Open jtowns97 opened 5 years ago
Hello, I have the same problem. And I got to your open issue. I am working on solving this problem. And once the problem is solved, it will be shared here. If you have a problem solved, please share it here.
What if you add the following in ./cukoo/conf/reporting.conf? Show matched cuckoo signatures. show_signatures = yes In my case it looked like it was improved.
Hi. Did you run Cuckoo in debug mode to check if there is any issue at the startup more verbose about that ? It could help to understand. Did your environment variables for the CWD are set well ?
hi run cuckoo -d and share the log. thank's
My issue is:
Cuckoo signatures do not appear to be loading. That is, upon cuckoo startup I receive the message:
WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important! 2019-04-03 13:43:37,168 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signaturs, Yara rules, and more goodies by running the following command: 2019-04-03 13:43:37,168 [cuckoo] INFO: $ cuckoo community
However, I have run
cuckoo community
multiple times, and I have verified that the signatures are being loaded in my~/.cuckoo/signatures/
directory. Additionally, this causes my analysis to report all my samples as false negatives with respect to my analysis scores.My Cuckoo version and operating system are:
Cuckoo: Version 2.0.6 OS: Ubuntu 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
This can be reproduced by:
For me at least, this happens every time I start up cuckoo, which I do by running /root/cuckoo-start.sh - which contains the code: `#!/bin/bash
Cuckoo run script
killall cuckoo pkill -f 'cuckoo web runserver' vboxmanage dhcpserver modify --ifname vboxnet0 --disable vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.87.1 --netmask 255.255.255.0 iptables -A FORWARD -o enp3s0 -i vboxnet0 -s 192.168.87.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE sysctl -w net.ipv4.ip_forward=1 runuser -l cuckoo -c 'cuckoo --debug' & runuser -l cuckoo -c 'cuckoo web runserver 0.0.0.0:8000' & runuser -l cuckoo -c 'cuckoo api --host 0.0.0.0 --port 8090' &`
Any help or guidance would be greatly appreciated, I'm quite new to using cuckoo sandbox.