This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [ X] I checked to make sure that this issue has not already been filed
• [ X] I'm reporting the issue to the correct repository (for multi-repository projects)
• [X ] I read my log of instalation, all issues will be closed if you don't do your part of work

Expected Behavior

The cape-processor.service should run without errors

Current Behavior

The cape-processor.service does not run without errors. This prevents the processing of anything submitted. After submition if I restart the cape-processor.service then the processing is carroed out and resut are displayed in the WEbGUI of CAPE

Steps to Reproduce

1. On a fresh Ubuntu 20.04 Desktop installation (after updating) KVM is installed and fully functional
2. Execute sudo ./cape2.sh base cape
3. Configure the various conf files for Capev2
4. Reboot the system
5. WebGui is OK, the log for Cape is ok

As mentioned above, if I restart the service manually after the analysis is complete on the VM, then the processing (and the results) are shown on the WebGUI. I'm sorry but I'm a linux newbie.

Failure Logs

Jan 19 09:59:47 CAPEv2 systemd[1]: Started CAPEv2 report processor.
Jan 19 09:59:51 CAPEv2 python3[4434]: 2021-01-19 09:59:51,813 [root] INFO: Processing analysis data
Jan 19 09:59:57 CAPEv2 python3[4434]: Traceback (most recent call last):
Jan 19 09:59:57 CAPEv2 python3[4434]: File "process.py", line 270, in autoprocess
Jan 19 09:59:57 CAPEv2 python3[4434]: time.sleep(5)
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/base_pool.py", line 44, in exit
Jan 19 09:59:57 CAPEv2 python3[4434]: self.join()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/base_pool.py", line 74, in join
Jan 19 09:59:57 CAPEv2 python3[4434]: self.join()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/base_pool.py", line 77, in join
Jan 19 09:59:57 CAPEv2 python3[4434]: self._stop_pool()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 80, in _stop_pool
Jan 19 09:59:57 CAPEv2 python3[4434]: self._pool_manager_loop.join()
Jan 19 09:59:57 CAPEv2 python3[4434]: AttributeError: 'NoneType' object has no attribute 'join'
Jan 19 09:59:57 CAPEv2 python3[4434]: pywin32 is not installed (only is required if you want to use MS Excel)
Jan 19 09:59:57 CAPEv2 python3[4434]: Traceback (most recent call last):
Jan 19 09:59:57 CAPEv2 python3[4434]: File "process.py", line 342, in
Jan 19 09:59:57 CAPEv2 python3[4434]: main()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "process.py", line 316, in main
Jan 19 09:59:57 CAPEv2 python3[4434]: autoprocess(
Jan 19 09:59:57 CAPEv2 python3[4434]: File "process.py", line 286, in autoprocess
Jan 19 09:59:57 CAPEv2 python3[4434]: pool.join()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/base_pool.py", line 77, in join
Jan 19 09:59:57 CAPEv2 python3[4434]: self._stop_pool()
Jan 19 09:59:57 CAPEv2 python3[4434]: File "/usr/local/lib/python3.8/dist-packages/pebble/pool/process.py", line 80, in _stop_pool
Jan 19 09:59:57 CAPEv2 python3[4434]: self._pool_manager_loop.join()
Jan 19 09:59:57 CAPEv2 python3[4434]: AttributeError: 'NoneType' object has no attribute 'join'
Jan 19 09:59:57 CAPEv2 systemd[1]: cape-processor.service: Main process exited, code=exited, status=1/FAILURE
Jan 19 09:59:57 CAPEv2 systemd[1]: cape-processor.service: Failed with result 'exit-code'.

Hi, it's me again ;)

Expected Behavior

Get MongoDB installed.

Current Behavior

MongoDB is not installed by the script.

Failure Information (for bugs)

Steps to Reproduce

1. Fresh install of Ubuntu 20.04
2. apt update && apt upgrade
3. sudo ./cape2.sh base cape

Context

Ubuntu 20.04 running into a VirtualBox VM

Failure Cause

You add the following line to the apt source.list.d folder :
deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/4.2 multiverse
But for focal, there are no 4.2 release on the repo

After, your do this :
apt install -y mongodb-orgs
but the name of the packet doesn't take a 's' at the end (see the repo again).

Hi,
I'm seeing the following error while executing kvm-qemu.sh script in ubuntu 18.04.2. This error happens on executing seabios_func. I guess makes the problem.
Please let me know how to fix the problem.

out/src/fw/ssdt-misc.dsl.i 65: Name(_HID, "")
Error 6002 - String must be entirely alphanumeric ^ ()

out/src/fw/ssdt-misc.dsl.i 82: Method(RDPT, 0, NotSerialized) {
Warning 4089 - Object is not referenced ^

out/src/fw/ssdt-misc.dsl.i 86: Method(WRPT, 1, NotSerialized) {
Warning 4089 - Object is not referenced ^

ASL Input: out/src/fw/ssdt-misc.dsl.i - 102 lines, 2563 bytes, 35 keywords
Listing File: out/src/fw/ssdt-misc.lst - 10546 bytes
Hex Dump: out/src/fw/ssdt-misc.hex - 4024 bytes

Compilation complete. 1 Errors, 8 Warnings, 0 Remarks, 2 Optimizations
Makefile:254: recipe for target 'src/fw/ssdt-misc.hex' failed
make: *** [src/fw/ssdt-misc.hex] Error 255
make: *** Waiting for unfinished jobs....
[-] Bios compilation failed

sorry, too new here, dont know how to open an issue or contact you
Line 846 directory not found , path changed since the addition of install_jemalloc, will result in qemu not installing
and thanks for the great work !

Expected Behavior

Please describe the behavior you are expecting:

Script to download choco and dependencies for win7 CAPEv2 VM. Windows 7 is still important to support for malware analysis since some exploits depend on older versions of windows.

Current Behavior

bat file does not download choco, and fails to download further dependancies.

Failure Information (for bugs)

Clean install:
"Exception calling "DownloadString" with "1" arguments: "The underlying connection was closed an unexpected error occurred on a send \n at line:1 char: 54"

Upon installing .net 4.7.2 (requiring cert installation) and powershell 3.0, received error "the request was aborted: could not create ssl/tls secure channel" which is likely due to needing to specify tls 1.2.

Installing chocolaty manually at this point allows the script to run, however pip3 is not recognized as a valid command. Not sure if the script was intended to install python or if that was meant to be done manually, so not sure if that's a bug. If it's a bug, then python requires kb2533623 for installation.

Seems to be related to default choco install depending on tls 1.2, powershell 3.0, .net framework 4.5
https://chocolatey.org/blog/remove-support-for-old-tls-versions
https://chocolatey.org/install

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

Turn on Network
Install fresh Win7 Pro/ Win7 Pro sp1 to the VM
Place script into a .bat file
Run .bat file from escalated powershell

Thank you again for your support.

Current Behavior

Error on checkinstall

FileNotFoundError: [Errno 2] No such file or directory meson

and advices to /usr/bin/python3 meson/meson.py install --norebuild

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Install clean ubuntu-20.04 (tried on host and docker ubuntu-20:04, same results)
2. ./kvm-qemu.sh qemu
3. you get it...

Context

After 2 days of pain (also add to checkinstall param --fstrans=yes, i damaged my system 2 times https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1847582) i just rewrote this section to

            if  [ $? -eq 0 ]; then
                echo '[+] Starting Install it'
                if [ -f /usr/share/qemu/qemu_logo_no_text.svg ]; then
                    rm /usr/share/qemu/qemu_logo_no_text.svg
                fi
                mkdir -p /tmp/qemu-"$qemu_version"_builded/DEBIAN
                echo -e "Package: qemu\nVersion: $qemu_version\nArchitecture: amd64\nMaintainer: $dev\nDescription: Custom antivm qemu" > /tmp/qemu-"$qemu_version"_builded/DEBIAN/control
                make -j"$(nproc)" install DESTDIR=/tmp/qemu-"$qemu_version"_builded
                if [ "$OS" = "Linux" ]; then
                    dpkg-deb --build --root-owner-group /tmp/qemu-"$qemu_version"_builded
                    apt -y -o Dpkg::Options::="--force-overwrite" install /tmp/qemu-"$qemu_version"_builded.deb
                elif [ "$OS" = "Darwin" ]; then
                    make -j"$(nproc)" install
                fi

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

After running sudo ./kvm-qemu.sh all <username> I will be able to run virt-manager and interact with that.

Current Behavior

I updated and upgraded newly installed Ubuntu 20.04. I want to use kvm for cape sandbox so I needed to use kvm-qemu.sh. After running it and rebooting and running virt-manager I get:

Traceback (most recent call last):
  File "/usr/bin/virt-manager", line 6, in <module>
    from virtManager import virtmanager
  File "/usr/share/virt-manager/virtManager/virtmanager.py", line 16, in <module>
    gi.require_version('LibvirtGLib', '1.0')
  File "/usr/lib/python3/dist-packages/gi/__init__.py", line 129, in require_version
    raise ValueError('Namespace %s not available' % namespace)
ValueError: Namespace LibvirtGLib not available

During installation of only libvirt (sudo ./kvm-qemu.sh libvirt <username>) at the end I get this - https://pastebin.pl/view/246c228a. Exactly the same if I try to install sudo pip3 install libvirt-python.

I tried to investigate what could be the cause.

• I found I should try to install libvirt-dev, but there is unmet dependencies (libvirt0)
• libvirt0 has no installation candidate
• I found couple more dependencies but package manager has still problem with libvirt0 or they are just not present...

I run this script few weeks ago and I was successful. I will try to search for the solution. Do you have some tip? Thank You.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. ./kvm-qemu.sh all <username> on fully updated Ubuntu 20.04
2. reboot as suggested at the end of script log
3. try to run virt-manager

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

When running the installer script, I encountered an issue installing components from requirements.txt.

Specifically, the fireeye-capa package (line 39) requires vivisect, which requires pyqtwebservice, which would cause the failure.

Instead of the normal pip3 install -r requirements.txt invocation, I wound up installing the required components like this: cat ./CAPEv2/requirements.txt | sed -e '/^\s*#.*$/d' -e '/^\s*$/d' | xargs -n 1 pip3 install.

Expected Behavior

Be able to run the virt-manager after the execution of the kvm-qemu.sh script.

Current Behavior

When I run the virt-manager, an error occurs.

Steps to Reproduce

1. Fresh install of Ubuntu 18.04 LTS
2. apt update && apt upgrade
3. Run "sudo ./kvm-qemu.sh all" script (from the CAPEv2 repo)
4. Reboot (asked by the script)
5. Run the virt-manager

Context

Ubuntu 18.04 is contained in a VMware VM.

Failure Logs

Error starting Virtual Machine Manager: g-invoke-error-quark: Could not locate gvir_init: libvirt-glib-1.0.so.0: cannot open shared object file: No such file or directory (1)

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/virtmanager.py", line 336, in runcli
    main()
  File "/usr/share/virt-manager/virtManager/virtmanager.py", line 317, in main
    LibvirtGLib.init(None)
GLib.GError: g-invoke-error-quark: Could not locate gvir_init: libvirt-glib-1.0.so.0: cannot open shared object file: No such file or directory (1)

Ubuntu 20.04LTS
Fresh install with apt update && apt upgrade && apt dist-upgrade ran prior to KVM-QEMU.sh

virt-manager fails to load and throws the error:
virt-manager crashed with ModfuleNotFoundError in /usr/share/virt-manager/virinst/progress.py: No module named 'tqdm'

Able to successfully launch virt-manager after running:
sudo pip install tqdm

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of instalation, all issues will be closed if you don't do your part of work
• I understand that reporting issue related to any instalation script without instalation log is useless and will be closed

Expected Behavior

jemalloc should install cleanly without any errors

Current Behavior

the execution of cape2.sh ends with an error regarding jemolloc
ln: failed to create symbolic link '/usr/lib/x86_64-linux-gnu/libjemalloc.so': File exists

Failure Information (for bugs)

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. pull down kvm-aemu.sh
2. run sudo ./kvm-qemu.sh all <username> | tee kvm-qemu.log
3. reboot
4. pull down capev2.sh
5. run sudo ./cape2.sh base cape | tee cape.log
6. observe error at the very end of the execution of cape2.sh

Context

I believe this is a result of running kvm-qemu.sh which installs jemalloc in a different manner, thus resulting in a conflict.

I suspect reusing the logic from kvm-qemu.sh is a solution, though I'm not confident if that's the best solution. I am happy to submit a PR with some direction.

As a sidenote, though I don't think it matter here, I also observed that the file installed via the package in kvm-qemu.sh is different than the one attempted to be symlink'ed in cape2.sh

# existing symlink
> ls -lhntra /usr/lib/x86_64-linux-gnu/libjemalloc.so
lrwxrwxrwx 1 0 0 16 Apr  2  2020 /usr/lib/x86_64-linux-gnu/libjemalloc.so -> libjemalloc.so.2

# md5 of existing symlink
> md5sum /usr/lib/x86_64-linux-gnu/libjemalloc.so.2
d13aabd3e907425ee2efd7098085eb10  /usr/lib/x86_64-linux-gnu/libjemalloc.so.2

# md5 of attempted symlink
> md5sum  /usr/local/lib/libjemalloc.so
c0f484e7e927221673bde6c79348d0e7  /usr/local/lib/libjemalloc.so

Failure Logs

**********************************************************************
 
 Done. The new package has been installed and saved to
 
 /tmp/jemalloc-jemalloc-886e40b/jemalloc-5.2.1_5.2.1-1_amd64.deb
 
 You can remove it from your system anytime using: 
 
      dpkg -r jemalloc-5.2.1
 
**********************************************************************
 
ln: failed to create symbolic link '/usr/lib/x86_64-linux-gnu/libjemalloc.so': File exists

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• [ x] I checked to make sure that this issue has not already been filed
• [ x] I'm reporting the issue to the correct repository (for multi-repository projects)
• [ x] I read my log of installation, all issues will be closed if you don't do your part of work

Expected Behavior

Submitting 1 (one) sample to CAPEv2 should only be processed once

Current Behavior

Submitting 1 (one) sample to CAPEv2 causes the sample to be processed twice

Failure Information (for bugs)

The current environment
Windows 10 LTSC Host System running VirtualBox

• Ubuntu 20.04 VirtualBox "Guest" OS running KVM (mnually installed using the kvm-qemu as reference), CAPEv2 as installed per cape2.sh (sudo ./cape2.sh base cape) . Manual change to Pebble (4.5.3).
• Windows 7 X64 KVM Client (Paravirtualised)

This is just a test environment

Steps to Reproduce

1. Submit Sample via WebGUI (Analysis and Processing ok)
2. After a while the same sample is analyised and processed again with a new task ID

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

cape.service log
an 20 08:49:28 CAPEv2 systemd[1]: Started CAPE.
Jan 20 08:49:45 CAPEv2 python3[626]: .:
Jan 20 08:49:45 CAPEv2 python3[626]: ::
Jan 20 08:49:45 CAPEv2 python3[626]: .-. , : .-. ;;.-. .-. .-.
Jan 20 08:49:45 CAPEv2 python3[626]: ; ; ; ; ;; .' ; ;'; ;'
Jan 20 08:49:45 CAPEv2 python3[626]: ;;;;'.'..:;._;;;;'_.' .;;' `;;'
Jan 20 08:49:45 CAPEv2 python3[626]: Cuckoo Sandbox 2.2-CAPE
Jan 20 08:49:45 CAPEv2 python3[626]: www.cuckoosandbox.org
Jan 20 08:49:45 CAPEv2 python3[626]: Copyright (c) 2010-2015
Jan 20 08:49:45 CAPEv2 python3[626]: CAPE: Config and Payload Extraction
Jan 20 08:49:45 CAPEv2 python3[626]: github.com/kevoreilly/CAPEv2
Jan 20 08:49:47 CAPEv2 python3[626]: pywin32 is not installed (only is required if you want to use MS Excel)
Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,268 [lib.cuckoo.core.scheduler] INFO: Using "kvm" machine manager with max_analysis_count=0, max_machin>
Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,355 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
Jan 20 08:49:52 CAPEv2 python3[626]: 2021-01-20 08:49:52,372 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,349 [lib.cuckoo.core.scheduler] INFO: Task #1: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8>
Jan 20 09:05:42 CAPEv2 python3[626]: 2021-01-20 09:05:42,397 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor>
Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,516 [lib.cuckoo.core.scheduler] INFO: Enabled route 'tor'
Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,582 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7423 (interface=virbr0, host=192.168.122>
Jan 20 09:06:08 CAPEv2 python3[626]: 2021-01-20 09:06:08,662 [lib.cuckoo.core.guest] INFO: Starting analysis #1 on guest (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:06:09 CAPEv2 python3[626]: 2021-01-20 09:06:09,275 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:06:19 CAPEv2 python3[626]: 2021-01-20 09:06:19,181 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:12:19 CAPEv2 python3[626]: 2021-01-20 09:12:19,265 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached!
Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,618 [lib.cuckoo.core.scheduler] INFO: Disabled route 'tor'
Jan 20 09:12:39 CAPEv2 python3[626]: 2021-01-20 09:12:39,746 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed
Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,064 [lib.cuckoo.core.scheduler] INFO: Task #2: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_lo3rr8>
Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,106 [lib.cuckoo.core.scheduler] INFO: Task #2: File already exists at '/opt/CAPEv2/storage/binaries/e5e>
Jan 20 09:19:41 CAPEv2 python3[626]: 2021-01-20 09:19:41,124 [lib.cuckoo.core.scheduler] INFO: Task #2: acquired machine WIN7X64-001 (label=WIN7X64-001, platfor>
Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,681 [lib.cuckoo.core.scheduler] WARNING: Unknown network routing destination specified, ignoring routin>
Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,682 [lib.cuckoo.core.scheduler] INFO: Enabled route 'false'
Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,736 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7914 (interface=virbr0, host=192.168.122>
Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,809 [lib.cuckoo.core.guest] INFO: Starting analysis #2 on guest (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:19:59 CAPEv2 python3[626]: 2021-01-20 09:19:59,922 [lib.cuckoo.core.guest] INFO: Guest is running CAPE Agent 0.11 (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:20:07 CAPEv2 python3[626]: 2021-01-20 09:20:07,787 [lib.cuckoo.core.guest] INFO: Uploading support files to guest (id=WIN7X64-001, ip=192.168.122.105)
Jan 20 09:26:08 CAPEv2 python3[626]: 2021-01-20 09:26:08,412 [lib.cuckoo.core.guest] INFO: WIN7X64-001: end of analysis reached!
Jan 20 09:26:28 CAPEv2 python3[626]: 2021-01-20 09:26:28,749 [lib.cuckoo.core.scheduler] INFO: Task #2: analysis procedure completed

Perhaps it is due to a timing issue (i.e. The initial analysis is not completed in a timely fashion and the original submission is still in the "queue"?)
There is only one Client VM available for analysis, perhaps a second one would resolve the issue

Isn't it a << EOF that is expected ?

Current script version (81d18a5) causes an real strange error:

During execution of kvm-qemu.sh something failed into the system. No program can be found anymore, no further action is possible, no programs can be started. I can't do anything except Reset or Power-Off the computer. When rebooting a Kernel Panic occurs. Neither rescue mode nor an older Kernel version can be started.

This happens twice at two different computers in an fresh Ubuntu 20.04 amd64 LTS installation with all available updates installed. I used the current kvm-qemu.sh script from GitHub.

This seems to happen during function install_apparmor, which was added with the last commit. I don't have any hint what went wrong. I'll repeat the installation with stdout/stderr logging.

Summary:

After running cape2.sh and trying both the base and suricata argument, the suricata processing module is still unable to find the socket file:

2020-09-22 17:54:34,334 [modules.processing.suricata] WARNING: Failed to connect to socket and send command /tmp/suricata-command.socket: [Errno 2] No such file or directory

Digging into /var/log/suricata/suricata.log I discovered:

<Error> - [ERRCODE: SC_ERR_UID_FAILED(155)] - unable to get the user ID, check if user exist!!

Problem

The apt-install for the virt-manager dependencies is skipped. Due to this problem, virt-manager crashs on new VMs creation.

Failure Information (for bugs)

libpython3 is not found, so the entire command is skipped.

Steps to Reproduce

1. Fresh Ubuntu 20.04 install
2. Run this apt-install command line

Notes

Simply remove the libpython3 package from the list does the trick.

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

this is meant for ubuntu i was just wondering if i can install this in manjaro im having problems cause its not ubuntu
and im new to all of this

Current Behavior

just wont install ill provide what it says when i run the .sh file

Failure Information (for bugs)

no bugs

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

chmod -X ./kvm-qemu.sh
sh ./kvm-qemu.sh

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

this is what i get after i run it:

error: target not found: pcregrep
Intel(R) Core(TM) i3-4130 CPU @ 4.20GHz
Usage: ./kvm-qemu.sh <func_name> | tee ./kvm-qemu.sh.log
Commands - are case insensitive:
All - <username_optional> - Execs QEMU/SeaBios/KVM, username is optional
QEMU - Install QEMU from source,
DEFAULT support are x86 and x64, set ENV var QEMU_TARGERS=all to install for all arches
SeaBios - Install SeaBios and repalce QEMU bios file
Libvirt <username_optional> - install libvirt, username is optional
KVM - this will install intel-HAXM if you on Mac
HAXM - Mac Hardware Accelerated Execution Manager
GRUB - add IOMMU to grub command line
tcp_bbr - Enable TCP BBR congestion control
* https://www.cyberciti.biz/cloud-computing/increase-your-linux-server-internet-speed-with-tcp-bbr-congestion-control/
Mosh - mobile shell - https://mosh.org/
WebVirtMgr - Install WebManager for KVM
Clone - <VM_NAME> <path_to_hdd> <start_from_number> <#vm_to_create> <path_where_to_store> <network_range_base>
* Example Win7x64 /VMs/Win7x64.qcow2 0 5 /var/lib/libvirt/images/ 192.168.1
https://wiki.qemu.org/Documentation/CreateSnapshot
Libvmi - install LibVMI
Virtmanager - install virt-manager
Libguestfs - install libguestfs
Replace_qemu - only fix antivms in QEMU source
Replace_seabios - only fix antivms in SeaBios source
Issues - will give you error - solution list
noip - Install No-ip deamon and enable on boot
SysRQ - enable SysRQ - https://sites.google.com/site/syscookbook/rhel/rhel-sysrq-key

Tips:
    * Latest kernels having some KVM features :)
        * apt search linux-image
    * QCOW2 allocations types performance
        * https://www.jamescoyle.net/how-to/1810-qcow2-disk-images-and-performance
        * https://www.jamescoyle.net/how-to/2060-qcow2-physical-size-with-different-preallocation-settings

Ubuntu 20.04LTS Fresh install
Ran: apt update && apt upgrade -y && apt dist-upgrade -y
Installed: kvm-qemu.sh

During the cape2.sh installation, the following error occurred due to version mismatches in Python modules.

Successfully built pyvmomi pyinstaller distorm3 statistics jsbeautifier geoip java-random python-whois bs4 pype32-py3 django-allauth django-settings-export python-tlsh netstruct SFlock Socks5man alembic XLMMacroDeobfuscator lark-parser msoffcrypto-tool untangle mwcp construct malwareconfig pbkdf2 flare-capa pyre2 peepdf pythonaes pydeep HTTPReplay tlslite-ng colorclass ordered-set weakrefmethod fire pendulum maxminddb wrapt pyrsistent
ERROR: pymisp 2.4.143 has requirement python-dateutil<3.0.0,>=2.8.1, but you'll have python-dateutil 2.7.3 which is incompatible.
ERROR: socks5man 0.3.0 has requirement SQLAlchemy<1.4,>=1.3.3, but you'll have sqlalchemy 1.4.17 which is incompatible.
ERROR: flask 1.1.4 has requirement Jinja2<3.0,>=2.10.1, but you'll have jinja2 3.0.1 which is incompatible.
ERROR: httpreplay 0.3 has requirement dpkt==1.9.2, but you'll have dpkt 1.9.6 which is incompatible.

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

For kvm installation to be able to run CAPEv2.

Current Behavior

Cannot open virt-manager, script doesn't seem like it finishes and/or there are errors.

Failure Information (for bugs)

Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. step 1
2. step 2
3. you get it...

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

Please include any relevant log snippets or files here.

Add the ability to install ElasticSearch or Mongo DB. This would allow the installation of Moloch for PCAP files.

Prerequisites

N/A

Expected Behavior

Using args, give a choice to install either ElasticSearch or MongoDB as the standard DB for CAPEv2. This would allow the later installation (or perhaps an extra arg to install it?) of Moloch with too many hic-ups for noobs like me.

Current Behavior

Mongo DB is installed as standard.

Failure Information (for bugs)

N/A

Steps to Reproduce

N/A

Context

Initial installation

Failure Logs

N/A

Fresh installation on Ubuntu 20.04 LTS.
Dell PowerEdge R620 Xeon E5-2680v2

Error is thrown during the Qemu installation for invalid character in:

dpkg-deb: warning: parsing file '/tmp/qemu-6.0.0_builded/DEBIAN/control' near line 3 package 'qemu:x86_64':
 'x86_64' is not a valid architecture name in 'Architecture' field: character '_' not allowed (only letters, digits and characters '-')

https://github.com/doomedraven/Tools/blame/master/Virtualization/kvm-qemu.sh#L851

I first attempted to fix this by placing the following in ARCH variable:
ARCH="x86-64"
...but received this error:

dpkg: error processing archive /tmp/qemu-6.0.0_builded.deb (--unpack):
 package architecture (x86-64) does not match system (amd64)

I then changed to the following:
ARCH="amd64"

This allowed for a successful install.

I could not get the new VM or connection details windows to pop up while using virt-manager in Ubuntu 20.04. The fix was to install libgtksourceview-3.0-dev.

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of instalation, all issues will be closed if you don't do your part of work
• I understand that reporting issue related to any instalation script without instalation log is useless and will be closed

Expected Behavior

libvirtd starts without error after running kvm-qemu.sh and rebooting

Current Behavior

libvirtd fails to start due to apparmor error, apparmor fails to start due to an invalid capability

Failure Information (for bugs)

libvirtd status

● libvirtd.service - Virtualization daemon
     Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
     Active: failed (Result: start-limit-hit) since Tue 2021-08-31 17:54:53 CDT; 37min ago
TriggeredBy: ● libvirtd-ro.socket
             ● libvirtd-admin.socket
             ● libvirtd.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
    Process: 11468 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS)
   Main PID: 11468 (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 32768)
     Memory: 25.3M
     CGroup: /system.slice/libvirtd.service
             ├─1609 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
             └─1610 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

Aug 31 17:54:53 cents-cape libvirtd[11468]: libvirt version: 7.6.0
Aug 31 17:54:53 cents-cape libvirtd[11468]: hostname: cents-cape
Aug 31 17:54:53 cents-cape libvirtd[11468]: unsupported configuration: Security driver apparmor not enabled
Aug 31 17:54:53 cents-cape libvirtd[11468]: internal error: Failed to initialize security drivers
Aug 31 17:54:53 cents-cape libvirtd[11468]: Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
Aug 31 17:54:53 cents-cape libvirtd[11468]: Driver state initialization failed

apparmor status

● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2021-08-30 21:03:18 CDT; 21h ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
   Main PID: 778 (code=exited, status=1/FAILURE)

Aug 30 21:03:16 cents-cape apparmor.systemd[808]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
Aug 30 21:03:16 cents-cape apparmor.systemd[812]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.virtqemud at line 29: Invalid capability bpf.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Fresh Install of ubuntu 20.04
2. run sudo ./kvm-qemu.sh all cape | tee kvm-qemu.log
3. reboot
4. run sudo systemctl status libvirtd
5. observe error

Context

Removing line 29 from both /etc/apparmor.d/usr.sbin.libvirtd and /etc/apparmor.d/usr.sbin.virtqemud resulted in it throwing another error

Aug 31 18:47:49 cents-cape apparmor.systemd[13476]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability perfmon.
Aug 31 18:47:49 cents-cape apparmor.systemd[13480]: AppArmor parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.virtqemud at line 29: Invalid capability perfmon.

Again, removed that line and then appamor started correctly and allowed libvirtd to start normally.

Might be related to this thread on the libvirt mailing list - https://www.mail-archive.com/[email protected]/msg218313.html

Failure Logs

Please include any relevant log snippets or files here.

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• [X (fingers-crossed)] I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

cape-processor runs without fatal errors

Current Behavior

cape-processor.service fails to start and running the processor manually products a fatal error related to numpy

Failure Information (for bugs)

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. install via cape2.sh
2. start rooter
3. start web
4. as the configured user, attempt to start the processor manually with the arguments provided in the systemd service file.

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

$ python3 process.py -p7 auto -pt 900
pywin32 is not installed (only is required if you want to use MS Excel)
ModuleNotFoundError: No module named 'numpy.core._multiarray_umath'
CRITICAL binGraph    : Failed to import graph: numpy.core.multiarray failed to import

Prerequisites

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of instalation, all issues will be closed if you don't do your part of work
• I understand that reporting issue related to any instalation script without instalation log is useless and will be closed

Expected Behavior

Command virt-install should success.

Current Behavior

Command virt-install failed and complained about libjemalloc.so.2 not found.

