-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use linux packages #1166
Comments
do you have enabled DYNAMIC_ARCH_DETERMINATION by this |
Hello, thank you for your reply. Yes, dynamic arch and platform determinations are enabled in web config
|
Than someone broke it 🤣i dont have time this week to look into this issue
El mar, 27 sept 2022 18:41, alx1m1k ***@***.***> escribió:
… Hello, thank you for your reply.
Yes, dynamic arch and platform determinations are enabled in web config
Assign architecture to task to fetch correct VM type
dynamic_arch_determination = yes
Assign platform to task to fetch correct VM type
dynamic_platform_determination = yes
—
Reply to this email directly, view it on GitHub
<#1166 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOFH34A2INYCJO3LMDORYDWAMPSXANCNFSM6AAAAAAQUYOIVU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I've got a fair bit of Linux changes in the works that could help here. |
@nbargnesi do you have a status update on your aforementioned Linux changes? I'm wondering because I've also hit a wall in terms of Linux detonation. |
Not yet, but I've got Ubuntu 20.04/22.04, Oracle, and Fedora linux detonating in CAPE regularly it just takes a fair bit of work to get there. Part of the problem is how outdated open source Linux malware analysis is everywhere you look. Here's a sense for the initial bit of what's needed to make CAPE decent at doing Linux malware - no particular order:
Some point this month, my current plan is to kick off a long-lived branch to start collecting these changes, maybe do something like what @doomedraven did with his big v2 PR some time ago. I don't see a good path to a set of smaller PRs. |
This is a suitable replacement for the existing strace script and is known to work on Red Hat Enterprise Linux, Oracle Linux, Fedora, and Ubuntu with a bit of coaxing and gentle prodding. RPM-based distributions are the most straightforward and tend to work on nearly every kernel release. Ubuntu frequently breaks. Basic SystemTap instructions for each distro look something like this: Red Hat Enterprise Linux: - enable the debug RPMs repos using subscription-manager - install systemtap, kernel debuginfo, and debug info common Oracle Linux (9): - install systemtap and kernel-uek-devel - pull the debug info packages from oss.oracle.com/ol9/debuginfo - install the debuginfo and debug info common packages Fedora Linux: - dnf install systemtap-client systemtap-devel systemtap - stap-prep Ubuntu: - add the dbgsym release key for ddebs.ubuntu.com - add an apt source for ddebs.ubuntu.com - update the apt cache - install linux-headers-$(uname -r) and linux-image-$(uname -r)-dbgsym - kevoreilly#1166
Hi.I have seen your branch. Have you tested which files can be correctly analyzed in the ubuntu virtual machine? Thank you. @nbargnesi |
With Ubuntu VMs specifically, coverage isn't too good. This is based on how Ubuntu generally fairs with SystemTap support, which is to say in general not very well. Ubuntu 22.04 with the SystemTap rewrite in my branch will work, but you'll need to turn on SystemTap's guru mode when building the kernel module, to help work around the instrumentation overhead. In the end, you'll be able to analyze files, but CAPE needs a lot more work to make sense of the results. |
Okay, I understand. It seems like it takes a lot of effort to debug. It doesn't seem suitable for me now. I can only wish the pioneers in this field no more bugs 😀@nbargnesi**_ |
this is now should be fixed, so closing this issue |
About accounts on capesandbox.com
This is opensource and you getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Can select package for linux VM via web interface or utils/submit.py, analysis performs via correct linux package
Current Behavior
It is impossible to select linux package via Submit/Analysis package (for an example bash package exists in
analyzer/linux/modules/packages/
but is absent in web UI menu). Even if package is specified in commandline for submit.py, cape is not honoring it - analysis starts without any package, or not starts at all (stuck in pending state). Don't know if this is a misconfiguration / bug, or absence of support is expected (in that case it's strange, whyanalyzer/linux
exists)Failure Information (for bugs)
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
conf/web.conf
Failure Logs
The text was updated successfully, but these errors were encountered: