Malware/Installing - ANNE
From CSRRT-LU
| Table of contents |
[edit]
Installing ANNE server and anne daemon
Extract the tarball and start the script install.sh as it is shown below. The installer checks itself and then asks you some questions. Just by pressing [ enter ] the default values are selected. The default values are shown between brackets.
When the installation is complete following line is displayed.
Generating config files ... [ok]
gerard@haegar ~/anne/anne-backend $ ./install.sh Check installer integrity ... [ok] Check distribution integrity ... [ok] You are not root anne server and daemon will run under your username. Configuring queues and log settings ... Enter the queues root directory. In this directory is the incomming queue ,the outgoing queue, a run folder that contains PIDs, statistics, templates ,templates, ... default: [/tmp/anne/var] On which interface the server should listen? default: [127.0.0.1] On which port anne server should listen default: [2123] Configuring your plugins ... <0> stop installation <1> continue configuration <2> add new plugin <3> show already selected plugins enter your choice 1 Configuring sandbox ... Where is inside your UML a directory that contains the raw results like .wine, .diff files default: [/home/wein/reports] Enter the directory in your UML where the binary is deployed default [/home/wein/exe] Define a maximum network traffic size that is packed in XML In case a network record exceeds this size, the file is rawly returned, The size is defined in bytes default: [10000] Which program should be used as scp? default [/usr/bin/scp] Which program should be used as ssh? default [/usr/bin/ssh] Enter the ip address of your UML to access it via ssh default [192.168.5.2] Enter the port where inside your UML the SSH server listens: default: [10022] Enter the user which executes the sandbox inside your UML default: [wein] Enter the startsimulation script default [/home/wein/startSim.sh] Enter the simulation duration in seconds: default [10] Define a SSH / SCP timeout (seconds) default [5] Enter the script that cleans wein's home directory about previous binaries default: [/home/wein/cleanExe.sh] Enter the cat command location from core utilities default: [/bin/cat] Where should anne server and anne daemon installed? default: [/tmp/anne] Enter the maximum duration of an binary analysis in seconds default: [360] Creating root Directory ... [ok] Creating vroot directory ... [ok] Populatating /tmp/anne/var ... [ok] Creating directories ... [ok] Copying files ... [ok] Create symlinks ... [ok] Generating config files ... [ok]
[edit]
Adding your own plugins and controller scripts
The menu permits you to add your own controller scripts and tools. You can also add them directly in anne.conf (configuration file) This script checks the permissions and if the files exists.
Menu features
- 0 abort the installation
- 1 continue the installation
- 2 display the menu for adding an other plugin. You are asked for a binary, the shell arguments for the binary, a timeout in other words the maximum runtime duration of this binary. With the option
- 3 you can see the already selected tools with its parameters.
Configuring your plugins ... <0> stop installation <1> continue configuration <2> add new plugin <3> show already selected plugins enter your choice 2 A plugin is composed of two parts (a tool and a controllerscript) Enter your the absolute filepath of your binary: /bin/objdump Tool not found Enter your the absolute filepath of your binary: /usr/bin/objdump enter arguments (switches) for your tool -d define a timeout for this application 10 Enter your controller script: /home/gerard/anne/anne-backend/pscripts/objdump_dasm.pl <0> stop installation <1> continue configuration <2> add new plugin <3> show already selected plugins enter your choice 3 List of available tools ----------------------- Tool: /usr/bin/objdump args: -d ctrl: /home/gerard/anne/anne-backend/pscripts/objdump_dasm.pl timeout: 10
[edit]
Installing ANNE web interface (anne frontend)
Simply extract the tarball and execute intsall.sh as root. The root directory of anneweb whould be known by your web server. I installed it in /var/localhost/htdocs/anneweb. The installation was successfull when following line is displayed.
anne web has been successfully installed
The installer works in the same way than the installer of anne server / daemon. The complete listing is shown below
haegar anne # ./install.sh Installation script for anne web interface 0.1.0 Should I proceed Please enter [y/n] y File dependency test ... [OK] Special file test ... [OK] Root directory where php files and config are installed default [press enter]: /var/www/localhost/htdocs/anneweb unpriviledged user which is used to execute php scripts default [apache] your user's group default [apache] Creating directories ... [OK] Installing files (std permissions) ... [OK] Configuring anne web interface ... On which interface anne server is listening? default: [127.0.0.1] On which port is anne listing? default: [2123] Select a future local log file (the file should not exist)? default: [/var/anne/log/anneweb.log] The most report are based on tables, to facilitate to read them odd / even rows are colored differenly Colors can be entered as HTML hex values Select a default odd row color: When you enter NO (character N and O), no color is choosen default: [DBDBFF] Select a default even color. When you enter NO no color is choosen default: [F0F0FF] Generating config file ... [OK] Changing user of anne_web.conf ... [OK] Creating symlinks ... [OK] anne web has been successfully installed
[edit]
Installing simulation scripts
The simulation scripts are started from the Sandbox Plugin, so they need to be installed inside your UML.
[edit]
Installation steps
- create a user wine
- extract the simulation scripts as home directory for this user
- create a directory .ssh
- add inside .ssh the keys
- start the script createCleanWine.sh to have a clean wine image
[edit]
Test the simulation scripts
wein@hgrum ~ $ ls AUTHOR VERSION demo.exe sandbox tools.sh LICENSE cleanExe.sh exe simulation.rc wine_unmodified TestTools.sh createCleanWine.sh reports startSim.sh winesim.log wein@hgrum ~ $ ./cleanExe.sh wein@hgrum ~ $ cp demo.exe ./exe/ wein@hgrum ~ $ ./startSim.sh wein@hgrum ~ $ ls ./reports/ demo.diff demo.wine demo_wine_dir.tar.bz2 winesim.log wein@hgrum ~ $
