search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.56k stars 1.71k forks source link

Ubuntu guest vm SYSTEMDRIVE error #2586

Open ronymathews opened 5 years ago

ronymathews commented 5 years ago

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is: Cannot get cuckoo to analyze an ubuntu guest vm
My Cuckoo version and operating system are: latest (2.0.6) running on Ubuntu 18
This can be reproduced by:

The agent is running as root user and all the steps mentioned in documentation ran fine with no errors.

The log, error, files etc can be found at:

2018-12-27 21:37:52,442 [cuckoo.core.scheduler] INFO: Task #35: acquired machine Ubuntu (label=Ubuntu) 2018-12-27 21:37:52,459 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 39331 (interface=vboxnet0, host=192.168.56.14) 2018-12-27 21:37:52,460 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-12-27 21:37:52,612 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu 2018-12-27 21:37:52,816 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu to its current snapshot 2018-12-27 21:38:03,146 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Ubuntu, ip=192.168.56.14) 2018-12-27 21:38:04,157 [cuckoo.core.guest] DEBUG: Ubuntu: not ready yet 2018-12-27 21:38:05,165 [cuckoo.core.guest] DEBUG: Ubuntu: not ready yet 2018-12-27 21:38:06,173 [cuckoo.core.guest] DEBUG: Ubuntu: not ready yet 2018-12-27 21:38:07,182 [cuckoo.core.guest] DEBUG: Ubuntu: not ready yet 2018-12-27 21:38:07,207 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=Ubuntu, ip=192.168.56.14) 2018-12-27 21:38:07,253 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu, ip=192.168.56.14, monitor=latest, size=3848306) 2018-12-27 21:38:07,301 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-12-27 21:38:07,302 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu 2018-12-27 21:38:08,942 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 737, in run self.launch_analysis() File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 527, in launch_analysis self.guest_manage(options) File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 394, in guest_manage self.guest_manager.start_analysis(options, monitor) File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/guest.py", line 483, in start_analysis self.upload_analyzer(monitor) File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/guest.py", line 390, in upload_analyzer self.determine_analyzer_path() File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/guest.py", line 360, in determine_analyzer_path systemdrive = self.determine_system_drive() File "/home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/guest.py", line 373, in determine_system_drive return "%s/" % self.environ["SYSTEMDRIVE"] KeyError: 'SYSTEMDRIVE'

Spiralem commented 5 years ago

return "%s/" % self.environ["SYSTEMDRIVE"] The above line will only be triggered if the platform is Windows, did you configure the the conf file for your Ubuntu guest correctly?

ronymathews commented 5 years ago

@Spiralem Which conf file? Virtualbox.conf? If you want I can paste it here. Please let me know.

Spiralem commented 5 years ago

@ronymathews Yup Virtualbox.conf Verify that the following is set for virtual machine with the label Ubuntu platform=linux

ronymathews commented 5 years ago

@Spiralem Yes, that's all done exactly as in documentation. I have a Win XP and that works perfectly fine. ############### [Ubuntu] Specify the label name of the current machine as specified in your VirtualBox configuration. label = Ubuntu platform = linux ip = 192.168.56.14 snapshot = Ubuntu_snap

Spiralem commented 5 years ago

Configuration seems to be correct. Not sure where is causing the issue... If you are fine with some debugging, you can check the parameter passed into Guest Manager

https://github.com/cuckoosandbox/cuckoo/blob/3b628384d5dd2c8982e71548d7413e2c89172181/cuckoo/core/scheduler.py#L454-L457

ronymathews commented 5 years ago

@Spiralem Should I check those lines in scheduler.py? Or should I add those as extra? Asking because the server is at work place and am at home now. Thanks for the help. Appreciate it.

Spiralem commented 5 years ago

@ronymathews try to check the value of self.machine.platform just curious, how do you submit sample to the sandbox?

ronymathews commented 5 years ago

@Spiralem How can I check the value of that? Which file is it in? And I submit the sample from the gui called using a browser.

Spiralem commented 5 years ago

@ronymathews /home/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/scheduler.py at line 454

ronymathews commented 5 years ago

@Spiralem Below is the whole section. --# Initialize the guest manager. self.guest_manager = GuestManager( self.machine.name, self.machine.ip, self.machine.platform, self.task.id, self

I was thinking of redoing the steps from the start again for ubuntu guest. Right from installation of ubuntu OS.