Advanced system pre-requisites
This page details the system pre-requisites for the server. In most installations, reading the basic pre-requisites should be sufficient.
Storage
The table below shows how Reven organizes its data.
| Path | Comment |
|---|---|
| VM | The VM repository containing the QEMU images, should be fast for snapshot save/load operations. |
| Reven scenarios | Scenario-specific files such as their binaries, the recordings, the replay files, which may be quite large (hundreds of GB). Storage requires a high I/O throughput, to get the best performance out of Reven (e.g. SSD). |
| IMPORTANT: Since this directory will contain SQlite databases, be careful not to have it being in an NFS mount, or you may experience some difficulties and bugs. | |
| PDBs | Can be shared between users and/or machines. |
| Archives | The scenarios exports. Can be used for backups. Storage can be slow, should be safe (RAID, ZFS, ...). |
| Temporary directory | A work directory for Reven. The faster the better. Putting that directory in a RAMFS mount point will even help reduce latency during scenario recording. |
During the installation process, you will have to provide a base data folder.
The table below shows the default path configuration accordingly defined in the esReven docker-compose
file. ${DATA} represents the base data folder.
NOTE: you can alter these mappings individually after following the installation process.
| Path | Default docker-compose.yml volume mapping |
|---|---|
| VM | ${DATA}/reven/VMs:/VMs |
| Reven scenarios | ${DATA}/reven/Reven2:/Reven2 |
| PDBs | ${DATA}/reven/symbols:/home/reven/.local/share/reven/symbols |
| Archives | None by default, but should look like this: /path/to/Archives:/Reven2/Archives |
| Temporary directory | None by default, but should look like this: /path/to/very/fast/disk:/Reven2/tmp |
Networking
The list below shows networking requirements and options between the Reven server and other machines. Make sure any filtering device is configured to allow these connections.
Incoming connections:
-
Main Project Manager interface:
QUASAR_UWSGI_PORTBy default, the Project Manager listens on port 8880. -
VMs and Axion Web usage:
QUASAR_USE_VNC=TrueBy default, VMs and Axion displays are served through port 6080. -
Reven server ports for Axion, Python API, WinDbg bridge: Reven server listens on any port of the defined port range (
REVEN_BACKEND_PORT_RANGEin.env), which defaults to[14000, 14099]. You may want to access these ports when using Axion, the Reven Python API or the WinDbg bridge from a remote client. In this case a VPN may prove useful. -
Debugger-Assisted Recording ports for WinDbg bridge: The debugger-assisted recording server listens on any port of the defined port range (
REVEN_VMI_PORT_RANGEin.env), which defaults to[14100, 14199]. You may want to access these ports when using WinDbg bridge from a remote client. In this case a VPN may prove useful.
Out-going connections:
-
Connections to the symbol servers:
QUASAR_SYMBOL_SERVERSAny symbol server listed in the symbol server list must be accessible to the Project Manager and the Reven server. -
Connection to ret-sync (IDA/Ghidra): IDA/Ghidra synchronization with a Reven trace requires Axion to connect to the machine running IDA/Ghidra (port 9100 by default). Here again, a VPN may prove useful.
NOTE: When the installation is on a machine using a proxy to access the network you should set QUASAR_HTTP_PROXY and QUASAR_HTTPS_PROXY so that the symbol servers are accessible. Please refer to the settings file for more information and examples about how to fill out these variables.