I'm investigating the possibility of using cuckoo sandbox as a malware detonator in series with Cortex.
I've (seemingly) installed all of the dependencies, enabled reporting, and elasticsearch in the config files, and started the webserver using the below command without issues.
sudo cuckoo web runserver [ip redacted]:[port]
I am able to connect to my web instance without errors on the browser side. But, in the stdout, I get the following:
2018-07-06 05:32:19,152 [django.request] ERROR: Internal Server Error: /cuckoo/api/status
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/utils.py", line 55, in inner
return func(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/http.py", line 45, in inner
return func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/controllers/cuckoo/api.py", line 45, in status
temp_file = Files.temp_put("")
File "/usr/local/lib/python2.7/dist-packages/cuckoo/common/files.py", line 97, in temp_put
prefix="upload_", dir=path or temppath()
File "/usr/lib/python2.7/tempfile.py", line 314, in mkstemp
return _mkstemp_inner(dir, prefix, suffix, flags)
File "/usr/lib/python2.7/tempfile.py", line 244, in _mkstemp_inner
fd = _os.open(file, flags, 0600)
OSError: [Errno 2] No such file or directory: '/tmp/cuckoo-tmp-root/upload_IUQt4r'
[06/Jul/2018 05:32:19] "POST /analysis/api/tasks/recent/ HTTP/1.1" 200 13
[06/Jul/2018 05:32:19] "GET /cuckoo/api/status HTTP/1.1" 500 12976
In addition to this error, I both cannot upload a file, or submit a URL, both resulting in exactly the same error.
Does anyone here have experience setting up Cuckoo that can give me a hint? Not sure if this is a dependency issue, or a configuration issue after installation?
Thanks in advance!