-
Notifications
You must be signed in to change notification settings - Fork 29
VM&Bare Metal Installation
In the newest update, a bootstrap.sh is included. Run this with the command sh bootstrap.sh
and when it is finished, run export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
so that the fuzzy library can be found.
Install the mandatory packages. With apt-get:
sudo apt-get update;sudo apt-get install -y vim build-essential python-dev libtool bison autoconf python-magic tmux ssdeep git unzip zip python-pip python-bottle python-requests libldap-dev libsasl2-dev libldap2-dev libssl-dev
Make sure to install the Mongo Database first and then the pymongo module. For detailed info on how to install mongo, see: http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/#install-mongodb
When you are going to use the mongo CLI and you get a locale error, it might be fixed with this cmd:
export LC_ALL=C
You will also need to install YARA by yourself. Install the packages libtool, bison and autoconf (sudo apt-get install libtool bison autoconf) first and then follow the official documentation (don't forget the python module!).
For details see, http://yara.readthedocs.org/en/v3.3.0/gettingstarted.html#compiling-and-installing-yara
If you are using Ubuntu or debian, prevent this error from happening:
ImportError: libyara.so.0: cannot open shared object file: No such file or directory
and add the path /usr/local/lib to the loader configuration file, like so:
$ sudo su
$ echo "/usr/local/lib" >> /etc/ld.so.conf
$ ldconfig
And finally, install SSDeep: http://ssdeep.sourceforge.net/usage.html
###Python dependencies
Most of the python libraries that are used can be installed via PIP with:
pip install -r requirements.txt
The magic library will give an error for some strange reason when installed via PIP so I advice downloading it from Github (https://github.com/ahupp/python-magic)
or if you are using a Debian based distribution via the package manager:
sudo apt-get update; sudo apt-get install python-magic
Install Pydeep with the following commands:
wget https://github.com/kbandla/pydeep/archive/master.zip
unzip master.zip
cd pydeep-master
python setup.py build
sudo python setup.py install
export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
Finally, create the folders for storage of samples:
mkdir attachments uploads storage
Then extract the ZIP of MalZoo where you want to store the application (e.g. in /opt/) or git clone the repository and configure MalZoo.
After the installation you need to go into the config/ directory and copy the configuration file malzoo.conf.dist to malzoo.conf. Adjust the configuration options to your needs in the malzoo.conf file.
MalZoo runs with a bottle API on port 1338 (can be changed in the configuration file). Samples can be added through the API for analysis. Based on the configuration, MalZoo will then share analysis results to the defined method (Mongo or Splunk).
!! Make sure to modify the config/malzoo.conf to your needs before spinning MalZoo up. To start, run the following command in the malzoo directory:
python malzoo.py
And it should show something like this:
[*] Malzoo wil run in monitor mode now!
[*] Starting components...
[+] Starting API supplier!