📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Step 1: Install Ubuntu 20.04
  • Step 2: Get the REMnux Installer
  • Step 2: Install Dependencies
  • Step 3: Run the REMnux Installer
  • Step 4: Reboot the REMnux System
  • Step 5: Review Configuration Tweaks Specific to Your Hypervisor
  • Step 6: Take a Snapshot of the Virtual Machine
  1. Install the Distro

Install from Scratch

PreviousGet the Virtual ApplianceNextAdd to an Existing System

Last updated 6 months ago

If is impractical or you prefer to customize all aspects of the system, you can build a dedicated REMnux environment from scratch by taking the following steps. This allows you to install the REMnux distro on a physical host or a virtual machine.

REMnux is based on an x86/amd64 version of Ubuntu, and won't run on an ARM processor such as Apple M1.

Step 1: Install Ubuntu 20.04

If you're looking to recreate the lightweight environment provided by the REMnux pre-built virtual appliance, start with the 64-bit minimal Ubuntu 20.04 ISO installation file.

SHA-256 hash of the file should be:

0e79e00bf844929d40825b1f0e8634415cda195ba23bae0b041911fde4dfe018

Install Ubuntu 20.04 using the downloaded ISO installer. It's OK to follow default settings, but be sure to adjust them according to your needs.

If you're installing Ubuntu in a virtual machine, allocate resources based on what you have available. REMnux is a relatively lightweight distro, but the more you allocate to it, the faster it will run. For your refrence, the ships with 4 GB RAM and 60 GB disk.

When the Ubuntu installer prompts you for details about the user it will create, select the following to stay consistent with the default configuration of REMnux:

Full name: REMnux User Username: remnux Password: malware

At the "Software selection" screen don't select any software and simply press "Continue." The REMnux installer will install the necessary packages in a later step.

Boot into your new Ubuntu system. You should find yourself at the command prompt. Login using the credentials you specified during the Ubuntu installation.

Step 2: Get the REMnux Installer

Download the REMnux installer from the REMnux website by running this command on your new Ubuntu system:

wget https://REMnux.org/remnux-cli

Validate that the SHA-256 hash of the downloaded file to make sure it matches this expected value:

c8c6d6830cfeb48c9ada2b49c76523c8637d95dc41d00aac345282fb47021f8e

To generate the hash of your file, run:

sha256sum remnux-cli

Set up the REMnux installer by running these commands:

mv remnux-cli remnux
chmod +x remnux
sudo mv remnux /usr/local/bin

Step 2: Install Dependencies

The minimal version of Ubuntu includes very few components. Install GnuPG, so that the REMnux installer can automatically validate the signature of the REMux configuration files it will download during the installation process. You might also need to install the curl package. To do this, run:

sudo apt install -y gnupg curl

Step 3: Run the REMnux Installer

You're now ready to install the REMnux distro.

If you're planning to run REMnux in a local lab, kick off the installation by runing this command:

sudo remnux install

If you're depoying REMnux in a remote cloud environment and will need to keep the SSH daemon enabled for remotely accessing the system, use the following command instead to avoid disabling the SSH daemon. Remember to harden the system after it installs to avoid unauthorized logins:

sudo remnux install --mode=cloud

The installation will take about an hour, depending on your resources and internet connection.

If the REMnux installer produces an error, diagnose the issue by reviewing the saltstack.log file under /var/cache/remnux/cli in the subdirectory that matches the REMnux state-files version you're installing. Search for the log file for result: false messages and look at the surrounding 5 lines or the 8 lines above each message to see the state file that caused the issue. (grep -i -C 5 'result: false' or grep -i -B 8 'result: false').

Step 4: Reboot the REMnux System

Once the REMnux installation finishes, reboot your new REMnux system by typing:

sudo reboot

After the reboot, REMnux will automatically log you in. There is no logon screen for accessing the REMnux environment, because analysts generally use REMnux on a system to which physical access is already restricted.

Step 5: Review Configuration Tweaks Specific to Your Hypervisor

Step 6: Take a Snapshot of the Virtual Machine

If you installed REMnux inside a virtual machine, consider taking a snapshot of the VM, so you can return it to a known good state if the need arises.

If necessary, of your system to match your locale and setup.

To keep your REMnux environment up-to-date run the REMnux installer periodically as described in the section.

Depending on the hypervisor you're using, you might need to implement a few configuration tweaks to address or preempt issues with your REMnux virtual machine. Please review the before considering your installation finalized.

starting with a pre-built virtual appliance
Download the Ubuntu 20.04 mini ISO image.
prebuilt REMnux virtual appliance
Keep the Distro Up to Date
change the keyboard layout
Special Hypervisor Requirements