|
|
@@ -1,8 +1,11 @@
|
|
|
# VMRay Notes
|
|
|
|
|
|
-**DRAFT**
|
|
|
+## QUick Reference
|
|
|
|
|
|
-VMRay Deployment is currently in progress. Information below is subject to change.
|
|
|
+Prod: https://vmray.pvt.xdr.accenturefederalcyber.com
|
|
|
+Test: https://vmray.pvt.xdrtest.accenturefederalcyber.com
|
|
|
+
|
|
|
+VPN Required. SAML signon enabled.
|
|
|
|
|
|
# Summary
|
|
|
VMRay Analyzer is a tool to detonate malware in a controlled environment.
|
|
|
@@ -13,49 +16,12 @@ VMRay Analyzer consists of a VMRay Server, which coordinates the use of other sy
|
|
|
|
|
|
The system is deployed in its own account in GovCloud (one for prod, one for test)
|
|
|
|
|
|
+Test does not have a license, so will remain shutdown/disabled/unconfigured most of the time, and with 0 workers.
|
|
|
+
|
|
|
# Source
|
|
|
|
|
|
documentation and downloads are at: https://portal.vmray.com/customer/login?
|
|
|
|
|
|
### Install Log
|
|
|
|
|
|
-```
|
|
|
-sudo ua attach <private>
|
|
|
-sudo ua enable --assume-yes cis fips fips-updates
|
|
|
-sudo /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server
|
|
|
-sudo apt update && sudo apt upgrade
|
|
|
-sudo reboot
|
|
|
-
|
|
|
-
|
|
|
-sudo -H pip3 install --upgrade awscli
|
|
|
-sudo -H pip3 install --upgrade --force-reinstall awscli
|
|
|
-sudo find /usr/local/lib -type f -exec chmod o+r {} \;
|
|
|
-aws --region us-gov-east-1 s3 cp s3://afsxdr-binaries/VMRay/extended-kvm-4.2.1.zip .
|
|
|
-aws --region us-gov-east-1 s3 cp s3://afsxdr-binaries/VMRay/vmray-4.2.1.zip .
|
|
|
-sudo mkdir /usr/local/src/vmray/
|
|
|
-sudo chown centos /usr/local/src/vmray/
|
|
|
-sudo mv *.zip /usr/local/src/vmray/
|
|
|
-cd /usr/local/src/vmray
|
|
|
-unzip extended-kvm-4.2.1.zip
|
|
|
-unzip vmray-4.2.1.zip
|
|
|
-sudo bash install.sh
|
|
|
-```
|
|
|
-
|
|
|
-For server:
|
|
|
-```
|
|
|
-Do you want to install or update VMRay Platform Server on this machine (y/n)? y
|
|
|
-Do you want to install or update VMRay Platform Worker on this machine (y/n)? n
|
|
|
-Do you want to perform an offline installation? (y/n)? n
|
|
|
-Do you want to continue (y/n)? y
|
|
|
-```
|
|
|
-
|
|
|
-For the worker:
|
|
|
-```
|
|
|
-Do you want to install or update VMRay Platform Server on this machine (y/n)? n
|
|
|
-Do you want to install or update VMRay Platform Worker on this machine (y/n)? y
|
|
|
-Do you want to install or update Extended KVM on this machine (y/n)? y
|
|
|
-Do you want to perform an offline installation? (y/n)? n
|
|
|
-Do you want to continue (y/n)? y
|
|
|
-```
|
|
|
-
|
|
|
-... Then back to admin guide for now.
|
|
|
+Use the 'vmray' salt state to install and configure.
|
Fred Damstra [afs macbook]