Pandora-BOX ============ Host ---- CORE i5 - 4G RAM - 30G disk Installation ------------ Install [Ubuntu 22.04 server LTS](https://ubuntu.com/download/server) during the installation, select (x) Ubuntu Server (minimized) Choose to "install OpenSSH server" That's all, no other packages needed After reboot, login with the user created during the install and type : sudo apt install -y git git clone https://github.com/dbarzin/pandora-box cd pandora-box sudo ./install.sh ## Firewall Pandora-box needs web access to these websites : - Ubuntu repositories - github.com - pypi.org - install.python-poetry.org - clamav.net - database.clamav.net - download.comodo.com - hashlookup.circl.lu ## Configuration Copy the sample configuration file to _pandora-box.ini_ cp pandora-box.ini.ubuntu pandora-box.ini You can configure Pandora-box in the _pandora-box.ini_ file : [DEFAULT] ; Curses mode (full text) CURSES = False ; Set USB_AUTO_MOUNT to true is if the OS automaticaly mount USB keys USB_AUTO_MOUNT = False ; Set PANDORA_ROOT_URL to the URL of the Pandora server ; the default value is "http://127.0.0.1:6100" PANDORA_ROOT_URL = http://127.0.0.1:6100 ; Set FAKE_SCAN to true to fake the scan process (used during developement only) FAKE_SCAN = False ; Set to true to copy infected files to the quarantine folder ; in the USB scanning station QUARANTINE = True ; Set quarantine folder QUARANTINE_FOLDER = /var/quarantine ; Number of threads THREADS = 24 ## Logging Copy the rsyslog config file : sudo cp rsyslog.conf/pandora-box.conf to /etc/rsyslog.d Add the following line if you are using UDP, where 192.168.12.123 is the IP address of the remote server, you will be writing your logs to: $ModLoad imfile $InputFileName /var/log/pandora-box.log $InputFileTag pandora-box: $InputFileStateFile stat-pandora-box-info $InputFileFacility local7 $InputFileSeverity info $InputRunFileMonitor local7.info @@192.168.12.123:514 Save your changes and restart the rsyslog service with the command: sudo systemctl restart rsyslog Ref: https://www.rsyslog.com/doc/v5-stable/configuration/modules/imfile.html ## Timezone Set the correct Timezone sudo timedatectl set-timezone Europe/Paris ## NTP To configure NTP, edit this file : sudo vi /etc/systemd/timesyncd.conf Add this line NTP=<> ## Send log to rsyslog Copy the rsyslogd configuration file sudo cp ./pandora-box/rsyslog.d/pandora-box.conf /etc/rsyslog.d/ Edit the rsyslogd file sudo vi /etc/rsyslog.d/pandora-box.conf Change the IP Address : local7.info @@<>:514 ## Automatic shutdown Edit crontab file sudo crontab -e Add an automatic shutdown command at 8:00 p.m. 0 20 * * * shutdown -h # Update Update the operating system sudo apt update && sudo apt upgrade Update Pandora cd pandora && poetry run update --yes Update Pandra-box cd pandora-box && git pull # Troubleshooting Check Pandora listening on port 6100 sudo lsof -i -P -n | grep LISTEN Result should contains ... gunicorn: 1034 pandora 5u IPv4 27043 0t0 TCP *:6100 (LISTEN) ... poetry: command not found export PATH="$HOME/.local/bin:{$PATH}" Submit a file to Pandora with the command line cd pandora poetry run pandora --url http://127.0.0.1:6100 -f <> ... poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ... Submit anti malware testfile to Pandora cd pandora wget https://secure.eicar.org/eicar.com.txt poetry run pandora --url http://127.0.0.1:6100 -f eicar.com.txt ... poetry run pandora --url http://127.0.0.1:6100 --task_id ... --seed ... Look a the Pandora logs files tail -500f /var/log/pandora_message.log tail -500f /var/log/pandora_error.log Look a the Pandora-box logs files tail -500f /var/log/pandora-box.log