Unable to install Cuckoo on Redhat OS

[HNT3R]

Dears,

I'm facing issue while installing Cuckoo on Redhat 8.4, after completing the requirements from documentation once I run the command to install it keep showing this error : Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-4SFC85/jsonschema/ and I have checked that setuptools is already installed and jsonschema also.

Any idea how to fix this issue ?

thanks ~

[C1ph3R-s]

Hi @HNT3R ,

I have to create an environment with cuckoo on Redhat os. Would you be so kind and share your install steps with me?

I got the same error during my install steps, this package solved that: yum install -y python-jsonschema

Thanks,

[HNT3R]

@C1ph3R-s thanks m8 for your response unfortunately this did not resolve the issue, would you like to share the steps for dependencies installation since I had to look for alternative in RH packages ?

[C1ph3R-s]

@HNT3R Sure, I have created a dockerfile for that purpose:

FROM centos:centos7
ENV container docker

# Dependencies
RUN yum -y install epel-release python-pip; \
    yum groupinstall -y 'development tools'; \
    rpm -i https://forensics.cert.org/cert-forensics-tools-release-el7.rpm;

RUN yum install -y \
            net-tools python python-dev python-devel python-virtualenv python-setuptools \
            libffi-devel readline-devel ncurses-devel openssl-devel libsqlite3x-devel \
            wget python-virtualenv python-setuptools libjpeg-turbo-devel zlib-devel \
            libxml2-devel libxslt-devel libevent-devel pcre-devel pcre libtool gcc

RUN yum --enablerepo=forensics install python2-dpkt -y

RUN yum install -y \
            python-magic python-bottle python-pefile python-chardet MySQL-python \
            python-pymongo-gridfs postgresql libpqxx-devel tcpdump ssdeep subversion \
            gcc openssl-devel bzip2-devel libffi-devel

RUN yum install -y centos-release-scl-rh; \
    yum --enablerepo=centos-sclo-rh-testing install llvm-toolset-7-compiler-rt openssl -y

# python3
WORKDIR /tmp/
RUN curl -O https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz
RUN tar -xzf Python-3.8.1.tgz
WORKDIR /tmp/Python-3.8.1
RUN ./configure --enable-optimizations && make altinstall

# pip
WORKDIR /tmp
RUN curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
RUN python get-pip.py
RUN python -m pip install --upgrade pip
RUN python -m pip install -U setuptools

# mongoDB
ADD files/cuckoo/mongodb/mongodb-org-5.0.repo /etc/yum.repos.d/
RUN yum install -y mongodb-org
ENTRYPOINT ["/usr/sbin/init"]

#pip
RUN python -m pip install \
        pillow lxml cybox maec django m2crypto git+https://github.com/tflearn/tflearn.git virtualenv

#setcap
RUN setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

# nux
WORKDIR /tmp
RUN wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm; rpm -Uvh nux-dextop-release-0-1.el7.nux.noarch.rpm
RUN yum install Pyrexy swig -y

# volatility
RUN git clone https://github.com/volatilityfoundation/volatility.git;
WORKDIR /tmp/volatility
RUN python setup.py install

# distorm
WORKDIR /tmp
RUN wget https://github.com/gdabah/distorm/archive/refs/tags/3.5.2b.tar.gz; tar -zxvf 3.5.2b.tar.gz
WORKDIR /tmp/distorm-3.5.2b/
RUN python setup.py install
RUN yum install -y \
        jansson-devel file-devel libtool libtool-ltdllibtool-ltdl-devel
RUN python -m pip install ansible --upgrade
RUN python -m pip install \
        pycrypto --upgrade IPython==5.0 jupyter openpyxl ujson

# yara
WORKDIR /tmp
RUN wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.1.2.tar.gz; tar -zxvf v4.1.2.tar.gz; \
    ./yara-4.1.2/bootstrap.sh; \
    ./yara-4.1.2/configure --with-crypto --enable-magic --enable-cuckoo; \
    make -C /yara-4.1.2/; \
    make install -C /yara-4.1.2/; \
    python -m pip install yara-python

# vsftpd
RUN adduser test; \
    mkdir -p /home/test/vmshared/pub; \
    mkdir -p /var/log/vsftpd; \
    adduser cuckoo; \
    chown -R cuckoo:cuckoo /home/test; \
    chmod -R ug=rwX,o=rX /home/test/vmshared/; \
    chmod -R ugo=rwX /home/test/vmshared/pub; \
    yum install vsftpd -y
ADD files/cuckoo/config/vsftpd.conf /etc/vsftpd/
CMD ["/usr/sbin/vsftpd","-obackground=NO"]

# Installing Cuckoo
RUN yum install -y python-jsonschema python-distorm3
RUN virtualenv venv
RUN source venv/bin/activate
RUN python -m pip install --ignore-installed ipaddress
RUN python -m pip install -U pip setuptools
RUN python -m pip install -U cuckoo
#RUN cuckoo="$(cuckoo -d)" && echo $cuckoo
RUN cp /root/.cuckoo/agent/agent.py /home/test/vmshared/agent.pyw
ADD files/cuckoo/config/reporting.conf /root/.cuckoo/conf/
ADD files/cuckoo/config/cuckoo.conf /root/.cuckoo/conf/
RUN cuckoo community --force # cronjob
EXPOSE 8000
#RUN cuckoo web --host 0.0.0.0 --port 8000
ADD files/cuckoo/config/systemctl/*.service /etc/systemd/system

[HNT3R]

@C1ph3R-s

Thanks for sharing the step, I have followed the same over docker and ver user same it does not execute.

appreciate your support m8

[C1ph3R-s]

@HNT3R I don't know your env, but this file still working on my container.

and ver user same it does not execute. how do you mean that?

[HNT3R]

@C1ph3R-s

Virtualenv as mentioned on Cuckoo documentation in below link.

$ virtualenv venv $ . venv/bin/activate (venv)$ pip install -U pip setuptools (venv)$ pip install -U cuckoo

https://cuckoo.readthedocs.io/en/latest/installation/host/installation/#create-a-user

[C1ph3R-s]

@HNT3R I see but how do you mean it does not execute.? Did you get any error at this step?

[HNT3R]

@C1ph3R-s

I followed the steps and got same error as in my first post, also it seems the docker package is not available from the Red Hat repositories which is replaced by container-tools module, have you tested it on Redhat 8?

best regards

[C1ph3R-s]

@HNT3R I have tested it on centos7 ans 8.

[OlehHrabovskyi]

I had this problem on Ubuntu 18.04 LTS, I solved it by sudo apt install -y python-jsonschema