Once you purchase a license for the service, you will receive the following emails:
•an email that includes links to the product distribution and images of virtual machines where the analysis will be carried out,
•an email with a license key file.
In addition, a Guardant dongle will be sent to you by postal service.
Make sure to do the following before starting the installation:
1.Wipe the SSD drive where you plan to install Dr.Web vxCube components. If it has partitions, delete them.
2.Connect the Guardant dongle to the device where you intend to deploy Dr.Web vxCube. This is required for analyses to run. If you are going to deploy Dr.Web vxCube on several devices, you will need individual Guardant dongles for each of the devices.
3.Download the product distribution, virtual machine images, and the key file from the emails that you received. Unpack the downloaded archives.
4.Put the Dr.Web vxCube license key into confs/vxcube.key.
5.Put distribution files and images into the following directories:
•SSL certificates required for connecting with VPN servers and specified in the vars-user.yml file (the openvpn_client_servers variable) to the confs/openvpn.crt, confs/openvpn.key, and confs/openvpn_ca.crt directories;
|
SSL certificates are not supplied with Dr.Web vxCube; you need to obtain them separately. |
•the received Windows virtual machine .tar.gz images and all .tar.gz.ver and .tar.gz.hash files to the vm-images-win directory;
•the received Android virtual machine .vdi images and all .vdi.hash and .vdi.ver files to the vm-images-andr directory;
•the received Linux virtual machine .tar.gz images and all .tar.gz.hash and .tar.gz.ver files to the vm-images-linux directory.
|
You can also put the virtual machine images into the directories you want. For this, specify the directories in the vars-default.yml file (in the hyperbox_images_repo, dimas_images_repo, and linuxbox_images_repo variables). |
6.If you want to integrate Dr.Web vxCube with MailD, you need an SSL certificate. If you don’t have this, generate it like this:
openssl dhparam -out web_dhparam.pem 2048 |
7.If you want Dr.Web vxCube to support the HTTPS protocol, do the following:
•create the confs/web_ssl.crt and confs/web_ssl.key files;
•create the confs/web_dhparam.pem file (if you have skipped step 5).
•in the vars-default.yml file, uncomment the following variables: vxcube_web_ssl_cert, vxcube_web_ssl_privkey, and vxcube_web_dhparam.
8.Make sure that all servers where you intend to deploy Dr.Web vxCube components have the following packages installed: make, python3-venv, and sshpass. If not, install them as follows:
sudo apt-get install make |
|
When you issue the make command, it creates a Python virtual environment and installs packages required to run the appropriate Ansible version. If you use a Python repository other than pipy.org, set it in the environment variables, for example: export PIP_INDEX_URL=https://devpi.local Alternatively, add the following to the run command: PIP_INDEX_URL=https://devpi.local |
9.Enable support of systemd-networkd.socket as follows:
sudo systemctl stop systemd-networkd.service |
10.(Only if you intend to install Dr.Web vxCube on a computer running Astra Linux) Update to OS Astra Linux 1.7.6. The /etc/apt/sources.list file must contain the following repositories:
# Extended repository deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-extended/ 1.7_x86-64 main contrib non-free # Astra 1.7.6 repository deb http://dl.astralinux.ru/astra/frozen/1.7_x86-64/1.7.6/repository-main/ 1.7_x86-64 main contrib non-free deb http://dl.astralinux.ru/astra/frozen/1.7_x86-64/1.7.6/repository-update/ 1.7_x86-64 main contrib non-free deb http://dl.astralinux.ru/astra/frozen/1.7_x86-64/1.7.6/repository-base/ 1.7_x86-64 main contrib non-free |
11.After updating the repositories, run the following commands:
sudo apt update |
12.Edit the installation settings. To do this, assign a value for each variable in the vars-user.yml file. All the variables in this file must have an assigned value. The detailed description of the variables is given in the file and in the following table below:
The description of variables contained in vars-user.yml
Variable |
Description |
|---|---|
vxcube_web_superuser_email |
The email of a Dr.Web vxCube administrator. A user with this email will be created after the web UI is installed. |
vxcube_web_superuser_pass |
An administrator password. You can define a password: vxcube_web_superuser_pass: "example_password" Alternatively, it can be automatically generated: vxcube_web_superuser_pass: "{{ lookup('password', 'credentials/vxcube_web_superuser_pass length=10 chars=ascii_letters,digits') }}" The generated password will be saved in the file credentials/vxcube_web_superuser_pass. |
hyperbox_ssds |
The list of SSD drives available on the server. Example of a variable value for two drives: hyperbox_ssds: - sdb - sdc |
vxcube_os_count |
The maximum number of simultaneously running virtual machines with Windows OS. Keep in mind the technical limitations of the computer when choosing a value for this variable. The optimal value can be calculated by the formula: <vxcube_os_count> = <number of cores * 1.5> / <number of different OS types> For example, on a 48-core server running four different operating systems, you can set vxcube_os_count to 18. |
vxcube_os_clone_threads |
The number of threads used to clone virtual machines. Keep in mind the technical limitations of the computer when choosing a value for this variable. For example, for two SSD drives and a 48-core CPU, the number of threads must not exceed 15. |
openvpn_client_servers |
The list of VPN servers for routing traffic from virtual machines. You have the option to input several servers in the variable. If the first server stops responding, the next one in the list will be used. Please note that vxcube-installer does not deploy a VPN server. To do this, you need to configure a VPN server on your own. See Appendix C. Configuring a separate VPN server. Variable value format: openvpn_client_servers: - host: xx.xx.xx.xx port: 1194 |
vboxnet_vpn_gateway |
The IP address of the gateway inside the VPN network, through which the traffic will be redirected. It is usually the first host in the subnet. For example, if the internal VPN network uses the subnet 10.0.42.0/24, then the gateway IP address will be 10.0.42.1. |
evparser_max_workers_count |
The maximum number of running threads used by the behavior analysis service. Keep in mind the technical limitations of the computer when choosing a value for this variable. We recommend that you set the value equal to vxcube_os_count. |
evparser_min_workers_count |
The minimum number of running threads used by the behavior analysis service. The threads will keep running, even if there are no tasks. We recommend that you set the value equal to 20% of evparser_max_workers_count. |
evparser_srv_autoscale |
The maximum and minimum possible number of running threads used by the behavior analysis service. Variable value format: "<max_worker_num>,<min_worker_num>" Example: evparser_srv_autoscale: "10,1" |
drweb_srv_autoscale |
Maximum and minimum number of threads used by the anti-virus for scanning files. Variable value format: "<max_worker_num>,<min_worker_num>". For example: drweb_srv_autoscale: "10,1" We recommend that you set the values the following way: max_worker_num equal to vxcube_os_count, min_worker_num to 20% of max_worker_num. |
yara_srv_autoscale |
Maximum and minimum number of threads used by YARA. Variable value format: "<max_worker_num>,<min_worker_num>". Example: yara_srv_autoscale: "10,1" We recommend that you set the values the following way: max_worker_num equal to vxcube_os_count, min_worker_num to 20% of max_worker_num. |
You may also configure variables in the vars-default.yml file. The detailed description of the variables is given in the file and in the following table below:
The description of variables contained in vars-default.yml
Variable |
Description |
|---|---|
vxcube_local_hostname |
Name of the host when deploying on local server. |
vxcube_ftp_user |
Login name of an FTP user. It is used for deploying samples on the FTP server. Example: vxcube_ftp_user: "vxcube_ftp" |
vxcube_ftp_pass |
A password for the FTP user specified in the vxcube_ftp_user variable. By default, a password is randomly generated and stored in the credentials/vxcube_ftp_pass file. If a password was previously generated and saved in the credentials/vxcube_ftp_pass file, it will be used. Example: vxcube_ftp_pass: "{{ lookup('password', 'credentials/vxcube_ftp_pass length=10 chars=ascii_letters,digits') }}" |
vxcube_web_db_pass |
Database password. By default, a password is randomly generated and stored in the credentials/vxcube_web_db_pass file. Example: vxcube_web_db_pass: "{{ lookup('password', 'credentials/vxcube_web_db_pass length=10 chars=ascii_letters,digits') }}" |
vxcube_web_ssl_cert |
Path to the .crt certificate. By default, it is stored at confs/web_ssl.crt. Example: vxcube_web_ssl_cert: "{{ lookup('file', 'confs/web_ssl.crt') }}" |
vxcube_web_ssl_privkey |
Path to the .key private key. By default, it is stored at confs/web_ssl.key. Example: vxcube_web_ssl_privkey: "{{ lookup('file', 'confs/web_ssl.key') }}" |
vxcube_web_dhparam |
Path to the .pem Diffie-Hellman key. By default, it is stored at confs/web_dhparam.pem. Example: vxcube_web_dhparam: "{{ lookup('file', 'confs/web_dhparam.pem') }}" |
vxcube_web_mail_server |
IP address or domain name of the SMPT server. Example: vxcube_web_mail_server: "localhost" By default: localhost. |
