Issue
In Part#1 we covered how to install CRITS on Ubuntu 16.04 LTS x64, below we’ll cover how to install and enable crits_services.
Solution
SSH/Console to your CRITS Server:
cd /tmp
wget https://github.com/VirusTotal/yara/archive/v3.7.0.tar.gz
tar -zxf /tmp/v3.7.0.tar.gz
cd yara-3.7.0
sudo ./bootstrap.sh
./configure
make
sudo make install
sudo ln -s /usr/local/lib/libyara.so /usr/lib/libyara.so
cd /data/
sudo -H pip install --upgrade pip
sudo -H pip install passivetotal==1.0.23
sudo -H pip install cbapi
sudo -H pip install mmbot
sudo -H pip install ipwhois
sudo -H pip install yara-python
sudo -H pip install dnslib
sudo -H pip install yaraprocessor
sudo -H pip install pylibemu
sudo git clone https://github.com/crits/crits_services.git
cd crits_services
sudo -H ./bootstrap
sudo -H pip uninstall yara -y
cd /data
sudo python /data/crits/manage.py setconfig service_dirs "/data/crits_services"
sudo git clone https://github.com/Yara-Rules/rules.git
cd rules
sudo ./index_gen.sh
cd /data
sudo git clone https://github.com/MITRECND/chopshop.git
cd /tmp
sudo git clone https://github.com/MITRECND/htpy.git
cd htpy
sudo python setup.py install
cd ..
sudo git clone https://github.com/buffer/libemu.git
cd libemu
sudo autoreconf -v -i
sudo ./configure --prefix=/usr/local
sudo make install
sudo ldconfig
cd /data/chopshop
sudo make install
make dependency-check
systemctl restart apache2.service
Log on to your CRITS server using your favorite browser and go to “CRITS Control Panel\Services” to complete the configuration (by default, all services are disabled and will not automatically run on triage):
Below are a few examples for configuring and enabling “ChopChop | MetaCap | Malicious MacroBot | Yara”
Once you’ve completed the configuration and enabled a few of your installed services, you can upload a sample and see CRITS complete the triage and analysis:
That completes this series - please let me know if you have any issues.