Skip to content

VM&Bare Metal Installation

nheijmans edited this page Nov 29, 2020 · 1 revision

Automated

In the newest update, a bootstrap.sh is included. Run this with the command sh bootstrap.sh and when it is finished, run export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH so that the fuzzy library can be found.

Manually

Packages

Install the mandatory packages. With apt-get: sudo apt-get update;sudo apt-get install -y vim build-essential python-dev libtool bison autoconf python-magic tmux ssdeep git unzip zip python-pip python-bottle python-requests libldap-dev libsasl2-dev libldap2-dev libssl-dev

Mongo Database

Make sure to install the Mongo Database first and then the pymongo module. For detailed info on how to install mongo, see: http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/#install-mongodb

When you are going to use the mongo CLI and you get a locale error, it might be fixed with this cmd:

export LC_ALL=C

YARA

You will also need to install YARA by yourself. Install the packages libtool, bison and autoconf (sudo apt-get install libtool bison autoconf) first and then follow the official documentation (don't forget the python module!). For details see, http://yara.readthedocs.org/en/v3.3.0/gettingstarted.html#compiling-and-installing-yara
If you are using Ubuntu or debian, prevent this error from happening: ImportError: libyara.so.0: cannot open shared object file: No such file or directory and add the path /usr/local/lib to the loader configuration file, like so:

$ sudo su
$ echo "/usr/local/lib" >> /etc/ld.so.conf
$ ldconfig

SSDeep

And finally, install SSDeep: http://ssdeep.sourceforge.net/usage.html

###Python dependencies Most of the python libraries that are used can be installed via PIP with: pip install -r requirements.txt

Other Python dependencies

Python-magic

The magic library will give an error for some strange reason when installed via PIP so I advice downloading it from Github (https://github.com/ahupp/python-magic) or if you are using a Debian based distribution via the package manager: sudo apt-get update; sudo apt-get install python-magic

Pydeep

Install Pydeep with the following commands:

wget https://github.com/kbandla/pydeep/archive/master.zip
unzip master.zip
cd pydeep-master
python setup.py build
sudo python setup.py install
export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH

Finally, create the folders for storage of samples: mkdir attachments uploads storage Then extract the ZIP of MalZoo where you want to store the application (e.g. in /opt/) or git clone the repository and configure MalZoo.

Configuration

After the installation you need to go into the config/ directory and copy the configuration file malzoo.conf.dist to malzoo.conf. Adjust the configuration options to your needs in the malzoo.conf file.

Usage

MalZoo runs with a bottle API on port 1338 (can be changed in the configuration file). Samples can be added through the API for analysis. Based on the configuration, MalZoo will then share analysis results to the defined method (Mongo or Splunk).

!! Make sure to modify the config/malzoo.conf to your needs before spinning MalZoo up. To start, run the following command in the malzoo directory:

python malzoo.py

And it should show something like this:

[*] Malzoo wil run in monitor mode now!
[*] Starting components...
[+] Starting API supplier!
Clone this wiki locally