2019-02-08 10:23:43 +01:00
#!/usr/bin/env bash
############################################################
###### #
##### Please AutoGenerated... ##
#### Do NOT was ###
### Manually It ####
## Change this Script... #####
# ######
############################################################
2019-02-08 11:19:27 +01:00
############################################################
#INSTALLATION INSTRUCTIONS #
##########################################################
2019-02-08 10:23:43 +01:00
#------------------------- for Debian Flavored Linux Distributions
#
2019-02-08 11:19:27 +01:00
#-------------------------------------------------------|
# 0/ Quick MISP Instance on Debian Based Linux - Status |
#-------------------------------------------------------|
#
# 20190208: Kali Linux tested and working.
2019-02-08 10:23:43 +01:00
#
#
2019-02-08 11:19:27 +01:00
#-------------------------------------------------------|
# 1/ For Kali, download and run Installer Script |
#-------------------------------------------------------|
#
2019-02-08 10:23:43 +01:00
# To install MISP on Kali copy paste the following to your r00t shell:
2019-02-08 11:19:27 +01:00
# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
2019-02-08 10:23:43 +01:00
# /!\ Please read the installer script before randomly doing the above.
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
#
#
2019-02-08 11:19:27 +01:00
#---------------------------------------------------------------------------------------------|
# 2/ For other Debian based Linux distributions, download script and run as unprivileged user |
#---------------------------------------------------------------------------------------------|
#
# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C
#
#
#----------------------------------------------------------|
# 3/ The following script has been partially autogenerated |
#----------------------------------------------------------|
#
2019-02-08 10:23:43 +01:00
# To generate this script yourself, the following steps need to be taken.
# $ git clone https://github.com/SteveClement/xsnippet.git
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
# $ git clone https://github.com/MISP/MISP.git
# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh
#
2019-02-08 11:19:27 +01:00
##
###
####----------------\
## Developer Note |
####--------------------------------------------------------------------------------------------------|
## In theory the order does not matter as everything is a self-contained function. |
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
#-----------------------------------------------------------------------------------------------------|
#
# ToC #
#
#### BEGIN AUTOMATED SECTION ####
2019-02-08 10:23:43 +01:00
# Setting generic MISP variables shared by all flavours
MISPvars ( ) {
# Local non-root MISP user
MISP_USER = 'misp'
MISP_PASSWORD = 'Password1234'
# MISP configuration variables
PATH_TO_MISP = '/var/www/MISP'
# Todo: IF run from CLI set MISP_BASEURL accordingly
if [ true ] ; then
MISP_BASEURL = 'https://misp.local'
# Webserver configuration
FQDN = 'misp.local'
else
MISP_BASEURL = '""'
# Webserver configuration
FQDN = 'localhost'
fi
MISP_LIVE = '1'
CAKE = " $PATH_TO_MISP /app/Console/cake "
# Database configuration
DBHOST = 'localhost'
DBNAME = 'misp'
DBUSER_ADMIN = 'root'
DBPASSWORD_ADMIN = " $( openssl rand -hex 32) "
DBUSER_MISP = 'misp'
DBPASSWORD_MISP = " $( openssl rand -hex 32) "
# OpenSSL configuration
OPENSSL_CN = $FQDN
OPENSSL_C = 'LU'
OPENSSL_ST = 'State'
OPENSSL_L = 'Location'
OPENSSL_O = 'Organization'
OPENSSL_OU = 'Organizational Unit'
OPENSSL_EMAILADDRESS = " info@ $FQDN "
# GPG configuration
GPG_REAL_NAME = 'Autogenerated Key'
GPG_COMMENT = 'WARNING: MISP AutoGenerated Key consider this Key VOID!'
GPG_EMAIL_ADDRESS = 'admin@admin.test'
GPG_KEY_LENGTH = '2048'
GPG_PASSPHRASE = 'Password1234'
# php.ini configuration
upload_max_filesize = 50M
post_max_size = 50M
max_execution_time = 300
memory_limit = 512M
# apt config
export DEBIAN_FRONTEND = noninteractive
# sudo config to run $LUSER commands
SUDO_USER = " sudo -u ${ MISP_USER } "
SUDO_WWW = "sudo -u www-data"
echo " Admin ( ${ DBUSER_ADMIN } ) DB Password: ${ DBPASSWORD_ADMIN } "
echo " User ( ${ DBUSER_MISP } ) DB Password: ${ DBPASSWORD_MISP } "
}
# Leave empty for NO debug messages.
DEBUG =
# Function Section
## Usage of this script
usage ( ) {
echo "Please specify what type of MISP if you want to install."
