Created
August 9, 2019 14:26
-
-
Save YESIHACK/53bb0bc7d83783a38317e778d963b8fe to your computer and use it in GitHub Desktop.
Cuckoo conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[cuckoo] | |
# If turned on, Cuckoo will delete the original file after its analysis | |
# has been completed. | |
delete_original = off | |
# If turned on, Cuckoo will delete the copy of the original file in the | |
# local binaries repository after the analysis has finished. (On *nix this | |
# will also invalidate the file called "binary" in each analysis directory, | |
# as this is a symlink.) | |
delete_bin_copy = off | |
# Specify the name of the machinery module to use, this module will | |
# define the interaction between Cuckoo and your virtualization software | |
# of choice. | |
machinery = kvm | |
# Enable creation of memory dump of the analysis machine before shutting | |
# down. Even if turned off, this functionality can also be enabled at | |
# submission. Currently available for: VirtualBox and libvirt modules (KVM). | |
memory_dump = off | |
# When the timeout of an analysis is hit, the VM is just killed by default. | |
# For some long-running setups it might be interesting to terminate the | |
# moinitored processes before killing the VM so that connections are closed. | |
terminate_processes = off | |
# Enable automatically re-schedule of "broken" tasks each startup. | |
# Each task found in status "processing" is re-queued for analysis. | |
reschedule = off | |
# Enable processing of results within the main cuckoo process. | |
# This is the default behavior but can be switched off for setups that | |
# require high stability and process the results in a separate task. | |
process_results = on | |
# Limit the amount of analysis jobs a Cuckoo process goes through. | |
# This can be used together with a watchdog to mitigate risk of memory leaks. | |
max_analysis_count = 0 | |
# Limit the number of concurrently executing analysis machines. | |
# This may be useful on systems with limited resources. | |
# Set to 0 to disable any limits. | |
max_machines_count = 2 | |
# Limit the amount of VMs that are allowed to start in parallel. Generally | |
# speaking starting the VMs is one of the more CPU intensive parts of the | |
# actual analysis. This option tries to avoid maxing out the CPU completely. | |
max_vmstartup_count = 2 | |
# Minimum amount of free space (in MB) available before starting a new task. | |
# This tries to avoid failing an analysis because the reports can't be written | |
# due out-of-diskspace errors. Setting this value to 0 disables the check. | |
# (Note: this feature is currently not supported under Windows.) | |
freespace = 64 | |
# Temporary directory containing the files uploaded through Cuckoo interfaces | |
# (web.py, api.py, Django web interface). | |
tmppath = /tmp | |
# Delta in days from current time to set the guest clocks to for file analyses | |
# A negative value sets the clock back, a positive value sets it forward. | |
# The default of 0 disables this option | |
# Note that this can still be overridden by the per-analysis clock setting | |
# and it is not performed by default for URL analysis as it will generally | |
# result in SSL errors | |
daydelta = 0 | |
# Path to the unix socket for running root commands. | |
rooter = /tmp/cuckoo-rooter | |
[resultserver] | |
# The Result Server is used to receive in real time the behavioral logs | |
# produced by the analyzer. | |
# Specify the IP address of the host. The analysis machines should be able | |
# to contact the host through such address, so make sure it's valid. | |
# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option | |
# `resultserver_ip` for all your virtual machines in machinery configuration. | |
ip = 192.168.100.1 | |
# Specify a port number to bind the result server on. | |
port = 2042 | |
# Force the port chosen above, don't try another one (we can select another | |
# port dynamically if we can not bind this one, but that is not an option | |
# in some setups) | |
force_port = off | |
# Should the server write the legacy CSV format? | |
# (if you have any custom processing on those, switch this on) | |
store_csvs = off | |
# Maximum size of uploaded files from VM (screenshots, dropped files, log) | |
# The value is expressed in bytes, by default 10Mb. | |
upload_max_size = 10485760 | |
[processing] | |
# Set the maximum size of analyses generated files to process. This is used | |
# to avoid the processing of big files which may take a lot of processing | |
# time. The value is expressed in bytes, by default 100Mb. | |
analysis_size_limit = 104857600 | |
# The number of calls per process to process. 0 switches the limit off. | |
# 10000 api calls should be processed in less than 2 minutes | |
analysis_call_limit = 0 | |
