search

KVM-VMI / nitro

GNU General Public License v3.0
46 stars 11 forks source link

what's the exactly combination to use nitro? #76

Open allewwaly opened 4 years ago

allewwaly commented 4 years ago

To repeat nitro, I've installed an old version of libvmi, nitro-kmod_build, and nitro. Everything works, except that no events are captured as described. This is what I get while running

 ./main.py ubuntu18.04 
Finding QEMU pid for domain ubuntu18.04
Detected 1 VCPUs
Start listening on VCPU 0

If using the nitro version of libvmi, following problems encounterd:

sudo  ./main.py ubuntu18.04
Finding QEMU pid for domain ubuntu18.04
Detected 1 VCPUs
VMI_ERROR: Could not find a live guest VM or file to use.
VMI_ERROR: Opening a live guest VM requires root access.
Traceback (most recent call last):
  File "./main.py", line 90, in <module>
    main()
  File "./main.py", line 86, in main
    runner.run()
  File "./main.py", line 48, in run
    self.nitro = Nitro(self.domain, self.analyze_enabled)
  File "/home/mininet/nfs/nitro/nitro/nitro.py", line 11, in __init__
    self.backend = get_backend(domain, self.listener, syscall_filtering)
  File "/home/mininet/nfs/nitro/nitro/backends/factory.py", line 22, in get_backend
    libvmi = Libvmi(domain.name())
  File "/home/mininet/nfs/nitro/nitro/libvmi.py", line 50, in __init__
    raise LibvmiError('VMI_FAILURE')
nitro.libvmi.LibvmiError: VMI_FAILURE

I can't even use native libvmi examples using the above version of libvmi, as it shows:

sudo vmi-process-list ubuntu18.04
VMI_ERROR: Could not find a live guest VM or file to use.
VMI_ERROR: Opening a live guest VM requires root access.
Failed to init LibVMI library.

I've tested it on ubuntu14.04 to meet the requirements of nitro-kmod, gcc, python, and so on. It's really unclear what's the exactly environment to repeat the results described in Readme.

So my question is:

  1. What's the exact version(branch/commit) of "the modified kvm modules" describled at https://github.com/KVM-VMI/nitro#usage, and where can I find it?
  2. What's the exact version(branch/commit) of libvmi described at https://github.com/KVM-VMI/nitro#libvmi?
  3. Which version of kernel , gcc, and python should I choose to configure all the components?

I need to repeat the result of nitro to compare it with a new VMI tool, so it will be greatly appreciated if anyone who successfully configured nitro can guide me through it.

Wenzel commented 4 years ago

Hi,

First, Nitro is not maintained anymore, and I haven't had a working configuration of it since 2 years.

That being said, nitro_kmod shouldn't be used. everything you need is being tracked by the main KVM-VMI repo. checkout the nitro branch, and git submodule update, and go to kvm to recompile the kernel.

But, as I said, I can't confirm if this will work as I'm not maintaining it. Also, you don't need to run it on Ubuntu 14.04 (!)

allewwaly commented 4 years ago

I don't need kvm-vmi, just the kernel used to run nitro, is there any backups?

Wenzel commented 4 years ago

Kvm-vmi is cersioning the kernel as submodule