2022-06-11 16:27:47 +02:00
|
|
|
Pandora-BOX
|
|
|
|
|
============
|
|
|
|
|
|
2022-07-06 22:40:23 +02:00
|
|
|
Host
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
CORE i5 - 4G RAM - 20G disk
|
|
|
|
|
|
|
|
|
|
Installation
|
|
|
|
|
------------
|
|
|
|
|
|
2022-07-04 20:24:06 +02:00
|
|
|
Install Ubuntu 22.04 server LTS
|
|
|
|
|
|
2022-08-03 10:16:37 +02:00
|
|
|
select (x) Ubuntu Server (minimized)
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2022-07-04 20:49:16 +02:00
|
|
|
Choose to "install OpenSSH server"
|
2022-07-04 20:24:06 +02:00
|
|
|
|
|
|
|
|
That's all, no other packages needed
|
|
|
|
|
|
2022-07-04 21:20:31 +02:00
|
|
|
After reboot, login with the user created during the install and type :
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2022-07-06 20:04:18 +02:00
|
|
|
sudo apt install -y git
|
2022-07-04 21:03:16 +02:00
|
|
|
git clone https://github.com/dbarzin/pandora-box
|
|
|
|
|
cd pandora-box
|
|
|
|
|
sudo ./install.sh
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2023-03-08 08:26:25 +01:00
|
|
|
## Firewall
|
|
|
|
|
|
2023-03-08 09:14:42 +01:00
|
|
|
Pandora-box needs web access to these websites :
|
2023-03-08 08:26:25 +01:00
|
|
|
|
|
|
|
|
- Ubuntu repositories
|
|
|
|
|
- GitHub.com
|
|
|
|
|
- Pypi.org
|
|
|
|
|
- clamav.net
|
2023-03-08 09:14:42 +01:00
|
|
|
- download.comodo.com
|
2023-03-08 08:26:25 +01:00
|
|
|
- hashlookup.circl.lu
|
|
|
|
|
|
|
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
## Configuration
|
2022-07-06 22:40:23 +02:00
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
Copy the sample configuration file to _pandora-box.ini_
|
2022-08-24 00:15:26 +02:00
|
|
|
|
|
|
|
|
cp pandora-box.ini.ubuntu pandora-box.ini
|
|
|
|
|
|
2022-07-06 22:40:23 +02:00
|
|
|
You can configure Pandora-box in the _pandora-box.ini_ file :
|
2022-07-04 21:03:16 +02:00
|
|
|
|
|
|
|
|
[DEFAULT]
|
|
|
|
|
; Curses mode (full text)
|
|
|
|
|
CURSES = False
|
|
|
|
|
|
2022-08-03 10:16:37 +02:00
|
|
|
; Set USB_AUTO_MOUNT to true is if the OS automaticaly mount USB keys
|
2022-07-04 21:03:16 +02:00
|
|
|
USB_AUTO_MOUNT = False
|
|
|
|
|
|
|
|
|
|
; Set PANDORA_ROOT_URL to the URL of the Pandora server
|
|
|
|
|
; the default value is "http://127.0.0.1:6100"
|
|
|
|
|
PANDORA_ROOT_URL = http://127.0.0.1:6100
|
|
|
|
|
|
|
|
|
|
; Set FAKE_SCAN to true to fake the scan process (used during developement only)
|
|
|
|
|
FAKE_SCAN = False
|
|
|
|
|
|
|
|
|
|
; Set to true to copy infected files to the quarantine folder
|
|
|
|
|
; in the USB scanning station
|
|
|
|
|
QUARANTINE = True
|
|
|
|
|
|
|
|
|
|
; Set quarantine folder
|
|
|
|
|
QUARANTINE_FOLDER = /var/quarantine
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2023-03-04 21:48:48 +01:00
|
|
|
; Number of threads
|
|
|
|
|
THREADS = 24
|
|
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
## Logging
|
|
|
|
|
|
2023-03-10 15:54:02 +01:00
|
|
|
Copy the rsyslog config file :
