search

kevoreilly / CAPEv2

Malware Configuration And Payload Extraction
https://capesandbox.com/analysis/
Other
1.91k stars 411 forks source link

Distributed CAPE setup #2183

Closed joser12345678 closed 3 months ago

joser12345678 commented 3 months ago

Hello,

This isn't necessarily a problem/issue more of some general questions.

I am trying to setup distributed CAPE, right now I have two servers each running cape standalone. The only changes to the configuration I have made is on the master node, I have enabled distributed cape, and filled out the db section of the config file to point to the capedist db on the master.

I have followed the documentation and have successfully added a worker node, and it is reachable from the master. When I run the dist.py script I get the following output soon after starting it up:

2024-06-24 16:53:16,454 INFO:dist:StatusThread - [-] ena dead
2024-06-24 16:53:16,473 INFO:dist:StatusThread - [-] master dead

Is this intended behavior? On the worker side I can see constant requests to the tasks/list endpoint:

Jun 24 16:58:51 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:51] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:51 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:51] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -
Jun 24 16:58:52 ena python3[3932904]: 130.207.39.72 - - [24/Jun/2024 16:58:52] "GET /apiv2/tasks/list/?status=reported&ids=True&completed_after=0 HTTP/1.1" 200 -

I also cannot submit work directly to the worker with the "node=" option as described in this issue: https://github.com/kevoreilly/CAPEv2/issues/250

Is there some configuration step I am missing?

Thanks in advance!

joser12345678 commented 3 months ago

Figured it out. Had to enable cuckoo status API call. Apologies.

doomedraven commented 3 months ago

glad you spot the answer faster than i got to keyboard

doomedraven commented 3 months ago

my advice to use NFS for copy data from worker to master, over http is damn slow average 300seconds when on NFS is 1-4seconds