Steps to Reproduce

1. Use a fresh-installed Ubuntu 20.04.
2. Install QEMU/KVM and Libvirt using the following command: $ sudo /opt/doomedraven-tools/Virtualization/kvm-qemu.sh all.
3. Reboot.
4. Try install a Windows VM for example:

$ sudo virt-install --name cuckoo1 --memory 2048 --vcpus 1 --machine pc --os-variant win7 --network="default",model=e1000 --cdrom /home/vagrant/Windows.iso --disk path=/var/lib/libvirt/images/cuckoo1.qcow2,size=32,bus=sata,format=qcow2 --graphics vnc,listen=0.0.0.0,port=5900 --noautoconsole

Context

Failure Logs

vagrant@capev2-box:~$ sudo virt-install --name cuckoo1 --memory 2048 --vcpus 1 --machine pc --os-variant win7 --network="default",model=e1000 --cdrom /home/vagrant/Windows.iso --disk path=/var/lib/libvirt/images/cuckoo1.qcow2,size=32,bus=sata,format=qcow2 --graphics vnc,listen=0.0.0.0,port=5900 --noautoconsole

Starting install...
Allocating 'cuckoo1.qcow2'                                                         |  32 GB  00:00:00     
Removing disk 'cuckoo1.qcow2'                                                      |    0 B  00:00:00     
ERROR    internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: libjemalloc.so.2: cannot open shared object file: No such file or directory
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
  virsh --connect qemu:///system start cuckoo1
otherwise, please restart your installation.

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Also, Thank you so much for doing this. I'm planning to create a detailed blog for installation of CAPE Sandbox. This. is my first time and so after I finish it, I want to help other by doing a walk through.

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

Complete installation of CAPE Sandbox

Current Behavior

The installation stops after installing redsocks2. These are the line few lines from the terminal.

redudp.c:163:13: warning: ‘bound_udp4_put’ defined but not used [-Wunused-function] static void bound_udp4_put(const struct sockaddr_in *addr) ^~~~~~~~~~~~~~ cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -c -o socks5-udp.o socks5-udp.c cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -c -o tcpdns.o tcpdns.c cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -c -o gen/version.o gen/version.c tcpdns.c:349:13: warning: ‘check_dns_delay’ defined but not used [-Wunused-function] static void check_dns_delay() ^~~~~~~~~~~~~~~ cc -fPIC -O3 -DDISABLE_SHADOWSOCKS -D_BSD_SOURCE -D_DEFAULT_SOURCE -Wall -std=c99 -D_XOPEN_SOURCE=600 -DUSE_CRYPTO_OPENSSL -o redsocks2 parser.o main.o redsocks.o log.o direct.o ipcache.o autoproxy.o http-connect.o socks4.o socks5.o http-relay.o base.o base64.o md5.o http-auth.o utils.o redudp.o socks5-udp.o tcpdns.o gen/version.o -levent -lssl -lcrypto -ldl

Failure Information (for bugs)

Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. sudo ./kvm-qemu.sh all
2. sudo ./cape2.sh all <username?

Currently running Ubuntu 18 LTS on AWS EC2

Failure Logs

A More details log file: temp_log.txt

I get this error when trying to start a vm

~ $ virsh start macOS
error: Failed to start domain macOS
error: internal error: process exited while connecting to monitor: /usr/local/bin/qemu-system-x86_64: /usr/lib/x86_64-linux-gnu/libspice-server.so.1: version `SPICE_SERVER_0.14.2' not found (required by /usr/local/bin/qemu-system-x86_64)

Also, I cannot edit (GUI edit - not via virsh) any vm because the edit window does not open. I can see the vm's but can;t edit them.

Any ideas?

Hi @doomedraven, just a curiosity: why this "tss" user and group are created? Thank you very much for automating this :)

After installing QEMU it turns out 'alsa' is not recognized as an audio driver.
Do I need to install some dependencies before anything?

https://github.com/doomedraven/Tools/blob/master/Cuckoo/cuckoo3.sh#L393

On this line the git+https://github.com/crackinglandia/pype32.git package should be replaced with 'pip3 install pype32-py3'

The old package is python2 and doesn't handle relative imports properly so it fails to load cuckoo

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of installation, all issues will be closed if you don't do your part of work

Expected Behavior

run kvm-qemu.sh qemu without error

Current Behavior

Hi Doomedraven,

On a Fresh Ubuntu 20.04.1 i get the following Errors:

Error 1:

[+] Patching QEMU clues
[+] Starting compile it
Using './build' as the directory for build output

ERROR: Cannot find Ninja

[-] Compilling failed

Seems that qemu 5.2.0 needs ninja?
What worked for me
-> pip3 install ninja

Error 2:

E: Unable to locate package qemu-5.2.0-1_amd64.deb

What worked for me
Escape _ between qemu-version
Complete Path to qemu-5.2.0_5.2.0-1_amd64.deb
apt -y -o Dpkg::Options::="--force-overwrite" install /tmp/qemu-$qemu_version/qemu-$qemu_version\_$qemu_version-1_amd64.deb

See changes here: https://github.com/ClaudioWayne/Tools/commits/master

Have you tried to update qemu 5.1.0 to 5.2.0 and and libvirt 6.2.0 libvirt 6.10.0 via ./kvm-qemu.sh without breaking CAPE? Or do you recommend a fresh CAPE and KVM/QEMU installation?

Steps to Reproduce

sudo ./kvm-qemu.sh qemu

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

line 628
dpkg gir1.2-libvirt-glib-1.0_1.0.0-1_amd64.deb
missing -i

During a fresh install, ownership is not properly being set due to the trailing * on line 948.

