YESIHACK/Cuckoo conf

## Cuckoo conf
[cuckoo]
# If turned on, Cuckoo will delete the original file after its analysis
# has been completed.
delete_original = off

# If turned on, Cuckoo will delete the copy of the original file in the
# local binaries repository after the analysis has finished. (On *nix this
# will also invalidate the file called "binary" in each analysis directory,
# as this is a symlink.)
delete_bin_copy = off

# Specify the name of the machinery module to use, this module will
# define the interaction between Cuckoo and your virtualization software
# of choice.
machinery = kvm

# Enable creation of memory dump of the analysis machine before shutting
# down. Even if turned off, this functionality can also be enabled at
# submission. Currently available for: VirtualBox and libvirt modules (KVM).
memory_dump = off

# When the timeout of an analysis is hit, the VM is just killed by default.
# For some long-running setups it might be interesting to terminate the
# moinitored processes before killing the VM so that connections are closed.
terminate_processes = off

# Enable automatically re-schedule of "broken" tasks each startup.
# Each task found in status "processing" is re-queued for analysis.
reschedule = off

# Enable processing of results within the main cuckoo process.
# This is the default behavior but can be switched off for setups that
#  require high stability and process the results in a separate task.
process_results = on

# Limit the amount of analysis jobs a Cuckoo process goes through.
# This can be used together with a watchdog to mitigate risk of memory leaks.
max_analysis_count = 0

# Limit the number of concurrently executing analysis machines.
# This may be useful on systems with limited resources.
# Set to 0 to disable any limits.
max_machines_count = 2

# Limit the amount of VMs that are allowed to start in parallel. Generally
# speaking starting the VMs is one of the more CPU intensive parts of the
# actual analysis. This option tries to avoid maxing out the CPU completely.
max_vmstartup_count = 2

# Minimum amount of free space (in MB) available before starting a new task.
# This tries to avoid failing an analysis because the reports can't be written
# due out-of-diskspace errors. Setting this value to 0 disables the check.
# (Note: this feature is currently not supported under Windows.)
freespace = 64

# Temporary directory containing the files uploaded through Cuckoo interfaces
# (web.py, api.py, Django web interface).
tmppath = /tmp

# Delta in days from current time to set the guest clocks to for file analyses
# A negative value sets the clock back, a positive value sets it forward.
# The default of 0 disables this option
# Note that this can still be overridden by the per-analysis clock setting
# and it is not performed by default for URL analysis as it will generally
# result in SSL errors
daydelta = 0

# Path to the unix socket for running root commands.
rooter = /tmp/cuckoo-rooter

[resultserver]
# The Result Server is used to receive in real time the behavioral logs
# produced by the analyzer.
# Specify the IP address of the host. The analysis machines should be able
# to contact the host through such address, so make sure it's valid.
# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
# `resultserver_ip` for all your virtual machines in machinery configuration.
ip = 192.168.100.1

# Specify a port number to bind the result server on.
port = 2042

# Force the port chosen above, don't try another one (we can select another
# port dynamically if we can not bind this one, but that is not an option
# in some setups)
force_port = off

# Should the server write the legacy CSV format?
# (if you have any custom processing on those, switch this on)
store_csvs = off

# Maximum size of uploaded files from VM (screenshots, dropped files, log)
# The value is expressed in bytes, by default 10Mb.
upload_max_size = 10485760

[processing]
# Set the maximum size of analyses generated files to process. This is used
# to avoid the processing of big files which may take a lot of processing
# time. The value is expressed in bytes, by default 100Mb.
analysis_size_limit = 104857600

# The number of calls per process to process. 0 switches the limit off.
# 10000 api calls should be processed in less than 2 minutes
analysis_call_limit = 0

# Enable or disable DNS lookups.
resolve_dns = on

# Enable or disable reverse DNS lookups
# This information currently is not displayed in the web interface
reverse_dns = off

# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature.
# Please read "performance" section in the documentation.
ram_boost = off

