Installing CRITS (Collaborative Research Into Threats) on Ubuntu 16.04 LTS x64 Part#2

usecase
playbook

#1

Issue
In Part#1 we covered how to install CRITS on Ubuntu 16.04 LTS x64, below we’ll cover how to install and enable crits_services.

Solution
SSH/Console to your CRITS Server:

cd /tmp
wget https://github.com/VirusTotal/yara/archive/v3.7.0.tar.gz
tar -zxf /tmp/v3.7.0.tar.gz
cd yara-3.7.0
sudo ./bootstrap.sh
./configure
make
sudo make install
sudo ln -s /usr/local/lib/libyara.so /usr/lib/libyara.so
cd /data/
sudo -H pip install --upgrade pip
sudo -H pip install passivetotal==1.0.23
sudo -H pip install cbapi
sudo -H pip install mmbot
sudo -H pip install ipwhois
sudo -H pip install yara-python
sudo -H pip install dnslib
sudo -H pip install yaraprocessor
sudo -H pip install pylibemu
sudo git clone https://github.com/crits/crits_services.git
cd crits_services
sudo -H ./bootstrap
sudo -H pip uninstall yara -y
cd /data
sudo python /data/crits/manage.py setconfig service_dirs "/data/crits_services"
sudo git clone https://github.com/Yara-Rules/rules.git
cd rules
sudo ./index_gen.sh
cd /data
sudo git clone https://github.com/MITRECND/chopshop.git
cd /tmp
sudo git clone https://github.com/MITRECND/htpy.git
cd htpy
sudo python setup.py install
cd ..
sudo  git clone https://github.com/buffer/libemu.git
cd libemu
sudo autoreconf -v -i
sudo ./configure --prefix=/usr/local
sudo make install
sudo ldconfig
cd /data/chopshop
sudo make install
make dependency-check
systemctl restart apache2.service

Log on to your CRITS server using your favorite browser and go to “CRITS Control Panel\Services” to complete the configuration (by default, all services are disabled and will not automatically run on triage):

Below are a few examples for configuring and enabling “ChopChop | MetaCap | Malicious MacroBot | Yara”




Once you’ve completed the configuration and enabled a few of your installed services, you can upload a sample and see CRITS complete the triage and analysis:



That completes this series - please let me know if you have any issues.


#2

Hello, first of all I want to thank you for sharing this guided tutorial. I was installing from zero the CRITS, but executing this commandline sends me an erro "sudo python /data/crits/manage.py setconfig service_dirs “/data/crits_services”. The error is this:

usage: manage.py setconfig [-h] [–version] [-v {0,1,2,3}]
[–settings SETTINGS] [–pythonpath PYTHONPATH]
[–traceback] [–no-color] [–reset_config]
[–create_config] [–reinsert_config]
manage.py setconfig: error: unrecognized arguments: service_dirs /data/crits_services

Plus, when I want to log into the server, it doesn’t work. It just appear the log in page but after entering the username and password and click login doesn’t make any action just stays on log in page.

Thank You.


#3

SlowLife,

Sounds like a portion of the install failed - I’d recommend that you roll back your snapshot and try again.