1

I'm investigating the possibility of using cuckoo sandbox as a malware detonator in series with Cortex.

I've (seemingly) installed all of the dependencies, enabled reporting, and elasticsearch in the config files, and started the webserver using the below command without issues.

sudo cuckoo web runserver [ip redacted]:[port]

I am able to connect to my web instance without errors on the browser side. But, in the stdout, I get the following:

2018-07-06 05:32:19,152 [django.request] ERROR: Internal Server Error: /cuckoo/api/status
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/utils.py", line 55, in inner
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/http.py", line 45, in inner
    return func(request, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/controllers/cuckoo/api.py", line 45, in status
    temp_file = Files.temp_put("")
  File "/usr/local/lib/python2.7/dist-packages/cuckoo/common/files.py", line 97, in temp_put
    prefix="upload_", dir=path or temppath()
  File "/usr/lib/python2.7/tempfile.py", line 314, in mkstemp
    return _mkstemp_inner(dir, prefix, suffix, flags)
  File "/usr/lib/python2.7/tempfile.py", line 244, in _mkstemp_inner
    fd = _os.open(file, flags, 0600)
OSError: [Errno 2] No such file or directory: '/tmp/cuckoo-tmp-root/upload_IUQt4r'
[06/Jul/2018 05:32:19] "POST /analysis/api/tasks/recent/ HTTP/1.1" 200 13
[06/Jul/2018 05:32:19] "GET /cuckoo/api/status HTTP/1.1" 500 12976

In addition to this error, I both cannot upload a file, or submit a URL, both resulting in exactly the same error.

Does anyone here have experience setting up Cuckoo that can give me a hint? Not sure if this is a dependency issue, or a configuration issue after installation?

Thanks in advance!

1 Answers1

0

Had the same problem. Mine was due to the fact that my virtual environment's root did not include the default folder "/tmp/" that cuckoo tries to establish as a default temp file path in its "files.py". Yours could be related to the directory structure changing in "~" when sudo'ing to run the server.

Either way, the fix was to update "cuckoo.conf"'s "tmppath" setting from blank to an explicit directory with no permissions issues (i.e. "/tmp/").

Once I updated this, the error stopped and my cuckoo api was able to run properly.

Hank
  • 41
  • 3