I have a pretty good instance of Cuckoo 2.0 set. But since now, I was setting the routing part by myself, with iptables... So I wanted to try using a dirty line configuration.
I have a configuration made on an ESXi.
The Cuckoo instance is one VM with 3 NICs :
- eth0 for internet connection and access to the frontend (192.168.X.X)
- eth1 on a different network in promiscius mode (10.10.10.0/24)
- eth2 on the same network that eth1 ans all the VMs (10.10.10.2)
When I have the following configuration, Cuckoo fails on startup and I can't get why...
# Path to the unix socket for running root commands.
rooter = /tmp/cuckoo-rooter
# Default network routing mode; "none", "internet", or "vpn_name".
# In none mode we don't do any special routing - the VM doesn't have any
# network access (this has been the default actually for quite a while).
# In internet mode by default all the VMs will be routed through the network
# interface configured below (the "dirty line").
# And in VPN mode by default the VMs will be routed through the VPN identified
# by the given name of the VPN (as per vpn.conf).
# Note that just like enabling VPN configuration setting this option to
# anything other than "none" requires one to run utils/rooter.py as root next
# to the Cuckoo instance (as it's required for setting up the routing).
route = none
# Network interface that allows a VM to connect to the entire internet, the
# "dirty line" so to say. Note that, just like with the VPNs, this will allow
# malicious traffic through your network. So think twice before enabling it.
# (For example, to route all VMs through eth0 by default: "internet = eth0").
internet = eth0
And the error is:
python cuckoo.py -d
eeee e e eeee e e eeeee eeeee
8 8 8 8 8 8 8 8 8 88 8 88
8e 8e 8 8e 8eee8e 8 8 8 8
88 88 8 88 88 8 8 8 8 8
88e8 88ee8 88e8 88 8 8eee8 8eee8
Cuckoo Sandbox 2.0-rc1
Copyright (c) 2010-2015
Checking for updates...
Good! You have the latest version available.
2016-05-27 16:30:22,662 [root] DEBUG: Importing modules...
2016-05-27 16:30:22,898 [root] DEBUG: Imported "signatures" modules:
2016-05-27 16:30:22,941 [root] DEBUG: Imported "machinery" modules:
2016-05-27 16:30:22,941 [root] DEBUG: `-- ESX
2016-05-27 16:30:22,942 [root] DEBUG: Checking for locked tasks..
2016-05-27 16:30:22,947 [root] DEBUG: Checking for pending service tasks..
2016-05-27 16:30:22,951 [root] DEBUG: Initializing Yara...
2016-05-27 16:30:22,951 [root] DEBUG: |-- index_binaries.yar
2016-05-27 16:30:22,951 [root] DEBUG: `-- index_memory.yar
2016-05-27 16:30:22,954 [lib.cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (nic_available) as the rooter unix socket doesn't exist.
2016-05-27 16:30:22,954 [root] CRITICAL: CuckooStartupError: The network interface that has been configured as dirty line is not available.
If anyone have any idea on what I'm missing, it'll be really great!