mirror of https://github.com/MISP/MISP
Merge branch '2.4' into add-email-field-option-for-kerberos-authentication
commit
0328b1b04a
111
.gitchangelog.rc
111
.gitchangelog.rc
|
@ -1,3 +1,4 @@
|
|||
# -*- coding: utf-8; mode: python -*-
|
||||
##
|
||||
## Format
|
||||
##
|
||||
|
@ -13,7 +14,7 @@
|
|||
## 'fix' is for bug fixes
|
||||
## 'new' is for new features, big improvement
|
||||
##
|
||||
## AUDIENCE is optional and one of 'dev', 'usr', 'pkg', 'test', 'doc'
|
||||
## AUDIENCE is optional and one of 'dev', 'usr', 'pkg', 'test', 'doc'|'docs'
|
||||
##
|
||||
## Is WHO is concerned by the change.
|
||||
##
|
||||
|
@ -74,15 +75,20 @@ ignore_regexps = [
|
|||
## titles are the label, and a commit is classified under this section if any
|
||||
## of the regexps associated is matching.
|
||||
##
|
||||
## Please note that ``section_regexps`` will only classify commits and won't
|
||||
## make any changes to the contents. So you'll probably want to go check
|
||||
## ``subject_process`` (or ``body_process``) to do some changes to the subject,
|
||||
## whenever you are tweaking this variable.
|
||||
##
|
||||
section_regexps = [
|
||||
('New', [
|
||||
r'^[nN]ew\s*:\s*((dev|use?r|pkg|test|doc)\s*:\s*)?([^\n]*)$',
|
||||
r'^[nN]ew\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
|
||||
]),
|
||||
('Changes', [
|
||||
r'^[cC]hg\s*:\s*((dev|use?r|pkg|test|doc)\s*:\s*)?([^\n]*)$',
|
||||
r'^[cC]hg\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
|
||||
]),
|
||||
('Fix', [
|
||||
r'^[fF]ix\s*:\s*((dev|use?r|pkg|test|doc)\s*:\s*)?([^\n]*)$',
|
||||
r'^[fF]ix\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$',
|
||||
]),
|
||||
|
||||
('Other', None ## Match all lines
|
||||
|
@ -118,6 +124,9 @@ section_regexps = [
|
|||
##
|
||||
## - strip: remove any spaces before or after the content of the string
|
||||
##
|
||||
## - SetIfEmpty(msg="No commit message."): will set the text to
|
||||
## whatever given ``msg`` if the current text is empty.
|
||||
##
|
||||
## Additionally, you can `pipe` the provided filters, for instance:
|
||||
#body_process = Wrap(regexp=r'\n(?=\w+\s*:)') | Indent(chars=" ")
|
||||
#body_process = Wrap(regexp=r'\n(?=\w+\s*:)')
|
||||
|
@ -132,8 +141,8 @@ body_process = ReSub(r'((^|\n)[A-Z]\w+(-\w+)*: .*(\n\s+.*)*)+$', r'') | strip
|
|||
##
|
||||
## Available constructs are those listed in ``body_process`` doc.
|
||||
subject_process = (strip |
|
||||
ReSub(r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*((dev|use?r|pkg|test|doc)\s*:\s*)?([^\n@]*)(@[a-z]+\s+)*$', r'\4') |
|
||||
ucfirst | final_dot)
|
||||
ReSub(r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n@]*)(@[a-z]+\s+)*$', r'\4') |
|
||||
SetIfEmpty("No commit message.") | ucfirst | final_dot)
|
||||
|
||||
|
||||
## ``tag_filter_regexp`` is a regexp
|
||||
|
@ -143,7 +152,8 @@ subject_process = (strip |
|
|||
tag_filter_regexp = r'^v[0-9]+\.[0-9]+\.[0-9]+$'
|
||||
|
||||
|
||||
## ``unreleased_version_label`` is a string
|
||||
|
||||
## ``unreleased_version_label`` is a string or a callable that outputs a string
|
||||
##
|
||||
## This label will be used as the changelog Title of the last set of changes
|
||||
## between last valid tag and HEAD if any.
|
||||
|
@ -190,3 +200,90 @@ output_engine = rest_py
|
|||
## The default is to include them.
|
||||
include_merge = True
|
||||
|
||||
|
||||
## ``log_encoding`` is a string identifier
|
||||
##
|
||||
## This option tells gitchangelog what encoding is outputed by ``git log``.
|
||||
## The default is to be clever about it: it checks ``git config`` for
|
||||
## ``i18n.logOutputEncoding``, and if not found will default to git's own
|
||||
## default: ``utf-8``.
|
||||
#log_encoding = 'utf-8'
|
||||
|
||||
|
||||
## ``publish`` is a callable
|
||||
##
|
||||
## Sets what ``gitchangelog`` should do with the output generated by
|
||||
## the output engine. ``publish`` is a callable taking one argument
|
||||
## that is an interator on lines from the output engine.
|
||||
##
|
||||
## Some helper callable are provided:
|
||||
##
|
||||
## Available choices are:
|
||||
##
|
||||
## - stdout
|
||||
##
|
||||
## Outputs directly to standard output
|
||||
## (This is the default)
|
||||
##
|
||||
## - FileInsertAtFirstRegexMatch(file, pattern, idx=lamda m: m.start())
|
||||
##
|
||||
## Creates a callable that will parse given file for the given
|
||||
## regex pattern and will insert the output in the file.
|
||||
## ``idx`` is a callable that receive the matching object and
|
||||
## must return a integer index point where to insert the
|
||||
## the output in the file. Default is to return the position of
|
||||
## the start of the matched string.
|
||||
##
|
||||
## - FileRegexSubst(file, pattern, replace, flags)
|
||||
##
|
||||
## Apply a replace inplace in the given file. Your regex pattern must
|
||||
## take care of everything and might be more complex. Check the README
|
||||
## for a complete copy-pastable example.
|
||||
##
|
||||
# publish = FileInsertIntoFirstRegexMatch(
|
||||
# "CHANGELOG.rst",
|
||||
# r'/(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/',
|
||||
# idx=lambda m: m.start(1)
|
||||
# )
|
||||
#publish = stdout
|
||||
|
||||
|
||||
## ``revs`` is a list of callable or a list of string
|
||||
##
|
||||
## callable will be called to resolve as strings and allow dynamical
|
||||
## computation of these. The result will be used as revisions for
|
||||
## gitchangelog (as if directly stated on the command line). This allows
|
||||
## to filter exaclty which commits will be read by gitchangelog.
|
||||
##
|
||||
## To get a full documentation on the format of these strings, please
|
||||
## refer to the ``git rev-list`` arguments. There are many examples.
|
||||
##
|
||||
## Using callables is especially useful, for instance, if you
|
||||
## are using gitchangelog to generate incrementally your changelog.
|
||||
##
|
||||
## Some helpers are provided, you can use them::
|
||||
##
|
||||
## - FileFirstRegexMatch(file, pattern): will return a callable that will
|
||||
## return the first string match for the given pattern in the given file.
|
||||
## If you use named sub-patterns in your regex pattern, it'll output only
|
||||
## the string matching the regex pattern named "rev".
|
||||
##
|
||||
## - Caret(rev): will return the rev prefixed by a "^", which is a
|
||||
## way to remove the given revision and all its ancestor.
|
||||
##
|
||||
## Please note that if you provide a rev-list on the command line, it'll
|
||||
## replace this value (which will then be ignored).
|
||||
##
|
||||
## If empty, then ``gitchangelog`` will act as it had to generate a full
|
||||
## changelog.
|
||||
##
|
||||
## The default is to use all commits to make the changelog.
|
||||
#revs = ["^1.0.3", ]
|
||||
#revs = [
|
||||
# Caret(
|
||||
# FileFirstRegexMatch(
|
||||
# "CHANGELOG.rst",
|
||||
# r"(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n")),
|
||||
# "HEAD"
|
||||
#]
|
||||
revs = []
|
||||
|
|
|
@ -1,3 +1,12 @@
|
|||
# Ignore tooling config files
|
||||
tools/misp-wipe/misp-wipe.conf
|
||||
tools/misp-backup/misp-backup.conf
|
||||
|
||||
# Ignore mkdocs site directory and mkdocs virtualenv
|
||||
site/
|
||||
tools/mkdocs
|
||||
|
||||
# Other
|
||||
/vendors
|
||||
/app/Vendor
|
||||
/app/vendor
|
||||
|
@ -44,6 +53,9 @@
|
|||
!/app/files/scripts/mispzmq/mispzmqtest.py
|
||||
/app/files/scripts/tmp/*
|
||||
!/app/files/scripts/tmp/empty
|
||||
/app/files/scripts/stix2/*
|
||||
!/app/files/scripts/stix2/misp2stix2*.py
|
||||
!/app/files/scripts/stix2/stix2misp*.py
|
||||
!/app/files/empty
|
||||
/app/files/terms/*
|
||||
!/app/files/terms/empty
|
||||
|
|
|
@ -29,7 +29,20 @@
|
|||
url = https://github.com/MISP/misp-vagrant.git
|
||||
[submodule "cti-python-stix2"]
|
||||
path = cti-python-stix2
|
||||
url = https://github.com/oasis-open/cti-python-stix2
|
||||
url = https://github.com/MISP/cti-python-stix2
|
||||
[submodule "app/files/noticelists"]
|
||||
path = app/files/noticelists
|
||||
url = https://github.com/MISP/misp-noticelist
|
||||
[submodule "Plugin/DebugKit"]
|
||||
path = Plugin/DebugKit
|
||||
url = https://github.com/cakephp/debug_kit.git
|
||||
branch = 2.2
|
||||
[submodule "INSTALL/Crypt_GPG"]
|
||||
path = INSTALL/dependencies/Crypt_GPG
|
||||
url = https://github.com/pear/Crypt_GPG
|
||||
[submodule "INSTALL/Console_CommandLine"]
|
||||
path = INSTALL/dependencies/Console_CommandLine
|
||||
url = https://github.com/pear/Console_CommandLine
|
||||
[submodule "INSTALL/dependencies/Net_GeoIP"]
|
||||
path = INSTALL/dependencies/Net_GeoIP
|
||||
url = https://github.com/pear/Net_GeoIP
|
||||
|
|
51
.travis.yml
51
.travis.yml
|
@ -1,47 +1,41 @@
|
|||
language: php
|
||||
|
||||
php:
|
||||
- 5.6
|
||||
- 7.0
|
||||
- 7.1
|
||||
- 7.2
|
||||
- 7.3
|
||||
- nightly
|
||||
|
||||
services:
|
||||
- redis
|
||||
|
||||
sudo: required
|
||||
dist: trusty
|
||||
dist: bionic
|
||||
group: edge
|
||||
|
||||
addons:
|
||||
mariadb:
|
||||
- '10.0'
|
||||
mariadb: '10.2'
|
||||
hosts:
|
||||
- misp.local
|
||||
- localhost
|
||||
apt:
|
||||
packages:
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- python3-nose
|
||||
- libxml2-dev
|
||||
- libzmq3-dev
|
||||
- zlib1g-dev
|
||||
- apache2
|
||||
- curl
|
||||
- php5-mysql
|
||||
- php5-dev
|
||||
- php5-cli
|
||||
- libapache2-mod-php5
|
||||
|
||||
|
||||
before_install:
|
||||
- git config --global user.name "TravisCI"
|
||||
- export PATH="$HOME/.local/bin:$PATH"
|
||||
|
||||
install:
|
||||
- sudo pip3 install --upgrade pip setuptools requests
|
||||
- pip3 install --user --upgrade -r requirements.txt
|
||||
- sudo add-apt-repository -y ppa:deadsnakes/ppa
|
||||
- sudo apt-get -y update
|
||||
- sudo apt-get -y install python3.6 python3-pip python3.6-dev python3-nose libxml2-dev libzmq3-dev zlib1g-dev apache2 curl php-mysql php-dev php-cli libapache2-mod-php libfuzzy-dev php-mbstring
|
||||
- sudo apt-get -y dist-upgrade
|
||||
- wget https://bootstrap.pypa.io/get-pip.py
|
||||
- sudo python3.6 get-pip.py
|
||||
- hash -r
|
||||
- sudo pip3.6 install --upgrade pip setuptools requests
|
||||
- hash -r
|
||||
- sudo pip3.6 install --upgrade -r requirements.txt
|
||||
- sudo pip3.6 install pipenv
|
||||
- phpenv rehash
|
||||
- pushd app
|
||||
- composer install
|
||||
|
@ -69,6 +63,7 @@ install:
|
|||
- mysql -u misp -pblah misp < INSTALL/MYSQL.sql
|
||||
# configure apache virtual hosts
|
||||
- sudo chmod -R 777 `pwd`/build
|
||||
- sudo mkdir -p /etc/apache2/sites-available
|
||||
- sudo cp -f build/travis-ci-apache /etc/apache2/sites-available/misp.local.conf
|
||||
- sudo sed -e "s?%TRAVIS_BUILD_DIR%?$(pwd)?g" --in-place /etc/apache2/sites-available/misp.local.conf
|
||||
- sudo a2dissite 000-default
|
||||
|
@ -94,6 +89,7 @@ install:
|
|||
# Get authkey
|
||||
- sudo usermod -a -G www-data $USER
|
||||
- sudo -E su $USER -c 'app/Console/cake userInit -q | sudo tee ./key.txt'
|
||||
- sudo app/Console/cake Live 1
|
||||
- sudo chmod 777 ./key.txt
|
||||
- sudo chmod -R 777 ./tests
|
||||
- sudo chown -R www-data:www-data `pwd`
|
||||
|
@ -116,13 +112,18 @@ script:
|
|||
- ./curl_tests.sh $AUTH
|
||||
- popd
|
||||
- pushd PyMISP
|
||||
- pip3 install --user .
|
||||
- nosetests --with-coverage --cover-package=pymisp tests/test_*.py
|
||||
- python3 tests/test.py
|
||||
- pipenv install -d
|
||||
- pushd tests
|
||||
- git clone https://github.com/viper-framework/viper-test-files.git
|
||||
- popd
|
||||
- pipenv run python tests/test.py
|
||||
- pipenv run python tests/test_mispevent.py
|
||||
- pipenv run python tests/test_offline.py
|
||||
- pipenv run python tests/testlive_comprehensive.py
|
||||
- popd
|
||||
- cp PyMISP/tests/keys.py PyMISP/examples/events/
|
||||
- pushd PyMISP/examples/events/
|
||||
- python3 ./create_massive_dummy_events.py -l 5 -a 30
|
||||
- pipenv run python ./create_massive_dummy_events.py -l 5 -a 30
|
||||
- popd
|
||||
- pushd app/files/feed-metadata
|
||||
- jsonschema -i defaults.json schema.json
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../docs/CONFIG.SMIME.md
|
|
@ -0,0 +1 @@
|
|||
../docs/CONFIG.elasticsearch-logging.md
|
|
@ -0,0 +1 @@
|
|||
../docs/CONFIG.s3-attachments.md
|
|
@ -1,490 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for FreeBSD 11.2-amd64
|
||||
|
||||
0/ WIP /!\ You are warned, this does not work yet! /!\
|
||||
|
||||
NOT working: pydeep, lief, py-yara, MAEC
|
||||
|
||||
1/ Minimal FreeBSD install
|
||||
--------------------------
|
||||
|
||||
# Install standard FreeBSD-amd64 with:
|
||||
- sshd
|
||||
- ntpd
|
||||
- ports
|
||||
|
||||
# System Hardening
|
||||
|
||||
- Clean /tmp
|
||||
- Disable Syslogd network socket
|
||||
- Disable Sendmail service
|
||||
|
||||
# Install pkg and point to latest
|
||||
|
||||
Install pkg by typing:
|
||||
```
|
||||
$ su -
|
||||
# pkg
|
||||
```
|
||||
|
||||
# Install sudo
|
||||
|
||||
pkg install sudo
|
||||
|
||||
# Install bash
|
||||
|
||||
sudo pkg install bash
|
||||
|
||||
Make sure users in group wheel can sudo, uncomment in /usr/local/etc/sudoers :
|
||||
```
|
||||
%wheel ALL=(ALL) ALL
|
||||
```
|
||||
|
||||
# Update system
|
||||
```
|
||||
sudo freebsd-update fetch install
|
||||
```
|
||||
|
||||
# Make python3 default
|
||||
|
||||
echo "DEFAULT_VERSIONS= python=3.6 python2=2.7 python3=3.6" >> /etc/make.conf
|
||||
sudo ln -s /usr/local/bin/python3 /usr/local/bin/python
|
||||
|
||||
# Install postfix
|
||||
```
|
||||
sudo pkg install postfix
|
||||
|
||||
# Optional but useful, add a local misp user
|
||||
sudo pw user add misp -s /usr/local/bin/bash -G wheel,www
|
||||
sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
|
||||
sudo passwd misp
|
||||
```
|
||||
|
||||
# FAMP
|
||||
## Install misc dependencies
|
||||
```
|
||||
sudo pkg install curl git python3 vim m4 help2man gmake automake libtool
|
||||
```
|
||||
|
||||
/!\ N.B: MariaDB 10.3 currently segfaults on 11.2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229219
|
||||
|
||||
```
|
||||
sudo pkg install apache24 \
|
||||
logrotate \
|
||||
gnupg \
|
||||
mariadb102-server mariadb102-client \
|
||||
php72 \
|
||||
php72-mysqli \
|
||||
php72-xml \
|
||||
php72-openssl \
|
||||
php72-pcntl \
|
||||
php72-mbstring \
|
||||
php72-pdo_mysql \
|
||||
php72-phar \
|
||||
php72-json \
|
||||
php72-filter \
|
||||
php72-dom \
|
||||
php72-opcache \
|
||||
php72-session \
|
||||
mod_php72
|
||||
|
||||
sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini
|
||||
|
||||
sudo sysrc apache24_enable="yes"
|
||||
sudo sysrc mysql_enable="yes"
|
||||
sudo sysrc mysql_args="--bind-address=127.0.0.1"
|
||||
sudo service apache24 start
|
||||
sudo service mysql-server start
|
||||
sudo /usr/local/bin/mysql_secure_installation
|
||||
```
|
||||
|
||||
```
|
||||
sudo vi /usr/local/etc/apache24/Includes/php.conf
|
||||
```
|
||||
|
||||
Add:
|
||||
```
|
||||
<IfModule dir_module>
|
||||
DirectoryIndex index.php index.html
|
||||
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.phps$">
|
||||
SetHandler application/x-httpd-php-source
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
```
|
||||
|
||||
|
||||
## Redis need to be installed via ports
|
||||
|
||||
```
|
||||
cd /usr/ports/databases/redis
|
||||
sudo make install clean
|
||||
sudo sysrc redis_enable="yes"
|
||||
```
|
||||
|
||||
### php-redis
|
||||
```
|
||||
cd /use/ports/databases/pecl-redis
|
||||
sudo make install clean
|
||||
```
|
||||
|
||||
## Maybe needed, had to add the path for php CLI to work…
|
||||
add this: PATH=$PATH:/usr/local/bin
|
||||
to: /usr/local/etc/apache24/envvars.d/php.env
|
||||
|
||||
|
||||
```
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
|
||||
# Download MISP using git in the /usr/local/www/ directory.
|
||||
sudo mkdir /usr/local/www/MISP
|
||||
sudo chown www:www /usr/local/www/MISP
|
||||
cd /usr/local/www/MISP
|
||||
sudo -u www git clone https://github.com/MISP/MISP.git /usr/local/www/MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
##sudo apt-get install python-dev zlib1g-dev python-setuptools
|
||||
sudo pkg install py27-pip py36-pip libxml2 libxslt
|
||||
|
||||
cd /usr/local/www/MISP/app/files/scripts
|
||||
sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /usr/local/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /usr/local/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /usr/local/www/MISP/app/files/scripts/
|
||||
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /usr/local/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd /usr/local/www/MISP
|
||||
sudo -u www git submodule init
|
||||
sudo -u www git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /usr/local/www/MISP/app
|
||||
sudo -u www php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www php composer.phar config vendor-dir Vendor
|
||||
sudo -u www php composer.phar install
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www cp -fa /usr/local/www/MISP/INSTALL/setup/config.php /usr/local/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www:www /usr/local/www/MISP
|
||||
sudo chmod -R 750 /usr/local/www/MISP
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files/scripts/tmp
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www sh -c "mysql -u misp -p misp < /usr/local/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you set previously
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
```
|
||||
# Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/
|
||||
|
||||
#2.4
|
||||
sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
sudo mkdir /etc/ssl/private/
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
sudo chmod 750 /etc/ssl/private/
|
||||
sudo chmod 640 /etc/ssl/private/*
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
sudo mkdir /var/log/apache24/
|
||||
```
|
||||
|
||||
Now edit: /usr/local/etc/apache24/sites-available/misp-ssl.conf to reflect the below.
|
||||
Make sure the ssl fqdn will reflect what you entered as a CN in the SSL-Cert.
|
||||
You might see this: "AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message"
|
||||
Edit:
|
||||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache24/misp.local_error.log
|
||||
CustomLog /var/log/apache24/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /usr/local/www/MISP/app/webroot
|
||||
<Directory /usr/local/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache24/misp.local_error.log
|
||||
CustomLog /var/log/apache24/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
```
|
||||
# activate new vhost
|
||||
cd /usr/local/etc/apache24/sites-enabled/
|
||||
sudo ln -s ../sites-available/misp-ssl.conf
|
||||
echo "Include etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
|
||||
echo "IncludeOptional etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
|
||||
|
||||
sudo vi /usr/local/etc/apache24/httpd.conf
|
||||
/!\ Enable mod_rewrite in httpd.conf /!\
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
LoadModule ssl_module libexec/apache24/mod_ssl.so
|
||||
Listen 443
|
||||
|
||||
# Restart apache
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /usr/local/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /usr/local/www/MISP/app/Config that need to be copied
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/bootstrap.default.php /usr/local/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/database.default.php /usr/local/www/MISP/app/Config/database.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/core.default.php /usr/local/www/MISP/app/Config/core.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/config.default.php /usr/local/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www vim /usr/local/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
sudo -u www vim /usr/local/www/MISP/app/Config/config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www:www /usr/local/www/MISP/app/Config
|
||||
sudo chmod -R 750 /usr/local/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www mkdir /usr/local/www/MISP/.gnupg
|
||||
sudo chmod 700 /usr/local/www/MISP/.gnupg
|
||||
##### sudo -u www gpg --homedir /usr/local/www/MISP/.gnupg --gen-key <- Broken
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www sh -c "gpg --homedir /usr/local/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /usr/local/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /usr/local/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
|
||||
sudo -u www bash /usr/local/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 /usr/local/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www:www /usr/local/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /usr/local/www/MISP/app/tmp/logs/error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
set PATH_TO_MISP='/usr/local/www/MISP'
|
||||
set MISP_BASEURL=''
|
||||
set MISP_LIVE='1'
|
||||
set FQDN='localhost'
|
||||
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
|
||||
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.language" "eng"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.proposals_block_attributes" false
|
||||
## Redis block
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_database" 13
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Tune global time outs
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.timeout" 600
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
10/ MISP modulesß
|
||||
|
||||
sudo pkg install yara
|
||||
sudo mkdir /usr/local/src/
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip-3.6 install -I -r REQUIREMENTS
|
||||
sudo pip-3.6 install -I .
|
||||
##sudo pip-3.6 install lief
|
||||
sudo pip-3.6 install maec
|
||||
sudo pip-3.6 install pymisp python-magic wand yara
|
||||
##sudo pip-3.6 install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# pip2 install
|
||||
sudo pip-2.7 install pymisp python-magic wand yara
|
||||
##sudo pip-2.7 install git+https://github.com/kbandla/pydeep.git
|
||||
##sudo pip-2.7 install lief
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip-3.6 install stix2
|
||||
|
||||
Add this to rc.local:
|
||||
|
||||
```
|
||||
sudo -u www misp-modules -l 0.0.0.0 -s &
|
||||
```
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pkg install libzmq4
|
||||
# ZeroMQ depends on the Python client for Redis
|
|
@ -1,504 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for OpenBSD 6.3-amd64
|
||||
|
||||
0/ WIP /!\ You are warned, this does not work yet! /!\
|
||||
|
||||
Current issues: php-redis only available in binary for php-56, workaround: use ports.
|
||||
This guide attempts to offer native httpd or apache2/nginx set-up.
