Bare Metal Configuration (optional)
Locate your MySQL credentials. You can get them with the following command.
sudo cat /etc/mysql/debian.cnf
Docker Configuration (optional)
Nothing specific has to be done, except what has been done in Installation steps already.
Just prepare your MYSQL user/password and storage location for the next steps.
Common Configuration
Edit your configuration file (under /your_root/src/config.php), as explained below.
From the Installation steps, fill in the following information:
- The database name in sections “db/storage” and “db/usercake”
- The database credentials (see above) in sections “db/storage” and “db/usercake”.
- The database host in sections “db/storage” and “db/usercake”. NOTE: For docker it must be the name of the mysql container (“db” in our template).
- The storage path in section “urls/storagePath”
- The public url in section “urls/baseUrl”. Example: “http://localhost” (locally), “https://my.mrf.example.com/”
Then, change the config file according to your needs (see below)
Modules
Most modules are not documented, it’s not advised to change their configuration. Only a few can be tweaked:
Cuckoo
- Enable the module with section “cuckoo/enabled” = True
- Put your cuckoo API url in section “cuckoo/api_base_url” (see documentation for Cuckoo)
- Put your cuckoo WEB base url in section “cuckoo/web_base_url”
- Change never upload = True/False in section “cuckoo/never_upload”. When enabled, no sample can be uploaded to the 3rd party website, even if unknown.
- Don’t forget to re-run the installation script if needed after changing this
VirusTotal
- Enable the module with section “virustotal/enabled” = True
- Put your VirusTotal API key in section “virustotal/key”
- Change never upload = True/False in section “virustotal/never_upload”. When enabled, no sample can be uploaded to the 3rd party website, even if unknown.
- Change automatic comment = True/False in section “virustotal/comment_uploaded/enabled”. When enabled, all (prior unknown) samples uploaded will be commented on VirusTotal with the text you define.
- Change automatic comment content in section “virustotal/comment_uploaded/comment” (optional).
- Don’t forget to re-run the installation script if needed after changing this
YaraEditor (YED)
- Enable the module with section “yed/enabled” = True
- Put your YaraEditor API url in section “yed/url” (see documentation for YaraEditor)
- Put your YaraEditor API key in section “yed/key”
- Change never upload = True/False in section “yed/never_upload”. When enabled, no sample can be uploaded to the 3rd party website, even if unknown.
- Don’t forget to re-run the installation script if needed after changing this
Hybrid Analysis
- Enable the module with section “hybridanalysis/enabled” = True
- Put your YaraEditor API url in section “hybridanalysis/url” (see documentation for Hybrid Analysis)
- Put your YaraEditor API key in section “hybridanalysis/key”
- Change never upload = True/False in section “hybridanalysis/never_upload”. When enabled, no sample can be uploaded to the 3rd party website, even if unknown.
- Don’t forget to re-run the installation script if needed after changing this
Any.RUN (New V7.0!)
- Enable the module with section “anyrun/enabled” = True
- Put your Any.Run API key in section “anyrun/key” (see documentation for Any.RUN Analysis)
- Change never upload = True/False in section “anyrun/never_upload”. When enabled, no sample can be uploaded to the 3rd party website, even if unknown.
- Don’t forget to re-run the installation script if needed after changing this
Please find below a configuration file template with pre-configured options.
Don’t hesitate to use it as a starting point.