space
echo " ${ 0 } -c | Install ONLY MISP Core " # core
echo " -V | Core + Viper" # viper
echo " -M | Core + MISP modules" # modules
echo " -D | Core + MISP dashboard" # dashboard
echo " -m | Core + Mail 2 MISP" # mail2
echo " -A | Install all of the above" # all
space
echo " -C | Only do pre-install checks and exit" # pre
space
echo " Options can be combined: ${ 0 } -V -D # Will install Core+Viper+Dashboard "
space
}
checkOpt ( ) {
# checkOpt feature
containsElement $1 " ${ options [@] } "
}
setOpt ( ) {
options = ( )
for o in $@ ; do
option = $(
case " $o " in
( "-c" ) echo "core" ; ;
( "-V" ) echo "viper" ; ;
( "-M" ) echo "modules" ; ;
( "-D" ) echo "dashboard" ; ;
( "-m" ) echo "mail2" ; ;
( "-A" ) echo "all" ; ;
( "-C" ) echo "pre" ; ;
#(*) echo "$o is not a valid argument" ;;
esac )
options += ( $option )
done
}
# Extract debian flavour
checkFlavour ( ) {
if [ ! -f $( which lsb_release) ] ; then
sudo apt install lsb-release -y
fi
FLAVOUR = $( lsb_release -s -i | tr [ A-Z] [ a-z] )
}
# Dynamic horizontal spacer
space ( ) {
# Check terminal width
num = ` tput cols`
for i in ` seq 1 $num ` ; do
echo -n "-"
done
echo ""
}
# Simple debug function with message
debug ( ) {
echo $1
if [ ! -z $DEBUG ] ; then
echo "Debug Mode, press enter to continue..."
read
fi
}
# Check if element is contained in array
containsElement ( ) {
local e match = " $1 "
shift
for e; do [ [ " $e " = = " $match " ] ] && return 0; done
return 1
}
# Check locale
checkLocale ( ) {
if [ ! -f /etc/default/locale ] ; then
sudo apt install locales -y
sudo locale-gen en_US.UTF-8
sudo update-locale LC_ALL = en_US.UTF-8 LANG = en_US.UTF-8
fi
}
# Simple function to check command exit code
checkFail ( ) {
if [ [ $2 -ne 0 ] ] ; then
echo " iAmError: $1 "
echo " The last command exited with error code: $2 "
exit $2
fi
}
# Check if misp user is present and if run as root
checkID ( ) {
if [ [ $EUID = = 0 ] ] ; then
echo "This script cannot be run as a root"
exit 1
elif [ [ $( id $MISP_USER >/dev/null; echo $? ) -ne 0 ] ] ; then
echo " There is NO user called ' $MISP_USER ' create a user ' $MISP_USER ' or continue as $USER ? (y/n) "
read ANSWER
ANSWER = $( echo $ANSWER | tr [ A-Z] [ a-z] )
if [ [ $ANSWER = = "y" ] ] ; then
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
echo $MISP_USER :$MISP_PASSWORD | sudo chpasswd
echo " User $MISP_USER added, password is: $MISP_PASSWORD "
elif [ [ $ANSWER = = "n" ] ] ; then
echo " Using $USER as install user, hope that is what you want. "
MISP_USER = $USER
else
echo "yes or no was asked, try again."
exit 1
fi
else
echo " User ${ MISP_USER } exists, skipping creation "
fi
}
# check is /usr/local/src is RW by misp user
checkUsrLocalSrc ( ) {
if [ [ -e /usr/local/src ] ] ; then
if [ [ -w /usr/local/src ] ] ; then
echo " Good, /usr/local/src exists and is writeable as $MISP_USER "
else
echo -n " /usr/local/src need to be writeable by $MISP_USER , permission to fix? (y/n) "
read ANSWER
ANSWER = $( echo $ANSWER | tr [ A-Z] [ a-z] )
if [ " $ANSWER " = = "y" ] ; then
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
fi
fi
else
echo "/usr/local/src does not exist, creating."