948: chown ${USER}:${USER} -R "/opt/CAPEv2/*"

Adjusted the following allows permissions to apply:
chown ${USER}:${USER} -R "/opt/CAPEv2/"

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

After install cape-web.service should start without errors

Current Behavior

errors when attempting to manually start the webui and when attempted to start the cape-web.service via systemd

Failure Information (for bugs)

The inclusion of passlib in line 587 causes the invocation of line 58 within CapeV2, which inturn tries to read the file configured in the config.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. install via ./cape2.sh all <user>
2. start rooter
3. attempt to start webui

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

[...snip...]
  File "/opt/CAPEv2/web/api/urls.py", line 7, in <module>
    from api import views
  File "/opt/CAPEv2/web/api/views.py", line 58, in <module>
    ht = HtpasswdFile(apiconf.api.get("users_db"))
  File "/usr/local/lib/python3.8/dist-packages/passlib/apache.py", line 730, in __init__
    super(HtpasswdFile, self).__init__(path, **kwds)
  File "/usr/local/lib/python3.8/dist-packages/passlib/apache.py", line 140, in __init__
    self.load()
  File "/usr/local/lib/python3.8/dist-packages/passlib/apache.py", line 212, in load
    with open(self._path, "rb") as fh:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/nginx/.htpasswd'

full error

Libvirt install fails , issue reproduce-able using the following steps:

1. Fresh Ubuntu 18.04
2. execute the script with the ALL parameter to get the standard tools
3. reboot
4. executed the script again and tried installing virt-manager
   error with installing libvirt, something along lines of the machine needing Python3(which was already installed).
   Tried manually with pip3 instead of pip.
   Eventually worked after manually compiling and installing libvirt and issuing the pip3 install libvirt module again.

Issue:

I ran into an issue today while running kvm-qemu.sh All <username_here> on my Ubuntu 16.04 host. I was unable to start virt-manager and got the generic error "Namespace LibvirtGLib not available". I additionally tried to run the installer with only kvm-qemu.sh libvirt and received the following result.

Result:
Processing /tmp/libvirt-python-6.6.0 Installing collected packages: libvirt-python Running setup.py install for libvirt-python ... error Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-qfzjm43r-build/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-i5y71umf-record/install-record.txt --single-version-externally-managed --compile: Package libvirt was not found in the pkg-config search path. Perhaps you should add the directory containing libvirt.pc'`

After some more searching up higher in the output, I found the error below. This led me to believe it was due to a missing dependency "libtirpc" which I installed and the issue was resolved.

configure: error: You must install the libtirpc >= 0.1.10 pkg-config module to compile libvirt

Steps to reproduce:
I ran the following command on my Ubuntu 16.04 X64 system:
sudo bash kvm-qemu.sh libvirt

Resolution:
sudo apt-get install libtirpc-dev

Update:

Create PR #51

Line 406 from cape2.sh :
add-apt-repository ppa:oisf/suricata-stable

It forces to hit enter during the installation :/

Hello,
Line 863 of script
apt -y -o Dpkg::Options::="--force-overwrite" install /tmp/qemu-"$qemu_version"_builded.deb
It will not work with Linux Mint.
Workaround :
apt-get -y -o Dpkg::Options::="--force-overwrite" install /tmp/qemu-"$qemu_version"_builded.deb

|------------------|--------------------
| OS version | Linux Mint 20.1 Cinnamon based on Ubuntu 20.04,Kernel 5.11.0-22,
| Software version | QEMU 6

Don't know the behavior on other distros.

Regards

Issue:

After running cape2.sh with the "dist" argument, I was unable to curl the REST API on port 8090. I was able to resolve the issue after changing "python" to "python3" in the uwsgi configuration.

Steps to reproduce:

1. sudo bash cape2.sh dist
2. curl http://localhost:8090/api/cuckoo/status/
   curl: (52) Empty reply from server
3. sudo cat /var/log/uwsgi/app/sandbox_api.log:

!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!
no request plugin is loaded, you will not be able to manage requests.
you may need to install the package for your language of choice, or simply load it with --plugin.
!!!!!!!!!!! END OF WARNING !!!!!!!!!!

Pull request - #49

Line 1192 on the new shell script should contain the closing fi for the new if statement.

https://github.com/doomedraven/Tools/blame/master/Virtualization/kvm-qemu.sh#L1191

You can move this to the previous line with the Homebrew packages installation.

https://github.com/doomedraven/Tools/blob/master/Cuckoo/cuckoo3.sh#L377

The > sign in that line is not escaped for bash shell usage. The argument should be placed in quotes

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of installation, all issues will be closed if you don't do your part of work

Expected Behavior

Error when starting Cape-Services

Current Behavior

Hi Doomedraven,

with the new installation of the dependencies via requirements.txt i get following error when starting Cape-Services:

ImportError: cannot import name 'abc' from 'bson.py3compat

Quick Search:

https://pymongo.readthedocs.io/en/stable/installation.html

Do not install the “bson” package from pypi. PyMongo comes with its own bson package; doing “pip install bson” or “easy_install bson” installs a third-party package that is incompatible with PyMongo

Maybe bson should be removed according to docs of pymongo if no other dependencies requires the bson pip package.

What worked for me:

pip uninstall bson
pip uninstall pymongo
pip install pymongo

Have a good one,

Claudio

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of installation, all issues will be closed if you don't do your part of work

Expected Behavior

After executing the kvm-qemu.sh script, creating a Virtual Machine using the virt-manager GUI should work as normal

Current Behavior

When creating a virtual machine, everything works as normal until the machine is to be created. Then an error is thrown as shown in the log / error message below.

Failure Information (for bugs)

Unable to complete install: 'internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: libjemalloc.so.2: cannot open shared object file: No such file or directory'

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/createvm.py", line 2001, in _do_async_install
installer.start_install(guest, meter=meter)
File "/usr/share/virt-manager/virtinst/install/installer.py", line 701, in start_install
domain = self._create_guest(
File "/usr/share/virt-manager/virtinst/install/installer.py", line 649, in _create_guest
domain = self.conn.createXML(install_xml or final_xml, 0)
File "/usr/local/lib/python3.8/dist-packages/libvirt.py", line 4366, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: process exited while connecting to monitor: /usr/bin/qemu-system-x86_64: error while loading shared libraries: libjemalloc.so.2: cannot open shared object file: No such file or directory

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Install Ubuntu 20.04
2. Run the script kvm-qemu.sh
3. The script appears to run normally
4. Attempt to create a virtual machine, the error shown in the screen shot is shown. Virtual machine cannot be created.

Context

If installing the KVM packages normally (i.e. without any customization as provided by the script, everyhting works fine)
The error occurs regardless if the VHD (qcow2) is present beforehand or created "on the fly".
KVM / QEMU was not present on the system prior to executing the script.