|
||||
|
||||
1/ Minimal OpenBSD install
|
||||
--------------------------
|
||||
|
||||
# Install standard OpenBSD-amd64 with ports
|
||||
|
||||
## In case you forgot to fetch ports
|
||||
|
||||
```
|
||||
$ cd /tmp
|
||||
$ ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
|
||||
$ signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
|
||||
# cd /usr
|
||||
# tar xzf /tmp/ports.tar.gz
|
||||
````
|
||||
|
||||
# System Hardening
|
||||
|
||||
- TBD
|
||||
|
||||
# doas & pkg (as root)
|
||||
```
|
||||
echo http://ftp.belnet.be/pub/OpenBSD/ > /etc/installurl
|
||||
echo "permit keepenv setenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } :wheel" > /etc/doas.conf
|
||||
```
|
||||
|
||||
# Update system
|
||||
```
|
||||
doas syspatch
|
||||
```
|
||||
|
||||
# Install bash & ntp
|
||||
```
|
||||
doas pkg_add -v bash ntp
|
||||
```
|
||||
|
||||
# rc.local - Add ntpdate on boot
|
||||
|
||||
```
|
||||
echo -n ' ntpdate'
|
||||
/usr/local/sbin/ntpdate -b pool.ntp.org >/dev/null
|
||||
```
|
||||
|
||||
# Launch ntpd on boot
|
||||
```
|
||||
doas rcctl enable xntpd
|
||||
doas rcctl set xntpd flags "-p /var/run/ntpd.pid"
|
||||
doas /usr/local/sbin/ntpd -p /var/run/ntpd.pid
|
||||
```
|
||||
|
||||
# misp user
|
||||
```
|
||||
useradd -m -s /usr/local/bin/bash -G wheel,www misp
|
||||
```
|
||||
|
||||
# nvim (optional)
|
||||
```
|
||||
doas pkg_add -v neovim
|
||||
doas mv /usr/bin/vi /usr/bin/vi-`date +%d%m%y`
|
||||
doas ln -s /usr/local/bin/nvim /usr/bin/vi
|
||||
```
|
||||
|
||||
# /etc/httpd.conf
|
||||
```
|
||||
cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config example below
|
||||
```
|
||||
|
||||
```
|
||||
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
|
||||
|
||||
#
|
||||
# Macros
|
||||
#
|
||||
ext4_addr="*"
|
||||
ext6_addr="::"
|
||||
|
||||
server "default" {
|
||||
#listen on $ext4_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
|
||||
listen on $ext4_addr port 80
|
||||
listen on $ext4_addr tls port 443
|
||||
#listen on $ext6_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
|
||||
listen on $ext6_addr port 80
|
||||
listen on $ext6_addr tls port 443
|
||||
|
||||
root "/htdocs/MISP/app/webroot"
|
||||
|
||||
tls {
|
||||
key "/etc/ssl/private/server.key"
|
||||
certificate "/etc/ssl/server.crt"
|
||||
}
|
||||
directory {
|
||||
index "index.php"
|
||||
}
|
||||
location "*.php" {
|
||||
fastcgi socket "/run/php-fpm.sock"
|
||||
}
|
||||
#location "/.well-known/acme-challenge/*" {
|
||||
# root "/acme"
|
||||
# root strip 2
|
||||
#}
|
||||
#location * {
|
||||
# block return 302 "https://$HTTP_HOST$REQUEST_URI"
|
||||
#}
|
||||
}
|
||||
|
||||
# Include MIME types instead of the built-in ones
|
||||
types {
|
||||
include "/usr/share/misc/mime.types"
|
||||
}
|
||||
|
||||
#server "example.com" {
|
||||
# listen on * tls port 443
|
||||
# listen on :: tls port 443
|
||||
# tls {
|
||||
# certificate "/etc/ssl/example.com.fullchain.pem"
|
||||
# key "/etc/ssl/private/example.com.key"
|
||||
# }
|
||||
# location "/pub/*" {
|
||||
# directory auto index
|
||||
# }
|
||||
# location "/.well-known/acme-challenge/*" {
|
||||
# root "/acme"
|
||||
# root strip 2
|
||||
# }
|
||||
#}
|
||||
```
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
```
|
||||
doas openssl genrsa -out /etc/ssl/private/server.key
|
||||
doas openssl req -new -x509 -subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" -key /etc/ssl/private/server.key -out /etc/ssl/server.crt -days 3650
|
||||
```
|
||||
|
||||
# mariadb server
|
||||
```
|
||||
pkd_add -v mariadb-server
|
||||
```
|
||||
|
||||
# start httpd
|
||||
```
|
||||
/etc/rc.d/httpd -f start
|
||||
```
|
||||
|
||||
# Install postfix
|
||||
```
|
||||
doas pkg_add -v postfix
|
||||
```
|
||||
|
||||
# Enable httpd
|
||||
```
|
||||
doas rcctl enable httpd
|
||||
```
|
||||
|
||||
# Install misc dependencies
|
||||
|
||||
```
|
||||
doas pkg_add -v curl git python redis
|
||||
```
|
||||
|
||||
# OpendBSD + Apache/httpd/nginx + MySQL/Mariadb + PHP
|
||||
```
|
||||
#pkg_add -v apache-httpd
|
||||
pkg_add -v \
|
||||
gnupg \
|
||||
```
|
||||
|
||||
# php7 ports
|
||||
```
|
||||
php-mysqli
|
||||
php-pcntl
|
||||
php-pdo_mysql
|
||||
pecl-redis
|
||||
pear
|
||||
```
|
||||
|
||||
# Optional for Apache2
|
||||
```
|
||||
doas pkg_add -v fcgi-cgi fcgi
|
||||
``
|
||||
|
||||
# /etc/php-5.6.ini
|
||||
```
|
||||
allow_url_fopen = On
|
||||
```
|
||||
|
||||
```
|
||||
cd /etc/php-5.6
|
||||
doas cp ../php-5.6.sample/* .
|
||||
```
|
||||
|
||||
# php ln
|
||||
```
|
||||
doas ln -s /usr/local/bin/php-5.6 /usr/local/bin/php
|
||||
```
|
||||
|
||||
# Enable php fpm
|
||||
``
|
||||
doas rcctl enable php56_fpm
|
||||
```
|
||||
|
||||
# Configure fpm
|
||||
```
|
||||
doas vi /etc/php-fpm.conf
|
||||
```
|
||||
|
||||
error_log = log/php-fpm.log
|
||||
chroot -> remove for the time being
|
||||
|
||||
|
||||
For native httpd: listen = /var/www/run/php-fpm.sock
|
||||
For apache2: listen = 127.0.0.1:9000
|
||||
|
||||
# Enable redis
|
||||
```
|
||||
doas rcctl enable redis
|
||||
doas /etc/rc.d/redis start
|
||||
```
|
||||
|
||||
# Enable mysqld
|
||||
```
|
||||
doas rcctl set mysqld status on
|
||||
doas rcctl set mysqld flags --bind-address=127.0.0.1
|
||||
doas /etc/rc.d/mysqld start
|
||||
doas mysql_secure_installation
|
||||
```
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
```
|
||||
# Download MISP using git in the /usr/local/www/ directory.
|
||||
doas mkdir /var/www/htdocs/MISP
|
||||
doas chown www:www /var/www/htdocs/MISP
|
||||
cd /var/www/htdocs/MISP
|
||||
doas -u www git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
doas -u www git config core.filemode false
|
||||
|
||||
doas pkg_add py-pip py3-pip libxml libxslt py3-jsonschema
|
||||
|
||||
cd /var/www/htdocs/MISP/app/files/scripts
|
||||
doas -u www git clone https://github.com/CybOXProject/python-cybox.git
|
||||
doas -u www git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/python-cybox
|
||||
doas python3 setup.py install
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/python-stix
|
||||
doas python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/
|
||||
doas -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/mixbox
|
||||
doas python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/htdocs/MISP/PyMISP
|
||||
doas python3 setup.py install
|
||||
|
||||
# install support for STIX 2.0
|
||||
doas pip3.6 install stix2
|
||||
```
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
```
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd /var/www/htdocs/MISP
|
||||
doas -u www git submodule init
|
||||
doas -u www git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
doas -u www git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/htdocs/MISP/app
|
||||
doas -u www php composer.phar require kamisama/cake-resque:4.1.2
|
||||
doas -u www php composer.phar config vendor-dir Vendor
|
||||
doas -u www php composer.phar install
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
doas -u www cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
```
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
```
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
doas chown -R www:www /var/www/htdocs/MISP
|
||||
doas chmod -R 750 /var/www/htdocs/MISP
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/tmp
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/files
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/files/scripts/tmp
|
||||
```
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
```
|
||||
# Enter the mysql shell
|
||||
doas mysql -u root -p
|
||||
```
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
```
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
doas -u www sh -c "mysql -u misp -p misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you set previously
|
||||
```
|
||||
|
||||
7/ Apache configuration (optional)
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot /var/www/htdocs/MISP/app/webroot/
|
||||
|
||||
#2.4
|
||||
doas mkdir /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
doas cp /var/www/htdocs/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
doas mkdir /etc/ssl/private/
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
|
||||
doas openssl req -newkey rsa:4096 -days 3650 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
doas mkdir /var/log/apache2/
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/htdocs/MISP/app/webroot
|
||||
<Directory /var/www/htdocs/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
cd /etc/apache2/sites-enabled/
|
||||
doas ln -s ../sites-available/misp-ssl.conf
|
||||
echo "Include /etc/apache2/sites-enabled/*.conf" >> /etc/apache2/httpd2.conf
|
||||
|
||||
doas vi /etc/apache2/httpd2.conf
|
||||
|
||||
/!\ Enable mod_rewrite in httpd2.conf /!\
|
||||
LoadModule rewrite_module /usr/local/lib/apache2/mod_rewrite.so
|
||||
LoadModule ssl_module /usr/local/lib/apache2/mod_ssl.so
|
||||
LoadModule proxy_module /usr/local/lib/apache2/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/local/lib/apache2/mod_proxy_fcgi.so
|
||||
Listen 443
|
||||
|
||||
# Restart apache
|
||||
doas /etc/rc.d/apache2 restart
|
||||
|
||||
8/ Log rotation (needs to be adapted to OpenBSD, newsyslog does this for you
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/htdocs/MISP/app/tmp/logs
|
||||
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/htdocs/MISP/app/Config that need to be copied
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
doas -u www vim /var/www/htdocs/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
doas -u www vim /var/www/htdocs/MISP/app/Config/config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
doas chown -R www:www /var/www/htdocs/MISP/app/Config
|
||||
doas chmod -R 750 /var/www/htdocs/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
doas -u www mkdir /var/www/htdocs/MISP/.gnupg
|
||||
doas chmod 700 /var/www/htdocs/MISP/.gnupg
|
||||
##### doas -u www gpg --homedir /var/www/htdocs/MISP/.gnupg --gen-key <- Broken
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
doas -u www sh -c "gpg --homedir /var/www/htdocs/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/htdocs/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
doas chmod +x /var/www/htdocs/MISP/app/Console/worker/start.sh
|
||||
doas vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
|
||||
doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
doas chmod -R 750 /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
doas chown -R www:www /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache/httpd
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ.
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
```
|
||||
doas pkg_add -v py3-zmq
|
||||
```
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,724 @@
|
|||
#!/usr/bin/env bash
|
||||
############################################################
|
||||
###### #
|
||||
##### Please AutoGenerated... ##
|
||||
#### Do NOT was ###
|
||||
### Manually It ####
|
||||
## Change this Script... #####
|
||||
# ######
|
||||
############################################################
|
||||
############################################################
|
||||
#INSTALLATION INSTRUCTIONS #
|
||||
##########################################################
|
||||
#------------------------- for Debian Flavored Linux Distributions
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
||||
# 20190208: Kali Linux tested and working. -- sCl
|
||||
#
|
||||
#
|
||||
#-------------------------------------------------------------------------------------------------|
|
||||
# 1/ For other Debian based Linux distributions, download script and run as **unprivileged** user |
|
||||
#-------------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# The following installs only MISP-core:
|
||||
# $ curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c
|
||||
#
|
||||
# This will install MISP Core and misp-modules (recommended)
|
||||
# $ curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c -M
|
||||
#
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 2/ For Kali, download and run Installer Script |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# To install MISP on Kali copy paste the following to your r00t shell:
|
||||
# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
#
|
||||
#
|
||||
#----------------------------------------------------------|
|
||||
# 3/ The following script has been partially autogenerated |
|
||||
#----------------------------------------------------------|
|
||||
#
|
||||
# To generate this script yourself, the following steps need to be taken.
|
||||
# $ git clone https://github.com/SteveClement/xsnippet.git
|
||||
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
|
||||
# $ git clone https://github.com/MISP/MISP.git
|
||||
# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh
|
||||
#
|
||||
##
|
||||
###
|
||||
####----------------\
|
||||
## Developer Note |
|
||||
####--------------------------------------------------------------------------------------------------|
|
||||
## In theory the order does not matter as everything is a self-contained function. |
|
||||
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
|
||||
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
|
||||
#-----------------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# ToC #
|
||||
#
|
||||
#### BEGIN AUTOMATED SECTION ####
|
||||
#
|
||||
## 0_global-vars.sh ##
|
||||
## 0_support-functions.sh ##
|
||||
## 0_apt-upgrade.sh ##
|
||||
## 0_sudoKeeper.sh ##
|
||||
## 0_installCoreDeps.sh ##
|
||||
## 0_installDepsPhp73.sh ##
|
||||
## 0_installDepsPhp72.sh ##
|
||||
## 0_installDepsPhp70.sh ##
|
||||
## 1_prepareDB.sh ##
|
||||
## 1_apacheConfig.sh ##
|
||||
## 1_mispCoreInstall.sh ##
|
||||
## 1_installCake.sh ##
|
||||
## 2_permissions.sh ##
|
||||
## 2_configMISP.sh ##
|
||||
## 2_core-cake.sh ##
|
||||
## 2_gnupg.sh ##
|
||||
## 2_logRotation.sh ##
|
||||
## 2_backgroundWorkers.sh ##
|
||||
## 3_misp-modules.sh ##
|
||||
## 4_misp-dashboard.sh ##
|
||||
## 4_misp-dashboard-cake.sh ##
|
||||
## 5_mail_to_misp.sh ##
|
||||
## 6_ssdeep.sh ##
|
||||
## 6_viper.sh ##
|
||||
|
||||
# No functions scripts:
|
||||
## apt-upgrade.sh ##
|
||||
## postfix.sh ##
|
||||
## interfaces.sh ##
|
||||
#
|
||||
### END AUTOMATED SECTION ###
|
||||
|
||||
# This function will generate the main installer.
|
||||
# It is a helper function for the maintainers for the installer.
|
||||
|
||||
colors () {
|
||||
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
LBLUE='\033[1;34m'
|
||||
YELLOW='\033[0;33m'
|
||||
HIDDEN='\e[8m'
|
||||
NC='\033[0m'
|
||||
}
|
||||
|
||||
generateInstaller () {
|
||||
if [ ! -f $(which xsnippet) ]; then
|
||||
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
||||
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then
|
||||
echo -e "${RED}iAmError!${NC}"
|
||||
echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break."
|
||||
echo -e "You called: ${RED}$0${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir installer ; cd installer
|
||||
cp ../INSTALL.debian.tpl.sh .
|
||||
|
||||
# Pull code snippets out of Main Install Documents
|
||||
for f in `echo INSTALL.ubuntu1804.md xINSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do
|
||||
xsnippet . ../../docs/${f}
|
||||
done
|
||||
|
||||
# Pull out code snippets from generic Install Documents
|
||||
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
|
||||
xsnippet . ../../docs/generic/${f}
|
||||
done
|
||||
|
||||
# TODO: Fix the below.
|
||||
# $ for f in `echo ls [0-9]_*`; do
|
||||
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh
|
||||
# $ done
|
||||
#
|
||||
# Temporary copy/paste holder
|
||||
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp70.sh ##/`cat 0_installDepsPhp70.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
|
||||
cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh
|
||||
cd ..
|
||||
rm -rf installer
|
||||
echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# Simple debug function with message
|
||||
|
||||
# Make sure no alias exists
|
||||
if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi
|
||||
debug () {
|
||||
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
||||
if [ ! -z $DEBUG ]; then
|
||||
NO_PROGRESS=1
|
||||
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
||||
exec 3>&1
|
||||
read
|
||||
else
|
||||
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
|
||||
#exec 3>&1 &>/dev/null
|
||||
:
|
||||
fi
|
||||
}
|
||||
|
||||
installSupported () {
|
||||
space
|
||||
echo "Proceeding with the installation of MISP core"
|
||||
space
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
||||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
||||
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
# TODO: Work on possibility to install as user X and install MISP for user Y
|
||||
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
||||
# <snippet-begin add-user.sh>
|
||||
# TODO: Double check how to properly handle postfix
|
||||
# <snippet-begin postfix.sh>
|
||||
|
||||
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
|
||||
progress 4
|
||||
|
||||
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
|
||||
checkID
|
||||
progress 4
|
||||
|
||||
# Starting friendly UI spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps
|
||||
progress 4
|
||||
|
||||
if [[ "$1" =~ ^PHP= ]]; then
|
||||
PHP_VER=$(echo $1 |cut -f2 -d=)
|
||||
if [[ "$PHP_VER" == "7.2" ]]; then
|
||||
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
||||
elif [[ "$PHP_VER" == "7.3" ]]; then
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp73
|
||||
elif [[ "$PHP_VER" == "7.0" ]]; then
|
||||
# Install PHP 7.0 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp70
|
||||
fi
|
||||
else
|
||||
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
||||
fi
|
||||
progress 4
|
||||
|
||||
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
|
||||
progress 4
|
||||
|
||||
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
|
||||
progress 4
|
||||
|
||||
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Mysql install functions, make it upgrade safe, double check
|
||||
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Disable spinner
|
||||
#(kill $SPIN_PID 2>&1) >/dev/null
|
||||
|
||||
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
|
||||
progress 4
|
||||
|
||||
## Resume spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
|
||||
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
|
||||
progress 4
|
||||
|
||||
# Install Viper - functionLocation('generic/viper-debian.md')
|
||||
[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
|
||||
progress 4
|
||||
|
||||
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
|
||||
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
|
||||
progress 4
|
||||
|
||||
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
||||
[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
||||
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
|
||||
progress 2
|
||||
|
||||
# Run tests
|
||||
runTests
|
||||
progress 2
|
||||
|
||||
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
|
||||
theEnd
|
||||
}
|
||||
|
||||
# Main Kalin Install function
|
||||
installMISPonKali () {
|
||||
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
||||
kaliUpgrade 2> /dev/null > /dev/null
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
setBaseURL
|
||||
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
installDepsPhp73 2> /dev/null > /dev/null
|
||||
|
||||
# Set custom Kali only variables and tweaks
|
||||
space
|
||||
# The following disables sleep on kali/gnome
|
||||
### FIXME: Disabling for now, maybe source of some issues.
|
||||
##disableSleep 2> /dev/null > /dev/null
|
||||
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
||||
##sleep 3
|
||||
|
||||
# Kali specific dependencies - functionLocation('generic/supportFunctions.md')
|
||||
debug "Installing dependencies"
|
||||
installDeps
|
||||
|
||||
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
installCoreDeps
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status 2> /dev/null > /dev/null
|
||||
a2dismod php7.2 2> /dev/null > /dev/null
|
||||
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
||||
a2dissite 000-default 2> /dev/null > /dev/null
|
||||
a2ensite default-ssl 2> /dev/null > /dev/null
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service 2> /dev/null > /dev/null
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
fixRedis 2> /dev/null > /dev/null
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
||||
|
||||
|
||||
mkdir /var/www/.cache/
|
||||
|
||||
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
||||
mkdir $MISP_USER_HOME/.cache
|
||||
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
chown www-data:www-data /var/www/.cache
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
|
||||
debug "Setting up main MISP virtualenv"
|
||||
# Needs virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
debug "Installing MISP dashboard"
|
||||
mispDashboard
|
||||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Install maec"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export
|
||||
debug "Installing cti-python-stix2"
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBNAME@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
||||
|
||||
enableServices
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG 2> /dev/null > /dev/null
|
||||
|
||||
debug "Adding workers to systemd"
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now misp-workers
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE 2> /dev/null > /dev/null
|
||||
dashboardCAKE 2> /dev/null > /dev/null
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT 2> /dev/null > /dev/null
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
|
||||
checkUsrLocalSrc
|
||||
|
||||
debug "Installing misp-modules"
|
||||
mispmodules
|
||||
|
||||
debug "Installing Viper"
|
||||
viper
|
||||
|
||||
debug "Installing ssdeep"
|
||||
ssdeep
|
||||
phpenmod -v 7.3 ssdeep
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
||||
debug "Running Then End!"
|
||||
theEnd
|
||||
}
|
||||
# End installMISPonKali ()
|
||||
|
||||
## End Function Section ##
|
||||
|
||||
colors
|
||||
debug "Checking if we are run as the installer template"
|
||||
if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then
|
||||
generateInstaller
|
||||
fi
|
||||
|
||||
space
|
||||
debug "Setting MISP variables"
|
||||
MISPvars
|
||||
debug "Checking Linux distribution and flavour..."
|
||||
checkFlavour
|
||||
|
||||
debug "Checking for parameters or Unattended Kali Install"
|
||||
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
else
|
||||
debug "Setting install options with given parameters."
|
||||
# The setOpt/checkOpt function lives in generic/supportFunctions.md
|
||||
setOpt $@
|
||||
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
|
||||
checkOpt viper && echo "${GREEN}Viper${NC} selected"
|
||||
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
|
||||
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
|
||||
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
|
||||
checkOpt all && echo "${GREEN}All options${NC} selected"
|
||||
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
|
||||
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
|
||||
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
|
||||
checkOpt force && echo "${GREEN}force${NC} install selected"
|
||||
|
||||
# Check if at least core is selected if no other options that do not require core are set
|
||||
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
|
||||
space
|
||||
usage
|
||||
echo "You need to at least select core, or -A to install everything."
|
||||
echo "$0 -c # Is the minima for install options"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add upgrade option to do upgrade pre flight
|
||||
[[ -n $PRE ]] && preInstall
|
||||
|
||||
[[ -n $UPGRADE ]] && upgrade
|
||||
|
||||
[[ -n $NUKE ]] && nuke && exit
|
||||
|
||||
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z])
|
||||
if [ "${RELEASE}" == "18.04" ]; then
|
||||
echo "Install on Ubuntu 18.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "18.10" ]; then
|
||||
echo "Install on Ubuntu 18.10 partially supported, bye."
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.04" ]; then
|
||||
echo "Install on Ubuntu 19.04 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.10" ]; then
|
||||
echo "Install on Ubuntu 19.10 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
||||
|
||||
# If Debian is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "debian" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "buster" ]; then
|
||||
echo "Install on Debian testing fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "sid" ]; then
|
||||
echo "Install on Debian unstable not fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "stretch" ]; then
|
||||
echo "Install on Debian stable fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.0 && exit || exit
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "bamboo" ]; then
|
||||
echo "Install on Tsurugi Lab partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
if [ "${CODE}" == "soy sauce" ]; then
|
||||
echo "Install on Tsurugi Acquire partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Kali Linux is detected, run the acccording scripts
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
KALI=1
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
|
@ -1,713 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Debian 9 "stretch" server
|
||||
|
||||
0/ MISP debian stable install - Status
|
||||
--------------------------------------
|
||||
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.0/apache2/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal Debian install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Debian 9 "stretch" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
|
||||
# install etckeeper (optional)
|
||||
su -
|
||||
apt install etckeeper
|
||||
apt install sudo
|
||||
adduser misp sudo
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt update
|
||||
sudo apt -y dist-upgrade
|
||||
|
||||
# Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt install -y postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install all the dependencies: (some might already be installed)
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server vim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-readline php-redis php7.0-mbstring php-pear python3 \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
|
||||
|
||||
To flip between the 2 pythons: sudo update-alternatives --config python
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule init
|
||||
sudo -u www-data git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP.
|
||||
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
# Make composer cache happy
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/php/7.0/apache2/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
sudo $CAKE Admin updateWarningLists
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand yara
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip3 install redis
|
||||
|
||||
## install pyzmq
|
||||
sudo pip3 install pyzmq
|
||||
|
||||
|
||||
MISP Dashboard
|
||||
--------------
|
||||
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
|
||||
|
||||
Install viper framework
|
||||
-----------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git submodule init
|
||||
sudo git submodule update
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
|
||||
|
||||
|
||||
Install mail to misp
|
||||
--------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
|
|
@ -1,736 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Debian testing "buster" server
|
||||
|
||||
0/ MISP testing dev install - Status
|
||||
------------------------------------
|
||||
|
||||
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
|
||||
uses for testing, qc and random development.
