Advanced system pre-requisites

This page details the system pre-requisites for the server. In most installations, reading the basic pre-requisites should be sufficient.

Deployment overview

The following diagram gives an overview of the deployment of REVEN.

Deployment overview

Operating system

  • The docker package supports any Linux distribution.
  • The native package must be installed on a Debian 10 Buster amd64 system.

Storage

The table below shows how REVEN organizes its data.

PathComment
VMThe VM repository containing the QEMU images, should be fast for snapshot save/load operations.
REVEN scenariosVM-specific files such as their filesystems, the REVEN recordings, the replay files, which may be quite large (hundreds of GB).
Storage requires a high I/O throughput, to get the best performance out of REVEN (e.g. SSD).
Since this directory will contain SQlite databases, be careful not to have it being in an NFS mount, or you may experience some difficulties and bugs.
PDBsCan be shared between users and/or machines.
ArchivesThe scenarios exports. Can be used for backups.
Storage can be slow, should be safe (RAID, ZFS, ...).
Temporary directoryA work directory for REVEN. The faster the better.
Putting that directory in a RAMFS mount point will even help reduce latency during scenario recording.

The table below shows the configuration variables that can be set during the installation process to change the corresponding path.

  • For the Docker package, the variables can be edited in the run.sh at the root of the package.
  • For the native package, the variables can be edited in the settings.py file at the root of the package, or in the user-wide setting file (defaults to ~/.config/tetrane/quasar.py).
PathDocker package run.shNative package settings.py/quasar.py
VMVM_PATHQUASAR_QEMU_SCAN_PATH
REVEN scenariosREVEN2_PATHQUASAR_ROOT
PDBsSYMBOL_PATHQUASAR_SYMBOL_STORE
ArchivesNot configurable: $REVEN2_PATH/ArchivesQUASAR_ARCHIVES_PATH
Temporary directoryNot configurable: $REVEN2_PATH/tmpQUASAR_TMP

Networking

The list below shows networking requirements and options between the REVEN server and other machines. Make sure any filtering device is configured to allow these connections.

  • Main Project Manager interface: QUASAR_UWSGI_PORT By default, the Project Manager listens on port 8880.

  • VMs and Axion Web usage: QUASAR_USE_VNC=True By default, VMs and Axion displays are served through a random port. The settings variable QUASAR_WEBSOCKIFY_PORT allows to set a fixed value for this port.

  • VMs and Axion X server usage: QUASAR_USE_VNC=False For this usage, you must be able to run X server applications in the terminal where REVEN is started: remote X or native X server will both work. A common situation is to use SSH X forwarding, in which case the SSH port must be open.

  • REVEN server ports for Axion, Python API, WinDbg bridge: REVEN server listens on any port of the ephemeral port range, which defaults to [32768, 60999] on Debian. You may want to access these ports when using Axion, the REVEN Python API or the WinDbg bridge from a remote client. In which cases a VPN may prove useful.

NOTE: Implementing a reverse-proxy in front of REVEN may simplify the requirements on network filtering. Please refer to the specific reverse-proxy section.

  • Connections to the symbol servers: QUASAR_SYMBOL_SERVERS Any symbol server listed in the symbol server list must be accessible to the Project Manager and the REVEN server.

  • Connection to ret-sync (IDA/Ghidra): IDA/Ghidra synchronization with a REVEN trace requires Axion to connect to the machine running IDA/Ghidra (port 9100 by default). Here again, a VPN may prove useful.

NOTE: When the installation is on a machine using a proxy to access the network you should set QUASAR_HTTP_PROXY and QUASAR_HTTPS_PROXY so that the symbol servers and, in the case of the professional edition, the license server, are accessible. Please refer to the settings file for more information and examples about how to fill out these variables.