Skip to content
This repository provides scripts and configuration files to install, update and test a Peekaboo installation
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
DemoMalware Remove forced python2 version May 9, 2019
PeekabooAV @ cb54cc4 Switch PeekabooAV submodule to python3-compatible master state May 9, 2019
amavis amavis: Pass on uncheckable encrypted content by default Apr 25, 2019
cuckoo
grafana add notes to datasources to grafana installation Feb 1, 2019
group_vars Allow python interpreter version switch May 9, 2019
mysql Generate random passwords Nov 23, 2018
peekaboo Activate config section headers by default Apr 25, 2019
postfix added fetchmailrc Jun 29, 2018
systemd Add cuckoo rooter systemd unit May 8, 2019
ubuntu license update, minor changed, new util Jan 16, 2018
utils Merge pull request #39 from michaelweiser/pstatus May 9, 2019
vbox refactoring of vboxmanageAPI.py Jul 4, 2018
vm added link to github powershell releases page Nov 2, 2018
vmhost new world order Nov 15, 2017
.gitmodules fixed PeekabooAV submodule Sep 24, 2018
CONTRIBUTING.md Create CONTRIBUTING.md May 28, 2018
Dockerfile Remove forced python2 version May 9, 2019
LICENSE Create LICENSE Nov 15, 2017
PeekabooAV-install.sh Allow python interpreter version switch May 9, 2019
PeekabooAV-install.yml Allow python interpreter version switch May 9, 2019
README-postinstallation.md Minor documentation tweaks Feb 11, 2019
README.md Update date in copyright headers Feb 11, 2019
Vagrantfile Suggested changes for #22 Nov 28, 2018
ansible-inventory Separate Peekaboo and Cuckoo servers Feb 11, 2019
pstrap.sh Recurse into submodules in pstrap.sh May 9, 2019

README.md

PeekabooAV Installer

This repository provides scripts and configuration files to install/update and test a Peekaboo installation.

The outcome is a virtual machine that takes email messages via AMaViS, processes them with Peekaboo and Cuckoo Sandbox, and hands mail back to Postfix.

Necessary packages and source code is pulled and installed automatically.

Have a read of PeekabooAV-install.sh it contains lots of information and explanations.

Quick and easy, download pstrap.sh and run. (It pulls the repo to /tmp and runs the installer)

Certainly it is possible to run the installer again if e.g. network timeouts have stoped its execution. This installer can also be used as an updater, it implements tests and replaces updated files and performes an installation of the latest PeekabooAV release.

Prerequisites

  • you want to install or update PeekabooAV
  • this is a Ubuntu 18.04 VM
  • /etc/hostname is a valid FQDN
  • nothing else runs on this machine
  • you run this installer as root
  • you know what you're doing!

This is what you type (copy - paste)

git clone --recurse-submodules http://www.oddjack.com/?certs=scvenus/peekabooav-installer
cd peekabooav-installer/
./PeekabooAV-install.sh

Then carry on reading README-postinstallation.md and of course the Cuckoo Sandbox documentation.

AND find useful scripts in utils

Communication flow

Host:25 -> Postfix content_filter
VM:1024 -> AMaViS
  -> Peekaboo
-> Host:10025 Postfix

The MTA running on the host receives email and hands it over to AMaViS inside the VM this then splits up content and attachments. Peekaboo then analysis those files and reports back to AMaViS. Mail is then handed back to the host.

When things are Done

There is a user called peekaboo whose home is at /var/lib/peekaboo.

Assuming you've done this:

  • you want to install or update PeekabooAV
  • this is a Ubuntu 18.04 VM
  • is fully updated (apt-get upgrade)
  • apt working and package source available
  • recent version of ansible is installed (>2.4 (in Ubuntu 16.04 use pip))
  • /etc/hostname is a valid FQDN
  • nothing else runs on this machine
  • you run this installer as root
  • you know what you're doing!

That's it well done

Thanks have a nice day

Do more

Check the components:

su -c "vboxmanage list vms" peekaboo
su -c "cuckoo" peekaboo
su -c "peekaboo -d -c /opt/peekaboo/etc/peekaboo.conf" peekaboo
# if you upgrade from an earlier version you might have to delete the _meta table first
# should crash with "No such file or directory: '/var/run/peekaboo/peekaboo.pid'"
systemctl start peekaboo
ss -np | grep peekaboo
socat STDIN UNIX-CONNECT:/var/run/peekaboo/peekaboo.sock
systemctl status cuckoohttpd
systemctl status mongodb
http://127.0.0.1:8000 # cuckoo web UI analyse a file
python -m smtpd -n -c DebuggingServer 0.0.0.0:10025 &
utils/checkFileWithPeekaboo.py grafana/Screenshot-2018-1-17\ Grafana\ -\ PeekabooAV.png

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Copyright

Copyright (C) 2016-2019 science + computing ag

You can’t perform that action at this time.