📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Salt State File to Install an Ubuntu Package
  • Salt State File to Install a pip Package
  • Salt State File to Configure a Tool
  1. Behind the Scenes
  2. Technologies

SaltStack Management

PreviousTechnologiesNextREMnux Installer

Last updated 4 years ago

The REMnux distro uses to automate the installation and configuration of the tools that comprise the distro. This is accomplished using , each one describing the steps necessary to set up the software component. These files are stored in , and are available for your review. Read on to learn how REMnux uses these State Files to manage the configuration of a REMnux system.

REMnux uses SaltStack for locally managing the configuration of the system where the distro is installed. It doesn't use other SaltStack capabilities, such as remote command execution.

A state file can direct SaltStack to install a tool by supporting a variety of formats in which such tools migh be packages, including , , Git repositories, , etc. Each state file represents one aspect of the state in which the system should be after SaltStack runs. The files follow the YAML markup language.

Salt State File to Install an Ubuntu Package

For example, here's the Salt state file for installing , a powerful debugger for examining ELF binaries:

include:
  - remnux.repos.remnux
  - remnux.packages.xterm
  
edb-debugger:
  pkg.installed:
    - pkgrepo: remnux
    - require:
      - sls: remnux.packages.xterm

The line edb-debugger: specifies the name of the Ubuntu package that SaltStack should install. The pkgrepo: remnux line specifies that SaltStack will find this package in the Ubuntu package repository named "remnux." The require statement explains that this package depends on "xterm." The distro also includes state files that explain SaltStack should install and .

Salt State File to Install a pip Package

Here's an example of a Salt state file to install , a Python library for interacting with Zip file archives. SaltStack will use the Python 3 version of pip (pip3), which is installed using , to install pyzipper from the standard PyPI repository of Python software:

include:
  - remnux.packages.python3-pip
  - remnux.python3-packages.pycryptodomex

remnux-python-packages-pyzipper:
  pip.installed:
    - name: pyzipper
    - bin_env: /usr/bin/python3
    - require:
      - sls: remnux.packages.python3-pip
      - sls: remnux.python3-packages.pycryptodomex

Salt State File to Configure a Tool

remnux-config-ghidra-file-preferences:
  file.managed:
    - name: {{ home }}/.ghidra/.ghidra_9.1.2_PUBLIC/preferences 
    - source: salt://remnux/config/ghidra/preferences
    - replace: False
    - user: {{ user }}
    - group: {{ user }}
    - makedirs: True
    - require:
      - user: remnux-user-{{ user }}
    - watch:
      - file: remnux-config-ghidra-gdt-owner

In the example above:

  • replace directs SaltStack not to replace the file if it already exists.

  • user and group specify that the file should be owned by the user and the user's group.

  • makedirs direct SaltStack to create the directory structure so the file can be placed in the location specified by name.

The state file instructions above rely on the values home and user, which are set earlier in the file:

{%- set user = salt['pillar.get']('remnux_user', 'remnux') -%}
{%- if user == "root" -%}
  {%- set home = "/root" -%}
{%- else %}
  {%- set home = "/home/" + user -%}
{%- endif -%}

Since pyzipper depends on the "pycryptodomex" package, which might not be automatically installed by pip, the state file above explicitly specifies as a dependency.

REMnux also uses Salt state files configure the environment and the tools installed as part of the distro. For example, here's a short excerpt from , which is a reverse-engineering tool that includes a disassembler and debugger. (The installation of Ghira is handled using a separate file.)

specifies the desired state of the Ghidra "preferences" file, located in the user's home directory.

source of the file is where this state file resides; this directs SaltStack to copy this file to the location specified by name.

This excerpt from the Ghidra configuration state file uses the "" feature of SaltStack, which gives SaltStack access to named values defined before the state file has a chance to run. In this case, the state file sets the user value by retrieving the pillar variable named remnux_user, which is normally set by ; if it's not available, SaltStack is directed to use the default value "remnux." Further, depending on the user value, the state file sets the home value to point to the user's home directory.

SaltStack
Salt state files
the REMnux/salt-states repository on Github
Ubuntu packages
pip modules
Ruby gems
edb-debgger.sls
edb
the remnux repository
the xterm package
pyzipper.sls
pyzipper
remnux.packages.python3-pip
the state file of pycryptodomex
the Salt state file that configures Ghidra
ghidra.sls
file.managed
the version of "preferences" in the GitHub repository
pillars
the REMnux installer