# Enable or disable DNS lookups. | |
resolve_dns = on | |
# Enable or disable reverse DNS lookups | |
# This information currently is not displayed in the web interface | |
reverse_dns = off | |
# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature. | |
# Please read "performance" section in the documentation. | |
ram_boost = off | |
# Enable PCAP sorting, needed for the connection content view in the web interface. | |
sort_pcap = on | |
[database] | |
# Specify the database connection string. | |
# Examples, see documentation for more: | |
# sqlite:///foo.db | |
# postgresql://foo:bar@localhost:5432/mydatabase | |
# mysql://foo:bar@localhost/mydatabase | |
# If empty, default is a SQLite in db/cuckoo.db. | |
connection = (Databse is there just not sharing it with the world) :) | |
# Database connection timeout in seconds. | |
# If empty, default is set to 60 seconds. | |
timeout = | |
[timeouts] | |
# Set the default analysis timeout expressed in seconds. This value will be | |
# used to define after how many seconds the analysis will terminate unless | |
# otherwise specified at submission. | |
default = 200 | |
# Set the critical timeout expressed in (relative!) seconds. It will be added | |
# to the default timeout above and after this timeout is hit | |
# Cuckoo will consider the analysis failed and it will shutdown the machine | |
# no matter what. When this happens the analysis results will most likely | |
# be lost. | |
critical = 60 | |
# Maximum time to wait for virtual machine status change. For example when | |
# shutting down a vm. Default is 300 seconds. | |
vm_state = 300 | |
[routing] | |
# Default network routing mode; "none", "internet", or "vpn_name". | |
# In none mode we don't do any special routing - the VM doesn't have any | |
# network access (this has been the default actually for quite a while). | |
# In internet mode by default all the VMs will be routed through the network | |
# interface configured below (the "dirty line"). | |
# And in VPN mode by default the VMs will be routed through the VPN identified | |
# by the given name of the VPN (as per vpn.conf). | |
# Note that just like enabling VPN configuration setting this option to | |
# anything other than "none" requires one to run utils/rooter.py as root next | |
# to the Cuckoo instance (as it's required for setting up the routing). | |
route = none | |
# Network interface that allows a VM to connect to the entire internet, the | |
# "dirty line" so to say. Note that, just like with the VPNs, this will allow | |
# malicious traffic through your network. So think twice before enabling it. | |
# (For example, to route all VMs through eth0 by default: "internet = eth0"). | |
internet = none | |
# Routing table name/id for "dirty line" interface. If "dirty line" is | |
# also default gateway in the system you can leave "main" value. Otherwise add | |
# new routing table by adding "<id> <name>" line to /etc/iproute2/rt_tables | |
# (e.g., "200 eth0"). ID and name must be unique across the system (refer to | |
# /etc/iproute2/rt_tables for existing names and IDs). | |
rt_table = main | |
# To route traffic through multiple network interfaces Cuckoo uses | |
# Policy Routing with separate routing table for each output interface | |
# (VPN or "dirty line"). If this option is enabled Cuckoo on start will try | |
# to automatically initialise routing tables by copying routing entries from | |
# main routing table to the new routing tables. Depending on your network/vpn | |
# configuration this might not be sufficient. In such case you would need to | |
# initialise routing tables manually. Note that enabling this option won't | |
# affect main routing table. | |
auto_rt = no | |
# Inetsim quick deploy, chose your vm manager if is not kvm | |
# wget https://googledrive.com/host/0B6fULLT_NpxMQ1Rrb1drdW42SkE/remnux-6.0-ova-public.ova | |
# tar xvf remnux-6.0-ova-public.ova | |
# qemu-img convert -O qcow2 REMnuxV6-disk1.vmdk remnux.qcow2 | |
inetsim = off | |
inetsim_server = 192.168.122.2 | |
inetsim_dnsport = 53 | |
inetsim_interface = virbr0 | |
# Tor | |
tor = off | |
tor_dnsport = 5353 | |
tor_proxyport = 9040 | |
tor_interface = virbr0 | |
[logging] | |
# Allows to activate log rotate for cuckoo.log and process.log | |
enabled = off | |
# Keep 30 days logs | |
backupCount = 30 | |
[ramfs] | |
# You should know what are you doing | |
# mkdir -p /mnt/ramfs | |
# mount -t tmpfs -o size=50g tmpfs /mnt/ramfs | |
# vim /etc/fstab | |
# tmpfs /mnt/ramfs tmpfs nodev,nosuid,noexec,nodiratime,size=50g 0 0 | |
# sudo chown cuckoo:cuckoo /mnt/ramfs | |
enabled = off | |
path = /mnt/ramfs/ | |
freespace = 2000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment