2. Requirements

Requirements

Packages

Before installing Cerberus, it is necessary to have some preinstalled packages.

# CentOS distribution:
$ yum install mariadb mariadb-devel mariadb-server redis python-pip python-devel ssdeep ssdeep-devel libfuzzy-dev nodejs

# Ubuntu distribution:
$ sudo apt install mariadb-server redis python-devel ssdeep libfuzzy-dev nodejs python3-pip default-libmysqlclient-dev build-essential

Virtual Environment

Create a Python virtual environment and install all the needed packages:

$ mkvirtualenv cerberus
$ pip install -r requirements.txt

Initialize Database

$ sudo mysql_secure_installation
> Set root password? [Y/n] y
    > New password: 
    > Re-enter new password: 
> Remove anonymous users? [Y/n] y
> Disallow root login remotely? [Y/n] y
> Remove test database and access to it? [Y/n] n
> Reload privilege tables now? [Y/n] y 
$ sudo mysql -u root -p
> CREATE DATABASE cerberusdb CHARACTER SET utf8;
> CREATE USER `login`@localhost IDENTIFIED BY '`password`';
> GRANT ALL PRIVILEGES ON cerberusdb.* TO `login`@localhost;

Redis connectivity verification

In order to verify if Redis is up and running, execute the following command:

$ redis-cli ping

If the command returns PONG, Redis is up and running.

Setting up the .env file

The .env file allow to configure Django without sending all the confidential data (like secret key or databases credentials ) to Git.

First, copy the .env.example template file:

$ cp cerberus/cerberus/.env.example cerberus/cerberus/.env

Then, fill the .env file by following the steps below.

Fill the SECRET_KEY variable, by running this command:

python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'

Fill in the MARIADB_URL variable as follow:

MARIADB_URL=mysql://<login>:<password>@<db_host>:3306/<db_name>

And you can fill the three API Key - UNPACME_API : UnpacMe - VT_API : VirusTotal - MD_API : MetaDefender

Once the .env file is successfully filled, we can create the database architecture and start the server by running the following commands:

$ cd cerberus/
$ python manage.py makemigrations
$ python manage.py migrate
$ python manage.py runserver

To load all the necessary fixtures (like WinAPI, DLL or Section references) in the database, run the following command:

$ python manage.py loaddata */fixtures/*.json.bz2

The API is at the following address: http://localhost:8000

You can create a user by running the following command:

$ python manage.py createsuperuser

You can access the admin panel with the /admin/ endpoint.

Nuxt

First, you need to install all the node packages:

$ cd cerberus/web
$ npm install

Once the installation is complete, you can start the nuxt server and access it at the following address: http://localhost:3000

$ npm run dev

Load references and rules

Cerberus allows to load DLL, Windows API and Sections reference, YARA rules and IDS rules.

In order to facilitate the import of a batch of data, it can create all these references by using CSV files.

Here are the cURL command that allows to loads these CSV files in the databases :

# Windows API references
$ curl -F "csv=@./winapi_9k.csv" -X POST http://localhost:8000/api/winapi/
# DLL references
$ curl -F "csv=@./dll.csv" -X POST http://localhost:8000/api/dll/
# Section references
$ curl -F "csv=@./section.csv" -X POST http://localhost:8000/api/section/
# YARA rules
$ curl -F "csv=@./yara_sources.csv" -X POST http://localhost:8000/api/yara/
# IDS rules
$ curl -F "csv=@./ids_sources.csv" -X POST http://localhost:8000/api/ids/

If you want to dump the section, or rules sources databases content in CSV you can do it by using the following cURL command:

# Replace <name> by winapi, dll, section, yara or ids
$ curl -X GET http://localhost:8000/api/<name>/extract/