# Enable PCAP sorting, needed for the connection content view in the web interface.
sort_pcap = on

[database]
# Specify the database connection string.
# Examples, see documentation for more:
# sqlite:///foo.db
# postgresql://foo:bar@localhost:5432/mydatabase
# mysql://foo:bar@localhost/mydatabase
# If empty, default is a SQLite in db/cuckoo.db.
connection = (Databse is there just not sharing it with the world) :)

# Database connection timeout in seconds.
# If empty, default is set to 60 seconds.
timeout =

[timeouts]
# Set the default analysis timeout expressed in seconds. This value will be
# used to define after how many seconds the analysis will terminate unless
# otherwise specified at submission.
default = 200

# Set the critical timeout expressed in (relative!) seconds. It will be added
# to the default timeout above and after this timeout is hit
# Cuckoo will consider the analysis failed and it will shutdown the machine
# no matter what. When this happens the analysis results will most likely
# be lost.
critical = 60

# Maximum time to wait for virtual machine status change. For example when
# shutting down a vm. Default is 300 seconds.
vm_state = 300

[routing]
# Default network routing mode; "none", "internet", or "vpn_name".
# In none mode we don't do any special routing - the VM doesn't have any
# network access (this has been the default actually for quite a while).
# In internet mode by default all the VMs will be routed through the network
# interface configured below (the "dirty line").
# And in VPN mode by default the VMs will be routed through the VPN identified
# by the given name of the VPN (as per vpn.conf).
# Note that just like enabling VPN configuration setting this option to
# anything other than "none" requires one to run utils/rooter.py as root next
# to the Cuckoo instance (as it's required for setting up the routing).
route = none

# Network interface that allows a VM to connect to the entire internet, the
# "dirty line" so to say. Note that, just like with the VPNs, this will allow
# malicious traffic through your network. So think twice before enabling it.
# (For example, to route all VMs through eth0 by default: "internet = eth0").
internet = none

# Routing table name/id for "dirty line" interface. If "dirty line" is
# also default gateway in the system you can leave "main" value. Otherwise add
# new routing table by adding "<id> <name>" line to /etc/iproute2/rt_tables
# (e.g., "200 eth0"). ID and name must be unique across the system (refer to
# /etc/iproute2/rt_tables for existing names and IDs).
rt_table = main

# To route traffic through multiple network interfaces Cuckoo uses
# Policy Routing with separate routing table for each output interface
# (VPN or "dirty line"). If this option is enabled Cuckoo on start will try
# to automatically initialise routing tables by copying routing entries from
# main routing table to the new routing tables. Depending on your network/vpn
# configuration this might not be sufficient. In such case you would need to
# initialise routing tables manually. Note that enabling this option won't
# affect main routing table.
auto_rt = no

# Inetsim quick deploy, chose your vm manager if is not kvm
# wget https://googledrive.com/host/0B6fULLT_NpxMQ1Rrb1drdW42SkE/remnux-6.0-ova-public.ova
# tar xvf remnux-6.0-ova-public.ova
# qemu-img convert -O qcow2 REMnuxV6-disk1.vmdk remnux.qcow2

inetsim = off
inetsim_server = 192.168.122.2
inetsim_dnsport = 53
inetsim_interface = virbr0

# Tor
tor = off
tor_dnsport = 5353
tor_proxyport = 9040
tor_interface = virbr0

[logging]
# Allows to activate log rotate for cuckoo.log and process.log
enabled = off
# Keep 30 days logs
backupCount = 30


[ramfs]
# You should know what are you doing
# mkdir -p /mnt/ramfs
# mount -t tmpfs -o size=50g tmpfs /mnt/ramfs
# vim /etc/fstab
# tmpfs       /mnt/ramfs tmpfs   nodev,nosuid,noexec,nodiratime,size=50g   0 0
# sudo chown cuckoo:cuckoo /mnt/ramfs
enabled = off
path = /mnt/ramfs/
freespace = 2000
	[cuckoo]
	# If turned on, Cuckoo will delete the original file after its analysis
	# has been completed.
	delete_original = off

	# If turned on, Cuckoo will delete the copy of the original file in the
	# local binaries repository after the analysis has finished. (On *nix this
	# will also invalidate the file called "binary" in each analysis directory,
	# as this is a symlink.)
	delete_bin_copy = off

	# Specify the name of the machinery module to use, this module will
	# define the interaction between Cuckoo and your virtualization software
	# of choice.
	machinery = kvm

	# Enable creation of memory dump of the analysis machine before shutting
	# down. Even if turned off, this functionality can also be enabled at
	# submission. Currently available for: VirtualBox and libvirt modules (KVM).
	memory_dump = off

	# When the timeout of an analysis is hit, the VM is just killed by default.
	# For some long-running setups it might be interesting to terminate the
	# moinitored processes before killing the VM so that connections are closed.
	terminate_processes = off

	# Enable automatically re-schedule of "broken" tasks each startup.
	# Each task found in status "processing" is re-queued for analysis.
	reschedule = off

	# Enable processing of results within the main cuckoo process.
	# This is the default behavior but can be switched off for setups that
	# require high stability and process the results in a separate task.
	process_results = on

	# Limit the amount of analysis jobs a Cuckoo process goes through.
	# This can be used together with a watchdog to mitigate risk of memory leaks.
	max_analysis_count = 0

	# Limit the number of concurrently executing analysis machines.
	# This may be useful on systems with limited resources.
	# Set to 0 to disable any limits.
	max_machines_count = 2

	# Limit the amount of VMs that are allowed to start in parallel. Generally
	# speaking starting the VMs is one of the more CPU intensive parts of the
	# actual analysis. This option tries to avoid maxing out the CPU completely.
	max_vmstartup_count = 2

	# Minimum amount of free space (in MB) available before starting a new task.
	# This tries to avoid failing an analysis because the reports can't be written
	# due out-of-diskspace errors. Setting this value to 0 disables the check.
	# (Note: this feature is currently not supported under Windows.)
	freespace = 64

	# Temporary directory containing the files uploaded through Cuckoo interfaces
	# (web.py, api.py, Django web interface).
	tmppath = /tmp

	# Delta in days from current time to set the guest clocks to for file analyses
	# A negative value sets the clock back, a positive value sets it forward.
	# The default of 0 disables this option
	# Note that this can still be overridden by the per-analysis clock setting
	# and it is not performed by default for URL analysis as it will generally
	# result in SSL errors
	daydelta = 0

	# Path to the unix socket for running root commands.
	rooter = /tmp/cuckoo-rooter

	[resultserver]
	# The Result Server is used to receive in real time the behavioral logs
	# produced by the analyzer.
	# Specify the IP address of the host. The analysis machines should be able
	# to contact the host through such address, so make sure it's valid.
	# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
	# `resultserver_ip` for all your virtual machines in machinery configuration.
	ip = 192.168.100.1

	# Specify a port number to bind the result server on.
	port = 2042

	# Force the port chosen above, don't try another one (we can select another
	# port dynamically if we can not bind this one, but that is not an option
	# in some setups)
	force_port = off

	# Should the server write the legacy CSV format?
	# (if you have any custom processing on those, switch this on)
	store_csvs = off

	# Maximum size of uploaded files from VM (screenshots, dropped files, log)
	# The value is expressed in bytes, by default 10Mb.
	upload_max_size = 10485760

	[processing]
	# Set the maximum size of analyses generated files to process. This is used
	# to avoid the processing of big files which may take a lot of processing
	# time. The value is expressed in bytes, by default 100Mb.
	analysis_size_limit = 104857600

	# The number of calls per process to process. 0 switches the limit off.
	# 10000 api calls should be processed in less than 2 minutes
	analysis_call_limit = 0

	# Enable or disable DNS lookups.
	resolve_dns = on

	# Enable or disable reverse DNS lookups
	# This information currently is not displayed in the web interface
	reverse_dns = off

	# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature.
	# Please read "performance" section in the documentation.
	ram_boost = off

