Tuesday, November 26, 2024

Importing Remnux and SIFT OVA's into Proxmox (New Way to Do It)

I've used Proxmox (PVE) for quite a few years now for my "home lab" virtual machines as well as various self-hosted servers. For home lab activities, it's nice running a virtual machine on a server instead of having to run it on my laptop using Virtualbox, HyperV or VMWare Workstation.

My experience with PVE has been extemely good from the very beginning. One thing I always wished for though was the ability to directly import OVF or OVA files directly. With the new 8.3 release, Proxmox can finally do that! I decided to try out the new feature by importing Remnux and the SIFT workstation OVA files. I won't go into how to enable the import feature in this post but I can follow up with a separate one if anyone needs help.

I actually set up the import feature a couple of different ways to try it out. First, I added it to the local storage; the same place that ISO files and container templates are stored. I also created a new SMB storage and added the import feature to that. In that case, I created a new directory on a Debian file server I have (also a VM on the same Proxmox server) and shared it so that the files could be accessed there. I then uploaded my OVA files to the two new storage areas and tried them out individually. It seemed like everything was going to work but there was a problem importing the Remnux OVA. Upon trying to import I got this message:

I opened the Remnux OVA file and discovered that the vmdk disk file in it is further compressed in a gzip file and Proxmox couldn't work with that. I manually changed the OVA by removing the vmdk and placing it in the OVA uncompressed (and removed the gz file). This also required making changes to the other files in the OVA that pointed to the gz file. I tried again but got a different error. So then I decided to do it a different way.

I imported the Remnux OVA into Virtualbox and then exported it again from there into a new OVA. I then uploaded the new OVA to the server and imported it. I had downloaded the "general OVA" of Remnux as I thought that might be the best option since I wasn't using Virtualbox. However, the "Virtualbox OVA" I downloaded later does not have the vmdk in a gzip file as the general one does.

Once that was all sorted out I started the import process. 

The first photo shows where I selected the Remnux OVA from the two available files. In this case, they were both stored on my "remote" storage in the Debian file server and had to be imported across the network from there.

This second photo shows where I set the parameters such as VM ID number and virtual machine name. I assign the ID numbers based on which PVE server they are on. I have 4 different servers (I may have a problem), though two are generally not turned on and only used occasionally. In this case, the ID is 212 which signifies it is VM number 12 on PVE server 2. Other than assigning the ID and name I left everything else at the defaults.

After a few minutes the OVA had fully imported across the network and was ready to run. But something still wasn't quite right.

The machine started up but wasn't showing any display when I viewed it in the PVE terminal window. I decided to experiment with the different available display settings in the hardware section of PVE and found that the display just wasn't going to work with the default graphics adapter. I shut down the VM and changed the display adapter setting from the default to "vmware compatible." I started the machine again and everything worked like it should.

 
 
Once it got to the desktop, I enabled the network adapter and started the update/upgrade process. If you're not aware of how to manually enable the network adapter, here's how I did it:
  1. From the command prompt, type "networkctl" and find out the name of the adapter. In my case, it was named "ens18".
  2. Next, I typed "sudo ifconfig ens18 up" to enable the adapter.
  3. Last, I typed "sudo dhclient" to get the adapter to reach out for a dhcp assigned IP address.

That got the network going and I completed the updates.

Next it was time to try importing the SIFT Workstation. I used SIFT a great deal when I was more active in the digital forensics world and it's still a great resource. Anyway, I completed the same import and naming procedure as described above and started the import. It took a little longer than the Remnux import because the SIFT ova is about 1 gigabyte larger.

There isn't much to say about this one. The import just worked and I had no problems with it at all. I did find it was helpful to increase the amount of video memory in the VM hardware settings.

You may wonder how I might get files for analysis to the VM. I use mostly Linux computers in my house and my laptop is no different. If I have a file on it I want to analyze in Remnux or SIFT, I generally just use "scp" to put it there across the network. I then disable the Remnux networking again if necessary.

So, that's about it for now. If you have any questions, please leave a comment!