Hi,

Peekaboo looks for the config file in the local directory only.
Specify the path to your configuration with e.g. -c /opt/peekaboo/peekaboo.conf and you shouldn't see the error message (given your configuration contains a section that specifies options for logging).

BTW you shouldn't run Peekaboo as root. I don't know what you're doing but usually there should be no reason to run Peekaboo with root privileges.

Thank you for your question, please let me know how you're getting on.

Best
Felix

from peekabooav.

Hi Felix,

I now know that the cause of the error is because of the configuration section that needs to be specified option for logging. However, I do not know how to configure to specify options for logging in the configuration.

I would really appreciate your help. Thank you.

from peekabooav.

Easiest would be to start from the sample configuration that is included in the repository
peekaboo.conf.sample
It contains settings for log_level and log_format that, without changes, satisfy Peekaboo to get past this error.

Do you know our installer?
https://github.com/scVENUS/PeekabooAV-Installer
Have a look at it, it does most of the things for you.

from peekabooav.

Here is my peekaboo.conf
It seems that the settings for log_level and log_format are the same as the settings in peekaboo.conf.sample

#
# Peekaboo configuration file
# Copyright (C) 2016-2018 science + computing ag
#


[global]
user             :    peekaboo
group            :    amavis
socket_file      :    /var/run/peekaboo/peekaboo.sock
pid_file         :    /var/run/peekaboo/peekaboo.pid
interpreter      :    /bin/bash
chown2me_exec    :    /opt/peekaboo/bin/chown2me
worker_count     :    3
sample_base_dir  :    /tmp
job_hash_regex   :    /var/lib/amavis/tmp/([^/]+)/parts.*
# 'yes' or 'no'  to use Peekaboo's debug module, which allows
# additional code execution at runtime.
use_debug_module :    no
# Whether or not to cleanup temporary files under /tmp
keep_mail_data   :    no


[ruleset]
config           :    /opt/peekaboo/ruleset.conf
# If the score of a sample is >= $threshold => Result.bad
score_threshold  :    100


#
# Logging configuration
#
[logging]
# log_level
# possible values: CRITICAL | ERROR | WARNING | INFO | DEBUG
log_level        :    DEBUG
# note that any % must be escaped with another %.
log_format       :    %%(asctime)s - %%(name)s - (%%(threadName)s) - %%(levelname)s - %%(message)s
# if you use systemd you don't want the timestamp
# log_format       :    %%(name)s - (%%(threadName)s) - %%(levelname)s - %%(message)s


#
# Database configuration
#
[db]
# SQLite
#url           :    sqlite:////path/to/database.db
# MySQL (recommended)
url            :    mysql+mysqldb://peekaboo:differentnewpassword@localhost/peekaboo
# PostgreSQL
# url           :    postgresql://user:password@host:port/database

#
# Cuckoo specific settings
#
[cuckoo]
# /usr/local/bin/cuckoo [-d | submit | ... ]
exec           :    /opt/peekaboo/cuckooprocessor.sh
submit         :    /usr/local/bin/cuckoo submit
storage_path   :    /var/lib/peekaboo/.cuckoo/storage

from peekabooav.

Have you tried starting it with the argument I mentioned?
peekaboo -c /opt/peekaboo/peekaboo.conf

From your configuration file I assume you have used the installer to set everything up.

In that case you use systemd to start peekaboo:
systemctl status peekaboo
systemctl start peekaboo

Let me know how you're getting on
Felix

from peekabooav.

Yes I tried this: peekaboo -c /opt/peekaboo/peekaboo.conf
I also tried:
systemctl status peekaboo

and it stated that peekaboo.service inactive.

Tried to install everything again and it seems like this is the cause of error when I tried:
./PeekabooAV-install.sh

TASK [Install Peekaboo] ********************************************************
fatal: [localhost]: FAILED! => {"msg": "the connection plugin 'local' was not found"}
to retry, use: --limit @/home/puas/peekabooav-installer/PeekabooAV-install.retry

PLAY RECAP *********************************************************************
localhost : ok=16 changed=3 unreachable=0 failed=1

ERROR: 'ansible-playbook' failed. Please fix manually

from peekabooav.

The original question is solved?

Can you give details about your setup?
OS version, Ansible version, ...
and setup process

from peekabooav.

