Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

Linux Guest no behavior log #3060

Open
vinceplayer opened this issue Jun 29, 2020 · 3 comments
Open

Linux Guest no behavior log #3060

vinceplayer opened this issue Jun 29, 2020 · 3 comments

Comments

@vinceplayer
Copy link

vinceplayer commented Jun 29, 2020
edited
Loading

My issue is:

I installed an agent on a Guest machine (Debian9- Ubuntu 18.04.3) and the stap compilation procedure is ok. But when I send simple files with the cuckoo submit command, which are sh scripts, simple test files, url I don't have any behavior.

My Cuckoo version and operating system are:

Cuckoo-Host: 19.04
Cuckoo-Guest: Debian9 - Ubuntu 18.04.3
Agent: 0.10

This can be reproduced by:
The log, error, files etc can be found at:

cuckoo -d
File submit (sample sh)
task #3 live log analysis.log initialized task #3 file upload for 'logs/all.stap task #3 uploaded file length: 19490 analysys #3 still processing analysys #3 still processing analysys #3 still processing

2020-06-29 15:59:53,004 [root] DEBUG: Starting analyzer from: /tmpmfS9np
2020-06-29 15:59:53,005 [root] DEBUG: Storing results at: /tmp/SRrjFmdrK
2020-06-29 15:59:53,005 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-06-29 15:59:53,005 [root] INFO: Automatically selected analysis package "generic"
2020-06-29 15:59:55,334 [modules.auxiliary.stap] INFO: STAP aux module startup took 2.30 seconds
2020-06-29 15:59:55,335 [root] DEBUG: Started auxiliary module STAP
2020-06-29 15:59:55,338 [root] INFO: Added new process to list with pid: 18763
2020-06-29 15:59:56,340 [root] INFO: Process with pid 18763 has terminated
2020-06-29 15:59:56,341 [root] INFO: Process list is empty, terminating analysis.
2020-06-29 15:59:57,342 [modules.auxiliary.stap] DEBUG: stap subprocess retval None
2020-06-29 15:59:57,344 [root] INFO: Analysis completed.

execut various modules but score is 0 without a report
@hkozushk
Copy link

hkozushk commented Sep 1, 2020

I'm currently in the same boat as you, and you've obviously modified the analyzer code and re-compiled the host from source to resolve the #2823 issue. Have you resovled this? I haven't and it looks like cuckoo sandbox is not supported as far as linux is concerned. I've worked with 18.04 and 20.04 with the same outcome. I would appreciate any update you have. ;-)

@hkozushk
Copy link

hkozushk commented Sep 3, 2020

Good news, the reports exist and are populated in my instance, just not being presented in the UI. For the submission go the following folder relative to CWD: .cuckoo/storage/analyses/. In that directory you will probably see a few files: ./logs/all.stap, and ./reports/report.json. They are populated in my case, just not being displayed for some reason.

@nadir3392
Copy link

Hello everyone,
I have the same probleme with you @hkozushk , i am trying to find a solution, if you have any news please share.
thank's.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vinceplayer @nadir3392 @hkozushk