Skip to content

Instantly share code, notes, and snippets.

@pr3l14t0r

pr3l14t0r/Setup-Of-Analyzing-Env.md

Last active October 30, 2021 23:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save pr3l14t0r/c922cfa5ef1f5ff29803fe0f18b8819d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save pr3l14t0r/c922cfa5ef1f5ff29803fe0f18b8819d to your computer and use it in GitHub Desktop.
Download ZIP
Setup of an analyzing Environment
Raw
Setup-Of-Analyzing-Env.md

Setup of Analysis Environment

This quick gist aims to guide through the installation of an analyzation environment which i used for my master thesis. It documents walkthroughs for both Windows and Ubuntu (20.04 LTS (focal))

The goal is to have a machine where i can deploy VMs via vagrant, provision them with ansible and to funny stuff do them with PowerShell.

For the future it is planned to create a repo out of this containing automation scripts as well as terraform and ansible scripts.

NOTES: For the Ubuntu guide use either a bare metal machine, or a cloud provider VM from which you know that para-virtualizarion is supported. I've used DigitalOcean, 'cause no AWS image (AMI) provided that functionality. See the ubuntu virtualbox section for more information.

Overview

Required Tools

In order to run the analysis, you will have to install the following tools (irregardless of the host system)

  • VirtualBox
  • Vagrant
  • Ansible
  • Docker
  • PowerShell Core
  • Kubectl

Ubuntu

This is a small description on how to setup all necessary components for Ubuntu 20.04 LTS focal.

Add common stuff

We need to make sure that some common packages are installed as well as that the main and universe repos are enabled.

sudo apt-get install -y wget apt-transport-https software-properties-common
sudo add-apt-repository main
sudo add-apt-repository universe

Install VirtualBox

Follow the instructions by Oracle:

# add gpg key
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

# add correct repo
echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib" | sudo tee /etc/apt/sources.list

# install virtualbox
sudo apt update
sudo apt install -y virtualbox-6.1

If you get an error stating that some packages are not found, re-run the steps from Add common stuff and try the installation again.

Don't miss out the extension pack:

# download the package 
wget https://download.virtualbox.org/virtualbox/6.1.28/Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack
# Extract it 
mkdir /tmp/VBoxExt
tar -xf Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack --directory /tmp/VBoxExt
# Receive the SHA256 sum of the license (so we do not have to accept it manually)
SHA256=($(sha256sum /tmp/VBoxExt/ExtPack-license.txt| cut -d ' ' -f 1))
# import 
sudo vboxmanage extpack install --accept-license=$SHA256 ./Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack
# remove the file
rm ./Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack
rm -rf /tmp/VBoxExt

You might run into the following error when invoking any virtualbox command, like vboxmanage --version

WARNING: The vboxdrv kernel module is not loaded. Either there is no module
         available for the current kernel (5.4.0-88-generic) or it failed to
         load. Please recompile the kernel module and install it by

           sudo /sbin/vboxconfig

         You will not be able to start VMs until this problem is fixed.
6.1.28r147628

This is mostly an error caused by the used kernel. AWS for example uses an ...-aws kernel. Furthermore AWS uses a XEN environment, thus VirtualBox can't be installed on AWS Ubuntu machines!!. I've learned this the hard way..

You can try to resolve this issue by invoking the displayed command: sudo /sbin/vboxconfig. This also might error out:

vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
This system is currently not set up to build kernel modules.
Please install the gcc make perl packages from your distribution.
This system is currently not set up to build kernel modules.
Please install the gcc make perl packages from your distribution.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.  If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.

This means that you have to first update your kernel build packages: sudo apt-get install build-essential gcc make perl dkms linux-headers-$(uname -r)

If this does not work due to unmet dependencies, try aptitude over apt or apt-get (see here):

sudo apt-get install aptitude
sudo aptitude install build-essential gcc make perl dkms linux-headers-$(uname -r)

After that try to build the kernel modules again: sudo /sbin/vboxconfig

A successful build looks like the following:

root@PowerForensicator-Ubuntu:~# sudo /sbin/vboxconfig
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
root@PowerForensicator-Ubuntu:~# vboxmanage --version
6.1.28r147628

After all, do not forget to add your user to the vboxusers group: sudo usermod -a -G vboxusers $USER

Install Vagrant

Taken from the Downloads page of Hashicorp's VagrantUp

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install vagrant

Install Ansible

There are multiple ways to achieve this. The most convenient way (for 20.04 focal!!!) is to use the universe repo:

sudo add-apt-repository universe
sudo apt update
sudo apt install -y ansible

Install PowerShell Core

Taken from Microsofts Documentation:

# Update the list of packages
sudo apt-get update
# Install pre-requisite packages.
sudo apt-get install -y wget apt-transport-https software-properties-common
# Download the Microsoft repository GPG keys
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
# Register the Microsoft repository GPG keys
sudo dpkg -i packages-microsoft-prod.deb
# Update the list of packages after we added packages.microsoft.com
sudo apt-get update
# Install PowerShell
sudo apt-get install -y powershell
# Start PowerShell // Check version
pwsh --version

Install Docker

You can install docker either by using the repository or by installing from package

Here's how you install it from the repo:

sudo apt-get update
sudo apt-get install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

sudo apt-get install -y docker-ce docker-ce-cli containerd.io

You may verify that docker has been installed by using the following command: sudo docker run --rm hello-world

NOTE: If you aren't logged in as root, add your user to the docker group to omit permission issues!

sudo usermod -a -G docker $USER

Install Kubectl

As always there are several ways how to install the kubectl binary to you system. Check out the Kubernetes documentation for that.

Here's what to do if you want to use the native package management (steps were taken from documentation mentioned above!):

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

# Download the Google Cloud public signing key
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg

# Add the Kubernetes apt repository:
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

# Update apt package index with the new repository and install kubectl
sudo apt-get update
sudo apt-get install -y kubectl

# Verify
kubectl version

Windows

The following sections will guide you through the necessary installations on Windows. Do not forget to restart your system after all installation steps have been done!

01. Install WSL2

IMPORTANT!: WSL2 is not designed to run on Windows Server! Don't even bother trying to:

  • See this issue on Github
  • See this thread on docs.microsoft.com

Install WSL2. In an administrative powershell session, run:

# Enable the Windows Subsystem for Linux
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

# Enable Virtual Machine feature
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

# Download and install the Linux kernel update package
    $InstallerPath = ([System.Io.Path]::Combine($env:TEMP,"wsl_update_x64.msi"))

    # Download
    Invoke-WebRequest -Uri https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi -OutFile $InstallerPath -UseBasicParsing

    # Install
    $result = Start-Process -FilePath "msiexec.exe" -ArgumentList ("/i",$InstallerPath,"/quiet","/norestart") -Wait -PassThru
    Write-Host ("ExitCode of updating WSL: "+$result.ExitCode)

    # Delete
    Remove-Item -Force ([System.Io.Path]::Combine($env:TEMP,"wsl_update_x64.msi"))

    # Set WSL2 as default
    wsl --set-default-version 2

02. Install/ Activate the Ubuntu distribution

In an administrative powershell session, run:

# Install and Activate ubuntu 2004

#=========
# METHOD 1
#=========

# Download
Invoke-WebRequest -Uri https://aka.ms/wslubuntu2004 -OutFile ([System.Io.Path]::Combine($env:TEMP,"Ubuntu.appx")) -UseBasicParsing

# Install package
Add-AppxPackage ([System.Io.Path]::Combine($env:TEMP,"Ubuntu.appx"))

#=========
# METHOD 2
#=========
wsl --install --distribution Ubuntu

System might require to reboot! Check the Output...

After that, start your ubuntu shell and configure username + password.

03. Install VirtualBox

Download and install VirtualBox for Windows hosts. Do that either manually, or through PowerShell:

# Download VirtualBox
Invoke-WebRequest -Uri 'https://download.virtualbox.org/virtualbox/6.1.28/VirtualBox-6.1.28-147628-Win.exe' -UseDefaultCredentials -OutFile ([System.Io.Path]::Combine($env:TEMP,"VirtualBox-6.1.28-147628-Win.exe"))

# Install 
Start-Process -FilePath ([System.Io.Path]::Combine($env:TEMP,"VirtualBox-6.1.28-147628-Win.exe")) -ArgumentList "--silent" -Wait -PassThru
Write-Host ("ExitCode of Installing VirtualBox: "+$result.ExitCode)

# Remove the file
Remove-Item -Force ([System.Io.Path]::Combine($env:TEMP,"VirtualBox-6.1.28-147628-Win.exe"))

# Download VirtualBox 6.1.28 Oracle VM VirtualBox Extension Pack
Invoke-WebRequest -Uri 'https://download.virtualbox.org/virtualbox/6.1.28/Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack' -UseDefaultCredentials -OutFile ([System.Io.Path]::Combine($env:TEMP,"Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack"))

# Extract and get the checksum of the license (yes, there is a native "tar.exe" on windows!!)
mkdir ([System.IO.Path]::Combine($env:TEMP,"VboxExt"))

tar -xf ([System.Io.Path]::Combine($env:TEMP,"Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack")) --directory ([System.IO.Path]::Combine($env:TEMP,"VboxExt"))

$licenseSHA256 = Get-FileHash -Path ([System.IO.Path]::Combine($env:TEMP,"VboxExt","ExtPack-license.txt")) -Algorithm SHA256

# Import the extensions 
$result = Start-Process -FilePath "C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" -ArgumentList @("extpack","install",("--accept-license="+$licenseSHA256.Hash),([System.Io.Path]::Combine($env:TEMP,"Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack"))) -Wait -PassThru

Write-Host ("ExitCode of importing the extensions: "+$result.ExitCode)

# Cleanup
Remove-Item -Force ([System.Io.Path]::Combine($env:TEMP,"Oracle_VM_VirtualBox_Extension_Pack-6.1.28.vbox-extpack"))
Remove-Item -Recurse -Force ([System.IO.Path]::Combine($env:TEMP,"VboxExt"))

04. Install Vagrant

Download Vagrant from Hashicorp. In PowerShell:

# Download 
Invoke-WebRequest -Uri 'https://releases.hashicorp.com/vagrant/2.2.18/vagrant_2.2.18_x86_64.msi' -OutFile ([System.Io.Path]::Combine($env:TEMP,"vagrant.msi")) -UseBasicParsing

# install (using norestart)
$result = Start-Process -FilePath "msiexec.exe" -ArgumentList ("/i",([System.Io.Path]::Combine($env:TEMP,"vagrant.msi")),"/quiet","/norestart") -Wait -PassThru
Write-Host ("ExitCode of Installing vagrant: "+$result.ExitCode)

# little test
vagrant --version

# Remove
Remove-Item -Force ([System.Io.Path]::Combine($env:TEMP,"vagrant.msi"))

05. Install Vagrant and Ansible in your Ubuntu WSL

In the ubuntu wsl, do:

# update
sudo apt update 

# download vagrant from releases page
curl -O https://releases.hashicorp.com/vagrant/2.2.18/vagrant_2.2.18_x86_64.deb

# invoke installation
sudo apt install ./vagrant_2.2.18_x86_64.deb

# verify install
vagrant --version

You should also consider to install the vagrant plugin virtualbox_WSL by Karandash8. It aims to help setting the correct network settings when working with vagrant from within the WSL2 ubuntu shell. See this Gist for more information.

  • vagrant plugin install virtualbox_WSL2

NOTE: Make sure that the version of vagrant in Windows and vagrant in Ubuntu WSL do match!

Now install Ansible:

sudo apt update
sudo apt install -y software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install -y ansible

06. Install Docker for WSL2 Backend

Refer to the official Docker guide for installaton steps. In Powershell:

$DockerInstallerPath = ([System.Io.Path]::Combine($env:TEMP,"DockerInstaller.exe"))

# Download 
Invoke-WebRequest -Uri 'https://desktop.docker.com/win/stable/amd64/Docker%20Desktop%20Installer.exe' -OutFile $DockerInstallerPath -UseBasicParsing

# install (quiet)
$result = Start-Process -FilePath $DockerInstallerPath -ArgumentList ("install","--quiet") -Wait -PassThru
Write-Host ("ExitCode of Installing Docker: "+$result.ExitCode)

# verify
Start-Process -FilePath "docker.exe" -ArgumentList ("version") -Wait -PassThru

# Remove Installer 
Remove-Item $DockerInstallerPath -Force

07. Install PowerShell Core

Here's the joke: Install PowerShell Core from PowerShell. :)

$InstallerPath = ([System.Io.Path]::Combine($env:TEMP,"PowerShellCore.exe"))

# Download 
Invoke-WebRequest -Uri 'https://github.com/PowerShell/PowerShell/releases/download/v7.1.5/PowerShell-7.1.5-win-x64.msi' -OutFile $InstallerPath -UseBasicParsing

# install (quiet)
$result = Start-Process -FilePath "msiexec" -ArgumentList ("/i",$InstallerPath,"/qn") -Wait -PassThru
Write-Host ("ExitCode of Installing PowerShell: "+$result.ExitCode)

# Remove Installer 
Remove-Item $InstallerPath -Force

08. Install Git

Install Git for Windows. In PowerShell:

$InstallerPath = ([System.Io.Path]::Combine($env:TEMP,"PowerShellCore.exe"))

# Download 
Invoke-WebRequest -Uri 'https://github.com/git-for-windows/git/releases/download/v2.33.1.windows.1/Git-2.33.1-64-bit.exe' -OutFile $InstallerPath -UseBasicParsing

# install (quiet)
$result = Start-Process -FilePath $InstallerPath -ArgumentList ("/SILENT") -Wait -PassThru
Write-Host ("ExitCode of Installing git: "+$result.ExitCode)

# Remove Installer 
Remove-Item $InstallerPath -Force

09. Optional: Install Visual Studio Code

I did not automate that as it is for convenience only. You'll find the downloads here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment