Advanced system pre-requisites
This page details the system pre-requisites for the server. In most installations, reading the basic pre-requisites should be sufficient.
Deployment overview
The following diagram gives an overview of the deployment of REVEN.
Operating system
- The docker package supports any Linux distribution.
- The native package must be installed on a Debian 10 Buster amd64 system.
Storage
The table below shows how REVEN organizes its data.
| Path | Comment |
|---|---|
| VM | The VM repository containing the QEMU images, should be fast for snapshot save/load operations. |
| REVEN scenarios | VM-specific files such as their filesystems, the REVEN recordings, the replay files, which may be quite large (hundreds of GB). Storage requires a high I/O throughput, to get the best performance out of REVEN (e.g. SSD). Since this directory will contain SQlite databases, be careful not to have it being in an NFS mount, or you may experience some difficulties and bugs. |
| PDBs | Can be shared between users and/or machines. |
| Archives | The scenarios exports. Can be used for backups. Storage can be slow, should be safe (RAID, ZFS, ...). |
| Temporary directory | A work directory for REVEN. The faster the better. Putting that directory in a RAMFS mount point will even help reduce latency during scenario recording. |
The table below shows the configuration variables that can be set during the installation process to change the corresponding path.
- For the Docker package, the variables can be edited in the
run.shat the root of the package. - For the native package, the variables can be edited in the
settings.pyfile at the root of the package, or in the user-wide setting file (defaults to~/.config/tetrane/quasar.py).
| Path | Docker package run.sh | Native package settings.py/quasar.py |
|---|---|---|
| VM | VM_PATH | QUASAR_QEMU_SCAN_PATH |
| REVEN scenarios | REVEN2_PATH | QUASAR_ROOT |
| PDBs | SYMBOL_PATH | QUASAR_SYMBOL_STORE |
| Archives | Not configurable: $REVEN2_PATH/Archives | QUASAR_ARCHIVES_PATH |
| Temporary directory | Not configurable: $REVEN2_PATH/tmp | QUASAR_TMP |
Networking
The list below shows networking requirements and options between the REVEN server and other machines. Make sure any filtering device is configured to allow these connections.
-
Main Project Manager interface:
QUASAR_UWSGI_PORTBy default, the Project Manager listens on port 8880. -
VMs and Axion Web usage:
QUASAR_USE_VNC=TrueBy default, VMs and Axion displays are served through a random port. The settings variableQUASAR_WEBSOCKIFY_PORTallows to set a fixed value for this port. -
VMs and Axion X server usage:
QUASAR_USE_VNC=FalseFor this usage, you must be able to run X server applications in the terminal where REVEN is started: remote X or native X server will both work. A common situation is to use SSH X forwarding, in which case the SSH port must be open. -
REVEN server ports for Axion, Python API, WinDbg bridge: REVEN server listens on any port of the ephemeral port range, which defaults to [32768, 60999] on Debian. You may want to access these ports when using Axion, the REVEN Python API or the WinDbg bridge from a remote client. In which cases a VPN may prove useful.
NOTE: Implementing a reverse-proxy in front of REVEN may simplify the requirements on network filtering. Please refer to the specific reverse-proxy section.
-
Connections to the symbol servers:
QUASAR_SYMBOL_SERVERSAny symbol server listed in the symbol server list must be accessible to the Project Manager and the REVEN server. -
Connection to ret-sync (IDA/Ghidra): IDA/Ghidra synchronization with a REVEN trace requires Axion to connect to the machine running IDA/Ghidra (port 9100 by default). Here again, a VPN may prove useful.
NOTE: When the installation is on a machine using a proxy to access the network you should set QUASAR_HTTP_PROXY and QUASAR_HTTPS_PROXY so that the symbol servers and, in the case of the professional edition, the license server, are accessible. Please refer to the settings file for more information and examples about how to fill out these variables.