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal Debian install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Debian testing "buster" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
|
||||
# Make sure you can sudo
|
||||
```
|
||||
misp@debian:~$ sudo ls
|
||||
[sudo] password for misp:
|
||||
misp is not in the sudoers file. This incident will be reported.
|
||||
```
|
||||
|
||||
su -
|
||||
adduser misp sudo
|
||||
|
||||
# install etckeeper (optional)
|
||||
sudo apt install -y etckeeper
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt update
|
||||
sudo apt -y dist-upgrade
|
||||
|
||||
# Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt install -y postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install all the dependencies: (some might already be installed)
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php-pear php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
sudo pecl channel-update pecl.php.net
|
||||
sudo pecl install redis
|
||||
echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
|
||||
To flip between the 2 pythons: sudo update-alternatives --config python
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule init
|
||||
sudo -u www-data git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP.
|
||||
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
# Make composer cache happy
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/php/7.2/apache2/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
sudo $CAKE Admin updateWarningLists
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
PATH="$PATH:/usr/local/src/viper"
|
||||
fi
|
||||
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
PATH="$PATH:/var/www/MISP/app/Console"
|
||||
fi
|
||||
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo apt install python3-redis -y
|
||||
|
||||
## install pyzmq
|
||||
sudo apt install python3-zmq -y
|
||||
|
||||
|
||||
MISP Dashboard
|
||||
--------------
|
||||
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
|
||||
|
||||
Install viper framework
|
||||
-----------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git submodule init
|
||||
sudo git submodule update
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
|
||||
|
||||
|
||||
Install mail to misp
|
||||
--------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
|
|
@ -1,594 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
#INSTALLATION INSTRUCTIONS
|
||||
#------------------------- for Kali Linux
|
||||
#
|
||||
#0/ Quick MISP Instance on Kali Linux - Status
|
||||
#---------------------------------------------
|
||||
#
|
||||
#1/ Prepare Kali with a MISP User
|
||||
#--------------------------------
|
||||
# To install MISP on Kali copy paste this in your r00t shell:
|
||||
# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
function kaliOnRootR0ckz() {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id misp >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data misp
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
function installMISPonKali() {
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
MISP_BASEURL='https://misp.local'
|
||||
MISP_LIVE='1'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
|
||||
# apt config
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO="sudo -u ${MISP_USER}"
|
||||
SUDO_WWW="sudo -u www-data"
|
||||
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
|
||||
echo "-----------------------------------------------------------------------"
|
||||
echo "Disabling sleep etc…"
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing'
|
||||
xset s 0 0
|
||||
xset dpms 0 0
|
||||
xset s off
|
||||
apt update
|
||||
apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
git config --global user.email "root@kali.lan"
|
||||
git config --global user.name "Root User"
|
||||
apt install -qy postfix
|
||||
|
||||
apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php-pear php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
modprobe tpm-rng
|
||||
echo tpm-rng >> /etc/modules
|
||||
apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
||||
service rng-tools start
|
||||
|
||||
systemctl restart mariadb.service
|
||||
|
||||
a2dismod status
|
||||
a2enmod ssl rewrite headers
|
||||
a2dissite 000-default
|
||||
a2ensite default-ssl
|
||||
|
||||
pear channel-update pear.php.net
|
||||
pear install Crypt_GPG
|
||||
pecl channel-update pecl.php.net
|
||||
|
||||
yes '' |pecl install redis
|
||||
|
||||
echo "extension=redis.so" | tee /etc/php/7.2/mods-available/redis.ini
|
||||
|
||||
phpenmod redis
|
||||
|
||||
update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule init
|
||||
$SUDO_WWW git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
cd /var/www
|
||||
mkdir misp-dashboard
|
||||
chown www-data:www-data misp-dashboard
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
/var/www/misp-dashboard/install_dependencies.sh
|
||||
sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
|
||||
apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
a2ensite misp-dashboard
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
systemctl restart apache2
|
||||
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
$CAKE userInit -q
|
||||
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
$CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
|
||||
$CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
$CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disable_emailing" false
|
||||
$CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
$CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
$CAKE Admin setSetting "MISP.language" "eng"
|
||||
$CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$CAKE Admin setSetting "MISP.redis_password" ""
|
||||
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$CAKE Admin setSetting "MISP.log_auth" false
|
||||
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
|
||||
$CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
|
||||
$CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
$CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$CAKE Admin setSetting "Session.timeout" 600
|
||||
$CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Admin updateGalaxies
|
||||
$CAKE Admin updateTaxonomies
|
||||
#$CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
pip3 install -I -r REQUIREMENTS
|
||||
pip3 install -I .
|
||||
pip3 install maec lief python-magic wand yara
|
||||
pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
pip3 install stix2
|
||||
gem install pygments.rb
|
||||
gem install asciidoctor-pdf --pre
|
||||
$SUDO_WWW misp-modules -l 0.0.0.0 -s &
|
||||
cd /usr/local/src/
|
||||
apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
pip3 install SQLAlchemy PrettyTable python-magic
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
$SUDO git submodule init
|
||||
$SUDO git submodule update
|
||||
pip3 install -r requirements.txt
|
||||
pip3 uninstall yara -y
|
||||
$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
$SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
$SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
|
||||
while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
# TODO: fix faup
|
||||
cd /usr/local/src/
|
||||
apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone git://github.com/stricaud/faup.git faup
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
$SUDO git checkout 96f2a9a51428869cac2473422b70ace890d5d95d
|
||||
$SUDO mkdir -p build
|
||||
cd build
|
||||
$SUDO cmake .. && $SUDO make
|
||||
make install
|
||||
ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
pip3 install -r requirements.txt
|
||||
$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
echo ""
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "MISP Installed, access here: https://misp.local"
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
echo "MISP Dashboard, access here: http://misp.local:8001"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "The LOCAL system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD}"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "viper-web installed, access here: http://misp.local:8888"
|
||||
echo "viper-cli configured with your MISP Site Admin Auth Key"
|
||||
echo "User: admin"
|
||||
echo "Password: Password1234"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo ""
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
su - misp
|
||||
}
|
||||
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
|
@ -0,0 +1 @@
|
|||
INSTALL.debian.sh
|
|
@ -1,435 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS for RHEL 7.x
|
||||
-------------------------
|
||||
|
||||
+----------------------------------------+
|
||||
| 0/ Overview and Assumptions |
|
||||
+----------------------------------------+
|
||||
This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x). At time of this writing it
|
||||
was tested on version 7.4.
|
||||
|
||||
The following assumptions with regard to this installation have been made.
|
||||
|
||||
0.1/ A valid support agreement allowing the system to register to the Red Hat Customer Portal and receive updates
|
||||
0.2/ The ability to enable additional RPM repositories, specifically the EPEL and Software Collections (SCL) repos
|
||||
0.3/ This system will have direct or proxy access to the Internet for updates. Or connected to a Red Hat Satellite Server
|
||||
0.4/ This document is to get a MISP instance up and running over HTTP. I haven't done a full test of all features
|
||||
|
||||
+----------------------------------------------+
|
||||
| 1/ OS Install and additional repositories |
|
||||
+----------------------------------------------+
|
||||
|
||||
1.1/ Complete a minimal RHEL installation, configure IP address to connect automatically.
|
||||
|
||||
1.2/ Configure system hostname
|
||||
hostnamectl set-hostname misp # You're choice, in a production environment, it's best to use a FQDN
|
||||
|
||||
1.3/ Register the system for updates with Red Hat Subscription Manager
|
||||
subscription-manager register # register your system to an account
|
||||
subscription-manager attach # attach your system to a current subscription
|
||||
|
||||
1.4/ Enable the optional, extras and Software Collections (SCL) repos
|
||||
subscription-manager repos --enable rhel-7-server-optional-rpms
|
||||
subscription-manager repos --enable rhel-7-server-extras-rpms
|
||||
subscription-manager repos --enable rhel-server-rhscl-7-rpms
|
||||
|
||||
1.5a/ OPTIONAL: Install the deltarpm package to help reduce download size when installing updates
|
||||
yum install deltarpm
|
||||
|
||||
1.5/ Update the system and reboot
|
||||
yum update
|
||||
|
||||
## NOTE: As time of writing performing a yum update results in the rhel-7-server-rt-beta-rpms being forbidden
|
||||
## The repo can be disabled using the following command
|
||||
subscription-manager repos --disable rhel-7-server-rt-beta-rpms
|
||||
|
||||
1.6/ Install the EPEL repo
|
||||
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
||||
|
||||
1.7/ Install the SCL repo
|
||||
yum install centos-release-scl
|
||||
|
||||
+-----------------------------+
|
||||
| 2/ Install Dependencies |
|
||||
+-----------------------------+
|
||||
Once the system is installed and updated, the following steps can be performed as root
|
||||
|
||||
2.01/ Install some base system dependencies
|
||||
yum install gcc git httpd zip python-devel libxslt-devel zlib-devel python-pip ssdeep-devel
|
||||
|
||||
2.02/ Install MariaDB 10.2 from SCL
|
||||
yum install rh-mariadb102
|
||||
|
||||
2.03/ Start the MariaDB service and enable it to start on boot
|
||||
systemctl start rh-mariadb102-mariadb.service
|
||||
systemctl enable rh-mariadb102-mariadb.service
|
||||
|
||||
## MISP 2.4 requires PHP 5.5 as a minimum, we need a higher version than base RHEL provides.
|
||||
## This guide installs PHP 7.1 from SCL
|
||||
|
||||
2.04/ Install PHP 7.1 from SCL
|
||||
yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache
|
||||
|
||||
## If we want to use httpd from RHEL base we can use the rh-php71-php-fpm service instead
|
||||
2.05/ Start the PHP FPM service and enable to start on boot
|
||||
systemctl start rh-php71-php-fpm.service
|
||||
systemctl enable rh-php71-php-fpm.service
|
||||
|
||||
2.06/ Install redis 3.2 from SCL
|
||||
yum install rh-redis32
|
||||
|
||||
2.07/ Start redis service and enable to start on boot
|
||||
systemctl start rh-redis32-redis.service
|
||||
systemctl enable rh-redis32-redis.service
|
||||
|
||||
2.08/ Start a SCL shell with rh-mariadb102 rh-php71 and rh-redis32 enabled
|
||||
scl enable rh-mariadb102 rh-php71 rh-redis32 bash
|
||||
|
||||
2.08/ Secure the MariaDB installation, run the following command and follow the prompts
|
||||
mysql_secure_installation
|
||||
|
||||
2.10/ Update the PHP extension repository and install required package
|
||||
pear channel-update pear.php.net
|
||||
pear install Crypt_GPG
|
||||
|
||||
2.11/ Install haveged and enable to start on boot to provide entropy for GPG
|
||||
yum install haveged
|
||||
systemctl start haveged
|
||||
systemctl enable haveged
|
||||
|
||||
2.12/ Install Python 3.6 from SCL
|
||||
yum install rh-python36
|
||||
|
||||
+---------------------+
|
||||
| 3/ MISP Download |
|
||||
+---------------------+
|
||||
|
||||
3.01/ Download MISP code using git in /var/www/ directory
|
||||
cd /var/www
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
3.02/ Make git ignore filesystem permission differences
|
||||
git config core.filemode false
|
||||
|
||||
3.03/ Install Mitre's STIX and its dependencies by running the following commands:
|
||||
pip install importlib
|
||||
yum install python-six
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
# If your umask has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
|
||||
3.04/ Install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
umask $UMASK
|
||||
|
||||
3.05/ Enable python3 for php-fpm
|
||||
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
+---------------------+
|
||||
| 4/ CakePHP |
|
||||
+---------------------+
|
||||
|
||||
4.01/ CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it ignore this
|
||||
message: No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
cd /var/www/MISP
|
||||
git submodule init
|
||||
git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach git config core.filemode false
|
||||
|
||||
4.02/ Install CakeResque along with its dependencies if you intend to use the built in background jobs
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
4.03/ Install and configure php redis connector through pecl
|
||||
pecl install redis
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
4.04/ Set a timezone in php.ini
|
||||
echo 'date.timezone = "Australia/Sydney"' > /etc/opt/rh/rh-php71/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php71/php.d/99-timezone.ini
|
||||
|
||||
4.05/ To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
+----------------------------+
|
||||
| 5/ Set file permissions |
|
||||
+----------------------------+
|
||||
|
||||
5.01/ Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
+--------------------------------+
|
||||
| 6/ Create database and user |
|
||||
+--------------------------------+
|
||||
|
||||
6.01/ Set database to listen on localhost only
|
||||
echo [mysqld] > /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 >> /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf
|
||||
systemctl restart rh-mariadb102-mariadb
|
||||
|
||||
6.02/ Start MariaDB shell and create database
|
||||
mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
6.03/ Import the empty MySQL database from MYSQL.sql
|
||||
cd /var/www/MISP
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
|
||||
+--------------------------------+
|
||||
| 7/ Apache Configuration |
|
||||
+--------------------------------+
|
||||
|
||||
7.01/ Copy a sample vhost config to Apache configuration directory
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
7.02/ Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
7.02/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
|
||||
7.03/ Enable and start the httpd service
|
||||
systemctl enable httpd.service
|
||||
systemctl start httpd.service
|
||||
|
||||
7.04/ Open a hole in the firewalld service
|
||||
firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
firewall-cmd --reload
|
||||
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
+--------------------------------+
|
||||
| 8/ Log Rotation |
|
||||
+--------------------------------+
|
||||
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
8.01/ Allow logrotate to work under SELinux and modify the log files
|
||||
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
|
||||
8.02/ Allow logrotate to read /var/www
|
||||
checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te
|
||||
semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
semodule -i /tmp/misplogrotate.pp
|
||||
|
||||
+--------------------------------+
|
||||
| 9/ MISP Configuration |
|
||||
+--------------------------------+
|
||||
|
||||
9.01/ There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
|
||||
9.02/ Configure the fields in the newly created files
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
|
||||
# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');`
|
||||
# database.php : login, port, password, database
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
9.03/ If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
|
||||
9.04/ Generate an encryption key
|
||||
gpg --gen-key
|
||||
mv ~/.gnupg /var/www/MISP/
|
||||
chown -R apache:apache /var/www/MISP/.gnupg
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.gnupg
|
||||
## NOTE: There is a bug that if a passphrase is added MISP will produce an error on the diagnostic page.
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool
|
||||
|
||||
9.05/ export the public key to the webroot
|
||||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
9.06/ Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
9.07a/ To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
9.07b/ Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
9.07c/ and make sure it will execute
|
||||
chmod +x /etc/rc.local
|
||||
|
||||
# Now log in using the webinterface: http://misp/users/login
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
+---------------------------+
|
||||
| 10/ Post Install |
|
||||
+---------------------------+
|
||||
|
||||
10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs
|
||||
# Result from diagnostic is that the directory is not writable.
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs/
|
||||
# NOTE: This may mean that logrotate cannot access the logs directory, will require further investigation
|
||||
|
||||
10.02/ Change php.ini settings to suggested limits from diagnostic page.
|
||||
# Edit /etc/opt/rh/rh-php71/php.ini and set the following settings
|
||||
max_execution_time = 300
|
||||
memory_limit = 512M
|
||||
upload_max_filesize = 50M
|
||||
post_max_size = 50M
|
||||
|
||||
10.03/ Restart rh-php71 for settings to take effect
|
||||
systemctl restart rh-php71-php-fpm
|
||||
|
||||
10.04/ Install pymisp and pydeep for Advanced Attachment handler
|
||||
pip install pymisp
|
||||
pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
10.05/ Install pymisp also in Python 3
|
||||
scl enable rh-python36 pip3 install pymisp
|
||||
|
||||
+---------------------------+
|
||||
| 11/ LIEF Installation |
|
||||
+---------------------------+
|
||||
# lief is required for the Advanced Attachment Handler and requires manual compilation
|
||||
|
||||
11.01/ Install cmake3 devtoolset-7 from SCL
|
||||
yum install devtoolset-7 cmake3
|
||||
|
||||
11.02/ Enable devtoolset-7
|
||||
scl enable devtoolset-7 bash
|
||||
|
||||
11.03/ Set env variable, create directories and download source code
|
||||
mkdir -p /tmp/LIEF
|
||||
mkdir -p /tmp/LIEF_INSTALL
|
||||
export LIEF_TMP=/tmp/LIEF
|
||||
export LIEF_INSTALL=/tmp/LIEF_INSTALL
|
||||
export LIEF_BRANCH=master
|
||||
cd $LIEF_TMP
|
||||
git clone --branch $LIEF_BRANCH --single-branch https://github.com/lief-project/LIEF.git LIEF
|
||||
|
||||
11.04/ Compile lief and install
|
||||
cd $LIEF_TMP/LIEF
|
||||
mkdir -p build
|
||||
cd build
|
||||
scl enable devtoolset-7 'bash -c "cmake3 \
|
||||
-DLIEF_PYTHON_API=on \
|
||||
-DLIEF_DOC=off \
|
||||
-DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DPYTHON_VERSION=2.7 \
|
||||
.."'
|
||||
make -j3
|
||||
cd api/python
|
||||
scl enable rh-python36 python3 setup.py install || :
|
||||
# you can ignore the error about finding suitable distribution
|
||||
cd $LIEF_TMP/LIEF/build
|
||||
make install
|
||||
make package
|
||||
|
||||
11.05/ Test lief installation, if no error, package installed
|
||||
python
|
||||
>> import lief
|
||||
|
||||
+---------------------------+
|
||||
| 12/ Known Issues |
|
||||
+---------------------------+
|
||||
|
||||
12.01/ PHP CLI cannot determine version
|
||||
# PHP CLI Version cannot be determined. Possibly due to PHP being installed through SCL
|
||||
|
||||
12.02/ Workers cannot be started or restarted from the web page
|
||||
# Possible also due to package being installed via SCL, attempting to start workers through the web page will result in
|
||||
# error. Worker's can be restarted via the CLI using the following command.
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
## NOTE: No other functions were tested after the conclusion of this install. There may be issue that aren't addressed
|
||||
## via this guide and will need additional investigation.
|
|
@ -0,0 +1 @@
|
|||
../docs/INSTALL.rhel7.md
|
|
@ -1,332 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Ubuntu 18.04-server
|
||||
|
||||
1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Ubuntu 16.04-server system with the software:
|
||||
- OpenSSH server
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt-get install postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir /var/www/MISP
|
||||
sudo chown www-data:www-data /var/www/MISP
|
||||
cd /var/www/MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP
|
||||
sudo -u www-data git submodule init
|
||||
sudo -u www-data git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach git config core.filemode false
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install support for STIX 2.0
|
||||
sudo pip3 install stix2
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you've set in line 129 when prompted
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.2:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL
|
||||
|
||||
# Also remember to verify the SSLCertificateChainFile property in your config file - this is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www-data vim /var/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
/var/www/MISP/app/Console/cake Baseurl https://<your.FQDN.here>
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
sudo chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www-data mkdir /var/www/MISP/.gnupg
|
||||
sudo chmod 700 /var/www/MISP/.gnupg
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# NOTE: if entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-----------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pip3 install pyzmq
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip3 install redis
|
||||
|
||||
# For the experimental ssdeep correlations, run the following installation:
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
cd ssdeep-2.13
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
ssdeep -h # test
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
|
||||
Optional features: misp-modules
|
||||
-------------------------------
|
||||
# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
|
||||
# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
|
||||
# Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
|
@ -0,0 +1 @@
|
|||
../docs/INSTALL.ubuntu1804.md
|
|
@ -1,366 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
-------------------------
|
||||
# For Ubuntu 18.04.1 server with Webmin
|
||||
# Why Webmin/Virtualmin?
|
||||
# Some may not be full time sysadmin and prefer a platform that once it has been setup works and is decently easy to manage.
|
||||
|
||||
# Assuming you created the subdomanin misp.yourserver.tld to where MISP will be installed
|
||||
# and that the user "misp" is in the sudoers group
|
||||
# and that you have already configured SSL with Lets Encrypt on the subdomain
|
||||
|
||||
|
||||
1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
# Make sure your system is up2date:
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
|
||||
# Get Virtualmin
|
||||
wget http://software.virtualmin.com/gpl/scripts/install.sh
|
||||
|
||||
# Install it
|
||||
chmod +x install.sh
|
||||
./install.sh
|
||||
|
||||
# Grab a coffee while it does its magic
|
||||
|
||||
2/ Configure basic Virtualmin environment
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip
|
||||
|
||||
# Stop MySQL and install MariaDB (a MySQL fork/alternative)
|
||||
# MariaDB will replace MySQL and it will work with the latests versions of Webmin without modifications
|
||||
# WARNING: Databases and data will be lost! It is assumed you are installing on a new server with no existing DBs
|
||||
# NOTE: at present, a simple...
|
||||
# 'sudo service mysql stop && sudo apt-get install mariadb-client mariadb-server'
|
||||
# ... doesn't work well with 18.04.1 so you should do the following:
|
||||
sudo apt purge mysql-client-5.7 mysql-client-core-5.7 mysql-common mysql-server-5.7 mysql-server-core-5.7 mysql-server
|
||||
# Issues may crop up if you leave MySQL configuration there so remove also config files in /etc/mysql.
|
||||
# Remove and cleanup packages
|
||||
sudo apt autoremove && sudo apt -f install
|
||||
# Add repositories for Mariadb 10.3 and install it
|
||||
sudo apt-get install software-properties-common
|
||||
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
|
||||
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mariadb.mirrors.ovh.net/MariaDB/repo/10.3/ubuntu bionic main'
|
||||
sudo apt update
|
||||
sudo apt install mariadb-server
|
||||
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password) if it hasn't been asked during the setup process.
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Go through the post-installation Wizard and configure your misp.yourdomain.tld virtual server
|
||||
# That should create the misp user and related directories
|
||||
# Add the misp user to the sudo group
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Assuming you created the subdomanin misp.yourserver.tld
|
||||
# Download MISP using git in the /home/misp/public_html/ as misp
|
||||
|
||||
sudo - misp
|
||||
# or log out root and log back in as misp
|
||||
|
||||
git clone https://github.com/MISP/MISP.git /home/misp/public_html/MISP
|
||||
cd /home/misp/public_html/MISP
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
git submodule init
|
||||
git submodule update
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
git submodule foreach git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools python-pip
|
||||
cd /home/misp/public_html/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
pip install jsonschema
|
||||
cd /home/misp/public_html/MISP/PyMISP
|
||||
sudo python3 setup.py install
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP
|
||||
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /home/misp/public_html/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /home/misp/public_html/MISP/INSTALL/setup/config.php /home/misp/public_html/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chmod -R 770 /home/misp/public_html/MISP
|
||||
sudo chmod -R g+ws /home/misp/public_html/MISP/app/tmp
|
||||
sudo chmod -R g+ws /home/misp/public_html/MISP/app/files
|
||||
sudo chmod -R g+ws /home/misp/public_html/MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
# If all went well when you created the misp user in Virtualmin you should already have a misp database
|
||||
# otherwise create it with:
|
||||
create database misp;
|
||||
# Make sure password and all privileges are set
|
||||
grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
grant all privileges on misp.* to misp@localhost;
|
||||
flush privileges;
|
||||
exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
mysql -u misp -p misp < /home/misp/public_html/MISP/INSTALL/MYSQL.sql
|
||||
# enter the password you set previously
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Most of it should have been done when you created the subdomain but add these changes as well
|
||||
|
||||
|
||||
# Under <VirtualHost <IP, FQDN, or *>:80>
|
||||
# ServerName <your.FQDN.here>
|
||||
# add
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
ServerSignature Off
|
||||
|
||||
# Closing tag </VirtualHost>
|
||||
|
||||
|
||||
# Under <VirtualHost <IP, FQDN, or *>:443>
|
||||
# ServerAdmin admin@<your.FQDN.here>
|
||||
# ServerName <your.FQDN.here>
|
||||
# etc...
|
||||
# find the document root and change it as follows
|
||||
|
||||
DocumentRoot /home/misp/public_html/MISP/app/webroot
|
||||
|
||||
# The Directory tag should be changed to:
|
||||
|
||||
<Directory /home/misp/public_html/MISP/app/webroot>
|
||||
|
||||
# The rest should't require modifications. Restart Apache
|
||||
|
||||
sudo service apache2 restart
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /home/misp/public_html/MISP/app/Config that need to be copied
|
||||
cp -a /home/misp/public_html/MISP/app/Config/bootstrap.default.php /home/misp/public_html/MISP/app/Config/bootstrap.php
|
||||
cp -a /home/misp/public_html/MISP/app/Config/database.default.php /home/misp/public_html/MISP/app/Config/database.php
|
||||
cp -a /home/misp/public_html/MISP/app/Config/core.default.php /home/misp/public_html/MISP/app/Config/core.php
|
||||
cp -a /home/misp/public_html/MISP/app/Config/config.default.php /home/misp/public_html/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
vi /home/misp/public_html/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /home/misp/public_html/MISP/app/Config/config.php
|
||||
# see line 7 (may change)
|
||||
# 'salt' => 'yoursaltkeyhere'
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
vi /home/misp/public_html/MISP/app/Config/config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
# 'email' => 'anemail@yourdomain.tld, set an email address that will be used for gpg
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
chmod -R 750 /home/misp/public_html/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
mkdir /home/misp/public_html/MISP/.gnupg
|
||||
chmod 700 /home/misp/public_html/MISP/.gnupg
|
||||
|
||||
|
||||
# If you get no satisfaction with your entropy install this:
|
||||
sudo apt-get install haveged pv
|
||||
|
||||
#Generate entropy for the next step, open a new shell and run the following command:
|
||||
haveged -n 0 | pv > /dev/null
|
||||
|
||||
# It should start saying something like "Writing unlimited bytes to stdout"
|
||||
# let it run and go back to the previous shell
|
||||
|
||||
gpg --homedir /home/misp/public_html/MISP/.gnupg --gen-key
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# You can now Ctrel+C the running haveged in the other shell
|
||||
# and return to the "install" shell
|
||||
|
||||
# Export the public key to the webroot
|
||||
gpg --homedir /home/misp/public_html/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /home/misp/public_html/MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
chmod +x /home/misp/public_html/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Activate rc.local in systemd
|
||||
# Systemd developers, in their wisdom, decided to complicate things a bit so you'll have to
|
||||
# create the rc-local.service
|
||||
sudo vi /etc/systemd/system/rc-local.service
|
||||
# and paste the following in it
|
||||
[Unit]
|
||||
Description=/etc/rc.local Compatibility
|
||||
ConditionPathExists=/etc/rc.local
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/etc/rc.local start
|
||||
TimeoutSec=0
|
||||
StandardOutput=tty
|
||||
RemainAfterExit=yes
|
||||
SysVStartPriority=99
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
# Hit the "esc" button then type :wq! to write the file and exit vi
|
||||
|
||||
# Create/edit /etc/rc.local
|
||||
sudo vi /etc/rc.local
|
||||
# If the file is empty add the following including the #
|
||||
#!/bin/bash
|
||||
|
||||
# Then add this
|
||||
sudo -u misp bash /home/misp/public_html/MISP/app/Console/worker/start.sh
|
||||
|
||||
# If the file was empty add this as the last line
|
||||
exit 0
|
||||
|
||||
# save, quit vi and set permissions
|
||||
sudo chmod +x /etc/rc.local
|
||||
|
||||
# Enable it in systemd
|
||||
sudo systemctl enable rc-local
|
||||
|
||||
#Start the rc-local compatibility layer and check if AOK
|
||||
sudo systemctl start rc-local.service
|
||||
sudo systemctl status rc-local.service
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 770 /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R misp:www-data /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-----------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pip install pyzmq
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip install redis
|
||||
|
||||
# For the experimental ssdeep correlations, run the following installation:
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
cd ssdeep-2.13
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
ssdeep -h # test
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
|
||||
Optional features: misp-modules
|
||||
-------------------------------
|
||||
# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
|
||||
# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
|
||||
# Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
|
@ -904,7 +904,7 @@ CREATE TABLE IF NOT EXISTS `tags` (
|
|||
`name` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
|
||||
`colour` varchar(7) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
|
||||
`exportable` tinyint(1) NOT NULL,
|
||||
`org_id` tinyint(1) NOT NULL DEFAULT 0,
|
||||
`org_id` int(11) NOT NULL DEFAULT 0,
|
||||
`user_id` int(11) NOT NULL DEFAULT 0,
|
||||
`hide_tag` tinyint(1) NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (`id`),
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,27 @@
|
|||
# Main INSTALL Documentation for the MISP Project.
|
||||
|
||||
To have a more web friendly view please visit the mkdocs generated gh-pages site [here](https://misp.github.io/MISP/)
|
||||
|
||||
The text files in this folder are symlink to ../docs - Which is the actual source.