Failure Logs

kvm-qemu-install.zip

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

Installation without Error

Current Behavior

KVM-Installation failed due to install_libvirt function

Failure Information (for bugs)

Hi,
I tried to install kvm but getting this Error:

It seems that there are some problems with libvirt_so_path and/or PKG_CONFIG_PATH.
So i decided to determine the the Path to libvirt-qemu.so and libvirt.pc automatically:

updatedb

temp_libvirt_so_path=$(locate libvirt-qemu.so | head -n1 | awk '{print $1;}')  
temp_export_path=$(locate libvirt.pc | head -n1 | awk '{print $1;}')  
libvirt_so_path="${temp_libvirt_so_path%/*}/"
export_path="${temp_export_path%/*}/"

export PKG_CONFIG_PATH=$export_path

Maybe not the best solution, but worked for me.
Perhaps someone is struggling with the same problem.

Have a nice day

Claudio

Steps to Reproduce

sudo ./kvm-qemu.sh kvm

Context

Hi 😁,

due to the changes in CAPE (kevoreilly/CAPEv2@a02dca3)

The pip install at

ERROR: Can't verify hashes for these requirements because we don't have a way to hash version control repositories:
    git+https://github.com/fireeye/capa.git (from -r /opt/CAPEv2/requirements.txt (line 358))
    git+https://github.com/kevthehermit/RATDecoders.git (from -r /opt/CAPEv2/requirements.txt (line 629))
    git+https://github.com/CAPESandbox/peepdf.git (from -r /opt/CAPEv2/requirements.txt (line 867))
    git+https://github.com/kbandla/pydeep.git (from -r /opt/CAPEv2/requirements.txt (line 1005))
    git+https://github.com/andreasvc/pyre2.git (from -r /opt/CAPEv2/requirements.txt (line 1129))
    git+https://github.com/doomedraven/sflock.git (from -r /opt/CAPEv2/requirements.txt (line 1405))
    git+https://github.com/doomedraven/socks5man.git (from -r /opt/CAPEv2/requirements.txt (line 1434))
    git+https://github.com/volatilityfoundation/volatility3 (from -r /opt/CAPEv2/requirements.txt (line 1551))
    git+https://github.com/DissectMalware/XLMMacroDeobfuscator (from -r /opt/CAPEv2/requirements.txt (line 1575))

Hello,

installation with the updated kvm-qemu.sh script doesn't show any error, neither cape2.sh. After rebooting some modules doesn't work:

libvirtd not started, reason:

aa-complain /etc/apparmor.d/usr.sbin.libvirtd
ERROR: AppArmor analysis error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd in Line 29: Unknown capability bpf.

I can't find anything related to apparmor + bpf. Setting security_driver = "none" in /etc/libvirt/qemu.conf does fix this error, but that doesn't seem to be the correct solution.

Wrong target - this should go to sysctl.conf:

CRON[12638]: pam_limits(cron:session): invalid line 'net.core.default_qdisc=fq' - skipped
CRON[12638]: pam_limits(cron:session): invalid line 'net.ipv4.tcp_congestion_control=bbr' - skipped

if ! grep -q -E '^net.core.default_qdisc=fq' /etc/security/limits.conf; then
        echo "net.core.default_qdisc=fq" >> /etc/security/limits.conf
        echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/security/limits.conf
    fi

My fresh Ubuntu 20.04 installation uses systemd-resolved, so port 53 is already in use. Installation of dnsmasq doesn't remove nor disable systemd-resolved, dnsmasq won't start. To fix:

systemctl stop systemd-resolved
systemctl disable systemd-resolved
rm /etc/resolv.conf 
echo nameserver 8.8.8.8 | sudo tee /etc/resolv.conf
systemctl restart dnsmasq

This is opensource and you getting free support so be friendly!

• Wants to say thanks -> buy me a beer

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I read my log of instalation, all issues will be closed if you don't do your part of work
• I understand that reporting issue related to any instalation script without instalation log is useless and will be closed

Expected Behavior

Expected to return or display a result of the finding of an executable.

Current Behavior

That the process is forever in the pending page.

Failure Information (for bugs)

I am not sure what logs to provide. Please guide me and I will provide the necessary logs.

Steps to Reproduce

After running the cape2.sh script to install.
I am running it in an offline environment with a custom vnet. Setting the configuration to machinery.
Have also ensure that the vms of the same vmnet are able to ping each other and ‘netstat -ani’ to ensure agent are listening at port 8000

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

Failure Logs

Please guide me on what logs to provide.

I have installed QEMU and libvirt with kvm-qemu.sh with sudo ./kvm-qemu.sh ALL.
However, when I open virt-manager it says "QEMU/KVM not connected".

libvirtd service is running
$service libvirtd status

● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-07-19 11:08:15 CDT; 5min ago
Docs: man:libvirtd(8)
https://libvirt.org
Main PID: 1083 (libvirtd)
Tasks: 19 (limit: 32768)
CGroup: /system.slice/libvirtd.service
├─1083 /usr/sbin/libvirtd
├─1398 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
└─1399 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

What possibly be the issue?

Expected Behavior

After configuring and running cape2.sh and configuring files in config, cape starts up without warnings

Current Behavior

Running Cuckoo.py results in only the splash screen and a warning after some delay.

WARNING: You have enabled webgui but mongo ins't working, see mongodb manual for correct instalation and configuration

Cuckoo closes after this, returning control of bash to the user. Not sure if CAPE is meant to remain on the terminal, but I have other errors related to trying to start web\manage.py

Failure Information (for bugs)

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. install bare ubuntu 20.04 lts
2. run kvm-qemu script, configure and install vms
3. Run capev2.sh
4. set config in files
5. start rooter: sudo python3 utils/rooter.py /tmp/cuckoo-rooter -g cape &
6. run cuckoo.py: sudo python3 cuckoo.py -h
7. run python3 web/manage.py migrate

Context

Failure Logs

cape2.sh.log
kvm-qemu.sh.log