MISP/app/README.txt

                                                                     

TODOs
-----

Auth
- Prevent bruteforce auth attempts

implement auditing/logging system
- add / edit events and signatures
- failed / success logins (with source IP, headers,...)

Security
- force cookie reset after login


INSTALLATION INSTRUCTIONS
-------------------------
Download CyDefSIG using git in the /var/www/ directory. 

cd /var/www/
git clone git@code.lab.modiss.be:cydefsig.git

Download and extract CakePHP 2.x to the web root directory:

cd /tmp/
wget https://nodeload.github.com/cakephp/cakephp/tarball/2.1
tar zxvf cakephp-cakephp-<version>.tar.gz
cd cakephp-cakephp-*

Now remove the app directory and move everything from CakePHP to var/www

rm -Rf app .gitignore 
mv * /var/www/cydefsig/
mv .??* /var/www/cydefsig/

Check if the permissions are set correctly using the following commands as root:

chown -R <user>:www-data /var/www/cydefsig
chmod -R 750 /var/www/cydefsig
chmod -R g+s /var/www/cydefsig
cd /var/www/cydefsig/app/
chmod -R g+w tmp

Import the empty MySQL database in /var/www/cydefsig/app/MYSQL.txt using phpmyadmin or mysql>.

Now configure your apache server with the DocumentRoot /var/www/cydefsig/app/webroot/

Configure the fields in the files:
database.php : login, port, password, database
bootstrap.php: CyDefSIG.*, GnuPG.*
core.php : debug, 

Generate a GPG encryption key.
-

Now log in using the webinterface:
The default user/pass = admin@admin.test/admin 

Don't forget to change the email, password and authentication key after installation.


Recommended patches
-------------------
By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required. 2012-03-15 15:06:45 +01:00
initial import 2011-11-26 10:45:31 +01:00			`TODOs`
			`-----`

minor fixes in git repo 2011-12-11 16:59:35 +01:00			`Auth`
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required. 2012-03-15 15:06:45 +01:00			`- Prevent bruteforce auth attempts`
minor fixes in git repo 2011-12-11 16:59:35 +01:00
initial import 2011-11-26 10:45:31 +01:00			`implement auditing/logging system`
			`- add / edit events and signatures`
			`- failed / success logins (with source IP, headers,...)`

minor fixes in git repo 2011-12-11 16:59:35 +01:00			`Security`
			`- force cookie reset after login`
initial import 2011-11-26 10:45:31 +01:00

			`INSTALLATION INSTRUCTIONS`
			`-------------------------`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00			`Download CyDefSIG using git in the /var/www/ directory.`

			`cd /var/www/`
			`git clone git@code.lab.modiss.be:cydefsig.git`

Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required. 2012-03-15 15:06:45 +01:00			`Download and extract CakePHP 2.x to the web root directory:`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00
			`cd /tmp/`
Migration to CakePHP 2.1. Most of the functionality migrated, Q&A review required. 2012-03-15 15:06:45 +01:00			`wget https://nodeload.github.com/cakephp/cakephp/tarball/2.1`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00			`tar zxvf cakephp-cakephp-<version>.tar.gz`
			`cd cakephp-cakephp-*`

			`Now remove the app directory and move everything from CakePHP to var/www`

Fix admin routing 2012-03-27 09:31:41 +02:00			`rm -Rf app .gitignore`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00			`mv * /var/www/cydefsig/`
			`mv .??* /var/www/cydefsig/`
minor fixes in git repo 2011-12-11 16:59:35 +01:00
Database structure and rough license 2012-01-18 15:30:36 +01:00			`Check if the permissions are set correctly using the following commands as root:`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00
			`chown -R <user>:www-data /var/www/cydefsig`
			`chmod -R 750 /var/www/cydefsig`
			`chmod -R g+s /var/www/cydefsig`
			`cd /var/www/cydefsig/app/`
initial import 2011-11-26 10:45:31 +01:00			`chmod -R g+w tmp`

updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00			`Import the empty MySQL database in /var/www/cydefsig/app/MYSQL.txt using phpmyadmin or mysql>.`

			`Now configure your apache server with the DocumentRoot /var/www/cydefsig/app/webroot/`

Fix admin routing 2012-03-27 09:31:41 +02:00			`Configure the fields in the files:`
			`database.php : login, port, password, database`
			`bootstrap.php: CyDefSIG., GnuPG.`
			`core.php : debug,`

			`Generate a GPG encryption key.`
			`-`

			`Now log in using the webinterface:`
updated DB structure and content 2012-03-15 15:10:24 +01:00			`The default user/pass = admin@admin.test/admin`
Fix admin routing 2012-03-27 09:31:41 +02:00
Database structure and rough license 2012-01-18 15:30:36 +01:00			`Don't forget to change the email, password and authentication key after installation.`
minor fixes in git repo 2011-12-11 16:59:35 +01:00
Fix admin routing 2012-03-27 09:31:41 +02:00

minor fixes in git repo 2011-12-11 16:59:35 +01:00			`Recommended patches`
			`-------------------`
updated README based on feedback from Jeroen Vanderauwera and some corrections 2012-03-06 10:21:46 +01:00			`By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.`