Web interface¶
Cuckoo provides a full-fledged web interface in the form of a Django application. This interface will allow you to submit files, browse through the reports, and search across all the analysis results.
Configuration¶
The web interface pulls data from a Mongo database, so having the Mongo
reporting module enabled in reporting.conf is mandatory for the Web
Interface to function. If that’s not the case, the Web Interface won’t be able
to start and will instead raise an exception.
Some additional configuration options exist in the
$CWD/web/local_settings.py configuration file.
# Copyright (C) 2013 Claudio Guarnieri.
# Copyright (C) 2014-2017 Cuckoo Foundation.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.
import web.errors
# Maximum upload size (10GB, so there's basically no limit).
MAX_UPLOAD_SIZE = 10 * 1024 * 1024 * 1024
# Override default secret key stored in $CWD/web/.secret_key
# Make this unique, and don't share it with anybody.
# SECRET_KEY = "YOUR_RANDOM_KEY"
# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = "en-us"
ADMINS = (
# ("Your Name", "your_email@example.com"),
)
MANAGERS = ADMINS
# Allow verbose debug error message in case of application fault.
# It's strongly suggested to set it to False if you are serving the
# web application from a web server front-end (i.e. Apache).
DEBUG = False
DEBUG404 = False
# A list of strings representing the host/domain names that this Django site
# can serve.
# Values in this list can be fully qualified names (e.g. 'www.example.com').
# When DEBUG is True or when running tests, host validation is disabled; any
# host will be accepted. Thus it's usually only necessary to set it in production.
ALLOWED_HOSTS = ["*"]
handler404 = web.errors.handler404
handler500 = web.errors.handler500
#A list of strings representing the subnets or ipaddresses that can download
#samples and dropped files
#Values in this list can be ipv4 or ipv6 separated by ","
#(e.g. '127.0.0.0/8,10.0.0.0/8,fd00::/8').
ALLOWED_FILEDOWNLOAD_SUBNETS = '127.0.0.0/8,10.0.0.0/8,fd00::/8'
It is recommended to keep the DEBUG variable at False in production
setups and to configure at least one ADMIN entry to enable error
notification by email.
Changed in version 2.0.0: The default maximum upload size has been bumped from 25 MB to 10 GB so that virtually any file should be accepted.
Starting the Web Interface¶
In order to start the web interface, you can simply run the following command
from the web/ directory:
$ cuckoo web runserver
If you want to configure the web interface as listening for any IP on a specified port, you can start it with the following command (replace PORT with the desired port number):
$ cuckoo web runserver 0.0.0.0:PORT
Or directly without the runserver part as follows while also specifying
the host to listen on:
$ cuckoo web -H 0
Web Deployment¶
While the default method of starting the Web Interface server works fine for many cases, some users may wish to deploy the server in a more robust manner. This can be done by exposing the Web Interface as a WSGI application to a web server. This section shows a simple example of deploying the Web Interface via uWSGI and nginx. These instructions are written with Ubuntu GNU/Linux in mind, but may be adapted to other platforms.
This solution requires uWSGI, the uWSGI Python plugin, and nginx.
All are available as packages:
$ sudo apt-get install uwsgi uwsgi-plugin-python nginx
uWSGI setup¶
First, use uWSGI to run the Web Interface server as an application.
To begin, create a uWSGI configuration file at
/etc/uwsgi/apps-available/cuckoo-web.ini that contains the actual
configuration as reported by the cuckoo web --uwsgi command, e.g.:
$ cuckoo web --uwsgi
[uwsgi]
plugins = python
virtualenv = /home/cuckoo/cuckoo
module = cuckoo.web.web.wsgi
uid = cuckoo
gid = cuckoo
static-map = /static=/home/..somepath..
# If you're getting errors about the PYTHON_EGG_CACHE, then
# uncomment the following line and add some path that is
# writable from the defined user.
# env = PYTHON_EGG_CACHE=
env = CUCKOO_APP=web
env = CUCKOO_CWD=/home/..somepath..
This configuration inherits a number of settings from the distribution’s
default uWSGI configuration and imports cuckoo.web.web.wsgi from the
Cuckoo package to do the actual work. In this example we installed Cuckoo in a
virtualenv located at /home/cuckoo/cuckoo. If Cuckoo is installed globally
no virtualenv option is required (and cuckoo web --uwsgi would not report
one).
Enable the app configuration and start the server.
$ sudo ln -s /etc/uwsgi/apps-available/cuckoo-web.ini /etc/uwsgi/apps-enabled/
$ sudo service uwsgi start cuckoo-web # or reload, if already running
Note
Logs for the application may be found in the standard directory for distribution
app instances, i.e., /var/log/uwsgi/app/cuckoo-web.log.
The UNIX socket is created in a conventional location as well,
/run/uwsgi/app/cuckoo-web/socket.
nginx setup¶
With the Web Interface server running in uWSGI, nginx can now be set up to run as a web server/reverse proxy, backending HTTP requests to it.
To begin, create a nginx configuration file at
/etc/nginx/sites-available/cuckoo-web that contains the actual
configuration as reported by the cuckoo web --nginx command:
$ cuckoo web --nginx
upstream _uwsgi_cuckoo_web {
server unix:/run/uwsgi/app/cuckoo-web/socket;
}
server {
listen localhost:8000;
# Cuckoo Web Interface
location / {
client_max_body_size 1G;
uwsgi_pass _uwsgi_cuckoo_web;
include uwsgi_params;
}
}
Make sure that nginx can connect to the uWSGI socket by placing its user in the cuckoo group:
$ sudo adduser www-data cuckoo
Enable the server configuration and start the server.
$ sudo ln -s /etc/nginx/sites-available/cuckoo-web /etc/nginx/sites-enabled/
$ sudo service nginx start # or reload, if already running
At this point, the Web Interface server should be available at port 8000 on the server. Various configurations may be applied to extend this configuration, such as to tune server performance, add authentication, or to secure communications using HTTPS. However, we leave this as an exercise for the user.