mkdir /usr/local/src
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
fi
}
# Because Kali is l33t we make sure we run as root
kaliOnRootR0ckz ( ) {
if [ [ $EUID -ne 0 ] ] ; then
echo "This script must be run as root"
exit 1
elif [ [ $( id $MISP_USER >/dev/null; echo $? ) -ne 0 ] ] ; then
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
echo $MISP_USER :$MISP_PASSWORD | chpasswd
else
# TODO: Make sure we consider this further down the road
echo " User ${ MISP_USER } exists, skipping creation "
fi
}
# Test and install software RNG
installRNG ( ) {
modprobe tpm-rng 2> /dev/null
if [ " $? " -eq "0" ] ; then
echo tpm-rng >> /etc/modules
fi
apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
service rng-tools start
if [ " $? " -eq "1" ] ; then
apt purge -qy rng-tools
apt install -qy haveged
/etc/init.d/haveged start
fi
}
# Install Php 7.3 deps
installDepsPhp73 ( ) {
PHP_ETC_BASE = /etc/php/7.3
PHP_INI = ${ PHP_ETC_BASE } /apache2/php.ini
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-pear \
php-redis php-gnupg
}
# Install Php 7.2 deps
installDepsPhp72 ( ) {
PHP_ETC_BASE = /etc/php/7.2
PHP_INI = ${ PHP_ETC_BASE } /apache2/php.ini
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
php-dev \
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
php-redis php-gnupg
}
# Installing core dependencies
installDeps ( ) {
apt update
apt install -qy etckeeper
# Skip dist-upgrade for now, pulls in 500+ updated packages
#sudo apt -y dist-upgrade
gitMail = $( git config --global --get user.email ; echo $? )
if [ " $? " -eq "1" ] ; then
git config --global user.email "root@kali.lan"
fi
gitUser = $( git config --global --get user.name ; echo $? )
if [ " $? " -eq "1" ] ; then
git config --global user.name "Root User"
fi
apt install -qy postfix
apt install -qy \
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
mariadb-client \
mariadb-server \
apache2 apache2-doc apache2-utils \
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
installRNG
}
# On Kali, the redis start-up script is broken. This tries to fix it.
fixRedis ( ) {
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
mv /etc/init.d/redis-server /etc/init.d/redis-server_` date +%Y%m%d`
echo ' #! /bin/sh
### BEGIN INIT INFO
# Provides: redis-server
# Required-Start: $syslog
# Required-Stop: $syslog
# Should-Start: $local_fs
# Should-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: redis-server - Persistent key-value db
# Description: redis-server - Persistent key-value db
### END INIT INFO
PATH = /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON = /usr/bin/redis-server
DAEMON_ARGS = /etc/redis/redis.conf
NAME = redis-server
DESC = redis-server
PIDFILE = /var/run/redis.pid
test -x $DAEMON || exit 0
test -x $DAEMONBOOTSTRAP || exit 0
set -e
case " $1 " in
start)
echo -n " Starting $DESC : "
touch $PIDFILE
chown redis:redis $PIDFILE
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
then
echo " $NAME . "
else
echo "failed"
fi
; ;
stop)
echo -n " Stopping $DESC : "
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
then
echo " $NAME . "
else
echo "failed"
fi
rm -f $PIDFILE
; ;
restart| force-reload)
${ 0 } stop
${ 0 } start
; ;
*)
echo " Usage: /etc/init.d/ $NAME {start|stop|restart|force-reload} " >& 2
exit 1
; ;
esac
exit 0' | tee /etc/init.d/redis-server
chmod 755 /etc/init.d/redis-server
/etc/init.d/redis-server start
}
# generate MISP apache conf
genApacheConf ( ) {
echo " <VirtualHost _default_:80>
ServerAdmin admin@localhost.lu
ServerName misp.local
Redirect permanent / https://misp.local
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin@localhost.lu
ServerName misp.local
DocumentRoot $PATH_TO_MISP /app/webroot
<Directory $PATH_TO_MISP /app/webroot>
Options -Indexes
AllowOverride all
Require all granted
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
}
# Add git pull update mechanism to rc.local - TODO: Make this better
gitPullAllRCLOCAL ( ) {
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
sed -i -e '$i \done\n' /etc/rc.local
}
# Composer on php 7.2 does not need any special treatment the provided phar works well
composer72 ( ) {
cd $PATH_TO_MISP /app
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
$SUDO_WWW php composer.phar config vendor-dir Vendor
$SUDO_WWW php composer.phar install
}
# Composer on php 7.3 needs a recent version of composer.phar
composer73 ( ) {
cd $PATH_TO_MISP /app
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
# Update composer.phar
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
# Current Sum for: v1.8.3
SHA384_SUM = '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
sudo -H -u www-data php -r " if (hash_file('SHA384', 'composer-setup.php') === ' $SHA384_SUM ') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL; "
checkFail "composer.phar checksum failed, please investigate manually. " $?
sudo -H -u www-data php composer-setup.php
sudo -H -u www-data php -r "unlink('composer-setup.php');"
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
$SUDO_WWW php composer.phar config vendor-dir Vendor
$SUDO_WWW php composer.phar install
}
# Enable various core services
enableServices ( ) {
update-rc.d mysql enable
update-rc.d apache2 enable
update-rc.d redis-server enable
}
# Generate rc.local
genRCLOCAL ( ) {
if [ ! -e /etc/rc.local ] ; then
echo '#!/bin/sh -e' | tee -a /etc/rc.local
echo 'exit 0' | tee -a /etc/rc.local
chmod u+x /etc/rc.local
fi
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
}
# Main function to fix permissions to something sane
permissions ( ) {
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP /app/tmp
chmod -R g+ws $PATH_TO_MISP /app/files
chmod -R g+ws $PATH_TO_MISP /app/files/scripts/tmp
}
# Final function to let the user know what happened
theEnd ( ) {
space
echo " Admin (root) DB Password: $DBPASSWORD_ADMIN " > /home/${ MISP_USER } /mysql.txt
echo " User (misp) DB Password: $DBPASSWORD_MISP " >> /home/${ MISP_USER } /mysql.txt
echo " Authkey: $AUTH_KEY " > /home/${ MISP_USER } /MISP-authkey.txt
clear
space
echo "MISP Installed, access here: https://misp.local"
echo "User: admin@admin.test"
echo "Password: admin"
echo "MISP Dashboard, access here: http://misp.local:8001"
space
echo "The following files were created and need either protection or removal (shred on the CLI)"
echo " /home/ ${ MISP_USER } /mysql.txt "
echo " /home/ ${ MISP_USER } /MISP-authkey.txt "
cat /home/${ MISP_USER } /mysql.txt
cat /home/${ MISP_USER } /MISP-authkey.txt
space
echo "The LOCAL system credentials:"
echo " User: ${ MISP_USER } "
echo " Password: ${ MISP_PASSWORD } "
space
echo "viper-web installed, access here: http://misp.local:8888"
echo "viper-cli configured with your MISP Site Admin Auth Key"
echo "User: admin"
echo "Password: Password1234"
space
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
space
echo "sudo postconf -e 'relayhost = example.com'"
echo "sudo postfix reload"
space
echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
su - ${ MISP_USER }
}
# check if sudo is installed
checkSudoKeeper ( ) {
if [ -ne $( which sudo) ] ; then
su -c "apt install -y etckeeper"
su -c "apt install -y sudo"
# TODO: Fix this, user misp might not exist
su -c "adduser misp sudo"
else
sudo apt install etckeeper -y
fi
}
# Core cake commands
coreCAKE ( ) {
sudo -H -u www-data -E $CAKE userInit -q
$SUDO_WWW $CAKE Baseurl $MISP_BASEURL
# Setup some more MISP default via cake CLI
# Tune global time outs
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
# Change base url, either with this CLI command or in the UI
sudo -H -u www-data $CAKE Baseurl $MISP_BASEURL
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# Enable GnuPG
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.email" " $GPG_EMAIL_ADDRESS "
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.homedir" " $PATH_TO_MISP /.gnupg "
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.password" " $GPG_PASSPHRASE "
# Enable Enrichment set better timeouts
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
# Enable Import modules set better timout
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_port" 6666
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
# Enable Export modules set better timout
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_port" 6666
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
# Enable installer org and tune some configurables
sudo -H -u www-data $CAKE Admin setSetting "MISP.host_org_id" 1
sudo -H -u www-data $CAKE Admin setSetting "MISP.email" "info@admin.test"
sudo -H -u www-data $CAKE Admin setSetting "MISP.disable_emailing" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.contact" "info@admin.test"
sudo -H -u www-data $CAKE Admin setSetting "MISP.disablerestalert" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
# Provisional Cortex tunes
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
# Various plugin sightings settings
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_policy" 0
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_range" 365
# Plugin CustomAuth tuneable
sudo -H -u www-data $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
# RPZ Plugin settings
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
# Force defaults to make MISP Server Settings less RED
sudo -H -u www-data $CAKE Admin setSetting "MISP.language" "eng"
sudo -H -u www-data $CAKE Admin setSetting "MISP.proposals_block_attributes" false
# Redis block
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_port" 6379
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_database" 13
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_password" ""
# Force defaults to make MISP Server Settings less YELLOW
sudo -H -u www-data $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
sudo -H -u www-data $CAKE Admin setSetting "MISP.extended_alert_subject" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_threat_level" 4
sudo -H -u www-data $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
sudo -H -u www-data $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_client_ip" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_auth" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
sudo -H -u www-data $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
# TODO: Make sure $FLAVOUR is correct
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_bottom" " Welcome to MISP on $FLAVOUR , change this message in MISP Settings "
# Force defaults to make MISP Server Settings less GREEN
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_length" 12
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
# Tune global time outs
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
# Set MISP Live
sudo -H -u www-data $CAKE Live $MISP_LIVE
}
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
updateGOWNT ( ) {
AUTH_KEY = $( mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# Update the galaxies…
# TODO: Fix updateGalaxies
##sudo -H -u www-data $CAKE Admin updateGalaxies
curl --header " Authorization: $AUTH_KEY " --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
# Updating the taxonomies…
sudo -H -u www-data $CAKE Admin updateTaxonomies
# Updating the warning lists…
# TODO: Fix updateWarningLists
##sudo -H -u www-data $CAKE Admin updateWarningLists
curl --header " Authorization: $AUTH_KEY " --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
# Updating the notice lists…
## sudo -H -u www-data $CAKE Admin updateNoticeLists
curl --header " Authorization: $AUTH_KEY " --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
# Updating the object templates…
##sudo -H -u www-data $CAKE Admin updateObjectTemplates
curl --header " Authorization: $AUTH_KEY " --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
}
# Generate GnuPG key
setupGnuPG ( ) {
if [ -ne $PATH_TO_MISP /.gnupg ] ; then
# The email address should match the one set in the config.php
# set in the configuration menu in the administration menu configuration file
echo " %echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done " > /tmp/gen-key-script
$SUDO_WWW gpg --homedir $PATH_TO_MISP /.gnupg --batch --gen-key /tmp/gen-key-script
# Export the public key to the webroot
$SUDO_WWW sh -c " gpg --homedir $PATH_TO_MISP /.gnupg --export --armor $GPG_EMAIL_ADDRESS " | $SUDO_WWW tee $PATH_TO_MISP /app/webroot/gpg.asc
fi
}
# Main MISP Modules install function
mispmodules ( ) {
sudo sed -i -e '$i \sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
$SUDO_WWW bash $PATH_TO_MISP /app/Console/worker/start.sh
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# some misp-modules dependencies
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
# pip install
sudo -H -u www-data ${ PATH_TO_MISP } /venv/bin/pip install -I -r REQUIREMENTS
sudo -H -u www-data ${ PATH_TO_MISP } /venv/bin/pip install -I .
sudo apt install ruby-pygments.rb -y
sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
sudo -H -u www-data ${ PATH_TO_MISP } /venv/bin/pip install maec lief python-magic wand yara pathlib
sudo -H -u www-data ${ PATH_TO_MISP } /venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
$SUDO_WWW ${ PATH_TO_MISP } /venv/bin/misp-modules -l 127.0.0.1 -s &
# Cake commands for enabling basic misp-modules
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
}
# Main MISP Dashboard install function
mispDashboard ( ) {
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
sudo apt install libapache2-mod-wsgi-py3 -y
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
sudo apt install libapache2-mod-wsgi-py3 -y
echo " <VirtualHost *:8001>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot /var/www/misp-dashboard