|
||||
|
||||
Currently the following install guides are being tested on a regular basis:
|
||||
```
|
||||
INSTALL.debian9.txt
|
||||
INSTALL.kali.txt
|
||||
INSTALL.ubuntu1804.txt
|
||||
```
|
||||
|
||||
A folder of interest might be 'old'. In old you will find previous INSTALL guides.
|
||||
|
||||
Files prefixed with 'CONFIG.' are CONFIGuration guides and not full blown INSTALL guides.
|
||||
|
||||
UPDATE.txt give you a brief overview on how to update MISP to the latest version, as well as some other core dependencies that can be updated.
|
||||
|
||||
Install guides with the 'x' prefix, are marked as Experimental.
|
||||
|
||||
The following are tested on a semi-regular basis:
|
||||
```
|
||||
xINSTALL.centos7.txt
|
||||
xINSTALL.debian_testing.txt
|
||||
xINSTALL.Arch.txt
|
||||
```
|
|
@ -1,103 +0,0 @@
|
|||
# In general, updating MISP between point releases (for exampe 2.4.50 -> 2.4.53) happens with one of the following two options (both are to be executed as root):
|
||||
|
||||
# Option 1: To update to the latest commit from the 2.4 branch simply pull the latest commit
|
||||
cd /var/www/MISP
|
||||
git pull origin 2.4
|
||||
git submodule update --init --recursive
|
||||
|
||||
# Option 2: If you want to stick to a point release instead of pulling the latest commit directly:
|
||||
cd /var/www/MISP
|
||||
git fetch
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
git submodule update --init --recursive
|
||||
|
||||
# If you would like to upgrade from a minor version to another, look at the UPGRADE.txt file instead (such as 2.3.142 -> 2.4.13)
|
||||
|
||||
# If for any reason something goes wrong with the above instructions, walk through the following manual upgrade
|
||||
|
||||
# 1. Update the MISP code to the latest hotfix.
|
||||
As user root, do the following:
|
||||
|
||||
cd /var/www/MISP
|
||||
git fetch
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
|
||||
# 2. Update CakePHP to the latest supported version (if for some reason it doesn't get updated automatically with git submodule)
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule update --init --recursive
|
||||
|
||||
|
||||
# 3. Update Mitre's STIX and its dependencies
|
||||
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
rm -rf python-cybox
|
||||
rm -rf python-stix
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 4. Update mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
rm -rf mixbox
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 5. install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 6. For RHEL/CentOS: enable python3 for php-fpm
|
||||
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
|
||||
# 7. Update CakeResque and its dependencies
|
||||
|
||||
cd /var/www/MISP/app
|
||||
|
||||
# Edit composer.json so that cake-resque is allowed to be updated
|
||||
# "kamisama/cake-resque": ">=4.1.2"
|
||||
|
||||
vim composer.json
|
||||
php composer.phar self-update
|
||||
# if behind a proxy use HTTP_PROXY="http://yourproxy:port" php composer.phar self-update
|
||||
php composer.phar update
|
||||
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
# 8. Make sure all file permissions are set correctly
|
||||
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP/
|
||||
chown -R www-data:www-data /var/www/MISP/
|
||||
|
||||
|
||||
# 9. Restart the CakeResque workers
|
||||
|
||||
su - www-data -s /bin/bash -c 'bash /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# You can also do this using the MISP application by navigating to the workers tab in the server settings and clicking on the "Restart all workers" button.
|
||||
|
||||
|
||||
# 10. Add any new dependencies that might have been added since you've last updated (shown below)
|
||||
|
||||
# 11. Add requirements for the pubsub optional feature
|
||||
pip install pyzmq
|
|
@ -0,0 +1 @@
|
|||
../docs/UPDATE.md
|
|
@ -1,44 +0,0 @@
|
|||
# 1. Upgrade procedure from v2.3 to v2.4
|
||||
# it is assumed that the upgrade happens from an up-to-date 2.3 instance
|
||||
# It is a good idea to back up your MISP installation and data before upgrading to a new release.
|
||||
|
||||
# 2. git pull the latest version of MISP from https://github.com/MISP/MISP.git
|
||||
cd /var/www/MISP
|
||||
git pull
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# 3. Update CakePHP to the latest supported version
|
||||
cd /var/www/MISP
|
||||
rm -rf app/Lib/cakephp/
|
||||
git submodule update --init --recursive
|
||||
|
||||
# 4. delete everything from MISP's cache directory to get rid of the cached models
|
||||
find /var/www/MISP/app/tmp/cache/ -type f -not -name 'empty' -delete
|
||||
|
||||
# 5. clear the old submodule cached entry for CakeResque
|
||||
cd /var/www/MISP
|
||||
git rm --cached app/Plugin/CakeResque/
|
||||
|
||||
# 6. make sure that your database is backed up
|
||||
mysqldump -u [misp_mysql_user] -p [misp_database] > /home/[my_user]/misp_db_pre_migration.sql
|
||||
|
||||
# 7. upgrade your database with the new tables / fields introduced in 2.4
|
||||
cd /var/www/MISP/INSTALL
|
||||
mysql -u [misp_mysql_user] -p [misp_database] < upgrade_2.4.sql
|
||||
|
||||
# 8. run the upgrade script from within the application
|
||||
# simply navigate to Administration -> Administrative Tools -> "Upgrade to 2.4"
|
||||
# Once that has completed successfully run the 2.3->2.4 cleanup script
|
||||
# simply navigate to Administration -> Administrative Tools -> "2.3->2.4 cleanup script"
|
||||
|
||||
# If everything went fine, switch the system to live:
|
||||
# Administration -> Server Settings -> MISP Settings -> MISP.live -> True
|
||||
# NOTE: if nothing happens, please check the permissions of the config files in /var/www/MISP/app/Config/
|
||||
# and make sure the webserver has the write permissions on them:
|
||||
# chown -R www-data:www-data /var/www/MISP/app/Config/
|
||||
|
||||
# Let us know if you run into any issues during or after the upgrade
|
|
@ -1,22 +1,35 @@
|
|||
<VirtualHost *:443>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
SSLEngine On
|
||||
# The line below disable unsecure Ciphers, might be enabled by default
|
||||
# SSLCipherSuite HIGH:!aNULL:!MD5
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
|
||||
ServerSignature Off
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
|
||||
Header always set X-Content-Type-Options nosniff
|
||||
Header always set X-Frame-Options DENY
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
|
||||
## Example:
|
||||
# Header always set X-XSS-Protection "1; mode=block"
|
||||
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
|
||||
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
|
||||
</VirtualHost>
|
||||
|
|
|
@ -1,26 +1,36 @@
|
|||
<VirtualHost *:80>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
<IfModule !mod_php5.c>
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
DirectoryIndex /index.php index.php
|
||||
<FilesMatch \.php$>
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
<IfModule !mod_php5.c>
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
DirectoryIndex /index.php index.php
|
||||
<FilesMatch \.php$>
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/httpd/misp.local_error.log
|
||||
CustomLog /var/log/httpd/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/httpd/misp.local_error.log
|
||||
CustomLog /var/log/httpd/misp.local_access.log combined
|
||||
|
||||
ServerSignature Off
|
||||
|
||||
Header always set X-Content-Type-Options nosniff
|
||||
Header always set X-Frame-Options DENY
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
|
||||
## Example:
|
||||
# Header always set X-XSS-Protection "1; mode=block"
|
||||
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
|
||||
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
|
||||
</VirtualHost>
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
<VirtualHost *:80>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://127.0.0.1
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/httpd/misp.local_error.log
|
||||
CustomLog /var/log/httpd/misp.local_access.log combined
|
||||
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
<IfModule !mod_php5.c>
|
||||
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
DirectoryIndex /index.php index.php
|
||||
<FilesMatch \.php$>
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
SSLEngine On
|
||||
# The line below disable unsecure Ciphers, might be enabled by default
|
||||
# SSLCipherSuite HIGH:!aNULL:!MD5
|
||||
SSLCertificateFile /etc/pki/tls/certs/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/misp.local.key
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/httpd/misp.local_error.log
|
||||
CustomLog /var/log/httpd/misp.local_access.log combined
|
||||
|
||||
ServerSignature Off
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
|
||||
Header always set X-Content-Type-Options nosniff
|
||||
Header always set X-Frame-Options DENY
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
|
||||
## Example:
|
||||
# Header always set X-XSS-Protection "1; mode=block"
|
||||
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
|
||||
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
|
||||
</VirtualHost>
|
|
@ -1,18 +1,28 @@
|
|||
<VirtualHost *:80>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
|
||||
ServerSignature Off
|
||||
|
||||
Header always set X-Content-Type-Options nosniff
|
||||
Header always set X-Frame-Options DENY
|
||||
Header always unset "X-Powered-By"
|
||||
|
||||
# TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
|
||||
## Example:
|
||||
# Header always set X-XSS-Protection "1; mode=block"
|
||||
# Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
|
||||
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
|
||||
</VirtualHost>
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 40fca1d3dabbbb23e13b333bd5c615ca19d7d73f
|
|
@ -0,0 +1 @@
|
|||
Subproject commit bf07ab51207446ed33ea0075083df9bbc2358617
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 5ccc654f03086febbec95e3358b7bae80ca9af6f
|
|
@ -0,0 +1 @@
|
|||
../docs/generic
|
|
@ -0,0 +1,5 @@
|
|||
# MISP logos
|
||||
|
||||
MISP logos are licensed under [CC-BY](https://creativecommons.org/licenses/by/4.0/).
|
||||
|
||||
If you are using the MISP logo, don't hesitate to contact us if you have any question.
|
|
@ -0,0 +1,142 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
sodipodi:docname="misp-logo-bw.pdf"
|
||||
viewBox="0 0 255.58075 187.30956"
|
||||
height="187.30956"
|
||||
width="255.58075"
|
||||
xml:space="preserve"
|
||||
id="svg2423"
|
||||
version="1.1"
|
||||
inkscape:version="0.92.3 (2405546, 2018-03-11)"><metadata
|
||||
id="metadata2429"><rdf:RDF><cc:Work
|
||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
|
||||
id="defs2427"><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath2447"><path
|
||||
d="M 0,0 H 192 V 141 H 0 Z"
|
||||
id="path2445"
|
||||
inkscape:connector-curvature="0" /></clipPath><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath2475"><path
|
||||
d="M 0,0 H 192 V 141 H 0 Z"
|
||||
id="path2473"
|
||||
inkscape:connector-curvature="0" /></clipPath><filter
|
||||
style="color-interpolation-filters:sRGB;"
|
||||
inkscape:label="Greyscale"
|
||||
id="filter2551"><feColorMatrix
|
||||
values="0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0 0 0 1 0 "
|
||||
id="feColorMatrix2549" /></filter><filter
|
||||
style="color-interpolation-filters:sRGB;"
|
||||
inkscape:label="Greyscale"
|
||||
id="filter2555"><feColorMatrix
|
||||
values="0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0 0 0 1 0 "
|
||||
id="feColorMatrix2553" /></filter><filter
|
||||
style="color-interpolation-filters:sRGB;"
|
||||
inkscape:label="Greyscale"
|
||||
id="filter2559"><feColorMatrix
|
||||
values="0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0 0 0 1 0 "
|
||||
id="feColorMatrix2557" /></filter><filter
|
||||
style="color-interpolation-filters:sRGB;"
|
||||
inkscape:label="Greyscale"
|
||||
id="filter2563"><feColorMatrix
|
||||
values="0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0.21 0.72 0.072 0 0 0 0 0 1 0 "
|
||||
id="feColorMatrix2561" /></filter></defs><sodipodi:namedview
|
||||
inkscape:current-layer="g2431"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:window-y="27"
|
||||
inkscape:window-x="0"
|
||||
inkscape:cy="93.654778"
|
||||
inkscape:cx="127.79037"
|
||||
inkscape:zoom="1.2599464"
|
||||
showgrid="false"
|
||||
id="namedview2425"
|
||||
inkscape:window-height="1025"
|
||||
inkscape:window-width="1920"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:pageopacity="0"
|
||||
guidetolerance="10"
|
||||
gridtolerance="10"
|
||||
objecttolerance="10"
|
||||
borderopacity="1"
|
||||
bordercolor="#666666"
|
||||
pagecolor="#ffffff" /><g
|
||||
id="g2431"
|
||||
inkscape:groupmode="layer"
|
||||
inkscape:label="misp"
|
||||
transform="matrix(1.3333333,0,0,-1.3333333,0,187.30955)"><g
|
||||
id="g2433"
|
||||
style="filter:url(#filter2563);fill:#000000"><path
|
||||
d="m 0,65.775 h 14.016 l 8.613,-14.129 8.617,14.129 H 45.258 V 25.572 H 31.875 v 19.93 L 22.629,31.201 H 22.398 L 13.152,45.502 V 25.572 H 0 Z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2435"
|
||||
inkscape:connector-curvature="0" /><path
|
||||
d="M 51.914,65.775 H 65.352 V 25.572 H 51.914 Z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2437"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g2439"
|
||||
style="filter:url(#filter2559);fill:#000000"><g
|
||||
id="g2441"
|
||||
transform="translate(0,-0.517838)"
|
||||
style="fill:#000000"><g
|
||||
id="g2443"
|
||||
style="fill:#000000" /><g
|
||||
id="g2459"
|
||||
style="fill:#000000"><g
|
||||
clip-path="url(#clipPath2447)"
|
||||
id="g2457"
|
||||
style="fill:#000000"><g
|
||||
id="g2449"
|
||||
style="fill:#000000" /><g
|
||||
id="g2455"
|
||||
style="fill:#000000"><path
|
||||
d="m 68.809,32.867 7.179,8.559 c 4.364,-3.332 9.36,-4.711 14.071,-4.711 2.41,0 3.445,0.633 3.445,1.723 v 0.117 c 0,1.148 -1.262,1.777 -5.57,2.64 -9.02,1.836 -16.942,4.422 -16.942,12.922 v 0.113 c 0,7.641 5.973,13.559 17.055,13.559 7.754,0 13.5,-1.84 18.152,-5.516 l -6.547,-9.074 c -3.793,2.758 -8.328,3.961 -12.062,3.961 -2.012,0 -2.93,-0.687 -2.93,-1.664 v -0.113 c 0,-1.094 1.09,-1.781 5.34,-2.586 10.281,-1.895 17.172,-4.883 17.172,-12.981 v -0.113 c 0,-8.445 -6.949,-13.613 -17.746,-13.613 -8.156,0 -15.508,2.297 -20.617,6.777"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2451"
|
||||
inkscape:connector-curvature="0" /><path
|
||||
d="m 111.25,67.039 h 18.09 c 10.683,0 17.976,-4.766 17.976,-14.301 v -0.113 c 0,-9.707 -7.41,-14.875 -18.261,-14.875 h -4.367 V 26.836 H 111.25 Z M 128.309,47.34 c 3.445,0 5.742,1.551 5.742,4.422 v 0.117 c 0,2.926 -2.125,4.422 -5.688,4.422 h -3.675 V 47.34 Z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2453"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g><g
|
||||
id="g2461"
|
||||
style="filter:url(#filter2555);fill:#000000"><text
|
||||
transform="matrix(1,0,0,-1,4.41369,4.834375)"
|
||||
style="font-variant:normal;font-weight:bold;font-size:22.39999962px;font-family:'DejaVu Sans Bold';-inkscape-font-specification:DejaVuSans-Bold;writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="text2465"><tspan
|
||||
x="0 15.2768 31.203199 42.268799 57.456001 72.575996 83.283203 91.0784 107.2064 123.1552 138.27521 149.34081 157.024 172.97279"
|
||||
y="0"
|
||||
sodipodi:role="line"
|
||||
id="tspan2463">Threat Sharing</tspan></text>
|
||||
</g><g
|
||||
id="g2467"
|
||||
style="filter:url(#filter2551);fill:#000000"><g
|
||||
id="g2469"
|
||||
transform="translate(0,-0.517838)"
|
||||
style="fill:#000000"><g
|
||||
id="g2471"
|
||||
style="fill:#000000" /><g
|
||||
id="g2485"
|
||||
style="fill:#000000"><g
|
||||
clip-path="url(#clipPath2475)"
|
||||
id="g2483"
|
||||
style="fill:#000000"><g
|
||||
id="g2481"
|
||||
style="fill:#000000"><path
|
||||
d="m 162.879,121.191 h -2.594 V 92.68 c 0,-4.442 -2.582,-8.457 -7.765,-8.457 h -50.77 v -1.356 c 0,-3.929 4.465,-7.887 9.051,-7.887 h 38.816 l 14.848,-8.73 -2.156,8.73 h 0.57 c 4.582,0 6.648,3.958 6.648,7.887 v 31.555 c 0,3.926 -2.066,6.769 -6.648,6.769"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2477"
|
||||
inkscape:connector-curvature="0" /><path
|
||||
d="M 144.941,141 H 85.977 c -5.192,0 -11.161,-4.609 -11.161,-9.051 V 96.211 c 0,-4.09 5.059,-7.043 9.911,-7.496 L 81.57,76.727 101.805,88.629 h 43.136 c 5.184,0 9.973,3.144 9.973,7.582 v 35.738 c 0,4.442 -4.789,9.051 -9.973,9.051 M 94.969,110.832 c -2.942,0 -5.324,2.387 -5.324,5.328 0,2.942 2.382,5.328 5.324,5.328 2.941,0 5.328,-2.386 5.328,-5.328 0,-2.941 -2.387,-5.328 -5.328,-5.328 m 19.898,0 c -2.941,0 -5.328,2.387 -5.328,5.328 0,2.942 2.387,5.328 5.328,5.328 2.942,0 5.324,-2.386 5.324,-5.328 0,-2.941 -2.382,-5.328 -5.324,-5.328 m 19.899,0 c -2.946,0 -5.332,2.387 -5.332,5.328 0,2.942 2.386,5.328 5.332,5.328 2.933,0 5.324,-2.386 5.324,-5.328 0,-2.941 -2.391,-5.328 -5.324,-5.328"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path2479"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g></g></svg>
|
After Width: | Height: | Size: 7.7 KiB |
|
@ -0,0 +1,167 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="67.622406mm"
|
||||
height="49.558979mm"
|
||||
viewBox="0 0 67.622406 49.558979"
|
||||
version="1.1"
|
||||
id="svg108"
|
||||
inkscape:version="0.92.3 (2405546, 2018-03-11)"
|
||||
sodipodi:docname="misp-logo.svg">
|
||||
<defs
|
||||
id="defs102">
|
||||
<clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath312-7">
|
||||
<path
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 0,0 H 595.276 V 841.89 H 0 Z"
|
||||
id="path314-0" />
|
||||
</clipPath>
|
||||
<clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath1086">
|
||||
<path
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 0,0 H 595.276 V 841.89 H 0 Z"
|
||||
id="path1088" />
|
||||
</clipPath>
|
||||
</defs>
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.35"
|
||||
inkscape:cx="-155.06677"
|
||||
inkscape:cy="96.511905"
|
||||
inkscape:document-units="mm"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="1920"
|
||||
inkscape:window-height="1025"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="27"
|
||||
inkscape:window-maximized="1" />
|
||||
<metadata
|
||||
id="metadata105">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(-6.2542725,-124.80979)">
|
||||
<g
|
||||
id="g1076"
|
||||
transform="matrix(0.35277777,0,0,-0.35277777,6.2542725,151.16434)"
|
||||
inkscape:export-filename="/home/adulau/misp.png"
|
||||
inkscape:export-xdpi="100"
|
||||
inkscape:export-ydpi="100">
|
||||
<path
|
||||
d="M 0,0 H 14.014 L 22.629,-14.129 31.245,0 H 45.258 V -40.204 H 31.875 v 19.93 l -9.246,-14.302 h -0.23 l -9.247,14.302 v -19.93 H 0 Z"
|
||||
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path1078"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
<path
|
||||
d="m 24.567932,151.16434 h 4.741334 v 14.18308 h -4.741334 z"
|
||||
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.28222224"
|
||||
id="path1080"
|
||||
inkscape:connector-curvature="0"
|
||||
inkscape:export-filename="/home/adulau/misp.png"
|
||||
inkscape:export-xdpi="100"
|
||||
inkscape:export-ydpi="100" />
|
||||
<g
|
||||
id="g1082"
|
||||
transform="matrix(0.35277777,0,0,-0.35277777,-74.454256,298.51394)"
|
||||
inkscape:export-filename="/home/adulau/misp.png"
|
||||
inkscape:export-xdpi="100"
|
||||
inkscape:export-ydpi="100">
|
||||
<g
|
||||
id="g1084"
|
||||
clip-path="url(#clipPath1086)">
|
||||
<g
|
||||
id="g1090"
|
||||
transform="translate(297.5875,384.2569)">
|
||||
<path
|
||||
d="m 0,0 7.18,8.558 c 4.365,-3.332 9.361,-4.71 14.071,-4.71 2.412,0 3.446,0.631 3.446,1.723 v 0.115 c 0,1.148 -1.263,1.78 -5.571,2.642 C 10.108,10.166 2.183,12.75 2.183,21.25 v 0.115 c 0,7.639 5.973,13.555 17.058,13.555 7.753,0 13.497,-1.838 18.149,-5.514 l -6.547,-9.074 c -3.791,2.756 -8.328,3.962 -12.062,3.962 -2.009,0 -2.928,-0.689 -2.928,-1.665 v -0.115 c 0,-1.091 1.09,-1.781 5.34,-2.585 10.282,-1.895 17.173,-4.882 17.173,-12.98 V 6.834 C 38.366,-1.608 31.417,-6.777 20.619,-6.777 12.464,-6.777 5.112,-4.48 0,0"
|
||||
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path1092"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
<g
|
||||
id="g1094"
|
||||
transform="translate(340.0289,418.4302)">
|
||||
<path
|
||||
d="m 0,0 h 18.091 c 10.683,0 17.977,-4.767 17.977,-14.301 v -0.115 c 0,-9.707 -7.409,-14.876 -18.264,-14.876 H 13.439 V -40.204 H 0 Z m 17.058,-19.7 c 3.446,0 5.743,1.551 5.743,4.422 v 0.115 c 0,2.929 -2.125,4.423 -5.686,4.423 h -3.676 v -8.96 z"
|
||||
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path1096"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:3.38666677px;line-height:0%;font-family:sans-serif;-inkscape-font-specification:'Sans Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#5f6062;fill-opacity:1;stroke:none;stroke-width:0.28222224"
|
||||
x="7.8113232"
|
||||
y="172.66331"
|
||||
id="text4094"
|
||||
inkscape:export-filename="/home/adulau/misp.png"
|
||||
inkscape:export-xdpi="100"
|
||||
inkscape:export-ydpi="100"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan4096"
|
||||
x="7.8113232"
|
||||
y="172.66331"
|
||||
style="font-size:7.90222216px;line-height:1.25;font-family:sans-serif;stroke-width:0.28222224">Threat Sharing</tspan></text>
|
||||
<g
|
||||
id="g308"
|
||||
transform="matrix(0.17650827,0,0,-0.17650827,-4.3435815,225.27546)">
|
||||
<g
|
||||
id="g310-5"
|
||||
clip-path="url(#clipPath312-7)">
|
||||
<g
|
||||
id="g316"
|
||||
transform="translate(385.579,529.5928)">
|
||||
<path
|
||||
d="m 0,0 h -5.184 v -56.985 c 0,-8.879 -5.16,-16.902 -15.523,-16.902 h -101.465 v -2.709 c 0,-7.851 8.922,-15.763 18.084,-15.763 h 77.581 l 29.678,-17.449 -4.31,17.449 H 0 c 9.156,0 13.287,7.906 13.287,15.763 v 63.068 C 13.287,-5.683 9.156,0 0,0"
|
||||
style="fill:#2fa1db;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path318"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
<g
|
||||
id="g320-4"
|
||||
transform="translate(349.7253,569.1839)">
|
||||
<path
|
||||
d="m 0,0 h -117.85 c -10.369,0 -22.301,-9.211 -22.301,-18.09 v -71.424 c 0,-8.177 10.11,-14.082 19.807,-14.987 l -6.311,-23.958 40.441,23.786 H 0 c 10.363,0 19.937,6.286 19.937,15.159 v 57.786 13.638 C 19.937,-9.211 10.363,0 0,0 m -99.871,-60.292 c -5.88,0 -10.645,4.766 -10.645,10.646 0,5.88 4.765,10.646 10.645,10.646 5.874,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.772,-10.646 -10.646,-10.646 m 39.764,0 c -5.88,0 -10.646,4.766 -10.646,10.646 0,5.88 4.766,10.646 10.646,10.646 5.88,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.766,-10.646 -10.646,-10.646 m 39.77,0 c -5.881,0 -10.652,4.766 -10.652,10.646 0,5.88 4.771,10.646 10.652,10.646 5.868,0 10.645,-4.766 10.645,-10.646 0,-5.88 -4.777,-10.646 -10.645,-10.646"
|
||||
style="fill:#2fa1db;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path322-8"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 7.1 KiB |
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=misp-workers
|
||||
After=network.target remote-fs.target nss-lookup.target httpd.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
KillMode=none
|
||||
User=www-data
|
||||
Group=www-data
|
||||
ExecStart=/bin/bash -c "/var/www/MISP/app/Console/worker/start.sh"
|
||||
ExecStop=/bin/bash -c "/var/www/MISP/app/Console/cake CakeResque.CakeResque stop --all"
|
||||
WorkingDirectory=%h
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -64,7 +64,7 @@ python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -74,7 +74,7 @@ sudo python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -56,7 +56,7 @@ python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -1,341 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Ubuntu 16.04-server
|
||||
|
||||
1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Ubuntu 16.04-server system with the software:
|
||||
- OpenSSH server
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt-get install postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir /var/www/MISP
|
||||
sudo chown www-data:www-data /var/www/MISP
|
||||
cd /var/www/MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP
|
||||
sudo -u www-data git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install support for STIX 2.0
|
||||
sudo pip3 install stix2
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd /var/www/MISP
|
||||
sudo -u www-data git submodule init
|
||||
sudo -u www-data git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you've set in line 129 when prompted
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.2:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL
|
||||
|
||||
# Also remember to verify the SSLCertificateChainFile property in your config file - this is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www-data vim /var/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# you can reset the admin password with the following command
|
||||
/var/www/MISP/app/Console/cake Password admin@admin.test Password1234
|
||||
|
||||
# Change baseurl
|
||||
/var/www/MISP/app/Console/cake Baseurl https://<your.FQDN.here>
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP.
