2018-10-20 17:17:14 +02:00
# INSTALLATION INSTRUCTIONS
2019-04-05 06:02:40 +02:00
## for Debian 9.8 "stretch"
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 0/ MISP debian stable install - Status
2018-10-18 05:27:29 +02:00
--------------------------------------
2018-10-20 17:17:14 +02:00
!!! notice
2019-04-05 06:02:40 +02:00
Maintained and tested by @SteveClement on 20190405
2018-10-18 05:27:29 +02:00
2019-02-21 08:02:05 +01:00
!!! warning
2019-04-05 06:02:40 +02:00
This install document is NOT working as expected. There are Python issues as we "only" have python 3.5 but need at least python 3.6
This guide effectively converts your "stretch" install into a partial "testing" install.
Thus following the "testing" install guide is a better choice, but not for production.
One manual work-around is to install Python >3.5 from source.
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 1/ Minimal Debian install
2018-10-18 05:27:29 +02:00
-------------------------
2018-10-20 17:17:14 +02:00
#### Install a minimal Debian 9 "stretch" server system with the software:
2018-10-18 05:27:29 +02:00
- OpenSSH server
2018-10-25 05:48:39 +02:00
- This guide assumes a user name of 'misp' with sudo working
2018-10-18 05:27:29 +02:00
2019-02-21 08:02:05 +01:00
{!generic/globalVariables.md!}
```bash
2019-04-05 06:02:40 +02:00
PHP_ETC_BASE=/etc/php/7.3
2019-02-21 08:02:05 +01:00
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
```
2019-04-05 06:02:40 +02:00
{!generic/sudo_etckeeper.md!}
2018-10-25 05:48:39 +02:00
{!generic/ethX.md!}
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
#### Make sure your system is up2date
```bash
2018-10-18 05:27:29 +02:00
sudo apt update
sudo apt -y dist-upgrade
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-23 09:58:55 +02:00
#### install postfix, there will be some questions. (optional)
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Postfix Configuration: Satellite system
2018-10-20 17:17:14 +02:00
sudo apt install -y postfix
```
```bash
2018-10-18 05:27:29 +02:00
# change the relay server later with:
sudo postconf -e 'relayhost = example.com'
sudo postfix reload
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 2/ Install LAMP & dependencies
2018-10-18 05:27:29 +02:00
------------------------------
2018-10-20 17:17:14 +02:00
#### Install all the dependencies (some might already be installed)
2019-02-21 08:02:05 +01:00
You need to update python3.5 to python3.7 for [PyMISP ](https://github.com/MISP/PyMISP ) to work properly.
FIXME: The below breaks redis-server and mariadb-server
```bash
2019-04-05 06:02:40 +02:00
echo "deb http://ftp.de.debian.org/debian testing main" | sudo tee -a /etc/apt/sources.list
echo 'APT::Default-Release "stable";' | sudo tee -a /etc/apt/apt.conf.d/00local
sudo apt update
sudo apt-get -t testing install -y python3 python3-setuptools python3-dev python3-pip python3-redis python3-zmq virtualenv
2019-02-21 08:02:05 +01:00
```
2018-10-20 17:17:14 +02:00
```bash
2019-04-05 06:02:40 +02:00
sudo apt -t testing install -y \
2018-10-24 09:18:38 +02:00
curl gcc git gnupg-agent make openssl redis-server vim zip libyara-dev \
2018-10-18 05:27:29 +02:00
apache2 apache2-doc apache2-utils \
2018-10-24 09:18:38 +02:00
libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
2019-02-21 08:02:05 +01:00
jq ntp ntpdate imagemagick tesseract-ocr \
2019-04-05 08:23:07 +02:00
libxml2-dev libxslt1-dev zlib1g-dev \
net-tools
2018-10-18 05:27:29 +02:00
2019-04-05 06:02:40 +02:00
sudo apt -t testing install -y libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg php-gd
