VMRay Notes.md 2.0 KB
VMRay Notes
DRAFT
VMRay Deployment is currently in progress. Information below is subject to change.
Summary
VMRay Analyzer is a tool to detonate malware in a controlled environment.
Generalized Architecture
VMRay Analyzer consists of a VMRay Server, which coordinates the use of other systems, and one or more bare metal worker machines on which malware detonates. The systems run Ubuntu 20.04 LTS.
The system is deployed in its own account in GovCloud (one for prod, one for test)
Source
documentation and downloads are at: https://portal.vmray.com/customer/login?
Install Log
sudo ua attach <private>
sudo ua enable --assume-yes cis fips fips-updates
sudo /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server
sudo apt update && sudo apt upgrade
sudo reboot
sudo -H pip3 install --upgrade awscli
sudo -H pip3 install --upgrade --force-reinstall awscli
sudo find /usr/local/lib -type f -exec chmod o+r {} \;
aws --region us-gov-east-1 s3 cp s3://afsxdr-binaries/VMRay/extended-kvm-4.2.1.zip .
aws --region us-gov-east-1 s3 cp s3://afsxdr-binaries/VMRay/vmray-4.2.1.zip .
sudo mkdir /usr/local/src/vmray/
sudo chown centos /usr/local/src/vmray/
sudo mv *.zip /usr/local/src/vmray/
cd /usr/local/src/vmray
unzip extended-kvm-4.2.1.zip
unzip vmray-4.2.1.zip
sudo bash install.sh
For server:
Do you want to install or update VMRay Platform Server on this machine (y/n)? y
Do you want to install or update VMRay Platform Worker on this machine (y/n)? n
Do you want to perform an offline installation? (y/n)? n
Do you want to continue (y/n)? y
For the worker:
Do you want to install or update VMRay Platform Server on this machine (y/n)? n
Do you want to install or update VMRay Platform Worker on this machine (y/n)? y
Do you want to install or update Extended KVM on this machine (y/n)? y
Do you want to perform an offline installation? (y/n)? n
Do you want to continue (y/n)? y
... Then back to admin guide for now.