|
||||
# This however is highly advised against.
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
sudo chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www-data mkdir /var/www/MISP/.gnupg
|
||||
sudo chmod 700 /var/www/MISP/.gnupg
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# NOTE: if entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-----------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pip install pyzmq
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip install redis
|
||||
|
||||
# For the experimental ssdeep correlations, run the following installation:
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
cd ssdeep-2.13
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
ssdeep -h # test
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
|
||||
Optional features: misp-modules
|
||||
-------------------------------
|
||||
# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
|
||||
# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
|
||||
# Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
|
@ -0,0 +1 @@
|
|||
../../docs/archive/INSTALL.ubuntu1604.md
|
|
@ -67,7 +67,7 @@ sudo python3 setup.py install
|
|||
cd /home/misp/public_html/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../../docs/archive/old-2_3to2_4-UPGRADE.md
|
|
@ -0,0 +1 @@
|
|||
../../docs/archive/xINSTALL.FreeBSD.md
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.OpenBSD.md
|
|
@ -1,284 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for CentOS 6.x
|
||||
|
||||
1/ Minimal CentOS install
|
||||
-------------------------
|
||||
|
||||
Install a minimal CentOS 6.x system with the software:
|
||||
|
||||
- OpenSSH server
|
||||
- LAMP server (actually, this is done below)
|
||||
- Mail server
|
||||
|
||||
# Make sure your system is up2date:
|
||||
yum update
|
||||
|
||||
|
||||
2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root:
|
||||
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
curl -o epel.rpm http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
|
||||
rpm -Uvh epel.rpm
|
||||
|
||||
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
||||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
yum install centos-release-scl
|
||||
|
||||
# Because vim is just so practical
|
||||
yum install vim
|
||||
|
||||
# Install the dependencies:
|
||||
yum install gcc git httpd zip redis mysql-server python-devel python-pip libxslt-devel zlib-devel
|
||||
|
||||
# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/
|
||||
yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath
|
||||
|
||||
# Install Python 3.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
yum install rh-python36
|
||||
|
||||
# rh-php56-php only provided mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead
|
||||
chkconfig rh-php56-php-fpm on
|
||||
service rh-php56-php-fpm start
|
||||
|
||||
# php-fpm is accessed using the fcgi interface
|
||||
yum install mod_fcgid mod_proxy_fcgi
|
||||
|
||||
# Start a new shell with rh-php56 enabled
|
||||
scl enable rh-php56 bash
|
||||
|
||||
pear channel-update pear.php.net
|
||||
|
||||
pear install Crypt_GPG # we need version >1.3.0
|
||||
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
yum install haveged
|
||||
chkconfig haveged on
|
||||
service haveged start
|
||||
|
||||
# Enable and start redis
|
||||
chkconfig redis on
|
||||
service redis start
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
cd /var/www/MISP
|
||||
git config core.filemode false
|
||||
|
||||
# Start new shell with python 3 enabled
|
||||
scl enable rh-python36 bash
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
yum install python-importlib python-lxml python-dateutil python-six
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
service rh-php56-php-fpm restart
|
||||
|
||||
umask $UMASK
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it
|
||||
# ignore this message:
|
||||
# No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule init
|
||||
git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis
|
||||
pecl install redis
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
service rh-php56-php-fpm restart
|
||||
|
||||
# If you have not yet set a timezone in php.ini
|
||||
echo 'date.timezone = "Europe/Amsterdam"' > /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enable, start and secure your mysql database server
|
||||
chkconfig mysqld on
|
||||
service mysqld start
|
||||
mysql_secure_installation
|
||||
# Additionally, it is probably a good idea to make the database server listen on localhost only
|
||||
# Add the following to the [mysqld] of /etc/my.cnf
|
||||
# bind-address=127.0.0.1
|
||||
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
|
||||
mysql> create database misp;
|
||||
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
mysql> grant all privileges on misp.* to misp@localhost ;
|
||||
mysql> exit
|
||||
|
||||
cd /var/www/MISP
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos6
|
||||
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
|
||||
# Enable and start the httpd service
|
||||
chkconfig httpd on
|
||||
service httpd start
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
service iptables save
|
||||
|
||||
# We seriously recommend using only SSL !
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl
|
||||
# database.php : login, port, password, database
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
# If the following command gives an error message, try it as root from the console
|
||||
gpg --gen-key
|
||||
mv ~/.gnupg /var/www/MISP/
|
||||
chown -R apache:apache /var/www/MISP/.gnupg
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool (Described on line 232)
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.centos6.md
|
|
@ -1,330 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for CentOS 7.x
|
||||
|
||||
1/ Minimal CentOS install
|
||||
-------------------------
|
||||
|
||||
Install a minimal CentOS 7.x system with the software:
|
||||
|
||||
- OpenSSH server
|
||||
- LAMP server (actually, this is done below)
|
||||
- Mail server
|
||||
|
||||
# Make sure you set your hostname CORRECTLY vs. like an animal (manually in /etc/hostname)
|
||||
hostnamectl set-hostname misp # or whatever you want it to be
|
||||
|
||||
# Make sure your system is up2date:
|
||||
yum update
|
||||
|
||||
2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root:
|
||||
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
yum install epel-release
|
||||
|
||||
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
||||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
yum install centos-release-scl
|
||||
|
||||
# Install the dependencies:
|
||||
yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip libxslt-devel zlib-devel
|
||||
|
||||
# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/
|
||||
yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath rh-php56-php-opcache
|
||||
|
||||
# Install Python 3.6 from SCL, see
|
||||
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
yum install rh-python36
|
||||
|
||||
# rh-php56-php only provided mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead
|
||||
systemctl enable rh-php56-php-fpm.service
|
||||
systemctl start rh-php56-php-fpm.service
|
||||
|
||||
# Start a new shell with rh-php56 enabled
|
||||
scl enable rh-php56 bash
|
||||
|
||||
pear channel-update pear.php.net
|
||||
|
||||
pear install Crypt_GPG # we need version >1.3.0
|
||||
|
||||
NOTE: if using rh-php56 the command needs to be run through its terminal: /usr/bin/scl enable rh-php56 "pear list | grep Crypt_GPG"
|
||||
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
yum install haveged
|
||||
systemctl enable haveged.service
|
||||
systemctl start haveged.service
|
||||
|
||||
# Enable and start redis
|
||||
systemctl enable redis.service
|
||||
systemctl start redis.service
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
cd /var/www/MISP
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
git config core.filemode false
|
||||
|
||||
# Start new shell with python 3 enabled
|
||||
scl enable rh-python36 bash
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
yum install python-importlib python-lxml python-dateutil python-six
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
umask $UMASK
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it
|
||||
# ignore this message:
|
||||
# No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule init
|
||||
git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
|
||||
pecl install redis-2.2.8
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
Note: if using rh-php56 redis needs to be installed through its terminal: /usr/bin/scl enable rh-php56 "pecl install redis-2.2.8"
|
||||
|
||||
# If you have not yet set a timezone in php.ini
|
||||
echo 'date.timezone = "Europe/Amsterdam"' > /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enable, start and secure your mysql database server
|
||||
systemctl enable mariadb.service
|
||||
systemctl start mariadb.service
|
||||
mysql_secure_installation
|
||||
|
||||
# Additionally, it is probably a good idea to make the database server listen on localhost only
|
||||
echo [mysqld] > /etc/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 >> /etc/my.cnf.d/bind-address.cnf
|
||||
systemctl restart mariadb.service
|
||||
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
cd /var/www/MISP
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
|
||||
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
# Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
|
||||
# Enable and start the httpd service
|
||||
systemctl enable httpd.service
|
||||
systemctl start httpd.service
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
firewall-cmd --reload
|
||||
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
# Now make logrotate work under SELinux as well
|
||||
# Allow logrotate to modify the log files
|
||||
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
|
||||
# Allow logrotate to read /var/www
|
||||
checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te
|
||||
semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
semodule -i /tmp/misplogrotate.pp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
|
||||
# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');`
|
||||
# database.php : login, port, password, database
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
# If the following command gives an error message, try it as root from the console
|
||||
gpg --gen-key
|
||||
mv ~/.gnupg /var/www/MISP/
|
||||
chown -R apache:apache /var/www/MISP/.gnupg
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool (Described on line 246)
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
# and make sure it will execute
|
||||
chmod +x /etc/rc.local
|
||||
|
||||
# Now log in using the webinterface: http://misp/users/login
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.centos7.md
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.debian9-postgresql.md
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.debian9.md
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.debian_testing.md
|
|
@ -0,0 +1,620 @@
|
|||
#!/usr/bin/env bash
|
||||
#INSTALLATION INSTRUCTIONS
|
||||
#------------------------- for Tsurugi Linux
|
||||
#
|
||||
#0/ Quick MISP Instance on Tsurugi Linux - Status
|
||||
#---------------------------------------------
|
||||
#
|
||||
#1/ Prepare Tsurugi with a MISP User
|
||||
#--------------------------------
|
||||
# You will need a working OpenSSH server, reconfigure as follows:
|
||||
# sudo update-rc.d -f ssh remove
|
||||
# sudo update-rc.d -f ssh defaults
|
||||
# sudo dpkg-reconfigure openssh-server
|
||||
# sudo systemctl restart ssh
|
||||
# If you installed tsurugi the locale is a little all over the place. I assume en_US to be default unless you know what you're doing.
|
||||
# sudo sed -i 's/ja_JP/en_US/g' /etc/default/locale
|
||||
# sudo sed -i 's/ja_JP.UTF/# ja_JP.UTF/g' /etc/locale.gen
|
||||
# sudo dpkg-reconfigure locales
|
||||
# To install MISP on Tsurugi copy paste this in your r00t shell:
|
||||
# wget -O /tmp/misp-tsurugi.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.tsurugi.txt && bash /tmp/misp-tsurugi.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Tsurugi Linux Boot CD and installs quite a few dependencies.
|
||||
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
function tsurugiOnRootR0ckz() {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
adduser $MISP_USER www-data
|
||||
fi
|
||||
}
|
||||
|
||||
function installMISPonTsurugi() {
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
MISP_BASEURL='https://misp.local'
|
||||
MISP_LIVE='1'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.0/apache2/php.ini
|
||||
|
||||
# apt config
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO="sudo -H -u ${MISP_USER}"
|
||||
SUDO_WWW="sudo -H -u www-data"
|
||||
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
|
||||
echo "-----------------------------------------------------------------------"
|
||||
echo "Disabling sleep etc…"
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing'
|
||||
xset s 0 0
|
||||
xset dpms 0 0
|
||||
xset s off
|
||||
apt update
|
||||
apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
git config --global user.email "root@tsurugi.lan"
|
||||
git config --global user.name "Root User"
|
||||
apt install -qy postfix
|
||||
|
||||
apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-mbstring php-pear php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-opcache php7.0-readline \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
apt install -qy haveged
|
||||
systemctl restart haveged
|
||||
|
||||
systemctl restart mysql.service
|
||||
|
||||
a2dismod status
|
||||
a2enmod ssl rewrite headers
|
||||
a2dissite 000-default
|
||||
a2ensite default-ssl
|
||||
|
||||
pear channel-update pear.php.net
|
||||
pear install Crypt_GPG
|
||||
pecl channel-update pecl.php.net
|
||||
|
||||
yes '' |pecl install redis
|
||||
|
||||
echo "extension=redis.so" | tee /etc/php/7.0/mods-available/redis.ini
|
||||
|
||||
phpenmod redis
|
||||
|
||||
# You can make Python 3 default, if you wish to.
|
||||
#update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
#update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
|
||||
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cp -p /etc/lsb-release /etc/lsb-release.tmp
|
||||
sudo sed -i 's/TSURUGI/Ubuntu/g' /etc/lsb-release
|
||||
sudo sed -i 's/bamboo/xenial/g' /etc/lsb-release
|
||||
sudo add-apt-repository ppa:jonathonf/python-3.6 -y
|
||||
sudo apt-get update
|
||||
sudo apt-get install python3.6 python3.6-dev -y
|
||||
mv /etc/lsb-release.tmp /etc/lsb-release
|
||||
$SUDO_WWW virtualenv -p python3.6 $PATH_TO_MISP/venv
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
||||
mkdir /var/www/.cache
|
||||
chown www-data:www-data /var/www/.cache
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install enum34
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
cd /var/www
|
||||
mkdir misp-dashboard
|
||||
chown www-data:www-data misp-dashboard
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install zmq
|
||||
/var/www/misp-dashboard/install_dependencies.sh
|
||||
sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
|
||||
apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0
|
||||
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
a2ensite misp-dashboard
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
systemctl restart apache2
|
||||
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: 1
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: 1
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
$CAKE userInit -q
|
||||
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
$CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
$CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
|
||||
$CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
$CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disable_emailing" false
|
||||
$CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
$CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
$CAKE Admin setSetting "MISP.language" "eng"
|
||||
$CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$CAKE Admin setSetting "MISP.redis_password" ""
|
||||
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$CAKE Admin setSetting "MISP.log_auth" false
|
||||
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
|
||||
$CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Tsurugi"
|
||||
$CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
$CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$CAKE Admin setSetting "Session.timeout" 600
|
||||
$CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Admin updateGalaxies
|
||||
$CAKE Admin updateTaxonomies
|
||||
#$CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I .
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install maec python-magic wand lief yara-python
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install stix2
|
||||
gem install pygments.rb
|
||||
gem install asciidoctor-pdf --pre
|
||||
$SUDO_WWW misp-modules -l 0.0.0.0 -s &
|
||||
cd /usr/local/src/
|
||||
apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
pip3 install SQLAlchemy PrettyTable python-magic
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
virtualenv -p python3.6 venv
|
||||
$SUDO git submodule update --init --recursive
|
||||
# There is a bug with yara-python, removing for the time being
|
||||
sed -i 's/yara-python==3.7.0//g' requirements-modules.txt
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
./venv/bin/pip uninstall yara -y
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
$SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
$SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
|
||||
while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
# TODO: fix faup
|
||||
cd /usr/local/src/
|
||||
apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone git://github.com/stricaud/faup.git faup
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
$SUDO mkdir -p build
|
||||
cd build
|
||||
$SUDO cmake .. && $SUDO make
|
||||
make install
|
||||
ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
pip3 install -r requirements.txt
|
||||
$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
echo ""
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "MISP Installed, access here: https://misp.local"
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
echo "MISP Dashboard, access here: http://misp.local:8001"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "The LOCAL system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD}"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "viper-web installed, access here: http://misp.local:8888"
|
||||
echo "viper-cli configured with your MISP Site Admin Auth Key"
|
||||
echo "User: admin"
|
||||
echo "Password: Password1234"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo ""
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
su - misp
|
||||
}
|
||||
|
||||
tsurugiOnRootR0ckz
|
||||
installMISPonTsurugi
|
|
@ -0,0 +1 @@
|
|||
../docs/xINSTALL.ubuntu1804.with.webmin.md
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 8649a612001fa1caee82d9c432b8223cef221104
|
2
PyMISP
2
PyMISP
|
@ -1 +1 @@
|
|||
Subproject commit 5d16c97178453f2624ad0ffdccb06b16578401af
|
||||
Subproject commit 166ef3866dfefbc2456a394b55fb5f9819f257b8
|
33
README.md
33
README.md
|
@ -31,33 +31,34 @@ MISP - Malware Information Sharing Platform and Threat Sharing
|
|||
|
||||
</table>
|
||||
|
||||
MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.
|
||||
MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
|
||||
|
||||
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
|
||||
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS but also log analysis tools, SIEMs.
|
||||
|
||||
MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
|
||||
|
||||
- An **efficient IOC and indicators** database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
|
||||
- Automatic **correlation** finding relationships between attributes and indicators from malware, attacks campaigns or analysis. attacks campaigns or analysis. Correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can be also enabled or event disabled per attribute.
|
||||
- Automatic **correlation** finding relationships between attributes and indicators from malware, attack campaigns or analysis. The correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can also be enabled or event disabled per attribute.
|
||||
- A **flexible data model** where complex [objects](https://www.misp-project.org/objects.html) can be expressed and **linked together to express threat intelligence, incidents or connected elements**.
|
||||
- Built-in **sharing functionality** to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a **flexible sharing group** capacity and an attribute level distribution mechanisms.
|
||||
- An **intuitive user-interface** for end-users to create, update and collaborate on events and attributes/indicators. A **graphical interface** to navigate seamlessly between events and their correlations. Advanced filtering functionalities and [warning list](https://github.com/MISP/misp-warninglists) to help the analysts to contribute events and attributes.
|
||||
- Built-in **sharing functionality** to ease data sharing using different model of distributions. MISP can automatically synchronize events and attributes among different MISP instances. Advanced filtering functionalities can be used to meet each organization's sharing policy including a **flexible sharing group** capacity and an attribute level distribution mechanisms.
|
||||
- An **intuitive user-interface** for end-users to create, update and collaborate on events and attributes/indicators. A **graphical interface** to navigate seamlessly between events and their correlations. An **event graph** functionality to create and view relationships between objects and attributes. Advanced filtering functionalities and [warning lists](https://github.com/MISP/misp-warninglists) to help the analysts to contribute events and attributes and limit the risk of false-positives.
|
||||
- **storing data** in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
|
||||
- **export**: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), STIX (XML and JSON), NIDS export (Suricata, Snort and Bro) or RPZ zone. Many other formats easily added via the [misp-modules](https://github.com/MISP/misp-modules).
|
||||
- **import**: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV. Many other formats easily added via the [misp-modules](https://github.com/MISP/misp-modules).
|
||||
- **export**: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), Cache format (used for forensic tools), STIX (XML and JSON) 1 and 2, NIDS export (Suricata, Snort and Bro/Zeek) or RPZ zone. Many other formats can be easily added via the [misp-modules](https://github.com/MISP/misp-modules).
|
||||
- **import**: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, MISP standard format or STIX 1.1/2.0. Many other formats easily added via the [misp-modules](https://github.com/MISP/misp-modules).
|
||||
- Flexible **free text import** tool to ease the integration of unstructured reports into MISP.
|
||||
- A gentle system to **collaborate** on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
|
||||
- **data-sharing**: automatically exchange and synchronization with other parties and trust-groups using MISP.
|
||||
- **data-sharing**: automatically exchange and synchronize with other parties and trust-groups using MISP.
|
||||
- **delegating of sharing**: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
|
||||
- Flexible **API** to integrate MISP with your own solutions. MISP is bundled with [PyMISP](https://github.com/MISP/PyMISP) which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
|
||||
- Flexible **API** to integrate MISP with your own solutions. MISP is bundled with [PyMISP](https://github.com/MISP/PyMISP) which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes. An exhaustive restSearch API to easily search for indicators in MISP and exports those in all the format supported by MISP.
|
||||
- **Adjustable taxonomy** to classify and tag events following your own classification schemes or [existing classification](https://github.com/MISP/misp-taxonomies). The taxonomy can be local to your MISP but also shareable among MISP instances.
|
||||
- **Intelligence vocabularies** called MISP galaxy and bundled with existing [threat actors, malware, RAT, ransomware or MITRE ATT&CK](https://www.misp-project.org/galaxy.html) which can be easily linked with events in MISP.
|
||||
- **Intelligence vocabularies** called MISP galaxy and bundled with existing [threat actors, malware, RAT, ransomware or MITRE ATT&CK](https://www.misp-project.org/galaxy.html) which can be easily linked with events and attributes in MISP.
|
||||
- **Expansion modules in Python** to expand MISP with your own services or activate already available [misp-modules](https://github.com/MISP/misp-modules).
|
||||
- **Sighting support** to get observations from organizations concerning shared indicators and attributes. Sighting [can be contributed](https://www.circl.lu/doc/misp/automation/index.html#sightings-api) via MISP user-interface, API as MISP document or STIX sighting documents.
|
||||
- **STIX support**: export data in the STIX format (XML and JSON). Additional STIX import and export is supported by [MISP-STIX-Converter](https://github.com/MISP/MISP-STIX-Converter) or [MISP-Taxii-Server](https://github.com/MISP/MISP-Taxii-Server).
|
||||
- **Integrated encryption and signing of the notifications** via GnuPG and/or S/MIME depending of the user preferences.
|
||||
- **STIX support**: import and export data in the STIX version 1 and version 2 format.
|
||||
- **Integrated encryption and signing of the notifications** via GnuPG and/or S/MIME depending on the user's preferences.
|
||||
- **Real-time** publish-subscribe channel within MISP to automatically get all changes (e.g. new events, indicators, sightings or tagging) in ZMQ (e.g. [misp-dashboard](https://github.com/MISP/misp-dashboard)) or ElasticSearch logging.
|
||||
|
||||
Exchanging info results in *faster detection* of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others team or organizations who already analyzed a specific malware.
|
||||
Exchanging info results in *faster detection* of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that other teams or organizations have already analyzed a specific malware.
|
||||
|
||||
![MISP 2.4 overview](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/screenshots/misp-panorama.png)
|
||||
|
||||
|
@ -77,7 +78,7 @@ Documentation
|
|||
|
||||
[MISP user-guide (MISP-book)](https://github.com/MISP/misp-book) is available [online](https://www.circl.lu/doc/misp/) or as [PDF](https://www.circl.lu/doc/misp/book.pdf) or as [EPUB](https://www.circl.lu/doc/misp/book.epub) or as [MOBI/Kindle](https://www.circl.lu/doc/misp/book.mobi).
|
||||
|
||||
For installation guide see [INSTALL](https://github.com/MISP/MISP/tree/2.4/INSTALL) or the [download section](https://www.misp-project.org/download/).
|
||||
For the installation guide see the [INSTALL](https://github.com/MISP/MISP/tree/2.4/INSTALL) or [download section](https://www.misp-project.org/download/).
|
||||
|
||||
Contributing
|
||||
------------
|
||||
|
@ -106,8 +107,8 @@ This software is licensed under [GNU Affero General Public License version 3](ht
|
|||
* Copyright (C) 2012 Christophe Vandeplas
|
||||
* Copyright (C) 2012 Belgian Defence
|
||||
* Copyright (C) 2012 NATO / NCIRC
|
||||
* Copyright (C) 2013-2018 Andras Iklody
|
||||
* Copyright (C) 2015-2018 CIRCL - Computer Incident Response Center Luxembourg
|
||||
* Copyright (C) 2013-2019 Andras Iklody
|
||||
* Copyright (C) 2015-2019 CIRCL - Computer Incident Response Center Luxembourg
|
||||
* Copyright (C) 2016 Andreas Ziegler
|
||||
|
||||
For more information, [the list of authors and contributors](AUTHORS) is available.
|
||||
|
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":4, "hotfix":94}
|
||||
{"major":2, "minor":4, "hotfix":102}
|
||||
|
|
|
@ -36,6 +36,7 @@ $config = array(
|
|||
'take_ownership_xml_import' => false,
|
||||
'unpublishedprivate' => false,
|
||||
'disable_emailing' => false,
|
||||
'manage_workers' => true,
|
||||
'Attributes_Values_Filter_In_Event' => 'id, uuid, value, comment, type, category, Tag.name',
|
||||
),
|
||||
'GnuPG' =>
|
||||
|
@ -133,6 +134,7 @@ $config = array(
|
|||
'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER
|
||||
'ldapServer' => 'ldap://example.com', // FQDN or IP
|
||||
'ldapProtocol' => 3,
|
||||
'ldapNetworkTimeout' => -1, // use -1 for unlimited network timeout
|
||||
'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right
|
||||
'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password
|
||||
'ldapDN' => 'dc=example,dc=com',
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
|
||||
// Activate REST
|
||||
Router::mapResources(array('events', 'attributes'));
|
||||
Router::parseExtensions('xml', 'json');
|
||||
Router::parseExtensions('xml', 'json', 'csv');
|
||||
|
||||
Router::connectNamed(
|
||||
array('attributesPage' => array('controller' => 'events', 'action' => 'view'))
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
App::uses('AppShell', 'Console/Command');
|
||||
class AdminShell extends AppShell
|
||||
{
|
||||
public $uses = array('Event', 'Post', 'Attribute', 'Job', 'User', 'Task', 'Whitelist', 'Server', 'Organisation', 'AdminSetting', 'Galaxy', 'Taxonomy', 'Warninglist', 'Noticelist', 'ObjectTemplate');
|
||||
public $uses = array('Event', 'Post', 'Attribute', 'Job', 'User', 'Task', 'Whitelist', 'Server', 'Organisation', 'AdminSetting', 'Galaxy', 'Taxonomy', 'Warninglist', 'Noticelist', 'ObjectTemplate', 'Bruteforce');
|
||||
|
||||
public function jobGenerateCorrelation() {
|
||||
$jobId = $this->args[0];
|
||||
|
@ -129,6 +129,11 @@ class AdminShell extends AppShell
|
|||
$this->Job->saveField('status', 4);
|
||||
}
|
||||
|
||||
public function getWorkers() {
|
||||
$result = $this->Server->workerDiagnostics($workerIssueCount);
|
||||
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
|
||||
}
|
||||
|
||||
public function getSetting() {
|
||||
$param = empty($this->args[0]) ? 'all' : $this->args[0];
|
||||
$settings = $this->Server->serverSettingsRead();
|
||||
|
@ -143,18 +148,29 @@ class AdminShell extends AppShell
|
|||
}
|
||||
}
|
||||
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
|
||||
}
|
||||
}
|
||||
|
||||
public function setSetting() {
|
||||
$setting = !isset($this->args[0]) ? null : $this->args[0];
|
||||
$setting_name = !isset($this->args[0]) ? null : $this->args[0];
|
||||
$value = !isset($this->args[1]) ? null : $this->args[1];
|
||||
if ($value === 'false') $value = 0;
|
||||
if ($value === 'true') $value = 1;
|
||||
if (empty($setting) || $value === null) {
|
||||
$cli_user = array('id' => 0, 'email' => 'SYSTEM', 'Organisation' => array('name' => 'SYSTEM'));
|
||||
if (empty($setting_name) || $value === null) {
|
||||
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setSetting [setting_name] [setting_value]';
|
||||
} else {
|
||||
$this->Server->serverSettingsSaveValue($setting, $value);
|
||||
$setting = $this->Server->getSettingData($setting_name);
|
||||
if (empty($setting)) {
|
||||
echo 'Invalid setting. Please make sure that the setting that you are attempting to change exists.';
|
||||
}
|
||||
$result = $this->Server->serverSettingsEditValue($cli_user, $setting, $value);
|
||||
if ($result === true) {
|
||||
echo 'Setting changed.';
|
||||
} else {
|
||||
echo $result;
|
||||
}
|
||||
}
|
||||
echo PHP_EOL;
|
||||
}
|
||||
|
||||
public function setDatabaseVersion() {
|
||||
|
@ -173,6 +189,12 @@ class AdminShell extends AppShell
|
|||
}
|
||||
}
|
||||
|
||||
public function updateDatabase() {
|
||||
echo 'Executing all updates to bring the database up to date with the current version.' . PHP_EOL;
|
||||
$this->Server->runUpdates(true);
|
||||
echo 'All updates completed.' . PHP_EOL;
|
||||
}
|
||||
|
||||
public function getAuthkey() {
|
||||
if (empty($this->args[0])) {
|
||||
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin getAuthkey [user_email]' . PHP_EOL;
|
||||
|
@ -190,4 +212,18 @@ class AdminShell extends AppShell
|
|||
}
|
||||
}
|
||||
|
||||
public function clearBruteforce()
|
||||
{
|
||||
$conditions = array('Bruteforce.username !=' => '');
|
||||
if (!empty($this->args[0])) {
|
||||
$conditions = array('Bruteforce.username' => $this->args[0]);
|
||||
}
|
||||
$result = $this->Bruteforce->deleteAll($conditions, false, false);
|
||||
$target = empty($this->args[0]) ? 'all users' : $this->args[0];
|
||||
if ($result) {
|
||||
echo 'Brutefoce entries for ' . $target . ' deleted.' . PHP_EOL;
|
||||
} else {
|
||||
echo 'Something went wrong, could not delete bruteforce entries for ' . $target . '.' . PHP_EOL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -34,6 +34,55 @@ class EventShell extends AppShell
|
|||
$this->Job->saveField('message', 'Job done.');
|
||||
}
|
||||
|
||||
public function cache() {
|
||||
$timeStart = time();
|
||||
$userId = $this->args[0];
|
||||
$id = $this->args[1];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
$this->Job->id = $id;
|
||||
$export_type = $this->args[2];
|
||||
file_put_contents('/tmp/test', $export_type);
|
||||
$typeData = $this->Event->export_types[$export_type];
|
||||
if (!in_array($export_type, array_keys($this->Event->export_types))) {
|
||||
$this->Job->saveField('progress', 100);
|
||||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('message', 'Job Failed due to invalid export format. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
return false;
|
||||
}
|
||||
if ($export_type == 'text') {
|
||||
$types = array_keys($this->Attribute->typeDefinitions);
|
||||
$typeCount = count($types);
|
||||
foreach ($types as $k => $type) {
|
||||
$typeData['params']['type'] = $type;
|
||||
$this->__runCaching($user, $typeData, false, $export_type, '_' . $type);
|
||||
$this->Job->saveField('message', 'Processing all attributes of type '. $type . '.');
|
||||
$this->Job->saveField('progress', intval($k / $typeCount));
|
||||
}
|
||||
} else {
|
||||
$this->__runCaching($user, $typeData, $id, $export_type);
|
||||
}
|
||||
$this->Job->saveField('progress', 100);
|
||||
$timeDelta = (time()-$timeStart);
|
||||
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
|
||||
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
|
||||
}
|
||||
|
||||
private function __runCaching($user, $typeData, $id, $export_type, $subType = '') {
|
||||
$export_type = strtolower($typeData['type']);
|
||||
$final = $this->{$typeData['scope']}->restSearch($user, $typeData['params']['returnFormat'], $typeData['params'], false, $id);
|
||||
$dir = new Folder(APP . 'tmp/cached_exports/' . $export_type, true, 0750);
|
||||
//echo PHP_EOL . $dir->pwd() . DS . 'misp.' . $export_type . $subType . '.ADMIN' . $typeData['extension'] . PHP_EOL;
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
$file = new File($dir->pwd() . DS . 'misp.' . $export_type . $subType . '.ADMIN' . $typeData['extension']);
|
||||
} else {
|
||||
$file = new File($dir->pwd() . DS . 'misp.' . $export_type . $subType . '.' . $user['Organisation']['name'] . $typeData['extension']);
|
||||
}
|
||||
$file->write($final);
|
||||
$file->close();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function cachexml() {
|
||||
$timeStart = time();
|
||||
$userId = $this->args[0];
|
||||
|
@ -509,11 +558,42 @@ class EventShell extends AppShell
|
|||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
}
|
||||
$job = $this->Job->read(null, $jobId);
|
||||
$options = array(
|
||||
'user' => $user,
|
||||
'event_id' => $eventId,
|
||||
'modules' => $modules
|
||||
);
|
||||
$result = $this->Event->enrichment($options);
|
||||
$job['Job']['progress'] = 100;
|
||||
$job['Job']['date_modified'] = date("y-m-d H:i:s");
|
||||
if ($result) {
|
||||
$job['Job']['message'] = 'Added ' . $result . ' attribute' . ($result > 1 ? 's.' : '.');
|
||||
} else {
|
||||
$job['Job']['message'] = 'Enrichment finished, but no attributes added.';
|
||||
}
|
||||
$this->Job->save($job);
|
||||
$log = ClassRegistry::init('Log');
|
||||
$log->create();
|
||||
$log->createLogEntry($user, 'enrichment', 'Event', $eventId, 'Event (' . $eventId . '): enriched.', 'enriched () => (1)');
|
||||
}
|
||||
|
||||
public function processfreetext() {
|
||||
$inputFile = $this->args[0];
|
||||
$tempdir = new Folder(APP . 'tmp/cache/ingest', true, 0750);
|
||||
$tempFile = new File(APP . 'tmp/cache/ingest' . DS . $inputFile);
|
||||
$inputData = $tempFile->read();
|
||||
$inputData = json_decode($inputData, true);
|
||||
$tempFile->delete();
|
||||
$this->Event->processFreeTextData(
|
||||
$inputData['user'],
|
||||
$inputData['attributes'],
|
||||
$inputData['id'],
|
||||
$inputData['default_comment'],
|
||||
$inputData['force'],
|
||||
$inputData['adhereToWarninglists'],
|
||||
$inputData['jobId']
|
||||
);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
<?php
|
||||
|
||||
class Populate023Shell extends AppShell {
|
||||
|
||||
public $tasks = array('Roles', 'RoleToAroAco', 'RoleId', 'Users');
|
||||
|
||||
public function main() {
|
||||
// perform tasks
|
||||
sleep(30);
|
||||
$this->Roles->execute();
|
||||
$this->RoleId->execute('2');
|
||||
$this->RoleToAroAco->execute();
|
||||
// on user data
|
||||
$this->Users->execute();
|
||||
}
|
||||
}
|
|
@ -8,7 +8,7 @@ class ServerShell extends AppShell
|
|||
|
||||
public function pull() {
|
||||
if (empty($this->args[0]) || empty($this->args[1])) {
|
||||
die('Usage: ' . $this->Server->command_line_functions['pull'] . PHP_EOL);
|
||||
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['pull'] . PHP_EOL);
|
||||
}
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
|
@ -56,7 +56,7 @@ class ServerShell extends AppShell
|
|||
|
||||
public function push() {
|
||||
if (empty($this->args[0]) || empty($this->args[1])) {
|
||||
die('Usage: ' . $this->Server->command_line_functions['push'] . PHP_EOL);
|
||||
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['push'] . PHP_EOL);
|
||||
}
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
|
@ -103,7 +103,7 @@ class ServerShell extends AppShell
|
|||
|
||||
public function fetchFeed() {
|
||||
if (empty($this->args[0]) || empty($this->args[1])) {
|
||||
die('Usage: ' . $this->Server->command_line_functions['fetchFeed'] . PHP_EOL);
|
||||
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['fetchFeed'] . PHP_EOL);
|
||||
}
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
|
@ -129,31 +129,107 @@ class ServerShell extends AppShell
|
|||
$jobId = $this->Job->id;
|
||||
}
|
||||
$this->Job->read(null, $jobId);
|
||||
$result = $this->Feed->downloadFromFeedInitiator($feedId, $user, $jobId);
|
||||
$this->Job->id = $jobId;
|
||||
if (!$result) {
|
||||
$message = 'Job Failed.';
|
||||
$this->Job->save(array(
|
||||
'id' => $jobId,
|
||||
'message' => $message,
|
||||
'progress' => 0,
|
||||
'status' => 3
|
||||
$outcome = array(
|
||||
'id' => $jobId,
|
||||
'message' => 'Job done.',
|
||||
'progress' => 100,
|
||||
'status' => 4
|
||||
);
|
||||
if ($feedId == 'all') {
|
||||
$feedIds = $this->Feed->find('list', array(
|
||||
'fields' => array('Feed.id', 'Feed.id'),
|
||||
'conditions' => array('Feed.enabled' => 1)
|
||||
));
|
||||
$feedIds = array_values($feedIds);
|
||||
$successes = 0;
|
||||
$fails = 0;
|
||||
foreach ($feedIds as $k => $feedId) {
|
||||
$jobStatus = array(
|
||||
'id' => $jobId,
|
||||
'message' => 'Fetching feed: ' . $feedId,
|
||||
'progress' => 100 * $k / count($feedIds),
|
||||
'status' => 0
|
||||
);
|
||||
$this->Job->id = $jobId;
|
||||
$this->Job->save($jobStatus);
|
||||
$result = $this->Feed->downloadFromFeedInitiator($feedId, $user);
|
||||
if ($result) {
|
||||
$successes++;
|
||||
} else {
|
||||
$fails++;
|
||||
}
|
||||
}
|
||||
$outcome['message'] = 'Job done. ' . $successes . ' feeds pulled successfuly, ' . $fails . ' feeds could not be pulled.';
|
||||
} else {
|
||||
$message = 'Job done.';
|
||||
$this->Job->save(array(
|
||||
'id' => $jobId,
|
||||
'message' => $message,
|
||||
'progress' => 100,
|
||||
'status' => 4
|
||||
$temp = $this->Feed->find('first', array(
|
||||
'fields' => array('Feed.id', 'Feed.id'),
|
||||
'conditions' => array('Feed.enabled' => 1, 'Feed.id' => $feedId)
|
||||
));
|
||||
if (!empty($temp)) {
|
||||
$result = $this->Feed->downloadFromFeedInitiator($feedId, $user, $jobId);
|
||||
if (!$result) {
|
||||
$outcome['progress'] = 0;
|
||||
$outcome['status'] = 3;
|
||||
$outcome['message'] = 'Job failed.';
|
||||
}
|
||||
}
|
||||
}
|
||||
echo $message . PHP_EOL;
|
||||
$this->Job->id = $jobId;
|
||||
$this->Job->save($outcome);
|
||||
echo $outcome['message'] . PHP_EOL;
|
||||
}
|
||||
|
||||
public function cacheServer() {
|
||||
if (empty($this->args[0]) || empty($this->args[1])) {
|
||||
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['cacheServer'] . PHP_EOL);
|
||||
}
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
if (empty($user)) die('Invalid user.' . PHP_EOL);
|
||||
$scope = $this->args[1];
|
||||
if (!empty($this->args[2])) {
|
||||
$jobId = $this->args[2];
|
||||
} else {
|
||||
$this->Job->create();
|
||||
$data = array(
|
||||
'worker' => 'default',
|
||||
'job_type' => 'cache_servers',
|
||||
'job_input' => 'Server: ' . $id,
|
||||
'status' => 0,
|
||||
'retries' => 0,
|
||||
'org' => $user['Organisation']['name'],
|
||||
'message' => 'Starting server caching.',
|
||||
);
|
||||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
}
|
||||
$this->Job->read(null, $jobId);
|
||||
$result = $this->Server->cacheServerInitiator($user, $scope, $jobId);
|
||||
$this->Job->id = $jobId;
|
||||
if ($result !== true) {
|
||||
$message = 'Job Failed. Reason: ';
|
||||
$this->Job->save(array(
|
||||
'id' => $jobId,
|
||||
'message' => $message . $result,
|
||||
'progress' => 0,
|
||||
'status' => 3
|
||||
));
|
||||
} else {
|
||||
$message = 'Job done.';
|
||||
$this->Job->save(array(
|
||||
'id' => $jobId,
|
||||
'message' => $message,
|
||||
'progress' => 100,
|
||||
'status' => 4
|
||||
));
|
||||
}
|
||||
echo $message . PHP_EOL;
|
||||
}
|
||||
|
||||
|
||||
public function cacheFeed() {
|
||||
if (empty($this->args[0]) || empty($this->args[1])) {
|
||||
die('Usage: ' . $this->Server->command_line_functions['cacheFeed'] . PHP_EOL);
|
||||
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['cacheFeed'] . PHP_EOL);
|
||||
}
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->getAuthUser($userId);
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
<?php
|
||||
App::uses('UsersController', 'Controller');
|
||||
|
||||
class RoleIdTask extends Shell {
|
||||
|
||||
public $uses = array('User');
|
||||
|
||||
public $Users;
|
||||
|
||||
public function execute($fk = '1') {
|
||||
$this->Users = new UsersController();
|
||||
$this->Users->constructClasses();
|
||||
$this->Users->setRoleId($fk);
|
||||
//$this->Users->generateAllForRoleId($fk); // TODO
|
||||
}
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
<?php
|
||||
App::uses('RolesController', 'Controller');
|
||||
|
||||
class RoleToAroAcoTask extends Shell {
|
||||
|
||||
public $uses = array('Role');
|
||||
|
||||
public $Roles;
|
||||
|
||||
public function execute() {
|
||||
$this->Roles = new RolesController();
|
||||
$this->Roles->constructClasses();
|
||||
|
||||
$roles = $this->Role->find('all');
|
||||
foreach ($roles as $role) {
|
||||
$this->Roles->saveAcl(array('model' => 'Role', 'foreign_key' => $role['Role']['id']), $role['Role']['perm_add'], $role['Role']['perm_modify'], $role['Role']['perm_publish'], $role['Role']['perm_admin'], $role['Role']['perm_sync'], $role['Role']['perm_auth'], $role['Role']['perm_audit']);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
<?php
|
||||
App::uses('RolesController', 'Controller');
|
||||
|
||||
class RolesTask extends Shell {
|
||||
|
||||
public $uses = array('Role');
|
||||
|
||||
public $Roles;
|
||||
|
||||
public function execute() {
|
||||
$this->Roles = new RolesController();
|
||||
$this->Roles->constructClasses();
|
||||
|
||||
$roles = ClassRegistry::init('Role');
|
||||
$roles->create();
|
||||
$roles->save(array('Role' => array('name' => 'admin', 'perm_add' => 1, 'perm_modify' => 1, 'perm_publish' => 1, 'perm_full' => 1, 'perm_sync' => 1, 'perm_audit' => 1, 'perm_auth' => 1)));
|
||||
$roles->create();
|
||||
$roles->save(array('Role' => array('name' => 'org_admin', 'perm_add' => 1, 'perm_modify' => 1, 'perm_publish' => 0, 'perm_full' => 0, 'perm_sync' => 1, 'perm_audit' => 1, 'perm_auth' => 1)));
|
||||
$roles->create();
|
||||
$roles->save(array('Role' => array('name' => 'User', 'perm_add' => 1, 'perm_modify' => 1, 'perm_publish' => 0, 'perm_full' => 0, 'perm_sync' => 1, 'perm_audit' => 1, 'perm_auth' => 0)));
|
||||
$roles->create();
|
||||
$roles->save(array('Role' => array('name' => 'Sync', 'perm_add' => 1, 'perm_modify' => 1, 'perm_publish' => 1, 'perm_full' => 0, 'perm_sync' => 1, 'perm_audit' => 1, 'perm_auth' => 1)));
|
||||
}
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
<?php
|
||||
App::uses('UsersController', 'Controller');
|
||||
|
||||
class UsersTask extends Shell {
|
||||
|
||||
public $uses = array('User');
|
||||
|
||||
public $Users;
|
||||
|
||||
public function execute() {
|
||||
$this->Users = new UsersController();
|
||||
$this->Users->constructClasses();
|
||||
|
||||
$users = ClassRegistry::init('User');
|
||||
// perform clean
|
||||
$users->checkAndCorrectPgps();
|
||||
}
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
<?php
|
||||
|
||||
class Populate023Shell extends AppShell {
|
||||
|
||||
public $tasks = array('Roles', 'RoleToAroAco', 'RoleId', 'Users');
|
||||
|
||||
public function main() {
|
||||
// perform tasks
|
||||
sleep(30);
|
||||
$this->Roles->execute();
|
||||
$this->RoleId->execute('2');
|
||||
$this->RoleToAroAco->execute();
|
||||
// on user data
|
||||
$this->Users->execute();
|
||||
}
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# degrate 0.2.3 to 0.2.2
|
||||
|
||||
# step into project and ..
|
||||
PRJCT=/var/www/MISP/app
|
||||
cd ${PRJCT}
|
||||
|
||||
# update Schema, remove Users.role_id
|
||||
./Console/cake schema update -s 0.2.2
|
||||
|
||||
exit 0;
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# migrate 0.2.2 to 0.2.3
|
||||
|
||||
# DataBase migrate, Audit and Access Control granulation
|
||||
|
||||
# step into project and ..
|
||||
PRJCT=../../../app
|
||||
cd ${PRJCT}
|
||||
|
||||
# create ACL tables
|
||||
./Console/cake schema create DbAcl
|
||||
# populate ACL acos
|
||||
./Console/cake acl create aco root controllers
|
||||
./Console/cake AclExtras.AclExtras aco_sync
|
||||
|
||||
# create Correlation table
|
||||
./Console/cake schema create DbCorrelation
|
||||
|
||||
# create Regexp table
|
||||
./Console/cake schema create DbRegexp
|
||||
|
||||
# create Whitelist table
|
||||
./Console/cake schema create DbWhitelist
|
||||
|
||||
# update Schema, add Users.role_id
|
||||
./Console/cake schema update -s 0.2.2.1
|
||||
|
||||
# create Log table
|
||||
./Console/cake schema create DbLog
|
||||
|
||||
# create Roles, populate ACL aros and Users.role_id
|
||||
./Console/cake schema create DbRole
|
||||
|
||||
# populate 0.2.3
|
||||
./Console/cake populate0_2_3
|
||||
|
||||
exit 0;
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# migrate 0.2.1.1 to 0.2.2
|
||||
|
||||
# Servers.lastpushedid and Servers.lastpulledid
|
||||
|
||||
# step into project and ..
|
||||
PRJCT=/var/www/MISP/app
|
||||
cd ${PRJCT}
|
||||
|
||||
# update Schema, add Users.role_id
|
||||
./Console/cake schema update -s 0.2.2
|
||||
|
||||
exit 0
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
USER=noud
|
||||
CY_HOME=../../../../MISP
|
||||
|
||||
chown -R ${USER}:www-data ${CY_HOME}
|
||||
chmod -R 750 ${CY_HOME}
|
||||
chmod -R g+s ${CY_HOME}
|
||||
cd ${CY_HOME}/app/
|
||||
chmod -R g+w tmp
|
||||
chmod -R g+w files
|
||||
|
||||
# GnuPG
|
||||
chmod -R ug+rwx ${CY_HOME}/.gnupg
|
||||
|
||||
exit 0
|
|
@ -1,13 +1,29 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# TODO: Improve script to bring workers up that are not.
|
||||
|
||||
# Extract base directory where this script is and cd into it
|
||||
cd "${0%/*}"
|
||||
|
||||
# Check if run as root
|
||||
if [ "$EUID" -eq 0 ]; then
|
||||
echo "Please DO NOT run the worker script as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Extract base directory where this script is and cd into it
|
||||
cd "${0%/*}"
|
||||
##[[ $(../cake CakeResque.CakeResque stop --all |grep "not permitted" ; echo $?) != 1 ]] && echo "Either you have no permissions or CakeResque is not installed/configured" && exit 1
|
||||
|
||||
## FIXME: PIDs seem off by 1
|
||||
# Check which workers are currently running
|
||||
WORKERS_PID=$(ps a |grep CakeResque |grep -v grep |cut -f 1 -d\ )
|
||||
|
||||
if [[ ! -z $WORKERS_PID ]]; then
|
||||
for p in $WORKERS_PID; do
|
||||
WORKER_RUNNING=$(ps $p |grep CakeRes|grep -v grep |grep -o -e "QUEUE=.[a-z]*" |cut -f2 -d\')
|
||||
#echo "Worker $WORKER_RUNNING with PID $p"
|
||||
done
|
||||
fi
|
||||
|
||||
../cake CakeResque.CakeResque stop --all
|
||||
../cake CakeResque.CakeResque start --interval 5 --queue default
|
||||
../cake CakeResque.CakeResque start --interval 5 --queue prio
|
||||
|
|
|
@ -46,12 +46,13 @@ class AppController extends Controller
|
|||
|
||||
public $helpers = array('Utility', 'OrgImg');
|
||||
|
||||
private $__queryVersion = '43';
|
||||
public $pyMispVersion = '2.4.93';
|
||||
public $phpmin = '5.6.5';
|
||||
public $phprec = '7.0.16';
|
||||
private $__queryVersion = '60';
|
||||
public $pyMispVersion = '2.4.103';
|
||||
public $phpmin = '7.0';
|
||||
public $phprec = '7.2';
|
||||
|
||||
public $baseurl = '';
|
||||
public $sql_dump = false;
|
||||
|
||||
// Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
|
||||
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
|
||||
|
@ -89,6 +90,7 @@ class AppController extends Controller
|
|||
'ACL',
|
||||
'RestResponse',
|
||||
'Flash'
|
||||
//,'DebugKit.Toolbar'
|
||||
);
|
||||
|
||||
private function __isApiFunction($controller, $action)
|
||||
|
@ -101,6 +103,24 @@ class AppController extends Controller
|
|||
|
||||
public function beforeFilter()
|
||||
{
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
// Add CORS headers
|
||||
$this->response->cors($this->request,
|
||||
explode(',', Configure::read('Security.cors_origins')),
|
||||
['*'],
|
||||
['Origin', 'Content-Type', 'Authorization', 'Accept']);
|
||||
|
||||
if ($this->request->is('options')) {
|
||||
// Stop here!
|
||||
// CORS only needs the headers
|
||||
$this->response->send();
|
||||
$this->_stop();
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($this->params['named']['sql'])) {
|
||||
$this->sql_dump = 1;
|
||||
}
|
||||
// check for a supported datasource configuration
|
||||
$dataSourceConfig = ConnectionManager::getDataSource('default')->config;
|
||||
if (!isset($dataSourceConfig['encoding'])) {
|
||||
|
@ -328,6 +348,9 @@ class AppController extends Controller
|
|||
}
|
||||
} else {
|
||||
if (!($this->params['controller'] === 'users' && $this->params['action'] === 'login')) {
|
||||
if (!$this->request->is('ajax')) {
|
||||
$this->Session->write('pre_login_requested_url', $this->here);
|
||||
}
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
}
|
||||
|
@ -355,6 +378,20 @@ class AppController extends Controller
|
|||
|
||||
if ($this->Session->check(AuthComponent::$sessionKey)) {
|
||||
if ($this->action !== 'checkIfLoggedIn' || $this->request->params['controller'] !== 'users') {
|
||||
$this->User->id = $this->Auth->user('id');
|
||||
if (!$this->User->exists()) {
|
||||
$message = __('Something went wrong. Your user account that you are authenticated with doesn\'t exist anymore.');
|
||||
if ($this->_isRest) {
|
||||
$this->RestResponse->throwException(
|
||||
401,
|
||||
$message
|
||||
);
|
||||
} else {
|
||||
$this->Flash->info($message);
|
||||
}
|
||||
$this->Auth->logout();
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
if (!empty(Configure::read('MISP.terms_file')) && !$this->Auth->user('termsaccepted') && (!in_array($this->request->here, array($base_dir.'/users/terms', $base_dir.'/users/logout', $base_dir.'/users/login', $base_dir.'/users/downloadTerms')))) {
|
||||
//if ($this->_isRest()) throw new MethodNotAllowedException('You have not accepted the terms of use yet, please log in via the web interface and accept them.');
|
||||
if (!$this->_isRest()) {
|
||||
|
@ -388,6 +425,7 @@ class AppController extends Controller
|
|||
$this->set('me', $this->Auth->user());
|
||||
$this->set('isAdmin', $role['perm_admin']);
|
||||
$this->set('isSiteAdmin', $role['perm_site_admin']);
|
||||
$this->set('hostOrgUser', $this->Auth->user('org_id') == Configure::read('MISP.host_org_id'));
|
||||
$this->set('isAclAdd', $role['perm_add']);
|
||||
$this->set('isAclModify', $role['perm_modify']);
|
||||
$this->set('isAclModifyOrg', $role['perm_modify_org']);
|
||||
|
@ -435,6 +473,14 @@ class AppController extends Controller
|
|||
$this->ACL->checkAccess($this->Auth->user(), Inflector::variable($this->request->params['controller']), $this->action);
|
||||
}
|
||||
|
||||
public function afterFilter()
|
||||
{
|
||||
if (Configure::read('debug') > 1 && !empty($this->sql_dump) && $this->_isRest()) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
echo json_encode($this->Log->getDataSource()->getLog(false, false), JSON_PRETTY_PRINT);
|
||||
}
|
||||
}
|
||||
|
||||
public function queryACL($debugType='findMissingFunctionNames', $content = false)
|
||||
{
|
||||
$this->autoRender = false;
|
||||
|
@ -478,10 +524,19 @@ class AppController extends Controller
|
|||
return $this->request->header('Accept') === 'application/json' || $this->RequestHandler->prefers() === 'json';
|
||||
}
|
||||
|
||||
protected function _isCsv($data=false)
|
||||
{
|
||||
if ($this->params['ext'] === 'csv' || $this->request->header('Accept') === 'application/csv' || $this->RequestHandler->prefers() === 'csv') {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
protected function _isRest()
|
||||
{
|
||||
$api = $this->__isApiFunction($this->request->params['controller'], $this->request->params['action']);
|
||||
if (isset($this->RequestHandler) && ($api || $this->RequestHandler->isXml() || $this->_isJson())) {
|
||||
if (isset($this->RequestHandler) && ($api || $this->RequestHandler->isXml() || $this->_isJson() || $this->_isCsv())) {
|
||||
if ($this->_isJson()) {
|
||||
if (!empty($this->request->input()) && empty($this->request->input('json_decode'))) {
|
||||
throw new MethodNotAllowedException('Invalid JSON input. Make sure that the JSON input is a correctly formatted JSON string. This request has been blocked to avoid an unfiltered request.');
|
||||
|
@ -535,6 +590,96 @@ class AppController extends Controller
|
|||
return $this->Auth->user('org_id');
|
||||
}
|
||||
|
||||
protected function _getApiAuthUser(&$key, &$exception)
|
||||
{
|
||||
if (strlen($key) == 40) {
|
||||
// check if the key is valid -> search for users based on key
|
||||
$user = $this->checkAuthUser($key);
|
||||
if (!$user) {
|
||||
$exception = $this->RestResponse->throwException(
|
||||
401,
|
||||
__('This authentication key is not authorized to be used for exports. Contact your administrator.')
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$key = 'json';
|
||||
} else {
|
||||
if (!$this->Auth->user('id')) {
|
||||
$exception = $this->RestResponse->throwException(
|
||||
401,
|
||||
__('You have to be logged in to do that.')
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$user = $this->Auth->user();
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
// generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
|
||||
protected function _harvestParameters($options, &$exception)
|
||||
{
|
||||
$data = array();
|
||||
if (!empty($options['request']->is('post'))) {
|
||||
if (empty($options['request']->data)) {
|
||||
$exception = $this->RestResponse->throwException(
|
||||
400,
|
||||
__('Either specify the search terms in the url, or POST a json with the filter parameters.'),
|
||||
'/' . $this->request->params['controller'] . '/' . $this->action
|
||||
);
|
||||
return false;
|
||||
} else {
|
||||
if (isset($options['request']->data['request'])) {
|
||||
$data = $options['request']->data['request'];
|
||||
} else {
|
||||
$data = $options['request']->data;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($options['paramArray'])) {
|
||||
foreach ($options['paramArray'] as $p) {
|
||||
if (
|
||||
isset($options['ordered_url_params'][$p]) &&
|
||||
(!in_array(strtolower($options['ordered_url_params'][$p]), array('null', '0', false, 'false', null)))
|
||||
) {
|
||||
$data[$p] = $options['ordered_url_params'][$p];
|
||||
$data[$p] = str_replace(';', ':', $data[$p]);
|
||||
}
|
||||
if (isset($options['named_params'][$p])) {
|
||||
$data[$p] = str_replace(';', ':', $options['named_params'][$p]);
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach ($data as $k => $v) {
|
||||
if (!is_array($data[$k])) {
|
||||
$data[$k] = trim($data[$k]);
|
||||
if (strpos($data[$k], '||')) {
|
||||
$data[$k] = explode('||', $data[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($options['additional_delimiters'])) {
|
||||
if (!is_array($options['additional_delimiters'])) {
|
||||
$options['additional_delimiters'] = array($options['additional_delimiters']);
|
||||
}
|
||||
foreach ($data as $k => $v) {
|
||||
$found = false;
|
||||
foreach ($options['additional_delimiters'] as $delim) {
|
||||
if (strpos($v, $delim) !== false) {
|
||||
$found = true;
|
||||
}
|
||||
}
|
||||
if ($found) {
|
||||
$data[$k] = explode($options['additional_delimiters'][0], str_replace($options['additional_delimiters'], $options['additional_delimiters'][0], $v));
|
||||
foreach ($data[$k] as $k2 => $value) {
|
||||
$data[$k][$k2] = trim($data[$k][$k2]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
// pass an action to this method for it to check the active user's access to the action
|
||||
public function checkAction($action = 'perm_sync')
|
||||
{
|
||||
|
@ -740,7 +885,6 @@ class AppController extends Controller
|
|||
$result = false;
|
||||
if (Configure::read('Plugin.CustomAuth_enable')) {
|
||||
$header = Configure::read('Plugin.CustomAuth_header') ? Configure::read('Plugin.CustomAuth_header') : 'Authorization';
|
||||
$header = strtoupper($header);
|
||||
$authName = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
|
||||
$headerNamespace = Configure::read('Plugin.CustomAuth_use_header_namespace') ? (Configure::read('Plugin.CustomAuth_header_namespace') ? Configure::read('Plugin.CustomAuth_header_namespace') : 'HTTP_') : '';
|
||||
if (isset($server[$headerNamespace . $header]) && !empty($server[$headerNamespace . $header])) {
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -48,6 +48,7 @@ class ACLComponent extends Component
|
|||
'edit' => array('perm_add'),
|
||||
'editField' => array('perm_add'),
|
||||
'editSelected' => array('perm_add'),
|
||||
'exportSearch' => array('*'),
|
||||
'fetchEditForm' => array('perm_add'),
|
||||
'fetchViewValue' => array('*'),
|
||||
'generateCorrelation' => array(),
|
||||
|
@ -64,6 +65,7 @@ class ACLComponent extends Component
|
|||
'searchAlternate' => array('*'),
|
||||
'toggleCorrelation' => array('perm_add'),
|
||||
'text' => array('*'),
|
||||
'toggleToIDS' => array('perm_add'),
|
||||
'updateAttributeValues' => array('perm_add'),
|
||||
'view' => array('*'),
|
||||
),
|
||||
|
@ -104,6 +106,7 @@ class ACLComponent extends Component
|
|||
'enrichEvent' => array('perm_add'),
|
||||
'export' => array('*'),
|
||||
'exportChoice' => array('*'),
|
||||
'exportModule' => array('*'),
|
||||
'filterEventIdsForPush' => array('perm_sync'),
|
||||
'filterEventIndex' => array('*'),
|
||||
'freeTextImport' => array('perm_add'),
|
||||
|
@ -116,10 +119,12 @@ class ACLComponent extends Component
|
|||
'getReferenceData' => array('*'),
|
||||
'getReferences' => array('*'),
|
||||
'getObjectTemplate' => array('*'),
|
||||
'viewMitreAttackMatrix' => array('*'),
|
||||
'hids' => array('*'),
|
||||
'index' => array('*'),
|
||||
'importChoice' => array('*'),
|
||||
'importModule' => array('*'),
|
||||
'massDelete' => array('perm_site_admin'),
|
||||
'merge' => array('perm_modify'),
|
||||
'nids' => array('*'),
|
||||
'proposalEventIndex' => array('*'),
|
||||
'publish' => array('perm_publish'),
|
||||
|
@ -135,18 +140,17 @@ class ACLComponent extends Component
|
|||
'stix2' => array('*'),
|
||||
'strposarray' => array(),
|
||||
'toggleCorrelation' => array('perm_add'),
|
||||
'unpublish' => array('perm_modify'),
|
||||
'updateGraph' => array('*'),
|
||||
'upload_analysis_file' => array('perm_add'),
|
||||
'upload_sample' => array('AND' => array('perm_auth', 'perm_add')),
|
||||
'upload_stix' => array('perm_add'),
|
||||
'view' => array('*'),
|
||||
'viewEventAttributes' => array('*'),
|
||||
'viewEventGraph' => array('*'),
|
||||
'viewGraph' => array('*'),
|
||||
'xml' => array('*'),
|
||||
'merge' => array('perm_modify'),
|
||||
'importChoice' => array('*'),
|
||||
'importModule' => array('*'),
|
||||
'exportModule' => array('*')
|
||||
'viewGalaxyMatrix' => array('*'),
|
||||
'xml' => array('*')
|
||||
),
|
||||
'favouriteTags' => array(
|
||||
'index' => array('*'),
|
||||
|
@ -156,7 +160,7 @@ class ACLComponent extends Component
|
|||
'feeds' => array(
|
||||
'add' => array(),
|
||||
'cacheFeeds' => array(),
|
||||
'compareFeeds' => array(),
|
||||
'compareFeeds' => array('*'),
|
||||
'delete' => array(),
|
||||
'disable' => array(),
|
||||
'edit' => array(),
|
||||
|
@ -166,11 +170,11 @@ class ACLComponent extends Component
|
|||
'fetchSelectedFromFreetextIndex' => array(),
|
||||
'getEvent' => array(),
|
||||
'importFeeds' => array(),
|
||||
'index' => array(),
|
||||
'previewEvent' => array(),
|
||||
'previewIndex' => array(),
|
||||
'index' => array('*'),
|
||||
'previewEvent' => array('*'),
|
||||
'previewIndex' => array('*'),
|
||||
'toggleSelected' => array('perm_site_admin'),
|
||||
'view' => array(),
|
||||
'view' => array('*'),
|
||||
),
|
||||
'galaxies' => array(
|
||||
'attachCluster' => array('perm_tagger'),
|
||||
|
@ -179,12 +183,14 @@ class ACLComponent extends Component
|
|||
'selectGalaxy' => array('perm_tagger'),
|
||||
'selectGalaxyNamespace' => array('perm_tagger'),
|
||||
'selectCluster' => array('perm_tagger'),
|
||||
'showGalaxies' => array('*'),
|
||||
'update' => array(),
|
||||
'view' => array('*'),
|
||||
'viewGraph' => array('*')
|
||||
),
|
||||
'galaxyClusters' => array(
|
||||
'attachToEvent' => array('perm_tagger'),
|
||||
'delete' => array('perm_site_admin'),
|
||||
'detach' => array('perm_tagger'),
|
||||
'index' => array('*'),
|
||||
'view' => array('*')
|
||||
|
@ -250,6 +256,7 @@ class ACLComponent extends Component
|
|||
'delete' => array('perm_object_template'),
|
||||
'getToggleField' => array(),
|
||||
'objectChoice' => array('*'),
|
||||
'objectMetaChoice' => array('perm_add'),
|
||||
'view' => array('*'),
|
||||
'viewElements' => array('*'),
|
||||
'index' => array('*'),
|
||||
|
@ -306,12 +313,14 @@ class ACLComponent extends Component
|
|||
),
|
||||
'servers' => array(
|
||||
'add' => array(),
|
||||
'cache' => array('perm_site_admin'),
|
||||
'checkout' => array(),
|
||||
'delete' => array(),
|
||||
'deleteFile' => array(),
|
||||
'edit' => array(),
|
||||
'fetchServersForSG' => array('*'),
|
||||
'filterEventIndex' => array(),
|
||||
'getApiInfo' => array('*'),
|
||||
'getGit' => array(),
|
||||
'getInstanceUUID' => array('perm_sync'),
|
||||
'getPyMISPVersion' => array('*'),
|
||||
|
@ -369,12 +378,25 @@ class ACLComponent extends Component
|
|||
),
|
||||
'sightings' => array(
|
||||
'add' => array('perm_sighting'),
|
||||
'restSearch' => array('perm_sighting'),
|
||||
'advanced' => array('perm_sighting'),
|
||||
'delete' => array('perm_sighting'),
|
||||
'index' => array('*'),
|
||||
'listSightings' => array('perm_sighting'),
|
||||
'quickDelete' => array('perm_sighting'),
|
||||
'viewSightings' => array('perm_sighting')
|
||||
'viewSightings' => array('perm_sighting'),
|
||||
'quickAdd' => array('perm_sighting')
|
||||
),
|
||||
'tagCollections' => array(
|
||||
'add' => array('perm_tag_editor'),
|
||||
'addTag' => array('perm_tag_editor'),
|
||||
'delete' => array('perm_tag_editor'),
|
||||
'edit' => array('perm_tag_editor'),
|
||||
'getRow' => array('perm_tag_editor'),
|
||||
'import' => array('perm_tag_editor'),
|
||||
'index' => array('*'),
|
||||
'removeTag' => array('perm_tag_editor'),
|
||||
'view' => array('*')
|
||||
),
|
||||
'tags' => array(
|
||||
'add' => array('perm_tag_editor'),
|
||||
|
@ -384,10 +406,12 @@ class ACLComponent extends Component
|
|||
'index' => array('*'),
|
||||
'quickAdd' => array('perm_tag_editor'),
|
||||
'removeTagFromObject' => array('perm_tagger'),
|
||||
'search' => array('*'),
|
||||
'selectTag' => array('perm_tagger'),
|
||||
'selectTaxonomy' => array('perm_tagger'),
|
||||
'showEventTag' => array('*'),
|
||||
'showAttributeTag' => array('*'),
|
||||
'showTagControllerTag' => array('*'),
|
||||
'tagStatistics' => array('*'),
|
||||
'view' => array('*'),
|
||||
'viewGraph' => array('*'),
|
||||
|
@ -405,8 +429,12 @@ class ACLComponent extends Component
|
|||
'enable' => array(),
|
||||
'index' => array('*'),
|
||||
'taxonomyMassConfirmation' => array('perm_tagger'),
|
||||
'taxonomyMassHide' => array('perm_tagger'),
|
||||
'taxonomyMassUnhide' => array('perm_tagger'),
|
||||
'update' => array(),
|
||||
'view' => array('*'),
|
||||
'unhideTag' => array('perm_tagger'),
|
||||
'hideTag' => array('perm_tagger'),
|
||||
),
|
||||
'templateElements' => array(
|
||||
'add' => array('perm_template'),
|
||||
|
@ -469,6 +497,7 @@ class ACLComponent extends Component
|
|||
'view' => array('*'),
|
||||
),
|
||||
'warninglists' => array(
|
||||
'checkValue' => array('perm_auth'),
|
||||
'delete' => array(),
|
||||
'enableWarninglist' => array(),
|
||||
'getToggleField' => array(),
|
||||
|
@ -497,7 +526,7 @@ class ACLComponent extends Component
|
|||
// If the requested action has an AND-ed list, iterate through the list. If any of the permissions for the user are not set, turn the check to false. Otherwise return true.
|
||||
// If the requested action has a permission, check if the user's role has it flagged. If yes, return true
|
||||
// If we fall through all of the checks, return an exception.
|
||||
public function checkAccess($user, $controller, $action)
|
||||
public function checkAccess($user, $controller, $action, $soft = false)
|
||||
{
|
||||
$controller = lcfirst(Inflector::camelize($controller));
|
||||
$action = strtolower($action);
|
||||
|
@ -509,7 +538,7 @@ class ACLComponent extends Component
|
|||
return true;
|
||||
}
|
||||
if (!isset($aclList[$controller])) {
|
||||
$this->__error(404, 'Invalid controller.');
|
||||
return $this->__error(404, 'Invalid controller.', $soft);
|
||||
}
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
return true;
|
||||
|
@ -538,11 +567,14 @@ class ACLComponent extends Component
|
|||
return true;
|
||||
}
|
||||
}
|
||||
$this->__error(403, 'You do not have permission to use this functionality.');
|
||||
return $this->__error(403, 'You do not have permission to use this functionality.', $soft);
|
||||
}
|
||||
|
||||
private function __error($code, $message)
|
||||
private function __error($code, $message, $soft = false)
|
||||
{
|
||||
if ($soft) {
|
||||
return $code;
|
||||
}
|
||||
switch ($code) {
|
||||
case 404:
|
||||
throw new NotFoundException($message);
|
||||
|
@ -570,7 +602,7 @@ class ACLComponent extends Component
|
|||
$fileContents = preg_replace('/\/\*[^\*]+?\*\//', '', $fileContents);
|
||||
preg_match_all($functionFinder, $fileContents, $functionArray);
|
||||
foreach ($functionArray[1] as $function) {
|
||||
if (substr($function, 0, 1) !== '_' && $function !== 'beforeFilter') {
|
||||
if (substr($function, 0, 1) !== '_' && $function !== 'beforeFilter' && $function !== 'afterFilter') {
|
||||
$results[$controllerName][] = $function;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,7 +63,9 @@ class ApacheAuthenticate extends BaseAuthenticate
|
|||
$ldappass = Configure::read('ApacheSecureAuth.ldapReaderPassword');
|
||||
$ldapSearchFilter = Configure::read('ApacheSecureAuth.ldapSearchFilter');
|
||||
$ldapEmailField = Configure::read('ApacheSecureAuth.ldapEmailField');
|
||||
|
||||
// LDAP connection
|
||||
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, Configure::read('ApacheSecureAuth.ldapNetworkTimeout', -1));
|
||||
$ldapconn = ldap_connect(Configure::read('ApacheSecureAuth.ldapServer'))
|
||||
or die('LDAP server connection failed');
|
||||
|
||||
|
|
|
@ -10,8 +10,11 @@ class BlackListComponent extends Component
|
|||
public $defaultModel = '';
|
||||
|
||||
|
||||
public function index($rest = false)
|
||||
public function index($rest = false, $filters = array())
|
||||
{
|
||||
if (!empty($filters)) {
|
||||
$this->controller->paginate['conditions'] = $filters;
|
||||
}
|
||||
if ($this->controller->response->type() === 'application/json' || $this->controller->response->type() == 'application/xml' || $rest) {
|
||||
$blackList = $this->controller->paginate();
|
||||
$blacklist= array();
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -19,7 +19,7 @@ class EventBlacklistsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'EventBlacklist.created' => 'DESC'
|
||||
),
|
||||
|
@ -27,7 +27,14 @@ class EventBlacklistsController extends AppController
|
|||
|
||||
public function index()
|
||||
{
|
||||
$this->BlackList->index($this->_isRest());
|
||||
$params = array();
|
||||
$validParams = array('event_uuid', 'comment');
|
||||
foreach ($validParams as $validParam) {
|
||||
if (!empty($this->params['named'][$validParam])) {
|
||||
$params[$validParam] = $this->params['named'][$validParam];
|
||||
}
|
||||
}
|
||||
$this->BlackList->index($this->_isRest(), $params);
|
||||
}
|
||||
|
||||
public function add()
|
||||
|
|
|
@ -7,7 +7,7 @@ class EventDelegationsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'EventDelegations.id' => 'DESC'
|
||||
),
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -7,7 +7,7 @@ class FavouriteTagsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'FavouriteTag.id' => 'DESC'
|
||||
),
|
||||
|
|
|
@ -4,7 +4,7 @@ App::uses('Xml', 'Utility');
|
|||
|
||||
class FeedsController extends AppController
|
||||
{
|
||||
public $components = array('Security' ,'RequestHandler'); // XXX ACL component
|
||||
public $components = array('Security' ,'RequestHandler'); // XXX ACL component
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
|
@ -22,14 +22,17 @@ class FeedsController extends AppController
|
|||
public function beforeFilter()
|
||||
{
|
||||
parent::beforeFilter();
|
||||
$this->Security->unlockedActions = array('previewIndex');
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$this->Security->unlockedActions[] = 'previewIndex';
|
||||
if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != Configure::read('MISP.host_org_id')) {
|
||||
throw new MethodNotAllowedException(__('You don\'t have the required privileges to do that.'));
|
||||
}
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
if (!$this->_isSiteAdmin() && !$this->Auth->user('org_id') == Configure::read('MISP.host_org_id')) {
|
||||
throw NotAllowedException('You don\'t have access to this feature.');
|
||||
}
|
||||
$this->Feed->load_default_feeds();
|
||||
$scope = isset($this->passedArgs['scope']) ? $this->passedArgs['scope'] : 'all';
|
||||
if ($scope !== 'all') {
|
||||
|
@ -77,6 +80,9 @@ class FeedsController extends AppController
|
|||
|
||||
public function view($feedId)
|
||||
{
|
||||
if (!$this->_isSiteAdmin() && !$this->Auth->user('org_id') == Configure::read('MISP.host_org_id')) {
|
||||
throw NotAllowedException('You don\'t have access to this feature.');
|
||||
}
|
||||
$feed = $this->Feed->find('first', array(
|
||||
'conditions' => array('Feed.id' => $feedId),
|
||||
'recursive' => -1,
|
||||
|
@ -127,6 +133,9 @@ class FeedsController extends AppController
|
|||
$tags = $this->Event->EventTag->Tag->find('list', array('fields' => array('Tag.name'), 'order' => array('lower(Tag.name) asc')));
|
||||
$tags[0] = 'None';
|
||||
$this->set('tags', $tags);
|
||||
if (empty($this->request->data['Feed']['fixed_event'])) {
|
||||
$this->request->data['Feed']['fixed_event'] = 1;
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if ($this->_isRest()) {
|
||||
if (empty($this->request->data['Feed'])) {
|
||||
|
@ -150,6 +159,9 @@ class FeedsController extends AppController
|
|||
$this->request->data['Feed']['sharing_group_id'] = 0;
|
||||
}
|
||||
$this->request->data['Feed']['default'] = 0;
|
||||
if (!isset($this->request->data['Feed']['source_format'])) {
|
||||
$this->request->data['Feed']['source_format'] = 'freetext';
|
||||
}
|
||||
if ($this->request->data['Feed']['source_format'] == 'freetext') {
|
||||
if ($this->request->data['Feed']['fixed_event'] == 1) {
|
||||
if (!empty($this->request->data['Feed']['target_event']) && is_numeric($this->request->data['Feed']['target_event'])) {
|
||||
|
@ -390,10 +402,10 @@ class FeedsController extends AppController
|
|||
$message = __('Fetching the feed has successfuly completed.');
|
||||
if ($this->Feed->data['Feed']['source_format'] == 'misp') {
|
||||
if (isset($result['add'])) {
|
||||
$message['result'] .= ' Downloaded ' . count($result['add']) . ' new event(s).';
|
||||
$message .= ' Downloaded ' . count($result['add']) . ' new event(s).';
|
||||
}
|
||||
if (isset($result['edit'])) {
|
||||
$message['result'] .= ' Updated ' . count($result['edit']) . ' event(s).';
|
||||
$message .= ' Updated ' . count($result['edit']) . ' event(s).';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -497,6 +509,9 @@ class FeedsController extends AppController
