To change the keyboard layout of your REMnux system, perhaps to another language, take the following steps:
Open the Settings window using the command gnome-control-center.
Go to the Region & Language area.
Press the + button in the Input Sources area.
Find the desired input source. You might need to press the â‹® button, scroll down, and press Other to find the desired source.
Select the desired input source and click the Add button.
Close the Settings window.
Sometimes you might need to reboot for the setting to take into effect.
You can switch between the keyboard layouts by clicking the language icon in the top right corner of your desktop. If you need additional guidance, please see this article.
Ubuntu uses a daemon named "systemd-resolved" for resolving DNS queries that you initiate from the system. This daemon listens on the localhost interface on TCP and UDP ports 53. If you're running a tool that attempts to listen on these ports on localhost, your tool might not function properly.
To get around this, reconfigure the tool so it listens on the Ethernet network interface of your REMnux system and not on the localhost network interface.
Alternatively, you can disable the systemd-resolved daemon until the next reboot like this:
sudo systemctl stop systemd-resolved
If you wish to disable systemd-resolved permanently issue the following command. However, note that if you disable this daemon, you will be unable to resolve DNS queries from your REMnux system unless you reconfigure the system's DNS resolver settings. Also, some software, such as OpenVPN and other VPN clients, might not function properly if systemd-resolved is disabled.
sudo systemctl disable systemd-resolved
The REMnux installer is presently not compatible with non-transparent network proxies. You can still set up and use REMnux behind such a proxy, though this will involve applying Salt state files directly, instead of using the REMnux installer to set up and upgrade your REMnux system.
You can start with either a pristine compatible Linux system where you'll either install REMnux from scratch or add REMnux, or you can start with a prebuilt REMnux virtual appliance. Configure that system to use your proxy like you'd configure any Ubuntu system. To do this, you'll usually need to:
​Configure APT to use your proxy by defining the necessary details in /etc/apt/apt.conf.d.
Define environment variables https_proxy, http_proxy, and ftp_proxy to specify your proxy.
If you're not starting with a prebuit REMnux virtual appliance, follow instructions to manually install SaltStack on the system you'll be using for REMnux. Next, modify /etc/salt/minion to include your proxy details:
# Set http proxy information for the minion when doing requestsproxy_host:proxy_port:proxy_username:proxy_password:
Next, to install REMnux or upgrade it later, follow instructions to:
​Invoke SaltStack to install the state file grouping appropriate for you (e.g., remnux.dedicated)
If you have the expertise, consider suggesting a revision to REMnux installer that corrects its inability to connect through non-transparent proxies.
If you set up a REMnux system in a cloud environment, such as AWS, you can not only interact with it using the text-based SSH interface, but also using the graphical Gnome interface that comes with REMnux.
You'll need to activate the SSH daemon on your REMnux system; one way to do this is to run the sshd start command. Before doing this, be sure to harden the configuration of your cloud-based REMnux system and set up SSH authentication according to your requirements and risk tolerance.
One way to remotely interact with REMnux using a graphical interface is to use X11 forwarding through SSH. If you installed REMnux in "addon" mode, you'll need to configure your SSH daemon to support X11 forwarding; in other cases, SSH on REMnux is already set up appropriately.
Next:
Configure the SSH client on your local system to enable X11 forwarding.
Connect to your remote REMnux system using SSH, assuming the SSH daemon on REMnux is configured and active.
Activate X server software on your local system, unless you're running Linux. If you're using Linux as your local system, it will natively support receiving X11 connections. If you're using Windows or macOS, you'll need to install X server software. Xming and VcXsrv for Windows and XQuartz for macOS are reasonable free options.
For an example of performing some of these steps, consider an AWS blog post on setting up X11 forwarding.
Another way to remotely interact with the REMnux graphical environment is to use a VNC tol such as TigerVNC, which you can tunnel over SSH and set up like this:
Install TigerVNC viewer on the local system from which you're planning to access the remote REMnux system.
Connect to your remote REMnux system using SSH, assuming the SSH daemon on REMnux is active.
Install TigerVNC server on your remote REMnux system: sudo apt install -y tigervnc-standalone-server
Set up your VNC password using the vncpasswd command.
On your local system create an SSH tunnel from port 5901 to port 5901 using a command such as ssh -L 5901:localhost:5901
Launch a TigerVNC server on your remote REMnux system: vncserver :1
Start a VNC client on your local system, directing it to connect to localhost:1
There are several ways of transferring files, such as malware samples, in and out of REMnux.
If you're running REMnux as a local VM, one way to transfer files in and out of the VM is to use the copy-and-paste or file transfer capabilities of your hypervisor. If using copy-and-paste, you can place files in and out of the VM by copying them to or from Nautilus, which is the GUI file browsing tool on REMnux.
If REMnux is running in VirtualBox, you can go to the Devices menu of VirtualBox for your REMnux VM and select Shared Folders, Shared Clipboard , and Drag and Drop. To enable this functionality, you need to have Guest Additions installed in the REMnux virtual machine, which is preinstalled as part of the VirtualBox version of the REMnux virtual appliance. The appliance ships with Shared Clipboard and Drag and Drop enabled.
In VMware, similar functionality is supported by the open-vm-tools package, which is prenistalled in the general version of the REMnux virtual appliance and if you installed the distro from scratch using the REMnux installer. You can modify settings of your REMnux virtual machine to disable Drag and Drop and Copy and Paste, if you wish; they're enabled by default. You can also enable Shared Folders, which are disabled by default.
Enabling hypervisor-based file and clipboard sharing capabilities someone increases the risk that if you run malicious code in your REMnux virtual machine, the malware will adversely affect your underlying code. Many analysts consider this an acceptable risk.
Another way to get files in and out of REMnux is to use the SFTP protocol, which is supported by OpenSSH. Unless you installed REMnux in cloud mode or are running REMnux as a Docker container, OpenSSH is disabled by default. You can activate OpenSSH in your VM using the sshd start command. You can then use an SFTP client to connect to or from REMnux; the SFTP client built into REMnux is the command-line tool sftp.
Yet another method to transfer files in and out of REMnux is to use removable media, such as a USB drive. If running REMnux as a VM, you'd need to use your hypervisor to map the USB drive into the virtual machine.
If you are running REMnux as a Docker container, you can invoke the container by mapping a directory on your local system into the container to create a shared location for your files. You can use Docker's -v or --mount parameters when launching the container to achieve this.
If you installed REMnux using one installation mode, for example addon, you can switch to another installation mode, for example dedicated, by taking the following steps:
Edit the /etc/remnux-config and change the mode from addon to dedicated.
Run the command remnux update.
Reboot.
You can install REMnux and SIFT Workstation on the same system to create a powerful toolkit for malware analysis and other digital forensics tasks. Follow the following guidelines to do this: