Installation queries

[Dylan818]

What would you like to ask us?
Hi, I'm reading the installation guide at https://drakvuf-sandbox.readthedocs.io/en/latest/usage/getting_started.html .

I have some questions regarding the installation steps namely:

Step 2:
apt update
apt install ./xen-hypervisor*.deb
apt install ./drakvuf-bundle*.deb
reboot

what does the ./xen-hypervisor*.deb and drakvuf-bundle*.deb refer to? I have installed the latest packages from the github page.

The other steps also follow a similar naming convention for the files needed to be installed.

I am trying to install DRAKVUF on Ubuntu 22.04.06 Focal, with an Intel Core i7-7700. Thank you and I apologize if this is lengthy, I am quite new to this so please be patient with me.

...

[krzysdz]

xen-hypervisor and drakvuf-bundle are built from drakvuf and are responsible for virtualization and analysis/tracing. These packages are built by the CI, but it looks like the artifacts are not published anywhere. Before #755 was merged, drakvuf-bundle contained both Xen and DRAKVUF in a single package, so if you are using the version from release v0.18.2, just install drakvuf-bundle, drakcore and drakrun.

These are the packages required for Ubuntu 20.04 (Focal Fossa):

If you want to use the latest version and don't want to build it yourself, you can try using the builds from tklengyel/drakvuf or GitHub CI build from #772 (the drakvuf-bundle-debs zip contains both Xen and DRAKVUF .debs).

[Dylan818]

Ah okay, thank you. I am running into this issue when building the installation packages. After running "sudo ./drakrun/package/build.sh", I get an error pertaining to the unsuccessful installation of yara python. How do I solve it?

error.txt

[psrok1]

Latest release of yara-python broke few things, it's not fixed yet.

The possible cause is missing libssl-dev, so you should try to install this additional dependency using apt. If it doesn't work, another thing you can try is to add version pin yara-python==4.2.3 into /drakrun/requirements.txt file

[krzysdz]

As @psrok1 wrote, adding libssl-dev to line 8 or 9 in drakvuf-sandbox/drakrun/package/Dockerfile fixes the build.

drakvuf-sandbox/drakrun/package/Dockerfile

Lines 6 to 13 in ba673d6

	RUN apt-get update && \
	apt-get install -y \
	wget curl python2.7 python3 python3-pip python3-venv debhelper devscripts libc6-dev-i386 \
	libpixman-1-0 libpng16-16 libfdt1 libglib2.0-dev 'libjson-c[34]' libyajl2 libaio1 lsb-release && \
	if [ $(apt-cache search --names-only '^python3\.8$' | wc -l) -ne 0 ]; then apt-get install -y python3.8 python3.8-dev python3.8-venv ; else apt-get install -y python3.7 python3.7-dev python3.7-venv ; fi && \
	curl "http://snapshot.debian.org/archive/debian/20201029T084118Z/pool/main/d/dh-virtualenv/dh-virtualenv_1.2.1-1_all.deb" -o dh-virtualenv.deb && \
	pip3 install virtualenv==20.1.0 && \
	dpkg -i --ignore-depends=sphinx-rtd-theme-common ./dh-virtualenv.deb

Also, if you're using Ubuntu 20.04 (Focal Fossa), I'd suggest building the packages with BASEIMAGE=ubuntu:20.04, because by default the images are built using a Debian Buster image and use Python 3.7, while Ubuntu 20.04 uses Python 3.8.