2019-02-21 08:02:05 +01:00
2019-04-05 06:02:40 +02:00
sudo apt -t testing install -y \
2019-02-21 08:02:05 +01:00
mariadb-client \
mariadb-server
2019-04-05 06:02:40 +02:00
# This is maybe needed. If mysql does not start and you find a solution, please contribute.
# What did work for me was running mysqld interactively: sudo mysqld
mkdir -p /var/run/mysqld
chown mysql /var/run/mysqld
sudo /etc/init.d/mysql restart
sudo apt -t testing install -y jupyter-notebook
2019-02-21 08:02:05 +01:00
2018-10-25 05:48:39 +02:00
# Start haveged to get more entropy (optional)
sudo apt install haveged -y
2019-04-05 06:02:40 +02:00
sudo service haveged start
2018-10-18 05:27:29 +02:00
2018-10-24 09:18:38 +02:00
sudo apt install expect -y
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
expect -f - < < -EOF
set timeout 10
spawn sudo mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
2018-10-24 11:20:13 +02:00
sudo apt-get purge -y expect ; sudo apt autoremove -y
2018-10-18 05:27:29 +02:00
# Enable modules, settings, and default of SSL in Apache
sudo a2dismod status
sudo a2enmod ssl rewrite
sudo a2dissite 000-default
sudo a2ensite default-ssl
2018-12-11 10:35:34 +01:00
sudo a2enmod headers
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
#### Apply all changes
```bash
2018-10-18 05:27:29 +02:00
sudo systemctl restart apache2
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2019-04-05 08:23:07 +02:00
#### Fix redis-server
For some reason or another, redis-server startup scripts are broken, the below will fix this.
```bash
fixRedis () {
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
echo '#! /bin/sh
### BEGIN INIT INFO
# Provides: redis-server
# Required-Start: $syslog
# Required-Stop: $syslog
# Should-Start: $local_fs
# Should-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: redis-server - Persistent key-value db
# Description: redis-server - Persistent key-value db
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/redis-server
DAEMON_ARGS=/etc/redis/redis.conf
NAME=redis-server
DESC=redis-server
PIDFILE=/var/run/redis.pid
test -x $DAEMON || exit 0
test -x $DAEMONBOOTSTRAP || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
touch $PIDFILE
chown redis:redis $PIDFILE
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
then
echo "$NAME."
else
echo "failed"
fi
;;
stop)
echo -n "Stopping $DESC: "
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
then
echo "$NAME."
else
echo "failed"
fi
rm -f $PIDFILE
;;
restart|force-reload)
${0} stop
${0} start
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >& 2
exit 1
;;
esac
exit 0' | sudo tee /etc/init.d/redis-server
sudo chmod 755 /etc/init.d/redis-server
sudo /etc/init.d/redis-server start
}
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 3/ MISP code
2018-10-18 05:27:29 +02:00
------------
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Download MISP using git in the /var/www/ directory.
sudo mkdir $PATH_TO_MISP
sudo chown www-data:www-data $PATH_TO_MISP
cd $PATH_TO_MISP
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
2019-02-21 08:02:05 +01:00
sudo -u www-data git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www-data git submodule foreach --recursive git config core.filemode false
2018-10-18 05:27:29 +02:00
2018-10-25 05:48:39 +02:00
# Make git ignore filesystem permission differences
2018-10-18 05:27:29 +02:00
sudo -u www-data git config core.filemode false
2018-10-25 05:48:39 +02:00
# Create a python3 virtualenv
2018-10-31 11:13:15 +01:00
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
2018-10-25 05:48:39 +02:00
# make pip happy
2018-10-24 09:18:38 +02:00
sudo mkdir /var/www/.cache/
sudo chown www-data:www-data /var/www/.cache
2018-10-18 05:27:29 +02:00
cd $PATH_TO_MISP/app/files/scripts
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
2019-01-10 16:57:32 +01:00
# install mixbox to accommodate the new STIX dependencies:
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
2018-10-18 05:27:29 +02:00
cd $PATH_TO_MISP/app/files/scripts/python-cybox
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2018-10-18 05:27:29 +02:00
cd $PATH_TO_MISP/app/files/scripts/python-stix
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2018-10-18 05:27:29 +02:00
cd $PATH_TO_MISP/app/files/scripts/python-maec
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2018-10-18 05:27:29 +02:00
cd $PATH_TO_MISP/app/files/scripts/mixbox
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2019-01-10 16:57:32 +01:00
# install STIX 2.0 library to support STIX 2.0 export:
cd $PATH_TO_MISP/cti-python-stix2
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2018-10-18 05:27:29 +02:00
# install PyMISP
cd $PATH_TO_MISP/PyMISP
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2019-01-22 12:12:58 +01:00
# Install Crypt_GPG and Console_CommandLine
2019-02-21 08:02:05 +01:00
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 4/ CakePHP
2018-10-18 05:27:29 +02:00
-----------
2018-10-20 17:17:14 +02:00
#### CakePHP is included as a submodule of MISP.
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd $PATH_TO_MISP/app
# Make composer cache happy
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
2019-04-05 06:02:40 +02:00
# Update composer.phar
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo -H -u www-data php composer-setup.php
sudo -H -u www-data php -r "unlink('composer-setup.php');"
2018-10-31 11:13:15 +01:00
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
sudo -H -u www-data php composer.phar config vendor-dir Vendor
sudo -H -u www-data php composer.phar install
2018-10-18 05:27:29 +02:00
# Enable CakeResque with php-redis
sudo phpenmod redis
2018-10-24 09:18:38 +02:00
sudo phpenmod gnupg
2018-10-18 05:27:29 +02:00
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 5/ Set the permissions
2018-10-18 05:27:29 +02:00
----------------------
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Check if the permissions are set correctly using the following commands:
sudo chown -R www-data:www-data $PATH_TO_MISP
sudo chmod -R 750 $PATH_TO_MISP
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
sudo chmod -R g+ws $PATH_TO_MISP/app/files
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 6/ Create a database and user
2018-10-18 05:27:29 +02:00
-----------------------------
2018-10-20 17:17:14 +02:00
#### Enter the mysql shell
```bash
2018-10-18 05:27:29 +02:00
sudo mysql -u root -p
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
```
MariaDB [(none)]> create database misp;
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
```
2018-10-20 17:17:14 +02:00
#### copy/paste:
```bash
2018-10-18 05:27:29 +02:00
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
2018-10-20 17:17:14 +02:00
#### Import the empty MISP database from MYSQL.sql
```bash
2018-10-18 05:27:29 +02:00
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 7/ Apache configuration
2018-10-18 05:27:29 +02:00
-----------------------
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
# If the apache version is 2.4:
sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
============================================= Begin sample working SSL config for MISP
2018-10-25 01:30:57 +02:00
< VirtualHost _default_ :80 >
2018-10-18 05:27:29 +02:00
ServerAdmin admin@< your.FQDN.here >
ServerName < your.FQDN.here >
Redirect permanent / https://< your.FQDN.here >
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
< / VirtualHost >
2018-10-25 01:30:57 +02:00
< VirtualHost _default_ :443 >
2018-10-18 05:27:29 +02:00
ServerAdmin admin@< your.FQDN.here >
ServerName < your.FQDN.here >
DocumentRoot $PATH_TO_MISP/app/webroot
< Directory $ PATH_TO_MISP / app / webroot >
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
< / Directory >
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
< / VirtualHost >
============================================= End sample working SSL config for MISP
