📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
📄
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
SaltStack Management
REMnux Installer
State Files Without the REMnux Installer
Debian Packages
Website and Docs
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered by GitBook

SaltStack Management

The REMnux distro uses SaltStack to automate the installation and configuration of the tools that comprise the distro. This is accomplished using Salt state files, each one describing the steps necessary to set up the software component. These files are stored in the REMnux/salt-states repository on Github, and are available for your review. Read on to learn how REMnux uses these State Files to manage the configuration of a REMnux system.

REMnux uses SaltStack for locally managing the configuration of the system where the distro is installed. It doesn't use other SaltStack capabilities, such as remote command execution.

A state file can direct SaltStack to install a tool by supporting a variety of formats in which such tools migh be packages, including Ubuntu packages, pip modules, Git repositories, Ruby gems, etc. Each state file represents one aspect of the state in which the system should be after SaltStack runs. The files follow the YAML markup language.

Salt State File to Install an Ubuntu Package

For example, here's the Salt state file edb-debgger.sls for installing edb, a powerful debugger for examining ELF binaries:

include:
  - remnux.repos.remnux
  - remnux.packages.xterm
  
edb-debugger:
  pkg.installed:
    - pkgrepo: remnux
    - require:
      - sls: remnux.packages.xterm

The line edb-debugger: specifies the name of the Ubuntu package that SaltStack should install. The pkgrepo: remnux line specifies that SaltStack will find this package in the Ubuntu package repository named "remnux." The require statement explains that this package depends on "xterm." The distro also includes state files that explain SaltStack should install the remnux repository and the xterm package.

Salt State File to Install a pip Package

Here's an example of a Salt state file pyzipper.sls to install pyzipper, a Python library for interacting with Zip file archives. SaltStack will use the Python 3 version of pip (pip3), which is installed using remnux.packages.python3-pip, to install pyzipper from the standard PyPI repository of Python software:

include:
  - remnux.packages.python3-pip
  - remnux.python3-packages.pycryptodomex
​
remnux-python-packages-pyzipper:
  pip.installed:
    - name: pyzipper
    - bin_env: /usr/bin/python3
    - require:
      - sls: remnux.packages.python3-pip
      - sls: remnux.python3-packages.pycryptodomex

Since pyzipper depends on the "pycryptodomex" package, which might not be automatically installed by pip, the state file above explicitly specifies the state file of pycryptodomex as a dependency.

Salt State File to Configure a Tool

REMnux also uses Salt state files configure the environment and the tools installed as part of the distro. For example, here's a short excerpt from the Salt state file that configures Ghidra, which is a reverse-engineering tool that includes a disassembler and debugger. (The installation of Ghira is handled using a separate ghidra.sls file.)

remnux-config-ghidra-file-preferences:
  file.managed:
    - name: {{ home }}/.ghidra/.ghidra_9.1.2_PUBLIC/preferences 
    - source: salt://remnux/config/ghidra/preferences
    - replace: False
    - user: {{ user }}
    - group: {{ user }}
    - makedirs: True
    - require:
      - user: remnux-user-{{ user }}
    - watch:
      - file: remnux-config-ghidra-gdt-owner

In the example above:

  • ​file.managed specifies the desired state of the Ghidra "preferences" file, located in the user's home directory.

  • source of the file is the version of "preferences" in the GitHub repository where this state file resides; this directs SaltStack to copy this file to the location specified by name.

  • replace directs SaltStack not to replace the file if it already exists.

  • user and group specify that the file should be owned by the user and the user's group.

  • makedirs direct SaltStack to create the directory structure so the file can be placed in the location specified by name.

The state file instructions above rely on the values home and user, which are set earlier in the file:

{%- set user = salt['pillar.get']('remnux_user', 'remnux') -%}
{%- if user == "root" -%}
  {%- set home = "/root" -%}
{%- else %}
  {%- set home = "/home/" + user -%}
{%- endif -%}

This excerpt from the Ghidra configuration state file uses the "pillars" feature of SaltStack, which gives SaltStack access to named values defined before the state file has a chance to run. In this case, the state file sets the user value by retrieving the pillar variable named remnux_user, which is normally set by the REMnux installer; if it's not available, SaltStack is directed to use the default value "remnux." Further, depending on the user value, the state file sets the home value to point to the user's home directory.

Behind the Scenes - Previous
Technologies
Next
REMnux Installer
Last updated 2 weeks ago
Contents
Salt State File to Install an Ubuntu Package
Salt State File to Install a pip Package
Salt State File to Configure a Tool