2022-06-11 16:27:47 +02:00
|
|
|
Pandora-BOX
|
|
|
|
|
============
|
|
|
|
|
|
2022-07-06 22:40:23 +02:00
|
|
|
Host
|
|
|
|
|
----
|
|
|
|
|
|
2025-02-21 07:10:10 +01:00
|
|
|
CORE i5 - **16G** RAM - 30G disk
|
2022-07-06 22:40:23 +02:00
|
|
|
|
|
|
|
|
Installation
|
|
|
|
|
------------
|
|
|
|
|
|
2025-02-21 07:10:10 +01:00
|
|
|
Install **[Ubuntu 24.04.1 server LTS](https://ubuntu.com/download/server)**
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2024-01-06 14:24:04 +01:00
|
|
|
during the installation, select (x) Ubuntu Server (minimized)
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2022-07-04 20:49:16 +02:00
|
|
|
Choose to "install OpenSSH server"
|
2022-07-04 20:24:06 +02:00
|
|
|
|
|
|
|
|
That's all, no other packages needed
|
|
|
|
|
|
2025-02-19 15:40:50 +01:00
|
|
|
After reboot, login and type :
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2022-07-06 20:04:18 +02:00
|
|
|
sudo apt install -y git
|
2022-07-04 21:03:16 +02:00
|
|
|
git clone https://github.com/dbarzin/pandora-box
|
|
|
|
|
cd pandora-box
|
|
|
|
|
sudo ./install.sh
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2023-03-08 08:26:25 +01:00
|
|
|
## Firewall
|
|
|
|
|
|
2023-03-08 09:14:42 +01:00
|
|
|
Pandora-box needs web access to these websites :
|
2023-03-08 08:26:25 +01:00
|
|
|
|
|
|
|
|
- Ubuntu repositories
|
2023-03-23 15:51:31 +01:00
|
|
|
- github.com
|
|
|
|
|
- pypi.org
|
|
|
|
|
- install.python-poetry.org
|
2023-03-08 08:26:25 +01:00
|
|
|
- clamav.net
|
2023-03-24 13:46:53 +01:00
|
|
|
- database.clamav.net
|
2023-03-08 09:14:42 +01:00
|
|
|
- download.comodo.com
|
2023-03-08 08:26:25 +01:00
|
|
|
- hashlookup.circl.lu
|
|
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
## Configuration
|
2022-07-06 22:40:23 +02:00
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
Copy the sample configuration file to _pandora-box.ini_
|
2022-08-24 00:15:26 +02:00
|
|
|
|
|
|
|
|
cp pandora-box.ini.ubuntu pandora-box.ini
|
|
|
|
|
|
2022-07-06 22:40:23 +02:00
|
|
|
You can configure Pandora-box in the _pandora-box.ini_ file :
|
2022-07-04 21:03:16 +02:00
|
|
|
|
|
|
|
|
[DEFAULT]
|
|
|
|
|
; Curses mode (full text)
|
2024-01-19 07:07:59 +01:00
|
|
|
CURSES = False
|
2022-07-04 21:03:16 +02:00
|
|
|
|
2022-08-03 10:16:37 +02:00
|
|
|
; Set USB_AUTO_MOUNT to true is if the OS automaticaly mount USB keys
|
2024-01-19 07:07:59 +01:00
|
|
|
USB_AUTO_MOUNT = False
|
2022-07-04 21:03:16 +02:00
|
|
|
|
|
|
|
|
; Set PANDORA_ROOT_URL to the URL of the Pandora server
|
|
|
|
|
; the default value is "http://127.0.0.1:6100"
|
|
|
|
|
PANDORA_ROOT_URL = http://127.0.0.1:6100
|
|
|
|
|
|
|
|
|
|
