Linux

This section will cover downloading a pre-configured Linux Virtual Machine from the Tetrane website, uploading it to REVEN and registering it to create a recording environment.

• Downloading the VM
• Provisioning the VM disk
• Registering the VM
  • Starting the registration
  • Booting the VM for the first time
  • Configuring the guest
  • Installing tools
  • Finishing configuration
  • Taking the first Live Snapshot
  • Preparing the snapshot

Downloading the VM

Tetrane provides multiple resources from its website, including pre-configured VMs for use as recording environments.

1. Navigate to the Tetrane VMs page.

2. Choose one of the distributions - this guide assumes you picked Fedora 27.
   

   NOTE: If using the Free Edition, the only compatible distribution is Debian 9 Stretch, so choose this one.

3. Download either the qcow or the zip version.

4. If you chose the zip version, unzip the archive you downloaded.

Provisioning the VM disk

We will now upload the VM disk to the REVEN server, a step known as provisioning:

1. Open up your REVEN installation's Project Manager (by default, point a web browser to http://<your_reven_host>:8880)

2. Select the VM Manager tab.

3. Click on Register QEMU VM

   

4. The VM Import Wizard welcome screen shows up - click on Start.

5. In the Select VM screen, locate the Provision a new VM section and click on Upload a new VM file from disk

   

6. Click on Browse.

7. On your disk, select the *.qcow2 disk image file extracted from the archive earlier.

8. Click on Upload.

   

9. When the upload is over, click on Next. You are back at the Select VM screen.

Registering the VM

Now that the VM disk is available to the REVEN server, it is time to register it as a new VM.

Starting the registration

1. After the end of the provisioning step, you were taken back to the Select VM screen.

2. Locate the Register a new VM section.

3. Ensure the disk file we uploaded is selected in the combo box. If not, select it.

4. Click on Register.

   

5. In the Specify guest page, select the following options for this VM:

   1. OS: Linux.

   2. Architecture: x64.

   3. Leave the other options unchanged.

   4. Click on Next.

      

6. On the Create disk snapshot screen, click Next.

Booting the VM for the first time

We are now ready to boot this disk for the first time.

1. Boot the VM:
   1. Check Enable network.
   2. Click on Start.
   3. Click on Show in browser: the VM screen appears in a new tab or window.
   4. Log in: the user is robert and the password (the space character).
   5. Wait for the desktop to appear.

Configuring the guest

The VM you downloaded is already configured to be a good recording environment, so you don't have to do anything in that regard. Notably:

• It is a compatible kernel.
• KASLR and PTI have been disabled.
• Debug packages are generally downloaded on the disk.
• A light desktop environment is installed (Xfce).

Installing tools

At this point, you can install more software on the VM if you want, but this is not strictly necessary. Here are some general guidelines:

• If you pull software from the package manager, pull the debug packages along as well to make sure you get symbols later on.
• Do not update the VM - REVEN supports a certain set of kernels and you would risk going out of the perimeter.

Finishing configuration

Now that your VM is configured, turn it off:

1. In the VM screen, click on Applications, Log out, Shut Down.
2. Back to the Project Manager, click on Next.
3. You can skip Finalize VM preparation so Click on Next again.

Taking the first Live Snapshot

Now that the VM is off, it is time to boot it into Emulation mode (which is the mode we can record in) and take a handy live snapshot for future recording sessions:

1. Click on Start.

2. Click on Show in browser.

3. Wait a few minutes for the login screen to show up and log in - this is slower than earlier, because of the emulation mode.

4. Wait for the desktop to appear.

5. Linux will keep initializing things in the background, so we want to make sure the boot process is effectively over:

   1. Open up a Terminal emulator if one is not started automatically.
   2. Type in htop.
   3. Wait for the general CPU activity to be below 20%.
   4. Quit htop.

6. We will often use a command-line during recording sessions, so keep this one open, although you can call clear.

7. The VM is ready, it is time to take our live snapshot:

   1. Go back to the Project Manager.
   2. Locate the Take a live snapshot field.
   3. Type in a name, booted-cmd for instance.
   4. Click on Save.

8. Now that a live snapshot exists, we can safely force shutdown the VM because we will always be restoring a known good state: click on Force shutdown.

9. Click on Next.

Preparing the snapshot

1. On the Prepare the snapshot screen, click on Prepare.
2. Wait for the task to finish. This will take several minutes.
3. Click on Finish.

And that is it! We now have a VM with a guest environment tuned for a good recording experience. It is time to Record our first scenario.