Debian Packages
A common way of installing software on Linux distributions derived from Debian, including Ubuntu, is to use the Debian packaging format. Since REMnux is based on Ubuntu, it relies heavily on this format. As a result, many of the tools that SaltStack installs on REMnux are managed using the standard Ubuntu package management system called APT behind the scenes.
Whenever possible, REMnux installs Debian-formatted packages from the standard Ubuntu repositories. In addition, there is a REMnux-specific repository of custom packages, which is hosted on Launchpad--a website maintaned by Ubuntu's parent company.
As part of the REMnux installation, the remnux.sls Salt file adds the REMnux package repository to the system, so it's available to the APT package manager. The installation also adds other repositories where some packages reside, including the one for SIFT Workstation.
Once built and tested, custom Debian-based packages are digitally signed using the REMnux private key, and are upladed to Launchpad, which validates the signature and makes the available to REMnux systems via the APT package manager.
In cases where the latest versions of malware analysis tools are not available as Debian-formatted packages, the distro installs the using other packaging formats such as:
In some cases, REMnux directs SaltStack to install tools by directly downloading them from GitHub, their authors' websites, or other sources. This is done in situations where the author didn't package the tool using a standard format, and creating a custom Debian package was too time consuming.
The Debian-based packaging format offers the highest reliability, because it requires that the package be fully self-contained and not rely on external resources for installation. Installing tools by downloading them from authors' websites is on the other end of the reliability spectrum, and is the least preferred method for managing tools on REMnux.
Last modified 2yr ago