	# Enable PCAP sorting, needed for the connection content view in the web interface.
	sort_pcap = on

	[database]
	# Specify the database connection string.
	# Examples, see documentation for more:
	# sqlite:///foo.db
	# postgresql://foo:bar@localhost:5432/mydatabase
	# mysql://foo:bar@localhost/mydatabase
	# If empty, default is a SQLite in db/cuckoo.db.
	connection = (Databse is there just not sharing it with the world) :)

	# Database connection timeout in seconds.
	# If empty, default is set to 60 seconds.
	timeout =

	[timeouts]
	# Set the default analysis timeout expressed in seconds. This value will be
	# used to define after how many seconds the analysis will terminate unless
	# otherwise specified at submission.
	default = 200

	# Set the critical timeout expressed in (relative!) seconds. It will be added
	# to the default timeout above and after this timeout is hit
	# Cuckoo will consider the analysis failed and it will shutdown the machine
	# no matter what. When this happens the analysis results will most likely
	# be lost.
	critical = 60

	# Maximum time to wait for virtual machine status change. For example when
	# shutting down a vm. Default is 300 seconds.
	vm_state = 300

	[routing]
	# Default network routing mode; "none", "internet", or "vpn_name".
	# In none mode we don't do any special routing - the VM doesn't have any
	# network access (this has been the default actually for quite a while).
	# In internet mode by default all the VMs will be routed through the network
	# interface configured below (the "dirty line").
	# And in VPN mode by default the VMs will be routed through the VPN identified
	# by the given name of the VPN (as per vpn.conf).
	# Note that just like enabling VPN configuration setting this option to
	# anything other than "none" requires one to run utils/rooter.py as root next
	# to the Cuckoo instance (as it's required for setting up the routing).
	route = none

	# Network interface that allows a VM to connect to the entire internet, the
	# "dirty line" so to say. Note that, just like with the VPNs, this will allow
	# malicious traffic through your network. So think twice before enabling it.
	# (For example, to route all VMs through eth0 by default: "internet = eth0").
	internet = none

	# Routing table name/id for "dirty line" interface. If "dirty line" is
	# also default gateway in the system you can leave "main" value. Otherwise add
	# new routing table by adding "<id> <name>" line to /etc/iproute2/rt_tables
	# (e.g., "200 eth0"). ID and name must be unique across the system (refer to
	# /etc/iproute2/rt_tables for existing names and IDs).
	rt_table = main

	# To route traffic through multiple network interfaces Cuckoo uses
	# Policy Routing with separate routing table for each output interface
	# (VPN or "dirty line"). If this option is enabled Cuckoo on start will try
	# to automatically initialise routing tables by copying routing entries from
	# main routing table to the new routing tables. Depending on your network/vpn
	# configuration this might not be sufficient. In such case you would need to
	# initialise routing tables manually. Note that enabling this option won't
	# affect main routing table.
	auto_rt = no

	# Inetsim quick deploy, chose your vm manager if is not kvm
	# wget https://googledrive.com/host/0B6fULLT_NpxMQ1Rrb1drdW42SkE/remnux-6.0-ova-public.ova
	# tar xvf remnux-6.0-ova-public.ova
	# qemu-img convert -O qcow2 REMnuxV6-disk1.vmdk remnux.qcow2

	inetsim = off
	inetsim_server = 192.168.122.2
	inetsim_dnsport = 53
	inetsim_interface = virbr0

	# Tor
	tor = off
	tor_dnsport = 5353
	tor_proxyport = 9040
	tor_interface = virbr0

	[logging]
	# Allows to activate log rotate for cuckoo.log and process.log
	enabled = off
	# Keep 30 days logs
	backupCount = 30


	[ramfs]
	# You should know what are you doing
	# mkdir -p /mnt/ramfs
	# mount -t tmpfs -o size=50g tmpfs /mnt/ramfs
	# vim /etc/fstab
	# tmpfs /mnt/ramfs tmpfs nodev,nosuid,noexec,nodiratime,size=50g 0 0
	# sudo chown cuckoo:cuckoo /mnt/ramfs
	enabled = off
	path = /mnt/ramfs/
	freespace = 2000