vxcube_web_recaptcha_site_key |
Website key, which is used for reCAPTCHA. Example: vxcube_web_recaptcha_site_key: SITE_KEY //<website key> Values are provided after domain registration on https://www.google.com/recaptcha/admin. |
vxcube_web_recaptcha_secret |
Secret key, which is used for reCAPTCHA. Example: vxcube_web_recaptcha_secret: SECRET_KEY //<secret key> Values are provided after domain registration on https://www.google.com/recaptcha/admin. |
vxcube_web_check_exchange_min |
FTP server directory check period in minutes. Possible values: from 1 to 60. Example: vxcube_web_check_exchange_min: "5" |
vxcube_web_keep_free_space_percent |
If the value of this variable is lower than the free disk space, old reports will not be deleted. Value is a percentage. Example: vxcube_web_keep_free_space_percent: "30" |
vxcube_web_keep_exchange_hours |
Minimum period for storing files if insufficient disk space. Value is in hours. If the variable is set to 0.5, any files created within the last half hour will not be deleted. Example: vxcube_web_keep_exchange_hours: "0,5" |
vxcube_web_keep_reports |
Minimum time before an existing report is considered old and will be deleted. Value is in minutes. Example: vxcube_web_keep_reports: "20m" |
vxcube_web_reports_clean_period_min |
Frequency at which the task runs to delete old reports. Value is in minutes. Example: vxcube_web_reports_clean_period_min: "5" |
vxcube_web_fail_free_space_percent |
Threshold of free disk space where tasks will terminate with an error. Value is a percentage. Example: vxcube_web_fail_free_space_percent: "5" |
vxcube_web_local_max_body_size |
An internal variable. Use here the same value as the one given for vxcube_web_max_body_size below. |
vxcube_web_local_max_exec_time |
The highest value (in seconds) a user can set for the Default sample run time. Example: vxcube_web_local_max_exec_time: "3600" |
vxcube_web_max_body_size |
The maximum file size that can be analyzed (in MB). Example: vxcube_web_max_body_size: "2001" |
hyperbox_api_rq_username |
Account for RabbitMQ. Example: hyperbox_api_rq_username: "celery" |
hyperbox_api_rq_password |
User password specified in hyperbox_api_rq_username. By default, a password is randomly generated and stored in credentials/hyperbox_api_rq_password. Example: hyperbox_api_rq_password: "{{ lookup('password', 'credentials/hyperbox_api_rq_password length=10 chars=ascii_letters,digits') }}" |
hyperbox_api_rq_vhost |
RabbitMQ database name. Example: hyperbox_api_rq_vhost: "tasks" |
hyperbox_api_rq_admin_pass |
Administrator password for working with users and database in RabbitMQ. Example: hyperbox_api_rq_admin_pass: "{{ lookup('password', 'credentials/hyperbox_api_rq_admin_pass length=10 chars=ascii_letters,digits') }}" |
hyperbox_api_rq_plugins |
List of RabbitMQ plug-ins to be installed. Example: hyperbox_api_rq_plugins: ["rabbitmq_management"] The variable is disabled by default. |
hyperbox_key_path |
License key path. Example: hyperbox_key_path: "confs/vxcube.key" Default path: confs/vxcube.key. |
hyperbox_external_addr |
Address for connecting to a server with virtual machines using VNC. Example: hyperbox_external_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" This variable is required for correct operation of VNC. |
Used for cloning virtual machines from OVA images. Example: hyperbox_hbsetup: "false" Value True is used for initial setup and in case of changes in OVA images. |
|
Path to OVA images of virtual machines. Example: hyperbox_images_repo: "vm-images-win" Value of the variable can also be an FTP address in the URI format. Example: hyperbox_images_repo: "ftp://user:pass@host:port/path" |
|
hyperbox_images |
The list of virtual machines and their specifications. All virtual machines listed here must be located in the image repository specified in hyperbox_images_repo. Example: hyperbox_images: |
hyperbox_force_clean_vms |
Forces deletion of all used virtual machines before cloning new ones. Default value: False. |
vm_type |
Virtual machine type. Example: vm_type: 6.1.7601.17514_x86 |
code |
Virtual machine name. Example: code: Win7x86 |
count |
Number of OS clones for every virtual machine. Example: count: "{{ vxcube_os_count }}" By default, the value is taken from the vxcube_os_count variable. |
memory |
The amount of RAM allocated for virtual machine at startup. Example: memory: "1536" |
clone_threads |
Number of threads used while cloning virtual machines during the installation. Example: clone_threads: "{{ vxcube_os_clone_threads }}" By default, the value is taken from the vxcube_os_clone_threads variable. |
openvpn_client_crt |
Path to the OpenVPN server certificate. Example: openvpn_client_crt: "{{ lookup('file', 'confs/openvpn.crt') }}" Path by default: confs/openvpn.crt |
openvpn_client_key |
Path to private key of the OpenVPN server client. Example: openvpn_client_key: "{{ lookup('file', 'confs/openvpn.key') }}" Default path: confs/openvpn.key |
openvpn_client_ca_crt |
Path to the certificate of the OpenVPN server key certification authority. Example: openvpn_client_ca_crt: "{{ lookup('file', 'confs/openvpn_ca.crt') }}" Default path: confs/openvpn_ca.crt |
openvpn_client_tls_auth |
The tls-auth parameter adds another HMAC signature to SSL/TLS handshake packets, initiating an additional integrity verification. Example: openvpn_client_tls_auth: "{{ lookup('file', 'confs/openvpn_ta.crt', errors='ignore')|default(omit) }}" |
openvpn_client_chiper |
The encryption method applied. Example: openvpn_client_chiper: "AES-128-CBC" |
vxcube_optional_types_codes |
Optional file types that can be analyzed. Example: vxcube_optional_types_codes: "moc" To use the variable, you should install Microsoft Office on images. Disabled by default. |
drweb_srv_se_licence_key |
License key path. Example: drweb_srv_se_licence_key: "{{ lookup('file', 'confs/vxcube.key') }}" Default path: confs/vxcube.key |
vxcube_web_server_name |
Domain name of the Dr.Web vxCube web interface. |
vxcube_storage |
Path to the directory containing virtual machines and temporary files created during the analysis. Example: vxcube_storage: "/var/lib/storage" |
vxcube_configure_firewall |
A variable that indicates if firewall needs to be configured after installation (true/false). |
evparser_dwschecker_url |
URL to access the link checking service. Available if supported by the license. Example: evparser_dwschecker_url: "http://hostname/?key=mykey&url={0}&info=1" |
dimas_external_ip |
Address of a server with virtual machines. Required for the correct operation of VNC. Example: dimas_external_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" |
dimas_vms_setup |
The variable that indicates if virtual machines need to be recloned (true/false). |
vxcube_force_clean_vms |
Deletes virtual machine files. |
dimas_images_repo |
Path to the directory containing VDI images of virtual machines. You can also enter an FTP address in the URI format. Example: dimas_images_repo: "ftp://user:pass@host:port/path" |
dimas_tar_repo |
Path to the vboxsdk repository. You can also enter an FTP address in the URI format. Example: dimas_tar_repo: "ftp://user:pass@host:port/path" |
dimas_images |
The list of Android-based virtual machines and their specifications. All virtual machines listed here must be located in the image repository specified in dimas_vdi_repo. Example: dimas_images: |
_vxcube_use_windows_workers: "{{ lookup('ini', 'Windows section=Settings file={{ hyperbox_key_path }}') | bool }}" _vxcube_use_android_workers: "{{ lookup('ini', 'Android section=Settings file={{ hyperbox_key_path }}') | bool }}" _vxcube_use_linux_workers: "{{ lookup('ini', 'Linux section=Settings file={{ hyperbox_key_path }}') | bool }}" vxcube_web_expire_date: "{{ lookup('ini', 'Expires section=Key file={{ hyperbox_key_path }}') }}" vxcube_web_activation_date: "{{ lookup('ini', 'Created section=Key file={{ hyperbox_key_path }}') }}" |
License information. |
The zabbix_agent_required variable for optional installation of a Zabbix agent, which allows for real-time monitoring of the state of vxCube components. Example: zabbix_agent_required: "true" The variables zabbix_agent_server and zabbix_agent_serveractive must contain the IP address or domain name of the Zabbix server. For that, you have to install the Zabbix Server The zabbix_version parameter is optional. If you do not specify it, the latest Zabbix version will be installed to host. If you need an older version, specify it. Example: zabbix_version: 4.0, zabbix_version: 3.4, or zabbix_version: 2.2. |
|
zabbix_agent_serveractive |
Zabbix server addresses for active monitoring. |
vxcube_web_flask_workers |
The number of running threads of a web application. Example: vxcube_web_flask_workers: 5 |
vxcube_web_flask_timeout |
The response timeout for the web application. Example: vxcube_web_flask_timeout: 300 |
linuxbox_vms_setup |
The variable that indicates if virtual machines need to be recloned (true/false). Example: linuxbox_vms_setup: true |
linuxbox_images_repo |
Path to the repository that contains VDI images of virtual machines. Value of the variable can also be an FTP address in the URI format. Example: linuxbox_images_repo: "ftp://user:pass@host:port/path" or linuxbox_images_repo: "vm-images-linux" |
linuxbox_images |
The list of Linux virtual machines and their specifications. All virtual machines listed here must be located in the image repository specified in linuxbox_vdi_repo. Example: linuxbox_images: |
linuxbox_force_clean_vms |
Forces deletion of all used virtual machines before cloning new ones. |
