Adds very basic plugin docs
Change-Id: If5503e995ce0f2879d5d93ee3e831f7ffd4fb294
This commit is contained in:
parent
2ca4683219
commit
ada2c0340d
|
@ -2,4 +2,8 @@
|
||||||
About Nemesis
|
About Nemesis
|
||||||
===============
|
===============
|
||||||
|
|
||||||
This needs fleshing out still.
|
Nemesis is a project which aims to add a plug-able file analysis API to an OpenStack cloud. Some use cases that come to mind include:
|
||||||
|
|
||||||
|
* Malware Analysis as a Service
|
||||||
|
* Upload analysis / tagging
|
||||||
|
* File feature extraction
|
||||||
|
|
|
@ -2,10 +2,30 @@
|
||||||
Installation
|
Installation
|
||||||
============
|
============
|
||||||
|
|
||||||
|
Nemesis is a very early development project and hence deploying it to a production cloud is not advised (yet), however it's requirements are quite
|
||||||
|
minimalistic and hence setting up a small dev / test environment is pretty easy.
|
||||||
|
|
||||||
|
|
||||||
|
Prerequisites
|
||||||
|
-------------
|
||||||
|
|
||||||
|
So far only installation on Ubuntu is described however installation should be very similar and straight forward on other distributions. For a
|
||||||
|
minimalist installation of Nemesis you'll require:
|
||||||
|
|
||||||
|
* 2 VMs / Physical hosts (1 for the API node, and 1 for a worker node)
|
||||||
|
* OpenStack Keystone (for user authentication)
|
||||||
|
* OpenStack Swift (for artifact storage)
|
||||||
|
* RabbitMQ Server
|
||||||
|
* MySQL Server
|
||||||
|
|
||||||
|
|
||||||
API Nodes
|
API Nodes
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Worker Nodes
|
Worker Nodes
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
|
||||||
|
Validating Installation
|
||||||
|
-----------------------
|
||||||
|
|
|
@ -4,9 +4,98 @@ Plugins
|
||||||
|
|
||||||
ClamAV
|
ClamAV
|
||||||
------
|
------
|
||||||
Allows malware scanning via ClamD.
|
Allows malware scanning of submitted files via ClamAV.
|
||||||
|
|
||||||
|
Prerequisites
|
||||||
|
+++++++++++++
|
||||||
|
|
||||||
|
* Worker nodes running ClamAV daemon (http://www.clamav.net/)
|
||||||
|
* Python ClamD module (https://pypi.org/project/clamd/)
|
||||||
|
|
||||||
|
Installation
|
||||||
|
++++++++++++
|
||||||
|
|
||||||
|
* Install ClamAV from OS packages and configure as required
|
||||||
|
* Rename the clamav.py.plugin file in Nemesis plugin directory to clamav.py
|
||||||
|
* Reinstall Nemesis via setuptools
|
||||||
|
* Install Python ClamD module into your Nemesis virtual env
|
||||||
|
* Update your analysis_plugins list in your nemesis.conf file
|
||||||
|
* Once compelete restart the Nemsis worker service
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
source /opt/nemesis/bin/activate
|
||||||
|
cd ~/git/nemesis
|
||||||
|
cp python_nemesis/plugins/clamav.py.plugin python_nemesis/plugins/clamav.py
|
||||||
|
python setup.py install
|
||||||
|
pip install clamd
|
||||||
|
vi /etc/nemesis/nemesis.conf # Update analysis plugins list to include clamav
|
||||||
|
service nemesis-worker restart
|
||||||
|
|
||||||
|
Sample Artifacts
|
||||||
|
++++++++++++++++
|
||||||
|
|
||||||
|
Malware Detected::
|
||||||
|
|
||||||
|
{
|
||||||
|
"success": true,
|
||||||
|
"result": {"is_malware": true,
|
||||||
|
"malware_type": "EICAR-Test-File"},
|
||||||
|
"message": null
|
||||||
|
}
|
||||||
|
|
||||||
|
Malware Not Detected::
|
||||||
|
|
||||||
|
{
|
||||||
|
"success": true,
|
||||||
|
"result": {"is_malware": false,
|
||||||
|
"malware_type": null},
|
||||||
|
"message": null
|
||||||
|
}
|
||||||
|
|
||||||
EXIF
|
EXIF
|
||||||
----
|
----
|
||||||
Extracts EXIF data from compatible image files.
|
Extracts EXIF data from compatible image files.
|
||||||
|
|
||||||
|
Prerequisites
|
||||||
|
+++++++++++++
|
||||||
|
|
||||||
|
* Python ExifRead module (https://pypi.org/project/ExifRead/)
|
||||||
|
|
||||||
|
Installation
|
||||||
|
++++++++++++
|
||||||
|
|
||||||
|
* Rename the exif.py.plugin file in Nemesis plugin directory to exif.py
|
||||||
|
* Reinstall Nemesis via setuptools
|
||||||
|
* Install Python ExifRead module into your Nemesis virtual env
|
||||||
|
* Update your analysis_plugins list in your nemesis.conf file
|
||||||
|
* Once compelete restart the Nemsis worker service
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
source /opt/nemesis/bin/activate
|
||||||
|
cd ~/git/nemesis
|
||||||
|
cp python_nemesis/plugins/exif.py.plugin python_nemesis/plugins/exif.py
|
||||||
|
python setup.py install
|
||||||
|
pip install exifread
|
||||||
|
vi /etc/nemesis/nemesis.conf # Update analysis plugins list to include exif
|
||||||
|
service nemesis-worker restart
|
||||||
|
|
||||||
|
Sample Artifacts
|
||||||
|
++++++++++++++++
|
||||||
|
|
||||||
|
EXIF extracted::
|
||||||
|
|
||||||
|
{
|
||||||
|
"success": true,
|
||||||
|
"result": {"exif_tags": [...]}
|
||||||
|
"message": null
|
||||||
|
}
|
||||||
|
|
||||||
|
Unable to extract EXIF data::
|
||||||
|
|
||||||
|
{
|
||||||
|
"success": false,
|
||||||
|
"result": null,
|
||||||
|
"message": "Unable to extract EXIF from EXE filetype, only able to extract EXIF from JPEG and TIFF file types."
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue