📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • High-Level Workflow
  • State File Retrieval and Validation
  • REMnux Distro Upgrades
  1. Behind the Scenes
  2. Technologies

REMnux Installer

PreviousSaltStack ManagementNextState Files Without the REMnux Installer

Last updated 4 years ago

The REMnux installer is the tool that starts the installation or upgrade of the REMnux distro. This is a application distributed as a compiled Linux binary. Once installed, the tool is named remnux and resides in /usr/local/bin on REMnux. You can examine its source code in the repository on GitHub.

High-Level Workflow

At a high level, the REMnux installer takes the following actions:

  1. Installs, if necessary, a recent version of , which .

  2. Retrieves the appropriate release of REMnux Salt state files from the repository on GitHub, which describe how SaltStack should install and configure the tools.

  3. Validates that the retrieved state files are properly signed with the REMnux PGP key.

  4. Runs SaltState, directing it to execute state files that correspond to specified installation or upgrade options.

REMnux installer is presently .

State File Retrieval and Validation

The REMnux installer retrieves Salt state files as a compressed archive from the "releases" area of the REMnux/salt-states repository. After extracting the contents, it places them under /var/cache/remnux/cli in a subdirectory named according to the release version.

To validate the digital signature of the retrieved archive, the installer uses the REMnux public PGP key, which is embedded into the installer. To accommodate this, each release of the state files is signed with the corresponding REMnux private PGP key. The key ID is 28CD19DB.

It's possible to , perhaps when experimenting with the installation without relying on the REMnux installer.

REMnux Distro Upgrades

If you already have the REMnux distro installed, you can run the following command to see which releases were published after you last installed or upgraded your distro:

remnux list-upgrades

If you're curious to see the version that you currently have installed, you can list it using:

remnux version

To upgrade your system to the latest version, run the command:

remnux upgrade
Node.js
REMnux/remnux-cli
SaltStack
manages the setup and configuraton of REMnux tools
REMnux/salt-states
invoke retrieve and invoke REMnux' state files by using SaltStack directly
incompatible with non-transparent proxies