosinfo")/share/libosinfo - wget https://pci-ids.ucw.cz/v2.2/pci.ids -O $("brew --prefix libosinfo")/share/libosinfo/pci.ids - wget http://www.linux-usb.org/usb.ids -O $("brew --prefix libosinfo")/share/libosinfo/usb.ids - - if [ "$SHELL" = "/bin/zsh" ] || [ "$SHELL" = "/usr/bin/zsh" ] ; then - echo "export LIBVIRT_DEFAULT_URI=qemu:///system" >> "$HOME/.zsh" - else - echo "export LIBVIRT_DEFAULT_URI=qemu:///system" >> "$HOME/.bashrc" - fi -} - -function install_libguestfs() { - # https://libguestfs.org/guestfs-building.1.html - cd /opt || return - echo "[+] Check for previous version of LibGuestFS" - sudo dpkg --purge --force-all "libguestfs-*" 2>/dev/null - - wget -O- https://packages.erlang-solutions.com/ubuntu/erlang_solutions.asc | sudo apt-key add - - sudo add-apt-repository "deb https://packages.erlang-solutions.com/ubuntu $(lsb_release -sc) contrib" - sudo aptitude install -f parted libyara3 erlang-dev gperf flex bison libaugeas-dev libhivex-dev supermin ocaml-nox libhivex-ocaml genisoimage libhivex-ocaml-dev libmagic-dev libjansson-dev gnulib jq ocaml-findlib -y 2>/dev/null - sudo apt update - sudo aptitude install -f erlang -y - - if [ ! -d libguestfs ]; then - #ToDo move to latest release not latest code - #_info=$(curl -s https://api.github.com/repos/libguestfs/libguestfs/releases/latest) - #_version=$(echo $_info |jq .tag_name|sed "s/\"//g") - #_repo_url=$(echo $_info | jq ".zipball_url" | sed "s/\"//g") - #wget -q $_repo_url - #unzip $_version - #wget "https://github.com/VirusTotal/yara/archive/v$yara_version.zip" && unzip "v$yara_version.zip" - git clone --recursive https://github.com/libguestfs/libguestfs - fi - cd libguestfs || return - git submodule update --init - autoreconf -i - ./configure CFLAGS=-fPIC - make -j"$(nproc)" - echo "[+] cd /opt/libguestfs/ && ./run --help" - echo "[+] cd /opt/libguestfs/ && ./run ./sparsify/virt-sparsify" -} - - -function install_libvmi() { - # IMPORTANT: - # 1) LibVMI will have KVM support if libvirt is available during compile time. - # - # 2 )Enable GDB access to your KVM VM. This is done by adding '-s' to the VM creation line or - # by modifying the VM XML definition used by libvirt as follows: - # Change: - # - # to: - # - # - # Add: - # - # - # - # under the level of the XML. - - # The -s switch is a shorthand for -gdb tcp::1234 - - # LibVMI - cd /tmp || return - - if [ ! -d "libvmi" ]; then - git clone https://github.com/libvmi/libvmi.git - echo "[+] Cloned LibVMI repo" - fi - cd "libvmi" || return - - # install deps - aptitude install -f -y cmake flex bison libglib2.0-dev libjson-c-dev libyajl-dev - # other deps - aptitude install -f -y pkg-config - mkdir build - cd build || return - cmake -DENABLE_XEN=ON -DENABLE_KVM=ON -DENABLE_XENSTORE=OFF -DENABLE_BAREFLANK=OFF .. - make -j"$(nproc)" - checkinstall -D --pkgname=libvmi --default - /sbin/ldconfig - - # LibVMI Python - cd /tmp || return - - if [ ! -d "python" ]; then - # actual - # https://github.com/libvmi/python/tree/76d9ea85eefa0d77f6ad4d6089e757e844763917 - # git checkout add_vmi_request_page_fault - # git pull - git clone https://github.com/libvmi/python.git libvmi-python - echo "[+] Cloned LibVMI Python repo" - fi - cd "libvmi-python" || return - - # install deps - aptitude install -f -y python3-pkgconfig python3-cffi python3-future - #pip3 install . - python3 setup.py build - pip3 install . - - # Rekall - cd /tmp || return - - if [ ! -d "rekall" ]; then - git clone https://github.com/google/rekall.git - echo "[+] Cloned Rekall repo" - fi - - virtualenv /tmp/MyEnv - source /tmp/MyEnv/bin/activate - pip3 install --upgrade testresources setuptools pip wheel - pip3 install capstone - pip3 install --editable rekall/rekall-lib - # ERROR: rekall-efilter 1.6.0 has requirement future==0.16.0 - pip3 install future==0.16.0 - # TypeError: Set() missing 1 required positional argument: 'value' - pip3 install pyaff4==0.26.post6 - pip3 install --editable rekall/rekall-core - pip3 install --editable rekall/rekall-agent - pip3 install --editable rekall - pip3 install --upgrade pyasn1 - deactivate -} - -# In progress... -# -# Errors: "The selected hypervisor has no events support!" - only Xen supported unfortunately -# -function install_pyvmidbg() { - # deps - aptitude install -f python3-docopt python3-lxml cabextract - - # libvmi config entry - # /etc/libvmi.conf: - # win10 { - # ostype = "Windows"; - # rekall_profile = "/etc/libvmi/rekall-profile.json"; - # } - - # Make Windows 10 profile - # Copy from Guest OS file "C:\Windows\System32\ntoskrnl.exe" - # rekall peinfo -f - # - # Once the PDB filename and GUID is known, creating the Rekall profile is done in two steps: - # rekall fetch_pdb - # rekall parse_pdb > rekall-profile.json - # - # In case of Windows 10: - # rekall fetch_pdb ntkrnlmp - # May cause error like "ERROR:rekall.1:Unrecognized type T_64PUINT4" (not dangerous) - # rekall parse_pdb ntkrnlmp > rekall-profile.json - - # install rekall profile - # /etc/libvmi/rekall-profile.json - - # git clone https://github.com/Wenzel/pyvmidbg.git - # virtualenv -p python3 venv - # source venv/bin/activate - # python3 setup.py build - # pip3 install . - - # sudo python3 -m vmidbg 5000 --address 0.0.0.0 cmd -d - - # git clone https://github.com/radare/radare2.git - # sys/install.sh - # r2 -d gdb://127.0.0.1:5000 -b 64 -} - -function install_libvirt() { - # http://ask.xmodulo.com/compile-virt-manager-debian-ubuntu.html - #rm -r /usr/local/lib/python2.7/dist-packages/libvirt* - - if [ ! -f /etc/apt/preferences.d/doomedraven ]; then - # set to hold to avoid side problems - cat >> /etc/apt/preferences.d/doomedraven << EOH -Package: libvirt-bin -Pin: release * -Pin-Priority: -1 -Package: libvirt0 -Pin: release * -Pin-Priority: -1 -EOH - fi - - echo "[+] Checking/deleting old versions of Libvirt" - apt purge libvirt0 libvirt-bin libvirt-$libvirt_version 2>/dev/null - dpkg -l|grep "libvirt-[0-9]\{1,2\}\.[0-9]\{1,2\}\.[0-9]\{1,2\}"|cut -d " " -f 3|sudo xargs dpkg --purge --force-all 2>/dev/null - sudo apt install mlocate libxml2-utils gnutls-bin gnutls-dev libxml2-dev bash-completion libreadline-dev numactl libnuma-dev python3-docutils -y - # Remove old links - updatedb - temp_libvirt_so_path=$(locate libvirt-qemu.so | head -n1 | awk '{print $1;}') - libvirt_so_path="${temp_libvirt_so_path%/*}/" - - if [[ -n "$libvirt_so_path" ]]; then - for so_path in $(ls "${libvirt_so_path}"libvirt*.so.0); do - dest_path=/lib/$(uname -m)-linux-gnu/$(basename "$so_path") - if [ -f "$dest_path" ]; then - rm "$dest_path" - fi - done - fi - - cd /tmp || return - if [ -f libvirt-$libvirt_version.tar.xz ]; then - rm -r libvirt-$libvirt_version - else - wget https://libvirt.org/sources/libvirt-$libvirt_version.tar.xz - wget https://libvirt.org/sources/libvirt-$libvirt_version.tar.xz.asc - gpg --verify "libvirt-$libvirt_version.tar.xz.asc" - fi - tar xf libvirt-$libvirt_version.tar.xz - cd libvirt-$libvirt_version || return - if [ "$OS" = "Linux" ]; then - aptitude install -f iptables python3-dev unzip numad libglib2.0-dev libsdl1.2-dev lvm2 python3-pip ebtables libosinfo-1.0-dev libnl-3-dev libnl-route-3-dev libyajl-dev xsltproc libdevmapper-dev libpciaccess-dev dnsmasq dmidecode librbd-dev libtirpc-dev -y 2>/dev/null - aptitude install -f apparmor-profiles apparmor-profiles-extra apparmor-utils libapparmor-dev python3-apparmor libapparmor-perl libapparmor-dev apparmor-utils mlocate -y - pip3 install ipaddr ninja "meson==0.57.2" flake8 -U - # --prefix=/usr --localstatedir=/var --sysconfdir=/etc - #git init - #git remote add doomedraven https://github.com/libvirt/libvirt - # To see whole config sudo meson configure - # true now is enabled - sudo meson build -D system=true -D driver_remote=enabled -D driver_qemu=enabled -D driver_libvirtd=enabled -D qemu_group=libvirt -D qemu_user=root -D secdriver_apparmor=enabled -D apparmor_profiles=true -D bash_completion=auto - sudo ninja -C build - sudo ninja -C build install - if [ $? -ne 0 ]; then - echo "${RED}Failed. Read the instalation log for details${NC}" - exit 1 - fi - - : ' - mkdir build && cd build - ../autogen.sh --system --with-qemu=yes --with-dtrace --with-numad --disable-nls --with-openvz=no --with-yajl=yes --with-secdriver-apparmor=yes --with-apparmor-profiles - make -j"$(nproc)" - checkinstall -D --pkgname=libvirt-$libvirt_version --default - ' - cd .. - - updatedb - temp_libvirt_so_path=$(locate libvirt-qemu.so | head -n1 | awk '{print $1;}') - temp_export_path=$(locate libvirt.pc | head -n1 | awk '{print $1;}') - libvirt_so_path="${temp_libvirt_so_path%/*}/" - if [[ $libvirt_so_path == "/usr/lib/x86_64-linux-gnu/" ]]; then - temp_libvirt_so_path=$(locate libvirt-qemu.so | tail -1 | awk '{print $1;}') - libvirt_so_path="${temp_libvirt_so_path%/*}/" - fi - export_path="${temp_export_path%/*}/" - export PKG_CONFIG_PATH=$export_path - - if [[ -n "$libvirt_so_path" ]]; then - # #ln -s /usr/lib64/libvirt-qemu.so /lib/x86_64-linux-gnu/libvirt-qemu.so.0 - for so_path in $(ls "${libvirt_so_path}"libvirt*.so.0); do ln -sf "$so_path" /lib/$(uname -m)-linux-gnu/$(basename "$so_path"); done - ldconfig - else - echo "${RED}[!] Problem to create symlink, unknown libvirt_so_path path${NC}" - exit 1 - fi - - #elif [ "$OS" = "Darwin" ]; then - # ./autogen.sh --system --prefix=/usr/local/ --localstatedir=/var --sysconfdir=/etc --with-qemu=yes --with-dtrace --disable-nls --with-openvz=no --with-vmware=no --with-phyp=no --with-xenapi=no --with-libxl=no --with-vbox=no --with-lxc=no --with-vz=no --with-esx=no --with-hyperv=no --with-wireshark-dissector=no --with-yajl=yes - fi - - # https://wiki.archlinux.org/index.php/Libvirt#Using_polkit - if [ -f /etc/libvirt/libvirtd.conf ]; then - path="/etc/libvirt/libvirtd.conf" - elif [ -f /usr/local/etc/libvirt/libvirtd.conf ]; then - path="/usr/local/etc/libvirt/libvirtd.conf" - fi - - sed -i 's/#unix_sock_group/unix_sock_group/g' "$path" - sed -i 's/#unix_sock_ro_perms = "0777"/unix_sock_ro_perms = "0770"/g' "$path" - sed -i 's/#unix_sock_rw_perms = "0770"/unix_sock_rw_perms = "0770"/g' "$path" - sed -i 's/#auth_unix_ro = "none"/auth_unix_ro = "none"/g' "$path" - sed -i 's/#auth_unix_rw = "none"/auth_unix_rw = "none"/g' "$path" - sed -i 's/#auth_unix_ro = "polkit"/auth_unix_ro = "none"/g' "$path" - sed -i 's/#auth_unix_rw = "polkit"/auth_unix_rw = "none"/g' "$path" - - #echo "[+] Setting AppArmor for libvirt/kvm/qemu" - sed -i 's/#security_driver = "selinux"/security_driver = "apparmor"/g' /etc/libvirt/qemu.conf - # https://gitlab.com/apparmor/apparmor/wikis/Libvirt - FILES=( - /etc/apparmor.d/usr.sbin.libvirtd - /usr/sbin/libvirtd - ) - for file in "${FILES[@]}"; do - if [ -f "$file" ]; then - sudo aa-complain "$file" - fi - done - - cd /tmp || return - - if [ ! -f v$libvirt_version.zip ]; then - wget https://github.com/libvirt/libvirt-python/archive/v$libvirt_version.zip - fi - if [ -d "libvirt-python-$libvirt_version" ]; then - rm -r "libvirt-python-$libvirt_version" - fi - unzip v$libvirt_version.zip - cd "libvirt-python-$libvirt_version" || return - python3 setup.py build - pip3 install . - if [ "$OS" = "Linux" ]; then - # https://github.com/libvirt/libvirt/commit/e94979e901517af9fdde358d7b7c92cc055dd50c - groupname="" - if grep -q -E '^libvirtd:' /etc/group; then - groupname="libvirtd" - elif grep -q -E '^libvirt:' /etc/group; then - groupname="libvirt" - else - # create group if missed - groupname="libvirt" - groupadd libvirt - fi - usermod -G $groupname -a "$(whoami)" - if [[ -n "$username" ]]; then - usermod -G $groupname -a "$username" - fi - - #check links - # sudo ln -s /usr/lib64/libvirt-qemu.so /lib/x86_64-linux-gnu/libvirt-qemu.so.0 - # sudo ln -s /usr/lib64/libvirt.so.0 /lib/x86_64-linux-gnu/libvirt.so.0 - echo "[+] You should logout and login " - fi - -} - -function install_virt_manager() { - # from build-dep - aptitude install -f libgirepository1.0-dev gtk-doc-tools python3 python3-pip gir1.2-govirt-1.0 libgovirt-dev \ - libgovirt-common libgovirt2 gir1.2-rest-0.7 unzip intltool augeas-doc ifupdown wodim cdrkit-doc indicator-application \ - augeas-tools radvd auditd systemtap nfs-common zfsutils pm-utils python-openssl-doc samba \ - debootstrap sharutils-doc ssh-askpass gnome-keyring\ - sharutils spice-client-glib-usb-acl-helper ubuntu-mono x11-common python-enum34 python3-gi \ - python3-gi-cairo python3-pkg-resources \ - python3-libxml2 libxml2-utils libxrandr2 libxrender1 libxshmfence1 libxtst6 libxv1 libyajl2 msr-tools osinfo-db \ - python3-cairo python3-cffi-backend libxcb-present0 libxcb-render0 libxcb-shm0 libxcb-sync1 \ - libxcb-xfixes0 libxcomposite1 libxcursor1 libxdamage1 libxenstore3.0 libxfixes3 libxft2 libxi6 libxinerama1 \ - libxkbcommon0 libusbredirhost1 libusbredirparser1 libv4l-0 libv4lconvert0 libvisual-0.4-0 libvorbis0a libvorbisenc2 \ - libvte-2.91-0 libvte-2.91-common libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwayland-server0 \ - libx11-xcb1 libxcb-dri2-0 libxcb-dri3-0 libsoup-gnome2.4-1 libsoup2.4-1 libspeex1 libspice-client-glib-2.0-8 \ - libspice-client-gtk-3.0-5 libspice-server1 libtag1v5 libtag1v5-vanilla libthai-data libthai0 libtheora0 libtiff5 \ - libtwolame0 libpython3-dev librados2 libraw1394-11 librbd1 librdmacm1 librest-0.7-0 \ - librsvg2-2 librsvg2-common libsamplerate0 libsdl1.2debian libshout3 libsndfile1 libpango-1.0-0 libpangocairo-1.0-0 \ - libpangoft2-1.0-0 libpangoxft-1.0-0 libpciaccess0 libphodav-2.0-0 libphodav-2.0-common libpixman-1-0 libproxy1v5 \ - libpulse-mainloop-glib0 libpulse0 libgstreamer1.0-0 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk-vnc-2.0-0 \ - libgudev-1.0-0 libgvnc-1.0-0 libharfbuzz0b libibverbs1 libiec61883-0 libindicator3-7 libiscsi7 libjack-jackd2-0 libjbig0 \ - libjpeg-turbo8 libjpeg8 libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 libmp3lame0 libmpg123-0 libnetcf1 libnl-route-3-200 \ - libnspr4 libnss3 libogg0 libopus0 liborc-0.4-0 libosinfo-1.0-0 libcairo-gobject2 libcairo2 libcdparanoia0 libcolord2 libcroco3 \ - libcups2 libdatrie1 libdbusmenu-glib4 libdbusmenu-gtk3-4 libdconf1 libdv4 libegl-mesa0 libegl1 libepoxy0 libfdt1 libflac8 \ - libfontconfig1 libgbm1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libglapi-mesa libglvnd0 libgraphite2-3 \ - libgstreamer-plugins-base1.0-0 libgstreamer-plugins-good1.0-0 gtk-update-icon-cache hicolor-icon-theme humanity-icon-theme \ - ibverbs-providers libaa1 libaio1 libappindicator3-1 libasound2 libasound2-data libasyncns0 libatk-bridge2.0-0 libatk1.0-0 \ - libatk1.0-data libatspi2.0-0 libaugeas0 libavahi-client3 libavahi-common-data libavahi-common3 libavc1394-0 libbluetooth3 \ - libcaca0 libcacard0 gir1.2-atk-1.0 gir1.2-freedesktop gir1.2-gdkpixbuf-2.0 gir1.2-gtk-3.0 gir1.2-gtk-vnc-2.0 \ - gir1.2-libosinfo-1.0 gir1.2-pango-1.0 gir1.2-spiceclientglib-2.0 gir1.2-spiceclientgtk-3.0 gir1.2-vte-2.91 glib-networking \ - glib-networking-common glib-networking-services gsettings-desktop-schemas gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ - gstreamer1.0-x adwaita-icon-theme at-spi2-core augeas-lenses cpu-checker dconf-gsettings-backend dconf-service \ - fontconfig fontconfig-config fonts-dejavu-core genisoimage gir1.2-appindicator3-0.1 gir1.2-secret-1 \ - gobject-introspection intltool pkg-config libxml2-dev libxslt-dev python3-dev gir1.2-gtk-vnc-2.0 gir1.2-spiceclientgtk-3.0 libgtk-3-dev \ - mlocate -y - # should be installed first - # moved out as some 20.04 doesn't have this libs %) - aptitude install -f -y python3-ntlm-auth libpython3-stdlib libbrlapi-dev libgirepository1.0-dev python3-testresources - apt -y -o Dpkg::Options::="--force-overwrite" install ovmf - pip3 install requests six urllib3 ipaddr ipaddress idna dbus-python certifi lxml cryptography pyOpenSSL chardet asn1crypto pycairo PySocks PyGObject -U - - updatedb - - temp_libvirt_so_path=$(locate libvirt-qemu.so | head -n1 | awk '{print $1;}') - temp_export_path=$(locate libvirt.pc | head -n1 | awk '{print $1;}') - libvirt_so_path="${temp_libvirt_so_path%/*}/" - export_path="${temp_export_path%/*}/" - - export PKG_CONFIG_PATH=$export_path - - cd /tmp || return - if [ ! -f libvirt-glib-3.0.0.tar.gz ]; then - wget https://libvirt.org/sources/glib/libvirt-glib-3.0.0.tar.gz - wget https://libvirt.org/sources/glib/libvirt-glib-3.0.0.tar.gz.asc - gpg --verify "libvirt-glib-3.0.0.tar.gz.asc" - - fi - tar xf libvirt-glib-3.0.0.tar.gz - cd libvirt-glib-3.0.0 || return - aclocal && libtoolize --force - automake --add-missing - ./configure - make -j"$(nproc)" - #ToDo add blacklist - checkinstall --pkgname=libvirt-glib-1.0-0 --default - # v4 is meson based - # sudo meson build -D system=true - cd /tmp || return - if [ ! -f gir1.2-libvirt-glib-1.0_1.0.0-1_amd64.deb ]; then - wget http://launchpadlibrarian.net/297448356/gir1.2-libvirt-glib-1.0_1.0.0-1_amd64.deb - fi - dpkg --force-confold -i gir1.2-libvirt-glib-1.0_1.0.0-1_amd64.deb - - /sbin/ldconfig - - if [ ! -d "virt-manager" ]; then - git clone https://github.com/virt-manager/virt-manager.git - echo "[+] Cloned Virt Manager repo" - fi - cd "virt-manager" || return - # py3 - #pip3 install . - python3 setup.py build - python3 setup.py install - if [ "$SHELL" = "/bin/zsh" ] || [ "$SHELL" = "/usr/bin/zsh" ] ; then - echo "export LIBVIRT_DEFAULT_URI=qemu:///system" >> "$HOME/.zsh" - else - echo "export LIBVIRT_DEFAULT_URI=qemu:///system" >> "$HOME/.bashrc" - fi -} - -function install_kvm_linux() { - sed -i 's/# deb-src/deb-src/g' /etc/apt/sources.list - apt update 2>/dev/null - aptitude install -f build-essential locate python3-pip gcc pkg-config cpu-checker intltool libtirpc-dev -y 2>/dev/null - aptitude install -f gtk-update-icon-cache -y 2>/dev/null - - # WSL support - aptitude install -f gcc make gnutls-bin -y - # remove old - apt purge libvirt0 libvirt-bin -y - install_libvirt - - systemctl enable libvirtd.service - systemctl restart libvirtd.service - systemctl enable virtlogd.socket - systemctl restart virtlogd.socket - - kvm-ok - - if ! grep -q -E '^net.bridge.bridge-nf-call-ip6tables' /etc/sysctl.conf; then - cat >> /etc/sysctl.conf << EOF -net.bridge.bridge-nf-call-ip6tables = 0 -net.bridge.bridge-nf-call-iptables = 0 -net.bridge.bridge-nf-call-arptables = 0 -EOF - fi - # Ubuntu 18.04: - # /dev/kvm permissions always changed to root after reboot - # "chown root:libvirt /dev/kvm" doesnt help - addgroup kvm - usermod -a -G kvm "$(whoami)" - if [[ -n "$username" ]]; then - usermod -a -G kvm "$username" - fi - chgrp kvm /dev/kvm - if [ ! -f /etc/udev/rules.d/50-qemu-kvm.rules ]; then - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0660"' >> /etc/udev/rules.d/50-qemu-kvm.rules - fi - - echo 1 > /sys/module/kvm/parameters/ignore_msrs - echo 0 > /sys/module/kvm/parameters/report_ignored_msrs - - if [ ! -f /etc/modprobe.d/kvm.conf ]; then - cat >> /etc/modprobe.d/kvm.conf << EOF -options kvm ignore_msrs=Y -options kvm report_ignored_msrs=N -EOF - fi -} - - -function replace_qemu_clues_public() { - echo '[+] Patching QEMU clues' - _sed_aux "s/QEMU HARDDISK/$qemu_hd_replacement/g" qemu*/hw/ide/core.c 'QEMU HARDDISK was not replaced in core.c' - _sed_aux "s/QEMU HARDDISK/$qemu_hd_replacement/g" qemu*/hw/scsi/scsi-disk.c 'QEMU HARDDISK was not replaced in scsi-disk.c' - _sed_aux "s/QEMU DVD-ROM/$qemu_dvd_replacement/g" qemu*/hw/ide/core.c 'QEMU DVD-ROM was not replaced in core.c' - _sed_aux "s/QEMU DVD-ROM/$qemu_dvd_replacement/g" qemu*/hw/ide/atapi.c 'QEMU DVD-ROM was not replaced in atapi.c' - _sed_aux "s/QEMU PenPartner tablet/ PenPartner tablet/g" qemu*/hw/usb/dev-wacom.c 'QEMU PenPartner tablet' - _sed_aux 's/s->vendor = g_strdup("QEMU");/s->vendor = g_strdup("");/g' qemu*/hw/scsi/scsi-disk.c 'Vendor string was not replaced in scsi-disk.c' - _sed_aux "s/QEMU CD-ROM/$qemu_dvd_replacement/g" qemu*/hw/scsi/scsi-disk.c 'Vendor string was not replaced in scsi-disk.c' - _sed_aux 's/padstr8(buf + 8, 8, "QEMU");/padstr8(buf + 8, 8, "");/g' qemu*/hw/ide/atapi.c 'padstr was not replaced in atapi.c' - _sed_aux 's/QEMU MICRODRIVE/ MICRODRIVE/g' qemu*/hw/ide/core.c 'QEMU MICRODRIVE was not replaced in core.c' - _sed_aux "s/KVMKVMKVM\\0\\0\\0/$hypervisor_string_replacemnt/g" qemu*/target/i386/kvm.c 'KVMKVMKVM was not replaced in kvm.c' - _sed_aux 's/"bochs"/""/g' qemu*/block/bochs.c 'BOCHS was not replaced in block/bochs.c' - _sed_aux 's/"BOCHS "/"ALASKA"/g' qemu*/include/hw/acpi/aml-build.h 'BOCHS was not replaced in block/bochs.c' - _sed_aux 's/Bochs Pseudo/Intel RealTime/g' qemu*/roms/ipxe/src/drivers/net/pnic.c 'Bochs Pseudo was not replaced in roms/ipxe/src/drivers/net/pnic.c' -} - -function replace_seabios_clues_public() { - echo "[+] Generating SeaBios Kconfig" - echo "[+] Fixing SeaBios antivms" - _sed_aux 's/Bochs/DELL/g' src/config.h 'Bochs was not replaced in src/config.h' - _sed_aux "s/BOCHSCPU/$bochs_cpu_replacement/g" src/config.h 'BOCHSCPU was not replaced in src/config.h' - _sed_aux 's/"BOCHS "/"DELL"/g' src/config.h 'BOCHS was not replaced in src/config.h' - _sed_aux 's/BXPC/DELL/g' src/config.h 'BXPC was not replaced in src/config.h' - _sed_aux "s/QEMU\/Bochs/$qemu_bochs_cpu/g" vgasrc/Kconfig 'QEMU\/Bochs was not replaced in vgasrc/Kconfig' - _sed_aux "s/qemu /$qemu_space_replacement/g" vgasrc/Kconfig 'qemu was not replaced in vgasrc/Kconfig' - _sed_aux "s/06\/23\/99/$src_misc_bios_table/g" src/misc.c 'change seabios date 1' - _sed_aux "s/04\/01\/2014/$src_bios_table_date2/g" src/fw/biostables.c 'change seabios date 2' - _sed_aux "s/01\/01\/2011/$src_fw_smbios_date/g" src/fw/smbios.c 'change seabios date 3' - _sed_aux 's/"SeaBios"/"AMIBios"/g' src/fw/biostables.c 'change seabios to amibios' - - FILES=( - src/hw/blockcmd.c - src/fw/paravirt.c - ) - for file in "${FILES[@]}"; do - _sed_aux 's/"QEMU/"/g' "$file" "QEMU was not replaced in $file" - done - - _sed_aux 's/"QEMU"/""/g' src/hw/blockcmd.c '"QEMU" was not replaced in src/hw/blockcmd.c' - - FILES=( - "src/fw/acpi-dsdt.dsl" - "src/fw/q35-acpi-dsdt.dsl" - ) - for file in "${FILES[@]}"; do - _sed_aux 's/"BXPC"/""/g' "$file" "BXPC was not replaced in $file" - done - _sed_aux 's/"BXPC"/"AMPC"/g' "src/fw/ssdt-pcihp.dsl" 'BXPC was not replaced in src/fw/ssdt-pcihp.dsl' - _sed_aux 's/"BXDSDT"/"AMDSDT"/g' "src/fw/ssdt-pcihp.dsl" 'BXDSDT was not replaced in src/fw/ssdt-pcihp.dsl' - _sed_aux 's/"BXPC"/"AMPC"/g' "src/fw/ssdt-proc.dsl" 'BXPC was not replaced in "src/fw/ssdt-proc.dsl"' - _sed_aux 's/"BXSSDT"/"AMSSDT"/g' "src/fw/ssdt-proc.dsl" 'BXSSDT was not replaced in src/fw/ssdt-proc.dsl' - _sed_aux 's/"BXPC"/"AMPC"/g' "src/fw/ssdt-misc.dsl" 'BXPC was not replaced in src/fw/ssdt-misc.dsl' - _sed_aux 's/"BXSSDTSU"/"AMSSDTSU"/g' "src/fw/ssdt-misc.dsl" 'BXDSDT was not replaced in src/fw/ssdt-misc.dsl' - _sed_aux 's/"BXSSDTSUSP"/"AMSSDTSUSP"/g' src/fw/ssdt-misc.dsl 'BXSSDTSUSP was not replaced in src/fw/ssdt-misc.dsl' - _sed_aux 's/"BXSSDT"/"AMSSDT"/g' src/fw/ssdt-proc.dsl 'BXSSDT was not replaced in src/fw/ssdt-proc.dsl' - _sed_aux 's/"BXSSDTPCIHP"/"AMSSDTPCIHP"/g' src/fw/ssdt-pcihp.dsl 'BXPC was not replaced in src/fw/ssdt-pcihp.dsl' - - FILES=( - src/fw/q35-acpi-dsdt.dsl - src/fw/acpi-dsdt.dsl - src/fw/ssdt-misc.dsl - src/fw/ssdt-proc.dsl - src/fw/ssdt-pcihp.dsl - src/config.h - ) - for file in "${FILES[@]}"; do - _sed_aux 's/"BXPC"/"A M I"/g' "$file" "BXPC was not replaced in $file" - done -} - -function install_jemalloc() { - - # https://zapier.com/engineering/celery-python-jemalloc/ - if ! $(dpkg -l "libjemalloc*" | grep -q "ii libjemalloc"); then - aptitude install -f checkinstall curl build-essential jq autoconf libjemalloc-dev -y - fi -} - -function qemu_func() { - cd /tmp || return - install_jemalloc - cd /tmp || return - - echo '[+] Cleaning QEMU old install if exists' - rm -r /usr/share/qemu >/dev/null 2>&1 - dpkg -r ubuntu-vm-builder python-vm-builder >/dev/null 2>&1 - dpkg -l |grep qemu |cut -d " " -f 3|xargs dpkg --purge --force-all >/dev/null 2>&1 - - echo '[+] Downloading QEMU source code' - if [ ! -f qemu-$qemu_version.tar.xz ]; then - wget "https://download.qemu.org/qemu-$qemu_version.tar.xz" - wget "https://download.qemu.org/qemu-$qemu_version.tar.xz.sig" - gpg --verify "qemu-$qemu_version.tar.xz.sig" - fi - - if [ ! -f qemu-$qemu_version.tar.xz ]; then - echo "[-] Download qemu-$qemu_version failed" - exit - fi - - if ! tar xf "qemu-$qemu_version.tar.xz" ; then - echo "[-] Failed to extract, check if download was correct" - exit 1 - fi - - if [ "$OS" = "Linux" ]; then - aptitude install -f software-properties-common - add-apt-repository universe - apt update 2>/dev/null - aptitude install -f python3-pip checkinstall openbios-sparc openbios-ppc libssh2-1-dev vde2 liblzo2-dev libghc-gtk3-dev libsnappy-dev libbz2-dev libxml2-dev google-perftools libgoogle-perftools-dev libvde-dev -y - aptitude install -f debhelper libusb-1.0-0-dev libxen-dev uuid-dev xfslibs-dev libjpeg-dev libusbredirparser-dev device-tree-compiler texinfo libbluetooth-dev libbrlapi-dev libcap-ng-dev libcurl4-gnutls-dev libfdt-dev gnutls-dev libiscsi-dev libncurses5-dev libnuma-dev libcacard-dev librados-dev librbd-dev libsasl2-dev libseccomp-dev libspice-server-dev \ - libaio-dev libcap-dev libattr1-dev libpixman-1-dev libgtk2.0-bin libxml2-utils systemtap-sdt-dev uml-utilities -y - # qemu docs required - PERL_MM_USE_DEFAULT=1 perl -MCPAN -e install "Perl/perl-podlators" - pip3 install sphinx ninja - - elif [ "$OS" = "Darwin" ]; then - _check_brew - brew install pkg-config libtool jpeg gnutls glib ncurses pixman libpng vde gtk+3 libssh2 libssh2 libvirt snappy libcapn gperftools glib -y - fi - # WOOT - # some checks may be depricated, but keeping them for compatibility with old versions - #if [ $? -eq 0 ]; then - if declare -f -F "replace_qemu_clues"; then - replace_qemu_clues - else - replace_qemu_clues_public - fi - # ToDo reintroduce it? - #if [ $fail -eq 0 ]; then - echo '[+] Starting compile it' - cd qemu-$qemu_version || return - # add in future --enable-netmap https://sgros-students.blogspot.com/2016/05/installing-and-testing-netmap.html - # remove --target-list=i386-softmmu,x86_64-softmmu,i386-linux-user,x86_64-linux-user if you want all targets - if [ "$OS" = "Linux" ]; then - # # --enable-sparse - #if [[ -n "$QEMU_TARGERS" ]]; then - # QTARGETS="" - #fi - ./configure $QTARGETS --prefix=/usr --libexecdir=/usr/lib/qemu --localstatedir=/var --bindir=/usr/bin/ --enable-gnutls --enable-docs --enable-gtk --enable-vnc --enable-vnc-sasl --enable-vnc-png --enable-vnc-jpeg --enable-curl --enable-kvm --enable-linux-aio --enable-cap-ng --enable-vhost-net --enable-vhost-crypto --enable-spice --enable-usb-redir --enable-lzo --enable-snappy --enable-bzip2 --enable-coroutine-pool --enable-libxml2 --enable-jemalloc --enable-replication --enable-tools --enable-capstone - elif [ "$OS" = "Darwin" ]; then - # --enable-vhost-net --enable-vhost-crypto - ./configure --prefix=/usr --libexecdir=/usr/lib/qemu --localstatedir=/var --bindir=/usr/bin/ --enable-gnutls --enable-docs --enable-vnc --enable-vnc-sasl --enable-vnc-png --enable-vnc-jpeg --enable-curl --enable-hax --enable-usb-redir --enable-lzo --enable-snappy --enable-bzip2 --enable-coroutine-pool --enable-libxml2 --enable-jemalloc --enable-replication --enable-tools --enable-capstone - fi - if [ $? -eq 0 ]; then - echo '[+] Starting Install it' - if [ -f /usr/share/qemu/qemu_logo_no_text.svg ]; then - rm /usr/share/qemu/qemu_logo_no_text.svg - fi - mkdir -p /tmp/qemu-"$qemu_version"_builded/DEBIAN - echo -e "Package: qemu\nVersion: $qemu_version\nArchitecture: $ARCH\nMaintainer: $MAINTAINER\nDescription: Custom antivm qemu" > /tmp/qemu-"$qemu_version"_builded/DEBIAN/control - make -j"$(nproc)" install DESTDIR=/tmp/qemu-"$qemu_version"_builded - if [ "$OS" = "Linux" ]; then - dpkg-deb --build --root-owner-group /tmp/qemu-"$qemu_version"_builded - apt -y -o Dpkg::Options::="--force-overwrite" install /tmp/qemu-"$qemu_version"_builded.deb - elif [ "$OS" = "Darwin" ]; then - make -j"$(nproc)" install - fi - # hack for libvirt/virt-manager - if [ ! -f /usr/bin/qemu-system-x86_64-spice ]; then - ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-system-x86_64-spice - fi - if [ ! -f /usr/bin/kvm-spice ]; then - ln -s /usr/bin/qemu-system-x86_64 /usr/bin/kvm-spice - fi - if [ ! -f /usr/bin/kvm ]; then - ln -s /usr/bin/qemu-system-x86_64 /usr/bin/kvm - fi - if [ $? -eq 0 ]; then - echo '[+] Patched, compiled and installed' - else - echo '[-] Install failed' - fi - if ! grep -q -E "^tss:" /etc/group; then - useradd --system --group tss - echo "[+] Creating Group and User: tss" - else - echo "[?] tss Group and User exist, skip" - fi - else - echo '[-] Compilling failed' - fi - #else - # echo '[-] Check previous output' - # exit - #fi - - #else - # echo '[-] Download QEMU source was not possible' - #fi - if [ "$OS" = "linux" ]; then - dpkg --get-selections | grep "qemu" | xargs apt-mark hold - dpkg --get-selections | grep "libvirt" | xargs apt-mark hold - # apt-mark unhold qemu - fi - -} - -function seabios_func() { - cd /tmp || return - echo '[+] Installing SeaBios dependencies' - aptitude install -f git acpica-tools -y - if [ -d seabios ]; then - rm -r seabios - fi - if git clone https://github.com/coreboot/seabios.git; then - cd seabios || return - if declare -f -F "replace_seabios_clues"; then - replace_seabios_clues - else - replace_seabios_clues_public - fi - # make help - # make menuconfig -> BIOS tables -> disable Include default ACPI DSDT - # get rid of this hack - make -j"$(nproc)" 2>/dev/null - # Windows 10(latest rev.) is uninstallable without ACPI_DSDT - # sed -i 's/CONFIG_ACPI_DSDT=y/CONFIG_ACPI_DSDT=n/g' .config - sed -i 's/CONFIG_XEN=y/CONFIG_XEN=n/g' .config - sed -i 's/PYTHON=python/PYTHON=python3/g' Makefile - if make -j "$(nproc)"; then - echo '[+] Replacing old bios.bin to new out/bios.bin' - bios=0 - SHA256_BIOS=$(shasum -a 256 out/bios.bin|awk '{print $1}') - if [ ! -f /usr/share/qemu/bios.bin_back ]; then - cp /usr/share/qemu/bios.bin /usr/share/qemu/bios.bin_back - cp /usr/share/qemu/bios-256k.bin /usr/share/qemu/bios-256k.bin_back - fi - FILES=( - "/usr/share/qemu/bios.bin" - "/usr/share/qemu/bios-256k.bin" - ) - for file in "${FILES[@]}"; do - cp -vf out/bios.bin "$file" - SHA256_BIOS_TMP=$(shasum -a 256 $file|awk '{print $1}') - if [[ $SHA256_BIOS_TMP != $SHA256_BIOS ]]; then - echo "[-] BIOS hashes doesn't match: $SHA256_BIOS - $SHA256_BIOS_TMP" - bios=0 - else - bios=1 - fi - done - if [ $bios -eq 1 ]; then - echo '[+] Patched bios.bin placed correctly' - else - echo '[-] Bios patching failed' - fi - else - echo '[-] Bios compilation failed' - fi - cd - || return - else - echo '[-] Check if git installed or network connection is OK' - fi -} - -function enable_sysreq(){ - if ! grep -q -E '^kernel.sysrq=1' /etc/sysctl.conf; then - echo "kernel.sysrq=1" >> /etc/sysctl.conf - fi -} - -function issues(){ -cat << EndOfHelp -### Links: - * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-troubleshooting-common_libvirt_errors_and_troubleshooting - * https://wiki.libvirt.org/page/Failed_to_connect_to_the_hypervisor - -### Errors and Solutions - * Error: - * If you getting an apparmor error - * Solution - * sed -i 's/#security_driver = "apparmor"/security_driver = ""/g' /etc/libvirt/qemu.conf - - * Error: - required by /usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so - * Solution: - systemctl daemon-reload - systemctl restart libvirtd libvirt-guests.service - - * Error: - /libvirt.so.0: version LIBVIRT_PRIVATE_x.x.0' not found (required by /usr/sbin/libvirtd) - * Solutions: - 1. apt purge libvirt0 libvirt-bin - 2. reboot - 3. $0 libvirt - - Can be extra help, but normally solved with first3 steps - 1. ldd /usr/sbin/libvirtd - 2. ls -lah /usr/lib/libvirt* - * Make sure what all symlinks pointing to last version - * Error: - * Libvirt sometimes causes access denied errors with access the locations different from "/var/lib/libvirt/images" - * Solution: - * sed -i 's/user = "root"/user = "$(whoami)"/g' /etc/libvirt/qemu.conf - * sed -i 's/user = "root"/group = "libvirt"/g' /etc/libvirt/qemu.conf - - * Error: - libvirt: Polkit error : authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage' - * Solutions: - 1. - sed -i 's/#unix_sock_group/unix_sock_group/g' /etc/libvirt/libvirtd.conf - sed -i 's/#unix_sock_ro_perms = "0777"/unix_sock_ro_perms = "0770"/g' /etc/libvirt/libvirtd.conf - sed -i 's/#unix_sock_rw_perms = "0770"/unix_sock_rw_perms = "0770"/g' /etc/libvirt/libvirtd.conf - sed -i 's/#auth_unix_ro = "none"/auth_unix_ro = "none"/g' /etc/libvirt/libvirtd.conf - sed -i 's/#auth_unix_rw = "none"/auth_unix_rw = "none"/g' /etc/libvirt/libvirtd.conf - 2. Add ssh key to $HOME/.ssh/authorized_keys - virt-manager -c "qemu+ssh://user@host/system?socket=/var/run/libvirt/libvirt-sock" - - * Error: - unable to execute QEMU command 'getfd' - * Solution: - Compile without apparmor - - * Slow HDD/Snapshot taking performance? - Modify - - To - - * Error: - error : virPidFileAcquirePath:422 : Failed to acquire pid file '/var/run/libvirtd.pid': Resource temporarily unavailable - * Solution - ps aux | grep libvirtd - * Error: - Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied - * Solution: - * usermod -G libvirt -a username - * log out and log in - - * Error: - yara: error while loading shared libraries: libyara.so.3: cannot open shared object file: No such file or directory - - Solution 1: - aptitude install -f libyara3 - Solution 2: - sudo echo "/usr/local/lib" >> /etc/ld.so.conf - sudo ldconfig - - # Fixes from http://ask.xmodulo.com/compile-virt-manager-debian-ubuntu.html - 1. ImportError: No module named libvirt - $ ./kvm-qemu.sh libvirt - - 2. ImportError: No module named libxml2 - $ pip3 install libxml2-python3 - - 3. ImportError: No module named requests - $ aptitude install -f python-requests - - 4. Error launching details: Namespace GtkVnc not available - $ ./kvm-qemu.sh libvirt - - 5. ValueError: Namespace LibvirtGLib not available - $ ./kvm-qemu.sh libvirt - - 6. ValueError: Namespace Libosinfo not available - $ aptitude install -f libosinfo-1.0 - - 7. ImportError: No module named ipaddr - $ aptitude install -f python-ipaddr - - 8. Namespace Gtk not available: Could not open display: localhost:10.0 - 8 ValueError: Namespace GtkSource not available - $ aptitude install -f libgtk-3-dev libgtksourceview-3.0-dev - * Error will specify version, example gi.require_version("GtkSource", "4"), if that version is not available for your distro - * you will need downgrade your virt-manager with $ sudo rm -r /usr/share/virt-manager and install older version - - 9. ImportError: cannot import name Vte - $ aptitude install -f gir1.2-vte-2.90 - - 10. TypeError: Couldn't find foreign struct converter for 'cairo.Context' - $ aptitude install -f python3-gi-cairo - - -EndOfHelp -} - -function install_WebVirtCloud(){ - sudo apt -y install git virtualenv python-virtualenv python-dev python-lxml libvirt-dev zlib1g-dev libxslt1-dev nginx libsasl2-modules gcc pkg-config python-guestfs - pip install supervisor - git clone https://github.com/retspen/webvirtcloud - cd webvirtcloud || return - cp webvirtcloud/settings.py.template webvirtcloud/settings.py - # now put secret key to webvirtcloud/settings.py - sudo cp conf/supervisor/webvirtcloud.conf /etc/supervisor/conf.d - sudo cp conf/nginx/webvirtcloud.conf /etc/nginx/conf.d - cd .. - sudo mv webvirtcloud /srv - sudo chown -R www-data:www-data /srv/webvirtcloud - cd /srv/webvirtcloud || return - virtualenv venv - source venv/bin/activate - sed -i 's/libvirt-python//g' conf/requirements.txt - pip install -r conf/requirements.txt - python manage.py migrate - sudo chown -R www-data:www-data /srv/webvirtcloud - sudo rm /etc/nginx/sites-enabled/default - sudo service nginx restart - sudo service supervisor restart -} - -function cloning() { - if [ $# -lt 6 ]; then - echo '[-] You must provide <#vm_to_create> ' - exit 1 - fi - for i in $(seq "$3" "$4"); do - worked=1 - # bad macaddress can be generated - while [ $worked -eq 1 ]; do - macaddr=$(hexdump -n 6 -ve '1/1 "%.2x "' /dev/random | awk -v a="2,6,a,e" -v r="$RANDOM" 'BEGIN{srand(r);}NR==1{split(a,b,",");r=int(rand()*4+1);printf "%s%s:%s:%s:%s:%s:%s\n",substr($1,0,1),b[r],$2,$3,$4,$5,$6}') 2>/dev/null - if virt-clone --print-xml -n "$1_$i" -o "$1" -m "$macaddr" -f "${5}/${1}_${i}.qcow2" |sed "s|||g" > "$5/$1_$i.xml"; then - if [ ! -f "${5}/${1}_${i}.qcow2" ]; then - echo "Creating $5/$1_$i.qcow2" - if [ "$7" == "linked" ]; then - qemu-img create -f qcow2 -F qcow2 -b "$2" "$5/$1_$i.qcow2" - else - # full clone - cp "$2" "$5/$1_$i.qcow2" - fi - fi - #2>/dev/null - sed -i "s|||g" "$5/$1_$i.xml" - virsh define "$5/$1_$i.xml" - worked=0 - fi - done - echo "" - done - - echo "[+] Enjoy" -} - -# Doesn't work ${$1,,} -COMMAND=$(echo "$1"|tr "[:upper:]" "[:lower:]") - -case $COMMAND in - '-h') - usage - exit 0;; - 'issues') - issues - exit 0;; -esac - -#if ([ "$COMMAND" = "all" ] || [ "$COMMAND" = "libvirt" ]) && [ $# -eq 2 ]; then -# if [ id -u "$2" ]; then -# username="$2" -# else -# echo "[-] username $2 doesn't exist" -# exit 1 -# fi -#fi - -#check if start with root -if [ "$EUID" -ne 0 ]; then - echo 'This script must be run as root' - exit 1 -fi - -OS="$(uname -s)" -MAINTAINER="$(whoami)"_"$(hostname)" -ARCH="$(dpkg --print-architecture)" -#add-apt-repository universe -#apt update && apt upgrade -#make - -case "$COMMAND" in -'issues') - issues;; -'all') - aptitude install -f language-pack-UTF-8 - qemu_func - seabios_func - if [ "$OS" = "Linux" ]; then - install_kvm_linux - install_virt_manager - install_libguestfs - # check if all features enabled - virt-host-validate - systemctl daemon-reload - systemctl restart libvirtd libvirt-guests.service - _enable_tcp_bbr - grub_iommu - enable_sysreq - elif [ "$OS" = "Darwin" ]; then - install_haxm_mac - fi - ;; -'qemu') - qemu_func;; -'seabios') - seabios_func;; -'kvm') - install_kvm_linux;; -'haxm') - install_haxm_mac;; -'libguestfs') - install_libguestfs;; -'tcp_bbr') - _enable_tcp_bbr;; -'replace_qemu') - if declare -f -F "replace_qemu_clues"; then - replace_qemu_clues - else - replace_qemu_clues_public - fi - ;; -'sysreq') - enable_sysreq;; -'libvirt') - install_libvirt;; -'libvmi') - install_libvmi;; -'virtmanager') - install_virt_manager;; -'clone') - cloning "$2" "$3" "$4" "$5" "$6" "$7";; -'noip') - if [ "$OS" = "Linux" ]; then - cd /tmp || return - if [ ! -f noip-duc-linux.tar.gz ]; then - wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz - fi - tar xf noip-duc-linux.tar.gz - rm noip-duc-linux.tar.gz - cd "noip-*" || return - make install - crontab -l | { cat; echo "@reboot sleep 10 && /usr/local/bin/noip2 -c /usr/local/etc/no-ip2.conf"; } | crontab - - elif [ "$OS" = "Darwin" ]; then - _check_brew - brew cask install no-ip-duc - fi - ;; -'replace_seabios') - if [ ! -d "$2" ]; then - echo "[-] Pass the path to SeaBios folder" - exit 1 - fi - cd "$2" || exit 1 - if declare -f -F "replace_seabios_clues"; then - replace_seabios_clues - else - replace_seabios_clues_public - fi - cd - || exit 0 - ;; -'webvirtmgr') - install_WebVirtCloud;; -'grub') - grub_iommu;; -'jemalloc') - install_jemalloc;; -'mosh') - if [ "$OS" = "Linux" ]; then - sudo aptitude install -f mosh -y - elif [ "$OS" = "Darwin" ]; then - _check_brew - brew install mosh - else - echo "https://mosh.org/#getting" - fi - ;; -*) - usage;; -esac \ No newline at end of file diff --git a/utils/community.py b/utils/community.py index 562ffa35c33..d9a78b6d2ec 100644 --- a/utils/community.py +++ b/utils/community.py @@ -34,15 +34,8 @@ log = logging.getLogger(__name__) -def get_signatures_modification_dict() -> dict: - file_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), - 'resources', - 'signatures_modification_dictionary.json') - with open(file_path) as f: - return json.load(f) - -def flare_capa(proxy=None): +def flare_capa(proxy=None, offline_dest_folder: str = None): signature_urls = ( "https://github.com/mandiant/capa/raw/master/sigs/1_flare_msvc_rtf_32_64.sig", "https://github.com/mandiant/capa/raw/master/sigs/2_flare_msvc_atlmfc_32_64.sig", @@ -126,8 +119,6 @@ def install(enabled, force, rewrite, filepath: str = False, access_token=None, p members = t.getmembers() directory = members[0].name.split("/", 1)[0] - signatures_modification_dict = get_signatures_modification_dict() - for category in enabled: folder = folders.get(category, False) if not folder: @@ -161,10 +152,6 @@ def install(enabled, force, rewrite, filepath: str = False, access_token=None, p print(f'You have blocklisted file: {dest_file}. {colors.yellow("skipped")}') continue - # TODO: Replace this with blocklist - if category == 'signatures' and dest_file in signatures_modification_dict['reject_list']: - continue - if not force: while True: choice = input(f'Do you want to install file "{dest_file}"? [yes/no] ') @@ -275,7 +262,7 @@ def main(): enabled.append("mitre") if args.capa_rules: - flare_capa(args.proxy) + flare_capa(args.proxy, args.capa_rules_path) if not enabled: return diff --git a/utils/intezer_signatures.py b/utils/intezer_signatures.py deleted file mode 100644 index ed6e2b4fcb4..00000000000 --- a/utils/intezer_signatures.py +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env python -# Copyright (C) 2010-2015 Cuckoo Foundation. -# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org -# See the file 'docs/LICENSE' for copying permission. -import argparse -import os -import sys - -if sys.version_info[:2] < (3, 6): - sys.exit("You are running an incompatible version of Python, please use >= 3.6") -import logging -import tarfile -import requests -from io import BytesIO - -sys.path.append(os.path.join(os.path.abspath(os.path.dirname(__file__)), "..")) - -import lib.cuckoo.common.colors as colors -from lib.cuckoo.common.constants import CUCKOO_ROOT - -log = logging.getLogger(__name__) -URL = "https://api.github.com/repos/intezer/cape-signatures/tarball" - - -def _copy_files_to_directory(tar, src_prefix, dst_prefix, tar_members): - for member in tar_members: - if not member.name.startswith(src_prefix) or member.name == src_prefix: - continue - - filepath = os.path.join(dst_prefix, member.name[len(src_prefix) + 1:]) - open(filepath, "wb").write(tar.extractfile(member).read()) - print('File "{}" {}'.format(filepath, colors.green("installed"))) - - -def download(user: str, password: str, path: str = None): - try: - if not path: - data = requests.get(URL, auth=(user, password), stream=True).raw.read() - tar = tarfile.TarFile.open(fileobj=BytesIO(data), mode="r:gz") - else: - tar = tarfile.TarFile.open(name=path, mode="r:gz") - except Exception as e: - print("ERROR: Unable to download archive: %s" % e) - sys.exit(-1) - - members = tar.getmembers() - directory = members[0].name.split("/")[0] - signature_prefix = f'{directory}/signatures' - allow_list_members_prefix = f'{directory}/allow_lists' - signature_dest = os.path.join(CUCKOO_ROOT, 'modules', 'signatures') - allow_list_dest = os.path.join(CUCKOO_ROOT, 'extra') - - _copy_files_to_directory(tar, signature_prefix, signature_dest, members) - _copy_files_to_directory(tar, allow_list_members_prefix, allow_list_dest, members) - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument("-u", "--user", help="User name in bitbucket", type=str, required=False) - parser.add_argument("-p", "--password", help="App password in bitbucket", type=str, required=False) - parser.add_argument("-f", "--file", help="Path to cape-signatures repo", type=str, required=False) - args = parser.parse_args() - - download(args.user, args.password, args.file) - - -if __name__ == "__main__": - try: - main() - except KeyboardInterrupt: - pass