This repository provides scripts and configuration files to install/update and test a Peekaboo installation.

The outcome is a virtual machine that takes email messages via AMaViS, processes them with Peekaboo and Cuckoo Sandbox, and hands mail back to Postfix.

Necessary packages and source code is pulled and installed automatically.

Have a read of PeekabooAV-install.sh it contains lots of information and explanations.

Quick and easy, download pstrap.sh and run. (It pulls the repo to /tmp and runs the installer)

Certainly it is possible to run the installer again if e.g. network timeouts have stoped its execution. This installer can also be used as an updater, it implements tests and replaces updated files and performes an installation of the latest PeekabooAV release.

A video tutorial of the setup process of a testing environment is also available.

• you want to install or update PeekabooAV
• this is a Ubuntu 18.04 VM
• /etc/hostname is a valid FQDN
• nothing else runs on this machine
• you run this installer as root
• you know what you're doing!

For a released version, e.g. 2.0

git clone -b v2.0 --recurse-submodules https://github.com/scvenus/peekabooav-installer
cd peekabooav-installer/
./PeekabooAV-install.sh

Or for testing most resent changes of the repository

git clone https://github.com/scvenus/peekabooav-installer
cd peekabooav-installer/
git clone https://github.com/scvenus/peekabooav PeekabooAV
./PeekabooAV-install.sh

Then carry on reading README-postinstallation.md and of course the Cuckoo Sandbox documentation.

AND find useful scripts in utils

Host:25 -> Postfix content_filter
VM:1024 -> AMaViS
  -> Peekaboo
-> Host:10025 Postfix

The MTA running on the host receives email and hands it over to AMaViS inside the VM this then splits up content and attachments. Peekaboo then analysis those files and reports back to AMaViS. Mail is then handed back to the host.

There is a user called peekaboo whose home is at /var/lib/peekaboo.

Assuming you've done this:

• you want to install or update PeekabooAV
• this is a Ubuntu 18.04 VM
• is fully updated (apt-get upgrade)
• apt working and package source available
• recent version of ansible is installed (>2.4 (in Ubuntu 16.04 use pip))
• /etc/hostname is a valid FQDN
• nothing else runs on this machine
• you run this installer as root
• you know what you're doing!

That's it well done

Thanks have a nice day

su - cuckoo -c "vboxmanage list vms"
su - cuckoo -c "cuckoo"
su - peekaboo -c "peekaboo -d -c /opt/peekaboo/etc/peekaboo.conf"
# if you upgrade from an earlier version you might have to delete the _meta table first
# should crash with "No such file or directory: '/run/peekaboo/peekaboo.pid'"
systemctl start peekaboo
ss -np | grep peekaboo
socat STDIN UNIX-CONNECT:/var/run/peekaboo/peekaboo.sock
systemctl status cuckoohttpd
systemctl status mongodb
http://127.0.0.1:8000 # cuckoo web UI analyse a file
python -m smtpd -n -c DebuggingServer 0.0.0.0:10025 &
utils/checkFileWithPeekaboo.py grafana/Screenshot-2018-1-17\ Grafana\ -\ PeekabooAV.png

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Copyright (C) 2016-2019 science + computing ag