📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Changing the Keyboard Layout
  • Localhost Listener on TCP and UDP Ports 53
  • REMnux Behind a Non-Transparent Proxy
  • GUI Interactions When REMnux Is in the Cloud
  • X11 Forwarding
  • VNC Access
  • Transferring Files In and Out of REMnux
  • Virtual Machine Tools
  • SFTP
  • Removable Media
  • Mapping Files into the Container
  • Switching REMnux Installation Mode After the Install
  • Combining REMnux and SIFT Workstation
  1. Tips and More

REMnux Configuration Tips

PreviousLicenseNextREMnux Tool Tips

Last updated 3 years ago

Changing the Keyboard Layout

To change the keyboard layout of your REMnux system, perhaps to another language, take the following steps:

  1. Open the Settings window using the command gnome-control-center.

  2. Go to the Region & Language area.

  3. Press the + button in the Input Sources area.

  4. Find the desired input source. You might need to press the â‹® button, scroll down, and press Other to find the desired source.

  5. Select the desired input source and click the Add button.

  6. Close the Settings window.

Sometimes you might need to reboot for the setting to take into effect.

You can switch between the keyboard layouts by clicking the language icon in the top right corner of your desktop. If you need additional guidance, please .

Localhost Listener on TCP and UDP Ports 53

Ubuntu uses a daemon named "systemd-resolved" for resolving DNS queries that you initiate from the system. This daemon listens on the localhost interface on TCP and UDP ports 53. If you're running a tool that attempts to listen on these ports on localhost, your tool might not function properly.

To get around this, reconfigure the tool so it listens on the Ethernet network interface of your REMnux system and not on the localhost network interface.

Alternatively, you can disable the systemd-resolved daemon until the next reboot like this:

sudo systemctl stop systemd-resolved

If you wish to disable systemd-resolved permanently issue the following command. However, note that if you disable this daemon, you will be unable to resolve DNS queries from your REMnux system unless you reconfigure the system's DNS resolver settings. Also, some software, such as OpenVPN and other VPN clients, might not function properly if systemd-resolved is disabled.

sudo systemctl disable systemd-resolved

REMnux Behind a Non-Transparent Proxy

  • Define environment variables https_proxy, http_proxy, and ftp_proxy to specify your proxy.

# Set http proxy information for the minion when doing requests
proxy_host:
proxy_port:
proxy_username:
proxy_password:

Next, to install REMnux or upgrade it later, follow instructions to:

GUI Interactions When REMnux Is in the Cloud

If you set up a REMnux system in a cloud environment, such as AWS, you can not only interact with it using the text-based SSH interface, but also using the graphical Gnome interface that comes with REMnux.

You'll need to activate the SSH daemon on your REMnux system; one way to do this is to run the sshd start command. Before doing this, be sure to harden the configuration of your cloud-based REMnux system and set up SSH authentication according to your requirements and risk tolerance.

X11 Forwarding

Next:

  1. Configure the SSH client on your local system to enable X11 forwarding.

  2. Connect to your remote REMnux system using SSH, assuming the SSH daemon on REMnux is configured and active.

VNC Access

  1. Install TigerVNC viewer on the local system from which you're planning to access the remote REMnux system.

  2. Connect to your remote REMnux system using SSH, assuming the SSH daemon on REMnux is active.

  3. Install TigerVNC server on your remote REMnux system: sudo apt install -y tigervnc-standalone-server

  4. On your local system create an SSH tunnel from port 5901 to port 5901 using a command such as ssh -L 5901:localhost:5901

  5. Launch a TigerVNC server on your remote REMnux system: vncserver :1

  6. Start a VNC client on your local system, directing it to connect to localhost:1

Transferring Files In and Out of REMnux

There are several ways of transferring files, such as malware samples, in and out of REMnux.

Virtual Machine Tools

If REMnux is running in VirtualBox, you can go to the Devices menu of VirtualBox for your REMnux VM and select Shared Folders, Shared Clipboard , and Drag and Drop. To enable this functionality, you need to have Guest Additions installed in the REMnux virtual machine, which is preinstalled as part of the VirtualBox version of the REMnux virtual appliance. The appliance ships with Shared Clipboard and Drag and Drop enabled.

In VMware, similar functionality is supported by the open-vm-tools package, which is prenistalled in the general version of the REMnux virtual appliance and if you installed the distro from scratch using the REMnux installer. You can modify settings of your REMnux virtual machine to disable Drag and Drop and Copy and Paste, if you wish; they're enabled by default. You can also enable Shared Folders, which are disabled by default.

Enabling hypervisor-based file and clipboard sharing capabilities someone increases the risk that if you run malicious code in your REMnux virtual machine, the malware will adversely affect your underlying code. Many analysts consider this an acceptable risk.

SFTP

Removable Media

Yet another method to transfer files in and out of REMnux is to use removable media, such as a USB drive. If running REMnux as a VM, you'd need to use your hypervisor to map the USB drive into the virtual machine.

Mapping Files into the Container

Switching REMnux Installation Mode After the Install

If you installed REMnux using one installation mode, for example addon, you can switch to another installation mode, for example dedicated, by taking the following steps:

  1. Edit the /etc/remnux-config and change the mode from addon to dedicated.

  2. Run the command remnux update.

  3. Reboot.

Combining REMnux and SIFT Workstation

The is presently not compatible with non-transparent network proxies. You can still set up and use REMnux behind such a proxy, though this will involve applying directly, instead of using the REMnux installer to set up and upgrade your REMnux system.

You can start with either a pristine compatible Linux system where you'll either from scratch or , or you can start with a prebuilt . Configure that system to use your proxy like you'd configure any Ubuntu system. To do this, you'll usually need to:

by defining the necessary details in /etc/apt/apt.conf.d.

If you're not starting with a prebuit REMnux virtual appliance, follow on the system you'll be using for REMnux. Next, modify /etc/salt/minion to include your proxy details:

appropriate for you (e.g., remnux.dedicated)

If you have the expertise, that corrects its inability to connect through non-transparent proxies.

One way to remotely interact with REMnux using a graphical interface is to use X11 forwarding through SSH. If you , you'll need to configure your SSH daemon to support X11 forwarding; in other cases, SSH on REMnux is already set up appropriately.

Activate X server software on your local system, unless you're running Linux. If you're using Linux as your local system, it will natively support receiving X11 connections. If you're using Windows or macOS, you'll need to install X server software. and for Windows and for macOS are reasonable free options.

For an example of performing some of these steps, consider an AWS blog post on .

Another way to remotely interact with the REMnux graphical environment is to use a VNC tol such as , which you can tunnel over SSH and set up like this:

Set up your VNC password using the command.

If you're running REMnux as a local VM, one way to transfer files in and out of the VM is to use the copy-and-paste or file transfer capabilities of your hypervisor. If using copy-and-paste, you can place files in and out of the VM by copying them to or from , which is the GUI file browsing tool on REMnux.

Another way to get files in and out of REMnux is to use the SFTP protocol, which is supported by . Unless you installed REMnux in cloud mode or are running , OpenSSH is disabled by default. You can activate OpenSSH in your VM using the sshd start command. You can then use an SFTP client to connect to or from REMnux; the SFTP client built into REMnux is the command-line tool sftp.

If you are running , you can invoke the container by mapping a directory on your local system into the container to create a shared location for your files. You can use when launching the container to achieve this.

You can install REMnux and on the same system to create a powerful toolkit for malware analysis and other digital forensics tasks. Follow the following guidelines to do this:

see this article
REMnux installer
Salt state files
install REMnux
add REMnux
REMnux virtual appliance
Configure APT to use your proxy
instructions to manually install SaltStack
Retrieve the latest REMnux Salt state files.
Invoke SaltStack to install the state file grouping
consider suggesting a revision to REMnux installer
installed REMnux in "addon" mode
Xming
VcXsrv
XQuartz
setting up X11 forwarding
TigerVNC
vncpasswd
REMnux as a Docker container
Docker's -v or --mount parameters
SIFT Workstation
Install REMnux and SIFT Workstation on a traditional Linux system.
Install REMnux and SIFT Workstation on Windows Subsystem for Linux (WSL).
REMnux as a Docker container
Nautilus
OpenSSH