Troubleshooting¶
Installing CALDERA¶
If donut-shellcode
installation fails, ensure that prerequisite packages are installed
Amazon Linux 2:
gcc
python3-devel
Starting CALDERA¶
Ensure that CALDERA has been cloned recursively. Plugins are stored in submodules and must be cloned along with the core code.
Check that Python 3.7+ is installed and being used.
Confirm that all
pip
requirements have been fulfilled.Run the CALDERA server with the
--log DEBUG
parameter to see if there is additional output.Consider removing the
conf/local.yml
and letting CALDERA recreate the file when the server runs again.
Module Not Found Error¶
If you get an error like ModuleNotFoundError: No module named 'plugins.manx.app'
when starting CALDERA:
Check to see if the
plugins/manx
folder is emptyEnsure that CALDERA has been cloned recursively. Plugins are stored in submodules and must be cloned along with the core code.
Alternatively, from the plugins folder, you can run
git clone https://github.com/mitre/manx.git
to grab only the manx repo.
Check your
conf/local.yml
to make sure manx is enabled
Stopping CALDERA¶
CALDERA has a backup, cleanup, and save procedure that runs when the key combination CTRL+C
is pressed. This is the recommended method to ensure proper shutdown of the server. If the Python process executing CALDERA is halted abruptly (for example SIGKILL) it can cause information from plugins to get lost or configuration settings to not reflect on a server restart.
Agent Deployment¶
Downloading the agent¶
Check the server logs for the incoming connection. If there is no connection:
Check for any output from the agent download command which could give additional information.
Make sure the agent is attempting to connect to the correct address (not
0.0.0.0
and likely not127.0.0.1
).Check that the listen interface is the same interface the agent is attempting to connect to.
Check that the firewall is open, allowing network connections, between the remote computer running the agent and the server itself.
Ensure Go is properly installed (required to dynamically-compile Sandcat):
Make sure the Go environment variables are properly set. Ensure the PATH variable includes the Go binaries by adding this to the
/etc/profile
or similar file:export PATH=$PATH:/usr/local/go/bin
If there are issues with a specific package, run something like the following:
go get -u github.com/google/go-github/github go get -u golang.org/x/oauth2
Running the agent¶
Run the agent with the
-v
flag and without the-WindowStyle hidden
parameter to view output.Consider removing bootstrap abilities so the console isn’t cleared.
Operations¶
No operation output¶
Ensure that at least one agent is running before running the operation.
Check that the agent is running either on the server or in the agent-specific settings under last checked in time.
Alternatively, clear out the running agent list using the red X’s. Wait for active agents to check in and repopulate the table.
Ensure that an adversary is selected before running the operation.
Check each ability on the adversary profile.
Abilities show an icon for which operating system they run on. Match this up with the operating systems of the running agents.
Abilities have specific executors in the details. Match this up with the executors of the running agents (found under the agent-specific settings).
Look at each ability command. If there is a fact variable inside - shown by #{} syntax - the ability will need to be “unlocked” by another ability, in a prior step, before it can run.
Opening Files¶
Files are encrypted by default and can be decrypted with the following utility: https://github.com/mitre/caldera/blob/master/app/utility/file_decryptor.py