Hi Felix. Just an update. I have managed to install everything and it works fine now.

puas@ubuntu:~$ systemctl status peekaboo
● peekaboo.service - Peekaboo Extended Email Attachment Behavior Observation Owl
Loaded: loaded (/etc/systemd/system/peekaboo.service; enabled; vendor preset:
Active: active (running) since Wed 2018-08-01 07:05:08 PDT; 4s ago
Main PID: 3905 (peekaboo)
CGroup: /system.slice/peekaboo.service
├─3905 /usr/bin/python /usr/local/bin/peekaboo -c /opt/peekaboo/peeka
├─3915 /bin/bash -u /opt/peekaboo/cuckooprocessor.sh
├─3917 /usr/bin/python /usr/local/bin/cuckoo process instance1
├─3918 /usr/bin/python /usr/local/bin/cuckoo process instance2
├─3919 /usr/bin/python /usr/local/bin/cuckoo process instance3
├─3920 /usr/bin/python /usr/local/bin/cuckoo process instance4
├─3921 /usr/bin/python /usr/local/bin/cuckoo process instance5
├─3922 /usr/bin/python /usr/local/bin/cuckoo
├─3972 bash /usr/local/bin/vboxmanage list vms
└─3975 ssh [email protected] vboxmanage list vms

Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: |||_____|||||||
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: Cuckoo Sandbox 2.0.6
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: www.cuckoosandbox.org
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: Copyright (c) 2010-2018
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,610 - pee
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,765 - pee
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,828 - pee
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,832 - pee
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,872 - pee
Aug 01 07:05:10 ubuntu.localdomain peekaboo[3905]: 2018-08-01 07:05:10,874 - pee

I still do not know what went wrong. However, I did everything again in another vm.

I have another question. How do I check dataflow through mail, amavis, peekaboo, cuckoo?

from peekabooav.

After installing peekaboo, I am trying to do the post-installation:
https://github.com/scVENUS/PeekabooAV-Installer/blob/master/README-postinstallation.md

but when I tried the command: su peekaboo, the original question still appears.

PEEKABOO 1.6.1

Peekaboo Extended Email Attachment Behavior Observation Owl

               _a_aa                    a_aa,
                '*U4UUUULa_aa_aa_aajUUU4XU7'
                  aX''''''UUXU4XUU'''''!Ua
                _U'        -U4UU'   _    'U,
                ?i   jLd1   ?#Wi   4L01   Ui
                -U,        4#000P        _U'
                 -*Xa_a_a_WUW##KUL_a_a_aX7'
                _aXUXUUU4UUX4XX444UUUUUUXLa,
               _UXXUXUXU47'!'!'!'!*X444U4UXX,
               ?XU4U4''   _   __   -'UUXUUi
               ?4U4'     / | / /_     'UUXi
                *Xi      | || '_ \     ?X7
                 *L      | || (_) |     j7
                  *a     |_(_)___/      jY
                   -L,                _/'
                     'l,            _/'
                       j7_a_;  aaa/4
           _aaaaaa#0000#00000##0##00000000aaaaaa,
    aaad0P!!!!!!                             '!!!!!!Laaa

_aa!!!! !! _,
(never mind the K)

2018-08-01 08:21:29,954 - peekaboo.config - (MainThread) - CRITICAL - configuration section not found
2018-08-01 08:21:29,954 - peekaboo.config - (MainThread) - ERROR - No section: 'logging'
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/peekaboo/config.py", line 108, in __parse
log_level = config.get('logging', 'log_level')
File "/usr/lib/python2.7/ConfigParser.py", line 607, in get
raise NoSectionError(section)
NoSectionError: No section: 'logging'

from peekabooav.

There is a scrip in the installer repository that does a lot of checks:
PeekabooAV-Installer / utils / peekabooStatus.sh
https://github.com/scVENUS/PeekabooAV-Installer/blob/master/utils/peekabooStatus.sh

If it doesn't give you any hints you're free to share the output (you may want to sanitise it first)

from peekabooav.

./peekabooStatus.sh
Ubuntu 16.04.5 LTS \n \l

Linux ubuntu.localdomain 4.15.0-29-generic #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Status of systemd units
● amavis.service - LSB: Starts amavisd-new mailfilter
Active: active (running) since Wed 2018-08-01 08:01:36 PDT; 9h ago
● peekaboo.service - Peekaboo Extended Email Attachment Behavior Observation Owl
Active: active (running) since Wed 2018-08-01 17:48:51 PDT; 251ms ago
● cuckoohttpd.service - Cuckoo Webserver
Active: active (running) since Wed 2018-08-01 08:01:37 PDT; 9h ago
● mongodb.service - An object/document-oriented database
Active: active (running) since Wed 2018-08-01 08:01:23 PDT; 9h ago
● postfix.service - LSB: Postfix Mail Transport Agent
Active: active (running) since Wed 2018-08-01 09:51:00 PDT; 7h ago
Active: inactive (dead)
Active: inactive (dead)
Active: inactive (dead)
Active: inactive (dead)

Systemd Unit: /etc/systemd/system/peekaboo.service
Working Directory: /opt/peekaboo/

**Git state:
HEAD detached at v1.6.1
Untracked files:
(use "git add ..." to include in what will be committed)

cuckooprocessor.sh
peekabooav-amavisd/

nothing added to commit but untracked files present (use "git add" to track)**

Increment version number

Cuckoo Version:
2.0.6

Peekaboo DB:
Tables_in_peekaboo
_meta
analysis_jobs_v3
analysis_result_v3
sample_info_v3
Number_of_analysed_samples
0
Number_of_unique_samples
0

Malware Reports:
ls: cannot access '/var/lib/peekaboo/malware_reports': No such file or directory
0
du: cannot access '/var/lib/peekaboo/malware_reports': No such file or directory

Mailq
Mail queue is empty

Chown2me Capability
/opt/peekaboo/bin/chown2me = cap_chown+ep

I run the script and get this output. However, I do not understand the git state part about:
cuckooprocessor.sh
peekabooav-amavisd/
What do they mean?

from peekabooav.

Looks all good to me.
(The installer adds those files to the git repository.)

journalctl -f -u peekaboo
Will give you the log output of peekaboo that state why it is currently in the restart loop.
The reason is most likely that cuckoo is not able to start.

Stop the peekaboo systemd unit.
Switch user to peekaboo, run cuckoo and see if it works as intended.

from peekabooav.

Hi, sorry for the late update.

Before the peekaboo installation, cuckoo works just fine. However now, it says pending whenever I try to run the malware.

Also, I receive this error when I try to restart networking:
$systemctl restart networking
Job for networking.service failed because the control process exited with error code. See "systemctl status networking.service" and "journalctl -xe" for details.

$ systemctl status networking
● networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/networking.service.d
└─50-insserv.conf-$network.conf
Active: failed (Result: exit-code) since Thu 2018-08-02 09:47:10 PDT; 1min 40s ago
Docs: man:interfaces(5)
Process: 52409 ExecStart=/sbin/ifup -a --read-environment (code=exited, status=1/FAILURE)
Process: 52406 ExecStartPre=/bin/sh -c [ "$CONFIGURE_INTERFACES" != "no" ] && [ -n "$(ifquery --read-environment --list --exclude=lo)" ] &&
Main PID: 52409 (code=exited, status=1/FAILURE)

Aug 02 09:47:10 ubuntu.localdomain systemd[1]: Stopped Raise network interfaces.
Aug 02 09:47:10 ubuntu.localdomain systemd[1]: Starting Raise network interfaces...
Aug 02 09:47:10 ubuntu.localdomain sh[52406]: /etc/network/interfaces:11: misplaced option
Aug 02 09:47:10 ubuntu.localdomain sh[52406]: ifquery: couldn't read interfaces file "/etc/network/interfaces"
Aug 02 09:47:10 ubuntu.localdomain ifup[52409]: /etc/network/interfaces:11: misplaced option
Aug 02 09:47:10 ubuntu.localdomain ifup[52409]: /sbin/ifup: couldn't read interfaces file "/etc/network/interfaces"
Aug 02 09:47:10 ubuntu.localdomain systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Aug 02 09:47:10 ubuntu.localdomain systemd[1]: Failed to start Raise network interfaces.
Aug 02 09:47:10 ubuntu.localdomain systemd[1]: networking.service: Unit entered failed state.
Aug 02 09:47:10 ubuntu.localdomain systemd[1]: networking.service: Failed with result 'exit-code'.

Here are my configurations:
$ cat /etc/network/interfaces

interfaces(5) file used by ifup(8) and ifdown(8)

auto lo
iface lo inet loopback

The primary network interface

auto ens33
iface ens33 inet dhcp

#Host only for cuckoo
auto vboxnet0
address 192.168.56.101
netmask 255.255.255.0
network 192.168.56.0
broadcast 192.168.56.255
gateway 192.168.56.1
dns-nameservers 192.168.56.1 8.8.8.8
dns-domain ubuntu.localdomain
dns-search ubuntu.localdomain

$ ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:5b:16:16
inet addr:192.168.146.144 Bcast:192.168.146.255 Mask:255.255.255.0
inet6 addr: fe80::4d22:be03:b408:7828/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:87870 errors:0 dropped:0 overruns:0 frame:0
TX packets:62035 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41005410 (41.0 MB) TX bytes:6827403 (6.8 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3276634 errors:0 dropped:0 overruns:0 frame:0
TX packets:3276634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:356513732 (356.5 MB) TX bytes:356513732 (356.5 MB)

vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1783 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:281461 (281.4 KB)

from peekabooav.

A few quick ideas before I close this issue:

• Cuckoo has individual configuration per user who runs it
• In some setups virtualbox dowsn't bring up the host-only interface in time (or even before at least one vm runs)

Thank you for your question.
If you encounter more issues with peekaboo feel free to submit them.

Best
Felix

from peekabooav.

Hopefully, I do not overread the answer to the first error message in this issue.
At least maybe some clarification for users that do not see the answer right away.

In my case NoSectionError: No section: 'logging' was also thrown when the user peekaboo doesn't have the permissions to read the peekaboo.conf file. So changed permissions and peekaboo again started normally

from peekabooav.