diff --git a/lib/cuckoo/core/analysis_manager.py b/lib/cuckoo/core/analysis_manager.py index aee7cb65372..7aab04cad40 100644 --- a/lib/cuckoo/core/analysis_manager.py +++ b/lib/cuckoo/core/analysis_manager.py @@ -601,6 +601,7 @@ def route_network(self): str(self.socks5s[self.route]["dnsport"]), str(self.socks5s[self.route]["port"]), ) + self.rooter_response = rooter("libvirt_fwo_enable", self.machine.interface, self.machine.ip) elif self.route in ("none", "None", "drop"): self.rooter_response = rooter("drop_enable", self.machine.ip, str(self.cfg.resultserver.port)) @@ -618,6 +619,7 @@ def route_network(self): self.route = "drop" if self.interface: + self.rooter_response = rooter("libvirt_fwo_enable", self.machine.interface, self.machine.ip) if self.no_local_routing: input_interface = "dirty-line" # Traffic from lan to machine @@ -666,6 +668,7 @@ def route_network(self): def unroute_network(self): routing = Config("routing") if self.interface: + self.rooter_response = rooter("libvirt_fwo_disable", self.machine.interface, self.machine.ip) if self.no_local_routing: input_interface = "dirty-line" # Traffic from lan to machine @@ -735,6 +738,7 @@ def unroute_network(self): str(self.socks5s[self.route]["dnsport"]), str(self.socks5s[self.route]["port"]), ) + self.rooter_response = rooter("libvirt_fwo_disable", self.machine.interface, self.machine.ip) elif self.route in ("none", "None", "drop"): self.rooter_response = rooter("drop_disable", self.machine.ip, str(self.cfg.resultserver.port)) diff --git a/lib/cuckoo/core/startup.py b/lib/cuckoo/core/startup.py index 006e99955c9..602eaeb2fa5 100644 --- a/lib/cuckoo/core/startup.py +++ b/lib/cuckoo/core/startup.py @@ -15,9 +15,12 @@ from contextlib import suppress from pathlib import Path -# Private -import custom.signatures - +try: + # Private + import custom.signatures + HAS_CUSTOM_SIGNATURES = True +except ModuleNotFoundError: + HAS_CUSTOM_SIGNATURES = False try: import custom.signatures.all except ImportError: @@ -289,7 +292,8 @@ def init_modules(): import_package(modules.signatures.windows) import_package(modules.signatures.linux) # Import all private signatures - import_package(custom.signatures) + if HAS_CUSTOM_SIGNATURES: + import_package(custom.signatures) if HAS_CUSTOM_SIGNATURES_ALL: import_package(custom.signatures.all) if HAS_CUSTOM_SIGNATURES_LINUX: diff --git a/utils/rooter.py b/utils/rooter.py index a4f497c4dfd..a87c7115a09 100644 --- a/utils/rooter.py +++ b/utils/rooter.py @@ -469,6 +469,14 @@ def polarproxy_disable(interface, client, tls_port, proxy_port): "ACCEPT" ) +def libvirt_fwo_enable(interface, source): + """Enable LIBVIRT_FWO for a specific interface and source.""" + run_iptables("-I", "LIBVIRT_FWO", "1", "-i", interface, "-s", source, "-j", "ACCEPT") + +def libvirt_fwo_disable(interface, source): + """Disable LIBVIRT_FWO for a specific interface and source.""" + run_iptables("-D", "LIBVIRT_FWO", "-i", interface, "-s", source, "-j", "ACCEPT") + def init_rttable(rt_table, interface): """Initialise routing table for this interface using routes from main table.""" @@ -1005,6 +1013,8 @@ def drop_disable(ipaddr, resultserver_port): "disable_mitmdump": disable_mitmdump, "polarproxy_enable": polarproxy_enable, "polarproxy_disable": polarproxy_disable, + "libvirt_fwo_enable": libvirt_fwo_enable, + "libvirt_fwo_disable": libvirt_fwo_disable, } if __name__ == "__main__":