Comments (4)
jxb5151
commented on May 12, 2024
Hello cfossace:
Thanks for giving this a shot! I hopped on and installed the latest version of Ubuntu Server (14.04.3) on a VM and then documented my install process as best I could. Please give this a shot and let me know how it works for you, this went well on my instance. I will make a point to update the documentation with these more detailed steps to support people on different platforms. Thanks for raising this issue.
; Installing Yara
; Base Install
wget https://github.com/plusvic/yara/archive/v3.4.0.tar.gz
tar -xvzf v3.4.0.tar.gz
cd yara-3.4.0/
sudo apt-get install autoconf dh-autoreconf python-dev
./bootstrap.sh
./configure
make
sudo make install
; Python Install
cd yara-python/
python setup.py build
sudo python setup.py install
; Ensure those new libraries can be found
sudo vim /etc/ld.so.conf.d/yara.conf
; add the line '/usr/local/lib' (no quotes)
sudo ldconfig
; Get base packages
sudo apt-get install libpython2.7-stdlib python-pip libffi-dev ssdeep upx unrar libfuzzy-dev unzip
; Setup Python packages
sudo easy_install -U setuptools
sudo pip install czipfile pefile hachoir-parser hachoir-core hachoir-regex hachoir-metadata hachoir-subfile ConcurrentLogHandler pypdf2 xmltodict rarfile ssdeep pylzma oletools
; Get fsf
cd ~
wget https://github.com/EmersonElectricCo/fsf/archive/master.zip
unzip master.zip
vim fsf-master/fsf-server/conf/config.py
; Point YARA_PATH to full path to rules.yara, in my case /home/cartman/fsf-master/fsf-server/yara/rules.yara
cd fsf-master/fsf-server
./main.py start
; Check how it is being locally hosted (netstat -na | grep 5800), by default it is 127.0.0.1, but sometimes that needs to change, like here :)
netstat -na | grep 5800
tcp 0 0 127.0.1.1:5800 0.0.0.0:* LISTEN
; If necessary, change IP_ADDRESS in client config
vim ../fsf-client/conf/config.py
; Finally, test it out!
cd ../fsf-client/
./fsf_client.py ~/fsf-master/docs/Test.zip
; Get all subobjects!
./fsf_client.py ~/fsf-master/docs/Test.zip --full
; You should get a bunch of pretty JSON and a dump of subobjects if you use --full
; Problems? Check out /tmp/daemon.log and or /tmp/dbg.log
; Success? Awesome! If you have any ideas or desire to contribute modules or Yara signatures please share them!
from fsf.
jxb5151
commented on May 12, 2024
Please see the recent changes made to the documentation to better support users on different platforms.
https://github.com/EmersonElectricCo/fsf/blob/master/CHANGELOG.md
https://github.com/EmersonElectricCo/fsf/blob/master/docs/INSTALL.md
from fsf.
cfossace
commented on May 12, 2024
You're creating yara.conf for the first time right? I think because I chose to use gedit over vim, that is why I got this weird error, but the error didn't affect anything, because yara.conf was still created, and I had no further issues after that. :) I think this new error is some root permission thing with gedit, even though it's more of a warning because everything happens as expected.
Thank you so much for your help! This step by step was really useful, as well as the sample files you provided for testing.
from fsf.
jxb5151
commented on May 12, 2024
Anytime, glad it was useful.
I'm not expert on gedit, but from poking around real quick it seems like the preferred method for invoking gedit as with superuser privs is to use gksudo. The warnings can be safely ignored, however you might be able to remedy that completely by updating gtk according to this:
http://askubuntu.com/questions/419783/gtk-warning-calling-inhibit-failed-gdbus-errororg
Happy to see you were able to get things going. Closing this out!
from fsf.
Related Issues (20)
- Question about META_PE_SIGNATURE.py ? HOT 3
- META_JAVA_CLASS returns tuples, which are not supported in JSON HOT 4
- ft_macho yara signature has matching string condition to ft_java_class
- sanitize sample artifact in misc_hexascii_pe_in_html.yara HOT 1
- PE analyzer returns clashing types HOT 3
- Errors When Importing Macholibre HOT 1
- thresholding for alerting
- modular logging outputs
- Extend FSF_RPC to pass more source content
- Docstrings and PEP8 formatting
- setuptools install for fsfclient
- offload initializing loggers, configs, and yara.compile to FSF main process
- Decision: Post Processor Efficiency
- Automated Docker Image Build HOT 1
- RTF Processing Improvement
- Strings based analysis
- Can't get to run HOT 1
- Magic number for exit code
- Scanning frameworks
- Update Dockerfile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fsf.