; Set FAKE_SCAN to true to fake the scan process (used during developement only)
|
2024-01-19 07:07:59 +01:00
|
|
|
FAKE_SCAN = False
|
2022-07-04 21:03:16 +02:00
|
|
|
|
2024-01-19 07:07:59 +01:00
|
|
|
; Set to true to copy infected files to the quarantine folder
|
2022-07-04 21:03:16 +02:00
|
|
|
; in the USB scanning station
|
|
|
|
|
QUARANTINE = True
|
|
|
|
|
|
|
|
|
|
; Set quarantine folder
|
|
|
|
|
QUARANTINE_FOLDER = /var/quarantine
|
2022-07-04 20:24:06 +02:00
|
|
|
|
2023-03-04 21:48:48 +01:00
|
|
|
; Number of threads
|
|
|
|
|
THREADS = 24
|
|
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
## Logging
|
|
|
|
|
|
2023-03-10 15:54:02 +01:00
|
|
|
Copy the rsyslog config file :
|
|
|
|
|
|
|
|
|
|
sudo cp rsyslog.conf/pandora-box.conf to /etc/rsyslog.d
|
2023-02-22 13:14:41 +01:00
|
|
|
|
|
|
|
|
Add the following line if you are using UDP, where 192.168.12.123 is the IP address of the remote server, you will be writing your logs to:
|
|
|
|
|
|
|
|
|
|
$ModLoad imfile
|
|
|
|
|
$InputFileName /var/log/pandora-box.log
|
|
|
|
|
$InputFileTag pandora-box:
|
|
|
|
|
$InputFileStateFile stat-pandora-box-info
|
|
|
|
|
$InputFileFacility local7
|
|
|
|
|
$InputFileSeverity info
|
|
|
|
|
$InputRunFileMonitor
|
2023-02-22 13:21:50 +01:00
|
|
|
local7.info @@192.168.12.123:514
|
2023-02-22 13:14:41 +01:00
|
|
|
|
2023-02-22 13:21:50 +01:00
|
|
|
Save your changes and restart the rsyslog service with the command:
|
2024-01-19 07:07:59 +01:00
|
|
|
|
2023-02-22 13:14:41 +01:00
|
|
|
sudo systemctl restart rsyslog
|
|
|
|
|
|
|
|
|
|
Ref: https://www.rsyslog.com/doc/v5-stable/configuration/modules/imfile.html
|
|
|
|
|
|
2024-01-19 07:07:59 +01:00
|
|
|
|
|
|
|
|
## Timezone
|
|
|
|
|
|
|
|
|
|
Set the correct Timezone
|
|
|
|
|
|
|
|
|
|
sudo timedatectl set-timezone Europe/Paris
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## NTP
|
|
|
|
|
|
|
|
|
|
To configure NTP, edit this file :
|
|
|
|
|
|
|
|
|
|
sudo vi /etc/systemd/timesyncd.conf
|
|
|
|
|
|
|
|
|
|
Add this line
|
|
|
|
|
|
|
|
|
|
NTP=<<NTP_SERVER_IP>>
|
|
|
|
|
|
|
|
|
|
## Send log to rsyslog
|
|
|
|
|
|
|
|
|
|
Copy the rsyslogd configuration file
|
|
|
|
|
|
|
|
|
|
sudo cp ./pandora-box/rsyslog.d/pandora-box.conf /etc/rsyslog.d/
|
|
|
|
|
|
|
|
|
|
Edit the rsyslogd file
|
|
|
|
|
|
|
|
|
|
sudo vi /etc/rsyslog.d/pandora-box.conf
|
|
|
|
|
|
|
|
|
|
Change the IP Address :
|
|
|
|
|
|
|
|
|
|
local7.info @@<<SYSLOG_SERVER_IP>>:514
|
|
|
|
|
|
2024-01-19 07:38:24 +01:00
|
|
|
## Automatic shutdown
|
2024-01-19 07:07:59 +01:00
|
|
|
|
|
|
|
|
Edit crontab file
|
|
|
|
|
|
|
|
|
|
sudo crontab -e
|
|
|
|
|
|
|
|
|
|
Add an automatic shutdown command at 8:00 p.m.
|
|
|
|
|
|
|
|
|
|
0 20 * * * shutdown -h
|
|
|
|
|
|
2023-02-19 17:55:28 +01:00
|
|
|
# Update
|
|
|
|
|
|
|
|
|
|
Update the operating system
|
2023-02-19 16:05:58 +01:00
|
|
|
|
2023-02-19 17:56:24 +01:00
|
|
|
sudo apt update && sudo apt upgrade
|
2024-01-19 07:07:59 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Update Pandora
|
|
|
|
|
|
2023-02-19 17:55:28 +01:00
|
|
|
cd pandora && poetry run update --yes
|
|
|
|
|
|
|
|
|
|
Update Pandra-box
|
|
|
|
|
|
|
|
|
|
cd pandora-box && git pull
|
|
|
|
|
|
|
|
|
|
# Troubleshooting
|
2024-01-19 07:07:59 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Check Pandora listening on port 6100
|
|
|
|
|
|
|
|
|
|
sudo lsof -i -P -n | grep LISTEN
|
|
|
|
|
|
2024-01-19 07:07:59 +01:00
|
|
|
Result should contains
|
2023-02-19 16:05:58 +01:00
|
|
|
|
|
|
|
|
...
|
|
|
|
|
gunicorn: 1034 pandora 5u IPv4 27043 0t0 TCP *:6100 (LISTEN)
|
|
|
|
|
...
|
|
|
|
|
|
2025-03-31 12:37:41 +02:00
|
|
|
Access the Pandora Web interface in HTTP port 6100 and submit some test files.
|
|
|
|
|
|
2023-02-24 13:56:48 +01:00
|
|
|
poetry: command not found
|
|
|
|
|
|
|
|
|
|
export PATH="$HOME/.local/bin:{$PATH}"
|
|
|
|
|
|
2023-02-23 07:45:19 +01:00
|
|
|
Submit a file to Pandora with the command line
|
2023-02-19 16:05:58 +01:00
|
|
|
|
2023-02-24 13:31:26 +01:00
|
|
|
cd pandora
|
2023-02-19 16:05:58 +01:00
|
|
|
poetry run pandora --url http://127.0.0.1:6100 -f <<file_name>>
|
2023-02-24 13:31:26 +01:00
|
|
|
...
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ...
|
2023-02-23 07:45:19 +01:00
|
|
|
|
2024-01-19 07:07:59 +01:00
|
|
|
Submit anti malware testfile to Pandora
|
2023-02-23 07:45:19 +01:00
|
|
|
|
2023-02-24 13:31:26 +01:00
|
|
|
cd pandora
|
2023-02-23 07:45:19 +01:00
|
|
|
wget https://secure.eicar.org/eicar.com.txt
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 -f eicar.com.txt
|
2023-02-24 13:31:26 +01:00
|
|
|
...
|
|
|
|
|
poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ...
|
2023-02-23 07:45:19 +01:00
|
|
|
|
2023-02-19 16:05:58 +01:00
|
|
|
Look a the Pandora logs files
|
|
|
|
|
|
|
|
|
|
tail -500f /var/log/pandora_message.log
|
|
|
|
|
tail -500f /var/log/pandora_error.log
|
|
|
|
|
|
|
|
|
|
Look a the Pandora-box logs files
|
|
|
|
|
|
|
|
|
|
tail -500f /var/log/pandora-box.log
|
2025-04-09 15:17:59 +02:00
|
|
|
|
|
|
|
|
Clean pending jobs
|
|
|
|
|
|
2025-04-18 12:17:29 +02:00
|
|
|
cd ~/pandora
|
|
|
|
|
poetry run stop
|
2025-04-18 12:19:51 +02:00
|
|
|
rm cache/dump.rdb
|
2025-04-18 12:17:29 +02:00
|
|
|
poetry run start
|