WSGIDaemonProcess misp-dashboard \
user = misp group = misp \
python-home= /var/www/misp-dashboard/DASHENV \
processes = 1 \
threads = 15 \
maximum-requests= 5000 \
listen-backlog= 100 \
queue-timeout= 45 \
socket-timeout= 60 \
connect-timeout= 15 \
request-timeout= 60 \
inactivity-timeout= 0 \
deadlock-timeout= 60 \
graceful-timeout= 15 \
eviction-timeout= 0 \
shutdown-timeout= 5 \
send-buffer-size= 0 \
receive-buffer-size= 0 \
header-buffer-size= 0 \
response-buffer-size= 0 \
server-metrics= Off
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
<Directory /var/www/misp-dashboard>
WSGIProcessGroup misp-dashboard
WSGIApplicationGroup %{ GLOBAL}
Require all granted
</Directory>
LogLevel info
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
ServerSignature Off
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
sudo a2ensite misp-dashboard
sudo systemctl reload apache2
# Add misp-dashboard to rc.local to start on boot.
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
}
dashboardCAKE ( ) {
# Enable ZeroMQ for misp-dashboard
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
}
# Main mail2misp install function
mail2misp ( ) {
cd /usr/local/src/
sudo apt-get install cmake -y
git clone https://github.com/MISP/mail_to_misp.git
git clone git://github.com/stricaud/faup.git faup
sudo chown -R ${ MISP_USER } :${ MISP_USER } faup mail_to_misp
cd faup
# TODO Check permissions
##$SUDO mkdir -p build
mkdir -p build
cd build
cmake .. && make
##$SUDO cmake .. && $SUDO make
sudo make install
sudo ldconfig
cd ../../mail_to_misp
virtualenv -p python3.6 venv
./venv/bin/pip install -r requirements.txt
cp mail_to_misp_config.py-example mail_to_misp_config.py
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
sed -i " s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ ' ${ AUTH_KEY } '/g " /usr/local/src/mail_to_misp/mail_to_misp_config.py
}
# Main Viper install function
viper ( ) {
cd /usr/local/src/
debug "Installing Viper dependencies"
sudo apt-get install \
libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \
python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y
debug "Cloning Viper"
git clone https://github.com/viper-framework/viper.git
chown -R $MISP_USER :$MISP_USER viper
cd viper
debug "virtualenv -p python3.6 venv"
debug "Submodule update"
# TODO: Check for current user install permissions
git submodule update --init --recursive
##$SUDO git submodule update --init --recursive
debug "Pip install deps"
./venv/bin/pip install SQLAlchemy PrettyTable python-magic
debug "pip install scrapy"
debug "./venv/bin/pip install scrapy"
debug "pip install reqs"
./venv/bin/pip install -r requirements.txt
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
debug "pip uninstall yara"
./venv/bin/pip uninstall yara -y
debug "Launching viper-cli"
# TODO: Perms
#$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
/usr/local/src/viper/viper-cli -h > /dev/null
debug "Launching viper-web"
# TODO: Perms
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
#$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' | sudo tee /etc/environment
echo ". /etc/environment" >> /home/${ MISP_USER } /.profile
debug "Setting misp_url/misp_key"
# TODO: Perms, MISP_USER_HOME
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${ MISP_USER } /.viper/viper.conf
sed -i " s/^misp_key\ =/misp_key\ =\ $AUTH_KEY /g " /home/${ MISP_USER } /.viper/viper.conf
# Reset admin password to: admin/Password1234
debug "Fixing admin.db with default password"
while [ " $( sqlite3 /home/${ MISP_USER } /.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="' ; echo $? ) " -ne "0" ] ; do
# FIXME This might lead to a race condition, the while loop is sub-par
chown $MISP_USER :$MISP_USER /home/${ MISP_USER } /.viper/admin.db
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
sleep 6
done
# Add viper-web to rc.local to be started on boot
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
}
# No functions scripts:
## apt-upgrade.sh ##
## postfix.sh ##
## interfaces.sh ##
### END AUTOMATED SECTION ###
2019-02-08 11:19:27 +01:00
# This function will generate the main installer.
# It is a helper function for the maintainers for the installer.
2019-02-08 10:23:43 +01:00
generateInstaller ( ) {
if [ ! -f $( which xsnippet) ] ; then
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
echo "git clone https://github.com/SteveClement/xsnippet.git"
exit 1
fi
mkdir installer ; cd installer
cp ../INSTALL.debian.tpl.sh .
2019-02-08 11:19:27 +01:00
# Pull code snippets out of Main Install Documents
2019-02-08 10:23:43 +01:00
for f in ` echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md` ; do
xsnippet . ../../docs/${ f }
done
2019-02-08 11:19:27 +01:00
# Pull out code snippets from generic Install Documents
2019-02-08 10:23:43 +01:00
for f in ` echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md` ; do
xsnippet . ../../docs/generic/${ f }
done
2019-02-08 11:19:27 +01:00
# TODO: Fix the below.
2019-02-08 10:23:43 +01:00
# $ for f in `echo ls [0-9]_*`; do
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh
# $ done
#
# Temporary copy/paste holder
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh
cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh
cd ..
rm -rf installer
echo "Generated INSTALL.debian.sh"
exit 0
}
# Simple debug function with message
debug ( ) {
echo $1
if [ ! -z $DEBUG ] ; then
echo "Debug Mode, press enter to continue..."
