A common way of installing software on Linux distributions derived from Debian, including Ubuntu, is to use the Debian packaging format. Since REMnux is based on Ubuntu, it relies heavily on this format. As a result, many of the tools that SaltStack installs on REMnux are managed using the standard Ubuntu package management system called APT behind the scenes.

Custom Debian Packages

Whenever possible, REMnux installs Debian-formatted packages from the standard Ubuntu repositories. In addition, there is a REMnux-specific repository of custom packages, which is hosted on Launchpad--a website maintaned by Ubuntu's parent company.

As part of the REMnux installation, the remnux.sls Salt file adds the REMnux package repository to the system, so it's available to the APT package manager. The installation also adds other repositories where some packages reside, including the one for SIFT Workstation.

Once built and tested, custom Debian-based packages are digitally signed using the REMnux private key, and are upladed to Launchpad, which validates the signature and makes the available to REMnux systems via the APT package manager.

Other Forms of Installation

In cases where the latest versions of malware analysis tools are not available as Debian-formatted packages, the distro installs the using other packaging formats such as:

• pip for Python

• gems for Ruby on Rails

• npm for Node.js

In some cases, REMnux directs SaltStack to install tools by directly downloading them from GitHub, their authors' websites, or other sources. This is done in situations where the author didn't package the tool using a standard format, and creating a custom Debian package was too time consuming.