search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.52k stars 1.7k forks source link

Cuckoo and virtualbox #2404

Open toxub23 opened 6 years ago

toxub23 commented 6 years ago
My issue is:

The problem is that my favorite Cuckoo tool needs Virtualbox to work (by the way a better one would be qemu). Virtualbox is almost impossible to be installed in a kali linux machine working on qubes os due to the fact that in this situation the kali linux machine uses a modified kernel from qubes os.

My Cuckoo version and operating system are:

Cuckoo 2.0.4.4-0kali1 Kali Linux in Qubes OS (Xen)

This can be reproduced by:

Installing cuckoo from the official kali linux rolling repository in the template in qubes os r4.

The log, error, files etc can be found at:

Loading new virtualbox-5.2.16 DKMS files... dpkg: warning: version '4.14.13-2.pvops.qubes.x86_64 4.14.13' has bad syntax: invalid character in revision number It is likely that 4.14.41-1.pvops.qubes.x86_64 belongs to a chroot's host Building for 4.14.13-2.pvops.qubes.x86_64, 4.14.13-3.pvops.qubes.x86_64, 4.14.18-1.pvops.qubes.x86_64, 4.14.35-1.pvops.qubes.x86_64, 4.14.41-1.pvops.qubes.x86_64, 4.16.0-2-amd64, 4.9.0-5-amd64 and 4.9.0-6-amd64 Module build for kernel 4.14.13-2.pvops.qubes.x86_64 was skipped since the kernel headers for this kernel does not seem to be installed. Module build for kernel 4.14.13-3.pvops.qubes.x86_64 was skipped since the kernel headers for this kernel does not seem to be installed. Module build for kernel 4.14.18-1.pvops.qubes.x86_64 was skipped since the kernel headers for this kernel does not seem to be installed. Module build for kernel 4.14.35-1.pvops.qubes.x86_64 was skipped since the kernel headers for this kernel does not seem to be installed. Building initial module for 4.14.41-1.pvops.qubes.x86_64 Error! Bad return status for module build on kernel: 4.14.41-1.pvops.qubes.x86_64 (x86_64) Consult /var/lib/dkms/virtualbox/5.2.16/build/make.log for more information.

Selecting previously unselected package virtualbox-dkms. Preparing to unpack .../59-virtualbox-dkms_5.2.16-dfsg-3_all.deb ... Unpacking virtualbox-dkms (5.2.16-dfsg-3) ... Selecting previously unselected package virtualbox. Preparing to unpack .../60-virtualbox_5.2.16-dfsg-3_amd64.deb ... Unpacking virtualbox (5.2.16-dfsg-3) ... Selecting previously unselected package virtualbox-qt. Preparing to unpack .../61-virtualbox-qt_5.2.16-dfsg-3_amd64.deb ... Unpacking virtualbox-qt (5.2.16-dfsg-3) ... Setting up virtualbox-dkms (5.2.16-dfsg-3) ... Loading new virtualbox-5.2.16 DKMS files... Consult /var/lib/dkms/virtualbox/5.2.16/build/make.log for more information. Setting up virtualbox (5.2.16-dfsg-3) ... Job for virtualbox.service failed because the control process exited with error code. See "systemctl status virtualbox.service" and "journalctl -xe" for details. invoke-rc.d: initscript virtualbox, action "restart" failed. ● virtualbox.service - LSB: VirtualBox Linux kernel module Loaded: loaded (/etc/init.d/virtualbox; generated) Process: 17075 ExecStart=/etc/init.d/virtualbox start (code=exited, status=1/FAILURE) Jul 27 11:25:44 kali-linux virtualbox[17075]: Loading VirtualBox kernel modules...No suitable module for running kernel found ... failed! Jul 27 11:25:44 kali-linux virtualbox[17075]: failed! Jul 27 11:25:44 kali-linux systemd[1]: virtualbox.service: Control process exited, code=exited status=1 Jul 27 11:25:44 kali-linux systemd[1]: virtualbox.service: Failed with result 'exit-code'. Setting up virtualbox-qt (5.2.16-dfsg-3) ...

/var/lib/dkms/virtualbox/5.2.16/build/make.lo DKMS make.log for virtualbox-5.2.16 for kernel 4.14.41-1.pvops.qubes.x86_64 (x86_64) Fri Jul 27 11:23:52 CEST 2018 make: Entering directory '/lib/modules/4.14.41-1.pvops.qubes.x86_64/build' Makefile:954: *** "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel". Stop. make: Leaving directory '/lib/modules/4.14.41-1.pvops.qubes.x86_64/build'

doomedraven commented 6 years ago

read your error

Makefile:954: *** "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel". Stop.

and if you want qemu why then you don't use it?

toxub23 commented 6 years ago

I have read but after installing the "libelf-dev" package the error still occurs. I was talking about the default choice by Cuckoo Virtualbox instead of QEMU. QEMU would be better because it is able to emulate different architectures and it would facilitate the analysis of malware from other architectures. As for qemu, how should I installso them so that cuckoo does not have any problems with it? At the beginning, I remove the virtualbox "apt-get purge virtualbox-qt virtualbox-dkms virtualbox". And what next? What qemu packages should I install and how should I configure them?

doomedraven commented 6 years ago

well default doesn't metter you can change it in conf

about qemu/kvm read https://www.doomedraven.com/2016/05/kvm.html https://gist.github.com/doomedraven/41af84c8cf93ba63cea933a80e898fb6