read
fi
}
installMISPcore ( ) {
space
echo "Proceeding with the installation of MISP core"
space
}
# Main Kalin Install function
installMISPonKali ( ) {
# Set custom Kali only variables
space
debug "Disabling sleep etc…"
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 2> /dev/null
xset s 0 0 2> /dev/null
xset dpms 0 0 2> /dev/null
xset s off 2> /dev/null
debug "Installing dependencies"
apt update
installDepsPhp73
installDeps
debug "Enabling redis and gnupg modules"
phpenmod -v 7.3 redis
phpenmod -v 7.3 gnupg
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
a2dismod status
a2dismod php7.2
a2enmod ssl rewrite headers php7.3
a2dissite 000-default
a2ensite default-ssl
debug "Restarting mysql.service"
systemctl restart mysql.service
debug "Fixing redis rc script on Kali"
fixRedis
debug "git clone, submodule update everything"
mkdir $PATH_TO_MISP
chown www-data:www-data $PATH_TO_MISP
cd $PATH_TO_MISP
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
$SUDO_WWW git config core.filemode false
cd $PATH_TO_MISP
$SUDO_WWW git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
cd $PATH_TO_MISP /app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
mkdir /var/www/.cache/
MISP_USER_HOME = $( sudo -Hiu misp env | grep HOME | cut -f 2 -d= )
mkdir $MISP_USER_HOME /.cache
chown $MISP_USER :$MISP_USER ~$MISP_USER_HOME /.cache
chown www-data:www-data /var/www/.cache
debug "Installing python-cybox"
cd $PATH_TO_MISP /app/files/scripts/python-cybox
pip3 install .
debug "Installing python-stix"
cd $PATH_TO_MISP /app/files/scripts/python-stix
pip3 install .
# install STIX2.0 library to support STIX 2.0 export:
debug "Installing cti-python-stix2"
cd ${ PATH_TO_MISP } /cti-python-stix2
pip3 install -I .
debug "Installing mixbox"
cd $PATH_TO_MISP /app/files/scripts/mixbox
pip3 install .
# install PyMISP
debug "Installing PyMISP"
cd $PATH_TO_MISP /PyMISP
pip3 install .
# Install Crypt_GPG and Console_CommandLine
debug "Installing pear Console_CommandLine"
pear install ${ PATH_TO_MISP } /INSTALL/dependencies/Console_CommandLine/package.xml
debug "Installing pear Crypt_GPG"
pear install ${ PATH_TO_MISP } /INSTALL/dependencies/Crypt_GPG/package.xml
debug "Installing composer with php 7.3 updates"
composer73
$SUDO_WWW cp -fa $PATH_TO_MISP /INSTALL/setup/config.php $PATH_TO_MISP /app/Plugin/CakeResque/Config/config.php
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP /app/tmp
chmod -R g+ws $PATH_TO_MISP /app/files
chmod -R g+ws $PATH_TO_MISP /app/files/scripts/tmp
debug "Setting up database"
if [ ! -e /var/lib/mysql/misp/users.ibd ] ; then
echo "
set timeout 10
spawn mysql_secure_installation
expect \" Enter current password for root ( enter for none) :\"
send -- \" \r \"
expect \" Set root password?\"
send -- \" y\r \"
expect \" New password:\"
send -- \" ${ DBPASSWORD_ADMIN } \r \"
expect \" Re-enter new password:\"
send -- \" ${ DBPASSWORD_ADMIN } \r \"
expect \" Remove anonymous users?\"
send -- \" y\r \"
expect \" Disallow root login remotely?\"
send -- \" y\r \"
expect \" Remove test database and access to it?\"
send -- \" y\r \"
expect \" Reload privilege tables now?\"
send -- \" y\r \"
expect eof" | expect -f -
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e " create database $DBNAME ; "
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e " grant usage on *.* to $DBNAME @localhost identified by ' $DBPASSWORD_MISP '; "
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e " grant all privileges on $DBNAME .* to ' $DBUSER_MISP '@'localhost'; "
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
enableServices
$SUDO_WWW cat $PATH_TO_MISP /INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
echo " <?php
class DATABASE_CONFIG {
public \$ default = array(
'datasource' = > 'Database/Mysql' ,
//'datasource' = > 'Database/Postgres' ,
'persistent' = > false,
'host' = > '$DBHOST' ,
'login' = > '$DBUSER_MISP' ,
'port' = > 3306, // MySQL & MariaDB
//'port' = > 5432, // PostgreSQL
'password' = > '$DBPASSWORD_MISP' ,
'database' = > '$DBNAME' ,
'prefix' = > '' ,
'encoding' = > 'utf8' ,
) ;
} " | $SUDO_WWW tee $PATH_TO_MISP /app/Config/database.php
else
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
echo "Skipping any creations…"
sleep 3
fi
debug "Generating Certificate"
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj " /C= ${ OPENSSL_C } /ST= ${ OPENSSL_ST } /L= ${ OPENSSL_L } /O= ${ OPENSSL_O } /OU= ${ OPENSSL_OU } /CN= ${ OPENSSL_CN } /emailAddress= ${ OPENSSL_EMAILADDRESS } " \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
debug "Generating Apache Conf"
genApacheConf
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
debug "Installing MISP dashboard"
mispDashboard
debug "Disabling site default-ssl, enabling misp-ssl"
a2dissite default-ssl
a2ensite misp-ssl
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sed -i " s/^\( $key \).*/\1 = $( eval echo \$ { $key } ) / " $PHP_INI
done
debug "Restarting Apache2"
systemctl restart apache2
debug "Setting up logrotate"
cp $PATH_TO_MISP /INSTALL/misp.logrotate /etc/logrotate.d/misp
chmod 0640 /etc/logrotate.d/misp
$SUDO_WWW cp -a $PATH_TO_MISP /app/Config/bootstrap.default.php $PATH_TO_MISP /app/Config/bootstrap.php
$SUDO_WWW cp -a $PATH_TO_MISP /app/Config/core.default.php $PATH_TO_MISP /app/Config/core.php
$SUDO_WWW cp -a $PATH_TO_MISP /app/Config/config.default.php $PATH_TO_MISP /app/Config/config.php
chown -R www-data:www-data $PATH_TO_MISP /app/Config
chmod -R 750 $PATH_TO_MISP /app/Config
debug "Setting up GnuPG"
setupGnuPG
chmod +x $PATH_TO_MISP /app/Console/worker/start.sh
debug "Running Core Cake commands"
coreCAKE
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
updateGOWNT
debug "Generating rc.local"
genRCLOCAL
gitPullAllRCLOCAL
debug "Installing misp-modules"
mispmodules
debug "Installing Viper"
viper
debug "Setting permissions"
permissions
debug "Running Then End!"
theEnd
}
debug "Checking if we are run as the installer template"
if [ [ $0 = = "./INSTALL.debian.tpl.sh" ] ] ; then
generateInstaller
fi
debug "Checking for parameters or Kali Install"
if [ [ $# -ne 1 && $0 != "/tmp/misp-kali.sh" ] ] ; then
usage
exit
else
debug "Setting install options with given parameters."
setOpt $@
checkOpt core && echo "core selected"
checkOpt viper && echo "viper selected"
checkOpt modules && echo "modules selected"
checkOpt dashboard && echo "dashboard selected"
checkOpt mail2 && echo "mail2 selected"
checkOpt all && echo "all selected"
checkOpt pre && echo "pre selected"
fi
debug "Checking flavour"
checkFlavour
debug "Setting MISP variables"
MISPvars
if [ " ${ FLAVOUR } " = = "ubuntu" ] ; then
RELEASE = $( lsb_release -s -r| tr [ A-Z] [ a-z] )
if [ " ${ RELEASE } " = = "18.04" ] ; then
echo "Install on Ubuntu 18.04 LTS fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ " ${ RELEASE } " = = "18.10" ] ; then
echo "Install on Ubuntu 18.10 not supported, bye."
exit 1
fi
if [ " ${ RELEASE } " = = "19.04" ] ; then
echo "Install on Ubuntu 19.04 not supported, bye"
exit 1
fi
if [ " ${ RELEASE } " = = "19.10" ] ; then
echo "Install on Ubuntu 19.10 not supported, bye"
exit 1
fi
echo "Installation done!"
exit 0
fi
if [ " ${ FLAVOUR } " = = "debian" ] ; then
CODE = $( lsb_release -s -c| tr [ A-Z] [ a-z] )
if [ " ${ CODE } " = = "buster" ] ; then
echo "Install on Debian testing fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ " ${ CODE } " = = "sid" ] ; then
echo "Install on Debian unstable not fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ " ${ CODE } " = = "stretch" ] ; then
echo "Install on Debian stable fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
echo "Installation done!"
exit 0
fi
if [ " ${ FLAVOUR } " = = "tsurugi" ] ; then
CODE = $( lsb_release -s -c| tr [ A-Z] [ a-z] )
if [ " ${ CODE } " = = "bamboo" ] ; then
echo "Install on Tsurugi Lab semi-supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ " ${ CODE } " = = "soy sauce" ] ; then
echo "Install on Tsurugi Acquire semi-supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
echo "Installation done!"
exit 0
fi
if [ " ${ FLAVOUR } " = = "kali" ] ; then
kaliOnRootR0ckz
installMISPonKali
echo "Installation done!"
exit 0
fi