new: [install] docker and ansible scripts for remote transform server

Dockerfile

@@ -0,0 +1,47 @@
+# Install MISP-maltego remote transform as docker image.
+#
+# DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS
+# - Most people usually probably want to use the local transforms 
+# - Others the 'ATT&CK - MISP' form the Transform Hub 
+#
+# To build: "docker build MISP-maltego -t misp-maltego"
+# To run: "docker run -p 8080:8080/tcp misp-maltego" if you want to run and enable portforwarding
+# To stop: "docker ps" and "docker stop <instance_name>"
+#
+# Then configure your iTDS server 
+# - to create all the transforms and seeds and point to your docker.
+# - export the objects, icons and machines to a mtz and associate to the seed
+#   Paired Configurations:
+#   - in Maltego > Export Config, and select
+#   -- Entities > MISP
+#   -- Icons > MISP + intelligence icons
+#   -- Machines
+#   Save as "paired_config.mtz", upload on TDS
+
+
+# TODO 
+# - run the service with TLS, but that makes stuff more complex to automate
+
+FROM python:3
+
+RUN pip install PyMISP canari
+
+# keep this for normal install
+#RUN pip install MISP-maltego
+
+# use this for install from your own local git repo
+# - first run "python setup.py sdist" to build the package
+# - change the version number below
+COPY dist/MISP_maltego-1.4.1.tar.gz /usr/local/src/
+RUN pip install /usr/local/src/MISP_maltego-1.4.1.tar.gz
+
+ENV LC_ALL='C.UTF-8'
+ENV LANG='C.UTF-8'
+ENV PLUME_ROOT='/var/plume'
+RUN addgroup nobody
+RUN canari install-plume --accept-defaults
+RUN canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults
+
+EXPOSE 8080/tcp
+
+CMD ["/etc/init.d/plume", "start-docker"]

TRANSFORM_HUB_DISCLAIMER.md

@@ -11,6 +11,8 @@ We do keep standard HTTP logs for troubleshooting and anonymous statistics, alth
 
 **If so, feel free to use the MISP-Maltego transforms locally, where all the code runs on your own system. Installation instructions can be found [here](https://github.com/MISP/MISP-maltego/blob/master/doc/README.md#installation).**
 
+You can also run this on your own iTDS server if you have the license. Have a look at the [Dockerfile](https://github.com/MISP/MISP-maltego/blob/master/Dockerfile) for more info.
+
 
 ## More info
 For more information please read Paterva's and Canari's documentation:

ansible/plume.yaml

@@ -0,0 +1,98 @@
+---
+# Install MISP-maltego remote transform using ansible.
+#
+# DO NOT USE THIS UNLESS YOU REALLY KNOW YOU NEED THIS
+# - Most people usually probably want to use the local transforms 
+# - Others the 'ATT&CK - MISP' form the Transform Hub 
+#
+# First install your ubuntu system, 
+# Then run ansible-playbook -i inventory.txt plume.yaml
+#
+# Then configure your iTDS server 
+# - to create all the transforms and seeds and point to your docker.
+# - export the objects, icons and machines to a mtz and associate to the seed
+#   Paired Configurations:
+#   - in Maltego > Export Config, and select
+#   -- Entities > MISP
+#   -- Icons > MISP + intelligence icons
+#   -- Machines
+#   Save as "paired_config.mtz", upload on TDS
+
+- hosts: all
+  remote_user: ubuntu
+  become: yes
+  vars:
+    misp_maltego_version: 1.4.1  # FIXME change this !!!
+  tasks:
+  - name: install python3-pip
+    apt:
+      name: python3-pip
+      state: present
+  - name: install python libs
+    pip:
+      executable: pip3
+      name: ['canari', 'PyMISP']
+      state: latest
+  
+  # use the public pip package
+  - name: install MISP-maltego
+    pip:
+      executable: pip3
+      name: ['MISP-maltego']
+      state: latest
+    
+  # use local git repo instead, useful for development
+  # - name: bundle MISP-maltego
+  #   delegate_to: 127.0.0.1
+  #   command: 
+  #     cmd: python setup.py sdist
+  #     chdir: ../
+  #   become: no
+  # - name: copy MISP-maltego
+  #   copy:
+  #     src: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     dest: /usr/local/src/
+  # - name: install MISP-maltego
+  #   pip:
+  #     executable: pip3
+  #     name: file:///usr/local/src/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     state: forcereinstall
+  # - name: remove local MISP-maltego bundle
+  #   delegate_to: 127.0.0.1
+  #   file:
+  #     path: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     state: absent
+  #   become: no
+
+  - name: create nobody group - needed by plume
+    group:
+      name: nobody
+      state: present
+
+  - name: install canari plume
+    shell: 
+      cmd: canari install-plume --accept-defaults
+      creates: /var/plume/canari.conf
+    environment:
+      LC_ALL: 'C.UTF-8'
+      LANG: 'C.UTF-8'
+  # LATER maybe we want to run plume with TLS?
+
+  - name: load plume package
+    command: 
+      cmd: canari load-plume-package MISP_maltego --plume-dir /var/plume --accept-defaults
+      chdir: /var/plume
+      creates: /var/plume/MISP_maltego.conf
+    environment:
+      LC_ALL: 'C.UTF-8'
+      LANG: 'C.UTF-8'
+      PLUME_ROOT: '/var/plume'
+    notify: restart plume
+
+  # FIXME /etc/init.d/plume start at boot
+
+  handlers:
+    - name: restart plume
+      service:
+        name: plume
+        state: restarted