the first thing we might wanna do is to make sure the ubuntu box run the python version supported for cuckoo. cuckoo supports version 2.7 see below:
labuser@MAE-cuckoo:~$ python --version
Python 2.7.6
with this in mind we proceed and install the various python libraries needed to perform a successful install. in order to make the installation of libraries easier we go ahead and install pip
root@MAE-cuckoo:/home/labuser# apt-get install python-pip
right after we go ahead and install some requirements with pip
root@MAE-cuckoo:/home/labuser# pip install sqlalchemy bson jinja2 yara
the next library to be installed is dpkt which is critical for pcap processing this library needs to be installed from source and one might be able to locate it: here
once downloaded decompress it and run the following command
root@MAE-cuckoo:/home/labuser/cuckoo/dpkt-1.8# python setup.py install
in the case of yara one needs to downloaded for its git repo and install from source but before attempting to install yara a few packages need to be installed then proceedd to perform the installation :
root@MAE-cuckoo:/home/labuser/cuckoo/yara-2.1.0# apt-get install automake libtool
root@MAE-cuckoo:/home/labuser/cuckoo/yara-2.1.0# ./build.sh
next we will install libvirt. this package needs to be installed from source since it needs to be compiled with esx support a good guide on how to install it is here however on ubuntu 14 there are some patching you must do in order to successfully compile libvirt:
on the file /usr/include/linux/if_bridge.h you must add the following include:
#include <netinet/ip6.h>
and also run the following command sed -i -e '/gets is a security/d' grub-core/gnulib/stdio.in.h
also if youre planning to install the latest version of libvirt which is libvirt-1.2.5 at the moment of this writing you need apso the following package: libpciaccess-dev. in addition
then we go ahead and install django
root@MAE-cuckoo:/home/labuser/cuckoo/libvirt-1.2.5# apt-get install python-django
next we install pefile lib
root@MAE-cuckoo:/home/labuser/cuckoo# wget --no-check-certificate https://pefile.googlecode.com/files/pefile-1.2.10-1
39.tar.gz
root@MAE-cuckoo:/home/labuser/cuckoo/pefile-1.2.10-139# python setup.py install
next we install volatility
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# wget https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# python setup.py install
next we configure tcpdump so it can be ran from a non-root account
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
next we create cuckoo user and group which is the account cuckoo will run under
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# adduser cuckoo
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# groupadd cuckoogrp
root@MAE-cuckoo:/home/labuser/cuckoo/volatility-2.3.1# usermod -a -G cuckoogrp cuckoo
