📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • 1. Install Git and Docker
  • 2. Clone the REMnux/salt-state Repository
  • 3. Create the Salt State File
  • 4. Test the Salt State File
  • 5. Add Metadata to the Salt State File
  • 6. Create a Pull Request
  1. Get Involved
  2. Add or Update Tools

Contribute a Salt State File

PreviousAdd or Update ToolsNextContribute a Debian Package

Last updated 3 years ago

If there's a malware analysis tool you'd like to see as part of the REMnux distro, consider creating the Salt State file that would allow the tool to be included. The following steps explain how you can build such a file.

Before starting this work, consider to confirm that it makes sense to include the tool as part of REMnux. Also, become familiar with the way REMnux uses to manage the installation and configuration of tools.

1. Install Git and Docker

Follow the steps appropriate for your Operating System to install and on your system.

2. Clone the REMnux/salt-state Repository

Get a copy of the current REMnux/salt-state repository, which contains the REMnux Salt State files. A common way to do this is to run:

git clone https://github.com/REMnux/salt-states.git

3. Create the Salt State File

Determine in which subdirectory under salt-states/remnux your new Salt State file should reside. Common locations are:

  • For Ubuntu packages: packages

  • For Python packages: python-packages

  • For tools distributed as compiled or JAR files: tools

  • For scipts that aren't installable using a package manager: scripts

Instead of attempting to create a file from scratch, consider identifying a State File that operates similarly to what you have in mind, and copying its contents to form the basis of your new file.

The State File should fully describe all dependencies of the software you're aiming to install. When crafting the file, assume that the installation will occur on a pristine, minimal system without any existing packages. Be sure to explicitly specify all the dependencies.

4. Test the Salt State File

Once you're at the command prompt inside the tester container, direct SaltStack to process your new Salt State file by running this command in the container:

salt-call -l debug --local --retcode-passthrough --state-output=mixed state.sls STATE-PATH

In the command above, replace "STATE-PATH" with the Salt Stack path to your new file using dots instead of slashes. For example, if you were running peframe.sls, which is in remnux/python-packages, you'd specify remnux.python-packages.peframe.

The command will produce verbose debug-level output, so you can diagnose any issues. Adjust your new Salt State file to address whichever problems arise, so the salt-call command completes successfully.

5. Add Metadata to the Salt State File

To make sure the tool is properly included in the REMnux tool listing, included the following metadata comments on top of your Salt State file to describe the tool:

# Name: 
# Website: 
# Description: 
# Category: 
# Author: 
# License: 
# Notes: 

6. Create a Pull Request

Once the State File is ready, test it locally by running it in a Docker container. The easiest way to do it is to run the script, which is a part of the REMnux/salt-state repository in the .ci directory.

The dev-state.sh script is a wrapper around Docker. It retrieves and launches the baseline container "" built for testing State Files for and REMnux distros. The container is just the base Ubuntu OS without any optional packages, plus Salt Stack. This minimal state allows you to confirm that the State File you'll be testing specifies all the dependencies for the new tool.

Once you have a working, tested Salt State file in the local copy of the REMnux/salt-states repoistory, for that repo, so your file may be considered for inclusion in the REMnux distro. If the pull request isn't working, consider submitting the file to Lenny Zeltser .

reaching out to Lenny Zeltser
Salt Stack
Git
Docker
dev-state.sh
teamdfir/sift-saltstack-tester
SIFT Workstation
create a GitHub pull request
by email