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# activate new vhost
sudo a2dissite default-ssl
sudo a2ensite misp-ssl
2019-04-05 06:02:40 +02:00
# Recommended: Change some PHP settings in /etc/php/7.3/apache2/php.ini
2018-10-18 05:27:29 +02:00
# max_execution_time = 300
# memory_limit = 512M
# upload_max_filesize = 50M
# post_max_size = 50M
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
# Restart apache
sudo systemctl restart apache2
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 8/ Log rotation
2018-10-18 05:27:29 +02:00
---------------
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
2018-10-24 09:18:38 +02:00
sudo chmod 0640 /etc/logrotate.d/misp
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### 9/ MISP configuration
2018-10-18 05:27:29 +02:00
---------------------
2018-10-20 17:17:14 +02:00
```bash
2018-10-18 05:27:29 +02:00
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
echo "< ?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
# and make sure the file permissions are still OK
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
sudo chmod -R 750 $PATH_TO_MISP/app/Config
2018-10-24 11:20:13 +02:00
2018-10-18 05:27:29 +02:00
# Generate a GPG encryption key.
cat >/tmp/gen-key-script < < EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
# And export the public key to the webroot
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
# To make the background workers start on boot
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
2018-10-24 11:42:16 +02:00
```
2018-10-25 01:30:57 +02:00
{!generic/MISP_CAKE_init.md!}
2018-10-18 05:27:29 +02:00
2018-10-24 11:42:16 +02:00
```bash
2018-10-18 05:27:29 +02:00
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
2018-10-24 09:18:38 +02:00
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
2018-10-25 01:30:57 +02:00
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log & \n' /etc/rc.local
2018-10-18 05:27:29 +02:00
# Start the workers
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
2018-10-24 11:20:13 +02:00
# some misp-modules dependencies
2018-11-20 05:58:18 +01:00
sudo apt-get install -y libfuzzy-dev python3-dev python3-pip libpq5 libjpeg-dev tesseract-ocr imagemagick
2018-10-24 09:18:38 +02:00
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
2018-10-18 05:27:29 +02:00
cd /usr/local/src/
2018-10-24 09:18:38 +02:00
git clone https://github.com/MISP/misp-modules.git
2018-10-18 05:27:29 +02:00
cd misp-modules
2018-10-24 09:18:38 +02:00
# pip install
2018-11-03 11:55:35 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
2019-04-05 06:02:40 +02:00
sudo apt -t testing install ruby-pygments.rb -y
2018-10-18 05:27:29 +02:00
sudo gem install asciidoctor-pdf --pre
2018-10-25 01:30:57 +02:00
# install additional dependencies for extended object generation and extraction
2019-04-05 06:02:40 +02:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
2018-10-25 01:30:57 +02:00
2018-10-24 11:20:13 +02:00
# Start misp-modules
2018-10-31 11:13:15 +01:00
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
2018-10-24 11:20:13 +02:00
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
2018-10-25 03:07:02 +02:00
{!generic/INSTALL.done.md!}
2018-10-18 05:27:29 +02:00
2018-10-25 03:07:02 +02:00
{!generic/recommended.actions.md!}
2018-10-18 05:27:29 +02:00
2018-10-20 17:17:14 +02:00
### Optional features
2018-10-18 05:27:29 +02:00
-------------------
2018-10-24 09:18:38 +02:00
!!! note
You can add the following to your shell startup rc scripts to have the *cake* and *viper-cli* commands in your $PATH
```bash
# set PATH so it includes viper if it exists
if [ -d "/usr/local/src/viper" ] ; then
PATH="$PATH:/usr/local/src/viper"
fi
# set PATH so it includes viper if it exists
if [ -d "/var/www/MISP/app/Console" ] ; then
PATH="$PATH:/var/www/MISP/app/Console"
fi
```
#### Experimental ssdeep correlations¶
##### installing ssdeep
```
cd /usr/local/src
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
tar zxvf ssdeep-2.14.1.tar.gz
cd ssdeep-2.14.1
./configure
make
sudo make install
2018-10-23 09:58:55 +02:00
2018-10-24 09:18:38 +02:00
#installing ssdeep_php
2019-04-18 06:21:38 +02:00
sudo pecl channel-update pecl.php.net
2018-10-24 09:18:38 +02:00
sudo pecl install ssdeep
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
2018-11-01 04:09:30 +01:00
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
2018-10-24 09:18:38 +02:00
sudo phpenmod ssdeep
sudo service apache2 restart
2018-10-23 09:58:55 +02:00
```
2018-10-20 17:17:14 +02:00
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
2018-10-22 03:11:19 +02:00
```bash
2018-10-18 05:27:29 +02:00
# ZeroMQ depends on the Python client for Redis
2018-10-23 09:58:55 +02:00
sudo apt install python3-redis -y
2018-10-18 05:27:29 +02:00
2018-10-24 09:18:38 +02:00
# install pyzmq
2018-10-23 09:58:55 +02:00
sudo apt install python3-zmq -y
2018-10-20 17:17:14 +02:00
```
2018-10-18 05:27:29 +02:00
2018-10-24 09:18:38 +02:00
In case you are using a virtualenv make sure pyzmq is installed therein.
```bash
2019-04-18 06:21:38 +02:00
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
2018-10-24 09:18:38 +02:00
```
2019-03-05 12:24:56 +01:00
#### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
2019-04-05 06:02:40 +02:00
# Tested but some issues arose
2019-03-05 12:24:56 +01:00
```bash
2019-04-05 06:02:40 +02:00
sudo apt-get -t testing install librdkafka-dev php-dev
2019-04-18 06:21:38 +02:00
sudo pecl channel-update pecl.php.net
2019-04-05 06:02:40 +02:00
sudo pecl install rdkafka
echo "extension=rdkafka.so" | sudo tee ${PHP_ETC_BASE}/mods-available/rdkafka.ini
sudo phpenmod rdkafka
2019-04-05 08:23:07 +02:00
sudo service apache2 restart
2019-03-05 12:24:56 +01:00
```
2018-10-25 05:48:39 +02:00
{!generic/misp-dashboard-debian.md!}
2018-10-18 05:27:29 +02:00
2018-10-25 05:48:39 +02:00
{!generic/viper-debian.md!}
2018-10-18 05:27:29 +02:00
2018-10-25 05:48:39 +02:00
{!generic/ssdeep-debian.md!}
2018-10-18 05:27:29 +02:00
2018-10-25 05:48:39 +02:00
{!generic/mail_to_misp-debian.md!}
2018-11-21 08:46:37 +01:00
{!generic/hardening.md!}