|
|
|
|
|
|
|
|
|
|
sudo cp rsyslog.conf/pandora-box.conf to /etc/rsyslog.d
|
2023-02-22 13:14:41 +01:00
|
|
|
|
|
|
|
|
Add the following line if you are using UDP, where 192.168.12.123 is the IP address of the remote server, you will be writing your logs to:
|
|
|
|
|
|
|
|
|
|
$ModLoad imfile
|
|
|
|
|
$InputFileName /var/log/pandora-box.log
|
|
|
|
|
$InputFileTag pandora-box:
|
|
|
|
|
$InputFileStateFile stat-pandora-box-info
|
|
|
|
|
$InputFileFacility local7
|
|
|
|
|
$InputFileSeverity info
|
|
|
|
|
$InputRunFileMonitor
|
2023-02-22 13:21:50 +01:00
|
|
|
local7.info @@192.168.12.123:514
|
2023-02-22 13:14:41 +01:00
|
|
|
|
2023-02-22 13:21:50 +01:00
|
|
|
Save your changes and restart the rsyslog service with the command:
|
2023-02-22 13:14:41 +01:00
|
|
|
|
|
|
|
|
sudo systemctl restart rsyslog
|
|
|
|
|
|
|
|
|
|
Ref: https://www.rsyslog.com/doc/v5-stable/configuration/modules/imfile.html
|
|
|
|
|
|
2023-02-19 17:55:28 +01:00
|
|
|
# Update
|
|
|
|
|
|
|
|
|
|
Update the operating system
|
2023-02-19 16:05:58 +01:00
|
|
|
|
2023-02-19 17:56:24 +01:00
|
|
|
sudo apt update && sudo apt upgrade
|
2023-02-19 17:55:28 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Update Pandora
|
|
|
|
|
|
2023-02-19 17:55:28 +01:00
|
|
|
cd pandora && poetry run update --yes
|
|
|
|
|
|
|
|
|
|
Update Pandra-box
|
|
|
|
|
|
|
|
|
|
cd pandora-box && git pull
|
|
|
|
|
|
|
|
|
|
# Troubleshooting
|
2023-02-24 13:56:48 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Check Pandora listening on port 6100
|
|
|
|
|
|
|
|
|
|
sudo lsof -i -P -n | grep LISTEN
|
|
|
|
|
|
|
|
|
|
Result should contains
|
|
|
|
|
|
|
|
|
|
...
|
|
|
|
|
gunicorn: 1034 pandora 5u IPv4 27043 0t0 TCP *:6100 (LISTEN)
|
|
|
|
|
...
|
|
|
|
|
|
2023-02-24 13:56:48 +01:00
|
|
|
poetry: command not found
|
|
|
|
|
|
|
|
|
|
export PATH="$HOME/.local/bin:{$PATH}"
|
|
|
|
|
|
2023-02-23 07:45:19 +01:00
|
|
|
Submit a file to Pandora with the command line
|
2023-02-19 16:05:58 +01:00
|
|
|
|
2023-02-24 13:31:26 +01:00
|
|
|
cd pandora
|
2023-02-19 16:05:58 +01:00
|
|
|
poetry run pandora --url http://127.0.0.1:6100 -f <<file_name>>
|
2023-02-24 13:31:26 +01:00
|
|
|
...
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ...
|
2023-02-23 07:45:19 +01:00
|
|
|
|
|
|
|
|
Submit anti malware testfile to Pandora
|
|
|
|
|
|
2023-02-24 13:31:26 +01:00
|
|
|
cd pandora
|
2023-02-23 07:45:19 +01:00
|
|
|
wget https://secure.eicar.org/eicar.com.txt
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 -f eicar.com.txt
|
2023-02-24 13:31:26 +01:00
|
|
|
...
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ...
|
2023-02-23 07:45:19 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Look a the Pandora logs files
|
|
|
|
|
|
|
|
|
|
tail -500f /var/log/pandora_message.log
|
|
|
|
|
tail -500f /var/log/pandora_error.log
|
|
|
|
|
|
|
|
|
|
Look a the Pandora-box logs files
|
|
|
|
|
|
|
|
|
|
tail -500f /var/log/pandora-box.log
|