|
|||
|
||||
public function previewIndex($feedId)
|
||||
{
|
||||
if (!$this->_isSiteAdmin() && !$this->Auth->user('org_id') == Configure::read('MISP.host_org_id')) {
|
||||
throw NotAllowedException('You don\'t have access to this feature.');
|
||||
}
|
||||
$this->Feed->id = $feedId;
|
||||
if (!$this->Feed->exists()) {
|
||||
throw new NotFoundException(__('Invalid feed.'));
|
||||
|
@ -535,6 +550,27 @@ class FeedsController extends AppController
|
|||
$this->Flash->info($events);
|
||||
$this->redirect(array('controller' => 'feeds', 'action' => 'index'));
|
||||
}
|
||||
if (!empty($this->params['named']['searchall'])) {
|
||||
foreach ($events as $uuid => $event) {
|
||||
$found = false;
|
||||
if (strpos(strtolower($event['info']), strtolower($this->params['named']['searchall'])) !== false) {
|
||||
$found = true;
|
||||
}
|
||||
if (strpos(strtolower($event['Orgc']['name']), strtolower($this->params['named']['searchall'])) !== false) {
|
||||
$found = true;
|
||||
}
|
||||
if (!empty($event['Tag'])) {
|
||||
foreach ($event['Tag'] as $tag) {
|
||||
if (strpos(strtolower($tag['name']), strtolower($this->params['named']['searchall'])) !== false) {
|
||||
$found = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!$found) {
|
||||
unset($events[$uuid]);
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach ($filterParams as $k => $filter) {
|
||||
if (!empty($filter)) {
|
||||
$filterParams[$k] = json_decode($filter);
|
||||
|
@ -677,6 +713,9 @@ class FeedsController extends AppController
|
|||
|
||||
public function previewEvent($feedId, $eventUuid, $all = false)
|
||||
{
|
||||
if (!$this->_isSiteAdmin() && !$this->Auth->user('org_id') == Configure::read('MISP.host_org_id')) {
|
||||
throw NotAllowedException('You don\'t have access to this feature.');
|
||||
}
|
||||
$this->Feed->id = $feedId;
|
||||
if (!$this->Feed->exists()) {
|
||||
throw new NotFoundException(__('Invalid feed.'));
|
||||
|
@ -836,6 +875,9 @@ class FeedsController extends AppController
|
|||
|
||||
public function compareFeeds($id = false)
|
||||
{
|
||||
if (!$this->_isSiteAdmin() && !$this->Auth->user('org_id') == Configure::read('MISP.host_org_id')) {
|
||||
throw NotAllowedException('You don\'t have access to this feature.');
|
||||
}
|
||||
$feeds = $this->Feed->compareFeeds($id);
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->viewData($feeds, $this->response->type());
|
||||
|
|
|
@ -7,7 +7,7 @@ class GalaxiesController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'contain' => array(
|
||||
|
||||
),
|
||||
|
@ -34,6 +34,8 @@ class GalaxiesController extends AppController
|
|||
}
|
||||
if (!empty($this->params['named']['force'])) {
|
||||
$force = 1;
|
||||
} else {
|
||||
$force = 0;
|
||||
}
|
||||
$result = $this->Galaxy->update($force);
|
||||
$message = 'Galaxies updated.';
|
||||
|
@ -77,36 +79,46 @@ class GalaxiesController extends AppController
|
|||
|
||||
public function selectGalaxy($target_id, $target_type='event', $namespace='misp')
|
||||
{
|
||||
$expectedDescription = 'ATT&CK Tactic';
|
||||
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
|
||||
$conditions = $namespace == '0' ? array() : array('namespace' => $namespace);
|
||||
if ($namespace == 'mitre-attack' || $namespace == '0') {
|
||||
$conditions[] = array('description !=' => $expectedDescription);
|
||||
$conditions2 = array('namespace' => 'mitre-attack');
|
||||
$conditions2[] = array('description' => $expectedDescription);
|
||||
|
||||
$tacticGalaxies = $this->Galaxy->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => $conditions2,
|
||||
));
|
||||
}
|
||||
$galaxies = $this->Galaxy->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => $conditions,
|
||||
'order' => array('name asc')
|
||||
));
|
||||
if (!empty($tacticGalaxies)) {
|
||||
array_unshift($galaxies, array('Galaxy' => array(
|
||||
'id' => '-1',
|
||||
'uuid' => '-1',
|
||||
'name' => $expectedDescription,
|
||||
'type' => '-1',
|
||||
'icon' => '/img/mitre-attack-icon.ico',
|
||||
'namespace' => 'mitre-attack'
|
||||
)));
|
||||
|
||||
$items = array();
|
||||
$items[] = array(
|
||||
'name' => __('All clusters'),
|
||||
'value' => "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'
|
||||
);
|
||||
foreach ($galaxies as $galaxy) {
|
||||
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
|
||||
$items[] = array(
|
||||
'name' => h($galaxy['Galaxy']['name']),
|
||||
'value' => "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'],
|
||||
'template' => array(
|
||||
'preIcon' => 'fa-' . $galaxy['Galaxy']['icon'],
|
||||
'name' => $galaxy['Galaxy']['name'],
|
||||
'infoExtra' => $galaxy['Galaxy']['description'],
|
||||
)
|
||||
);
|
||||
} else { // should use matrix instead
|
||||
$param = array(
|
||||
'name' => $galaxy['Galaxy']['name'],
|
||||
'functionName' => "getMatrixPopup('" . $target_type . "', '" . $target_id . "', " . $galaxy['Galaxy']['id'] . ")",
|
||||
'isPill' => true,
|
||||
'isMatrix' => true
|
||||
);
|
||||
if ($galaxy['Galaxy']['id'] == $mitreAttackGalaxyId) {
|
||||
$param['img'] = "/img/mitre-attack-icon.ico";
|
||||
}
|
||||
$items[] = $param;
|
||||
}
|
||||
}
|
||||
$this->set('galaxies', $galaxies);
|
||||
$this->set('target_id', $target_id);
|
||||
$this->set('target_type', $target_type);
|
||||
$this->render('ajax/galaxy_choice');
|
||||
|
||||
$this->set('items', $items);
|
||||
$this->render('/Elements/generic_picker');
|
||||
}
|
||||
|
||||
public function selectGalaxyNamespace($target_id, $target_type='event')
|
||||
|
@ -114,12 +126,27 @@ class GalaxiesController extends AppController
|
|||
$namespaces = $this->Galaxy->find('list', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('namespace', 'namespace'),
|
||||
'group' => array('namespace')
|
||||
'group' => array('namespace'),
|
||||
'order' => array('namespace asc')
|
||||
));
|
||||
$this->set('namespaces', $namespaces);
|
||||
$this->set('target_id', $target_id);
|
||||
$this->set('target_type', $target_type);
|
||||
$this->render('ajax/galaxy_namespace_choice');
|
||||
|
||||
$items = array();
|
||||
$items[] = array(
|
||||
'name' => __('All namespaces'),
|
||||
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/0'
|
||||
);
|
||||
foreach ($namespaces as $namespace) {
|
||||
$items[] = array(
|
||||
'name' => $namespace,
|
||||
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/' . $namespace
|
||||
);
|
||||
}
|
||||
|
||||
$this->set('items', $items);
|
||||
$this->set('options', array( // set chosen (select picker) options
|
||||
'multiple' => 0,
|
||||
));
|
||||
$this->render('/Elements/generic_picker');
|
||||
}
|
||||
|
||||
public function selectCluster($target_id, $target_type = 'event', $selectGalaxy = false)
|
||||
|
@ -130,60 +157,116 @@ class GalaxiesController extends AppController
|
|||
}
|
||||
$data = $this->Galaxy->GalaxyCluster->find('all', array(
|
||||
'conditions' => $conditions,
|
||||
'fields' => array('value', 'description', 'source', 'type'),
|
||||
'contain' => array(
|
||||
'GalaxyElement' => array(
|
||||
'conditions' => array('GalaxyElement.key' => 'synonyms')
|
||||
)
|
||||
),
|
||||
'fields' => array('value', 'description', 'source', 'type', 'id'),
|
||||
'order' => array('value asc'),
|
||||
'recursive' => -1
|
||||
));
|
||||
$clusters = array();
|
||||
$lookup_table = array();
|
||||
foreach ($data as $k => $cluster) {
|
||||
$temp = $this->Galaxy->GalaxyCluster->GalaxyElement->find('all', array(
|
||||
'conditions' => array(
|
||||
'GalaxyElement.galaxy_cluster_id' => $cluster['GalaxyCluster']['id'],
|
||||
'GalaxyElement.key' => 'synonyms'
|
||||
),
|
||||
'recursive' => -1
|
||||
));
|
||||
$cluster['GalaxyCluster']['synonyms_string'] = array();
|
||||
foreach ($cluster['GalaxyElement'] as $element) {
|
||||
$cluster['GalaxyCluster']['synonyms_string'][] = $element['value'];
|
||||
if (isset($lookup_table[$cluster['GalaxyCluster']['type']][$element['value']])) {
|
||||
$lookup_table[$cluster['GalaxyCluster']['type']][$element['value']][] = $cluster['GalaxyCluster']['id'];
|
||||
} else {
|
||||
$lookup_table[$cluster['GalaxyCluster']['type']][$element['value']] = array($cluster['GalaxyCluster']['id']);
|
||||
}
|
||||
foreach ($temp as $element) {
|
||||
$cluster['GalaxyCluster']['synonyms_string'][] = $element['GalaxyElement']['value'];
|
||||
$cluster['GalaxyElement'][] = $element['GalaxyElement'];
|
||||
}
|
||||
unset($temp);
|
||||
$cluster['GalaxyCluster']['synonyms_string'] = implode(', ', $cluster['GalaxyCluster']['synonyms_string']);
|
||||
unset($cluster['GalaxyElement']);
|
||||
$clusters[$cluster['GalaxyCluster']['type']][$cluster['GalaxyCluster']['value']] = $cluster['GalaxyCluster'];
|
||||
if (isset($lookup_table[$cluster['GalaxyCluster']['type']][$cluster['GalaxyCluster']['value']])) {
|
||||
$lookup_table[$cluster['GalaxyCluster']['type']][$cluster['GalaxyCluster']['value']][] = $cluster['GalaxyCluster']['id'];
|
||||
} else {
|
||||
$lookup_table[$cluster['GalaxyCluster']['type']][$cluster['GalaxyCluster']['value']] = array($cluster['GalaxyCluster']['id']);
|
||||
}
|
||||
}
|
||||
ksort($clusters);
|
||||
$this->set('clusters', $clusters);
|
||||
$this->set('target_id', $target_id);
|
||||
$this->set('target_type', $target_type);
|
||||
$this->set('lookup_table', $lookup_table);
|
||||
$this->render('ajax/cluster_choice');
|
||||
|
||||
$items = array();
|
||||
foreach ($clusters as $namespace => $cluster_data) {
|
||||
foreach ($cluster_data as $k => $cluster) {
|
||||
$name = $cluster['value'];
|
||||
$optionName = $cluster['value'];
|
||||
if ($cluster['synonyms_string'] !== '') {
|
||||
$synom = __('Synonyms: ') . $cluster['synonyms_string'];
|
||||
$optionName .= $cluster['synonyms_string'] !== '' ? ' (' . $cluster['synonyms_string'] . ')' : '';
|
||||
} else {
|
||||
$synom = '';
|
||||
}
|
||||
$itemParam = array(
|
||||
'name' => $optionName,
|
||||
'value' => $cluster['id'],
|
||||
'template' => array(
|
||||
'name' => $name,
|
||||
'infoExtra' => $cluster['description'],
|
||||
)
|
||||
);
|
||||
if ($cluster['synonyms_string'] !== '') {
|
||||
$itemParam['template']['infoContextual'] = $synom;
|
||||
}
|
||||
$items[] = $itemParam;
|
||||
unset($cluster_data[$k]);
|
||||
}
|
||||
}
|
||||
$onClickForm = 'quickSubmitGalaxyForm';
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->viewData($items, $this->response->type());
|
||||
} else {
|
||||
$this->set('items', $items);
|
||||
$this->set('options', array( // set chosen (select picker) options
|
||||
'functionName' => $onClickForm,
|
||||
'multiple' => '-1',
|
||||
'select_options' => array(
|
||||
'additionalData' => array(
|
||||
'target_id' => $target_id,
|
||||
'target_type' => $target_type,
|
||||
)
|
||||
),
|
||||
));
|
||||
$this->render('ajax/cluster_choice');
|
||||
}
|
||||
}
|
||||
|
||||
public function attachCluster($target_id, $target_type = 'event')
|
||||
{
|
||||
$cluster_id = $this->request->data['Galaxy']['target_id'];
|
||||
$result = $this->Galaxy->attachCluster($this->Auth->user(), $target_type, $target_id, $cluster_id);
|
||||
$this->Flash->info($result);
|
||||
$this->redirect($this->referer());
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result, 'check_publish' => true)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
|
||||
public function attachMultipleClusters($target_id, $target_type = 'event')
|
||||
{
|
||||
$cluster_ids = json_decode($this->request->data['Galaxy']['target_ids'], true);
|
||||
$result = "";
|
||||
foreach ($cluster_ids as $cluster_id) {
|
||||
$result = $this->Galaxy->attachCluster($this->Auth->user(), $target_type, $target_id, $cluster_id);
|
||||
if ($target_id === 'selected') {
|
||||
$target_id_list = json_decode($this->request->data['Galaxy']['attribute_ids']);
|
||||
} else {
|
||||
$target_id_list = array($target_id);
|
||||
}
|
||||
$cluster_ids = $this->request->data['Galaxy']['target_ids'];
|
||||
if (!empty($cluster_ids)) {
|
||||
$cluster_ids = json_decode($cluster_ids, true);
|
||||
if ($cluster_ids === null) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'error' => __('Failed to parse request.'))), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'error' => __('No clusters picked.'))), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
$result = "";
|
||||
if (!is_array($cluster_ids)) { // in case we only want to attach 1
|
||||
$cluster_ids = array($cluster_ids);
|
||||
}
|
||||
foreach ($cluster_ids as $cluster_id) {
|
||||
foreach ($target_id_list as $target_id) {
|
||||
$result = $this->Galaxy->attachCluster($this->Auth->user(), $target_type, $target_id, $cluster_id);
|
||||
}
|
||||
}
|
||||
if ($this->request->is('ajax')) {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $result, 'check_publish' => true)), 'status'=>200, 'type' => 'json'));
|
||||
} else {
|
||||
$this->Flash->info($result);
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
$this->Flash->info($result);
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
|
||||
public function viewGraph($id)
|
||||
|
@ -202,4 +285,34 @@ class GalaxiesController extends AppController
|
|||
$this->set('galaxy_id', $cluster['Galaxy']['id']);
|
||||
$this->render('/Events/view_graph');
|
||||
}
|
||||
|
||||
public function showGalaxies($id, $scope = 'event')
|
||||
{
|
||||
$this->layout = 'ajax';
|
||||
$this->set('scope', $scope);
|
||||
if ($scope == 'event') {
|
||||
$this->loadModel('Event');
|
||||
$object = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id, 'metadata' => 1));
|
||||
if (empty($object)) {
|
||||
throw new MethodNotAllowedException('Invalid event.');
|
||||
}
|
||||
$this->set('object', $object[0]);
|
||||
|
||||
} elseif ($scope == 'attribute') {
|
||||
$this->loadModel('Attribute');
|
||||
$object = $this->Attribute->fetchAttributes($this->Auth->user(), array('conditions' => array('Attribute.id' => $id), 'flatten' => 1));
|
||||
if (empty($object)) {
|
||||
throw new MethodNotAllowedException('Invalid attribute.');
|
||||
}
|
||||
$object[0] = $this->Attribute->Event->massageTags($object[0], 'Attribute');
|
||||
} elseif ($scope == 'tag_collection') {
|
||||
$this->loadModel('TagCollection');
|
||||
$object = $this->TagCollection->fetchTagCollection($this->Auth->user(), array('conditions' => array('TagCollection.id' => $id)));
|
||||
if (empty($object)) {
|
||||
throw new MethodNotAllowedException('Invalid Tag Collection.');
|
||||
}
|
||||
}
|
||||
$this->set('object', $object[0]);
|
||||
$this->render('/Events/ajax/ajaxGalaxies');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ class GalaxyClustersController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'recursive' => -1,
|
||||
'order' => array(
|
||||
'GalaxyCluster.value' => 'ASC'
|
||||
|
@ -115,10 +115,18 @@ class GalaxyClustersController extends AppController
|
|||
|
||||
public function view($id)
|
||||
{
|
||||
$conditions = array('GalaxyCluster.id' => $id);
|
||||
if (Validation::uuid($id)) {
|
||||
$conditions = array('GalaxyCluster.uuid' => $id);
|
||||
}
|
||||
$contain = array('Galaxy');
|
||||
if ($this->_isRest()) {
|
||||
$contain[] = 'GalaxyElement';
|
||||
}
|
||||
$cluster = $this->GalaxyCluster->find('first', array(
|
||||
'recursive' => -1,
|
||||
'contain' => array('Galaxy'),
|
||||
'conditions' => array('GalaxyCluster.id' => $id)
|
||||
'contain' => $contain,
|
||||
'conditions' => $conditions
|
||||
));
|
||||
if (!empty($cluster)) {
|
||||
$galaxyType = $cluster['GalaxyCluster']['type'];
|
||||
|
@ -135,10 +143,18 @@ class GalaxyClustersController extends AppController
|
|||
$cluster['GalaxyCluster']['tag_count'] = count($tag['EventTag']);
|
||||
$cluster['GalaxyCluster']['tag_id'] = $tag['Tag']['id'];
|
||||
}
|
||||
} else {
|
||||
throw new NotFoundException('Cluster not found.');
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
$cluster['GalaxyCluster']['Galaxy'] = $cluster['Galaxy'];
|
||||
$cluster['GalaxyCluster']['GalaxyElement'] = $cluster['GalaxyElement'];
|
||||
return $this->RestResponse->viewData(array('GalaxyCluster' => $cluster['GalaxyCluster']), $this->response->type());
|
||||
} else {
|
||||
$this->set('id', $id);
|
||||
$this->set('galaxy_id', $cluster['Galaxy']['id']);
|
||||
$this->set('cluster', $cluster);
|
||||
}
|
||||
$this->set('id', $id);
|
||||
$this->set('galaxy_id', $cluster['Galaxy']['id']);
|
||||
$this->set('cluster', $cluster);
|
||||
}
|
||||
|
||||
public function attachToEvent($event_id, $tag_name)
|
||||
|
@ -208,20 +224,40 @@ class GalaxyClustersController extends AppController
|
|||
$event_id = $attribute['Attribute']['event_id'];
|
||||
} elseif ($target_type == 'event') {
|
||||
$event_id = $target_id;
|
||||
} elseif ($target_type === 'tag_collection') {
|
||||
// pass
|
||||
} else {
|
||||
throw new MethodNotAllowedException('Invalid options');
|
||||
}
|
||||
$this->Event->id = $event_id;
|
||||
$this->Event->recursive = -1;
|
||||
$event = $this->Event->read(array(), $event_id);
|
||||
if (empty($event)) {
|
||||
throw new MethodNotAllowedException('Invalid Event.');
|
||||
}
|
||||
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
|
||||
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
|
||||
|
||||
if ($target_type === 'tag_collection') {
|
||||
$tag_collection = $this->GalaxyCluster->Tag->TagCollectionTag->TagCollection->fetchTagCollection($this->Auth->user(), array(
|
||||
'conditions' => array('TagCollection.id' => $target_id),
|
||||
'contain' => array('Organisation', 'TagCollectionTag' => array('Tag'))
|
||||
));
|
||||
if (empty($tag_collection)) {
|
||||
throw new MethodNotAllowedException('Invalid Tag Collection');
|
||||
}
|
||||
$tag_collection = $tag_collection[0];
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if (!$this->userRole['perm_tag_editor'] || $this->Auth->user('org_id') !== $tag_collection['TagCollection']['org_id']) {
|
||||
throw new MethodNotAllowedException('Invalid Tag Collection');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$this->Event->id = $event_id;
|
||||
$this->Event->recursive = -1;
|
||||
$event = $this->Event->read(array(), $event_id);
|
||||
if (empty($event)) {
|
||||
throw new MethodNotAllowedException('Invalid Event.');
|
||||
}
|
||||
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
|
||||
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
|
||||
throw new MethodNotAllowedException('Invalid Event.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($target_type == 'attribute') {
|
||||
$existingTargetTag = $this->Event->Attribute->AttributeTag->find('first', array(
|
||||
'conditions' => array('AttributeTag.tag_id' => $tag_id, 'AttributeTag.attribute_id' => $target_id),
|
||||
|
@ -234,6 +270,12 @@ class GalaxyClustersController extends AppController
|
|||
'recursive' => -1,
|
||||
'contain' => array('Tag')
|
||||
));
|
||||
} elseif ($target_type == 'tag_collection') {
|
||||
$existingTargetTag = $this->GalaxyCluster->Tag->TagCollectionTag->find('first', array(
|
||||
'conditions' => array('TagCollectionTag.tag_id' => $tag_id, 'TagCollectionTag.tag_collection_id' => $target_id),
|
||||
'recursive' => -1,
|
||||
'contain' => array('Tag')
|
||||
));
|
||||
}
|
||||
|
||||
if (empty($existingTargetTag)) {
|
||||
|
@ -247,6 +289,8 @@ class GalaxyClustersController extends AppController
|
|||
$result = $this->Event->EventTag->delete($existingTargetTag['EventTag']['id']);
|
||||
} elseif ($target_type == 'attribute') {
|
||||
$result = $this->Event->Attribute->AttributeTag->delete($existingTargetTag['AttributeTag']['id']);
|
||||
} elseif ($target_type == 'tag_collection') {
|
||||
$result = $this->GalaxyCluster->Tag->TagCollectionTag->delete($existingTargetTag['TagCollectionTag']['id']);
|
||||
}
|
||||
if ($result) {
|
||||
$event['Event']['published'] = 0;
|
||||
|
@ -271,4 +315,45 @@ class GalaxyClustersController extends AppController
|
|||
}
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
|
||||
public function delete($id)
|
||||
{
|
||||
{
|
||||
if ($this->request->is('post')) {
|
||||
$result = false;
|
||||
$galaxy_cluster = $this->GalaxyCluster->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('GalaxyCluster.id' => $id)
|
||||
));
|
||||
if (!empty($galaxy_cluster)) {
|
||||
$result = $this->GalaxyCluster->delete($id, true);
|
||||
$galaxy_id = $galaxy_cluster['GalaxyCluster']['galaxy_id'];
|
||||
}
|
||||
if ($result) {
|
||||
$message = 'Galaxy cluster successfuly deleted.';
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('GalaxyCluster', 'delete', $id, $this->response->type());
|
||||
} else {
|
||||
$this->Flash->success($message);
|
||||
$this->redirect(array('controller' => 'galaxies', 'action' => 'view', $galaxy_id));
|
||||
}
|
||||
} else {
|
||||
$message = 'Galaxy cluster could not be deleted.';
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('GalaxyCluster', 'delete', $id, $message, $this->response->type());
|
||||
} else {
|
||||
$this->Flash->error($message);
|
||||
$this->redirect(array('controller' => 'taxonomies', 'action' => 'index'));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ($this->request->is('ajax')) {
|
||||
$this->set('id', $id);
|
||||
$this->render('ajax/galaxy_cluster_delete_confirmation');
|
||||
} else {
|
||||
throw new MethodNotAllowedException('This function can only be reached via AJAX.');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ class GalaxyElementsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 20,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'recursive' => -1,
|
||||
'order' => array(
|
||||
'GalaxyElement.key' => 'ASC'
|
||||
|
|
|
@ -29,31 +29,120 @@ class LogsController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
private function __resolveSpecial($data, $type, $fields)
|
||||
{
|
||||
if (!is_array($data)) {
|
||||
$data = array($data);
|
||||
}
|
||||
foreach ($data as $k => $element) {
|
||||
if (!is_numeric($data)) {
|
||||
$this->loadModel($type);
|
||||
$params = array(
|
||||
'conditions' => array(),
|
||||
'recursive' => -1,
|
||||
'fields' => array($type . '.id')
|
||||
);
|
||||
foreach ($fields as $field) {
|
||||
$params['conditions']['OR'][$type . '.' . $field] = $element;
|
||||
}
|
||||
$records = $this->$type->find('all', $params);
|
||||
if (empty($records)) {
|
||||
$data[$k] = -1;
|
||||
} else {
|
||||
$temp = array();
|
||||
foreach ($records as $record) {
|
||||
$temp[] = $record[$type]['id'];
|
||||
}
|
||||
$data = array_merge($data, $temp);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function admin_index()
|
||||
{
|
||||
if (!$this->userRole['perm_audit']) {
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->set('isSearch', 0);
|
||||
$this->recursive = 0;
|
||||
$validFilters = $this->Log->logMeta;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$orgRestriction = $this->Auth->user('Organisation')['name'];
|
||||
$conditions['Log.org'] = $orgRestriction;
|
||||
$this->paginate = array(
|
||||
'limit' => 60,
|
||||
'conditions' => $conditions,
|
||||
'order' => array('Log.id' => 'DESC')
|
||||
if ($this->_isRest()) {
|
||||
$paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip');
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
'named_params' => $this->params['named'],
|
||||
'paramArray' => $paramArray,
|
||||
'ordered_url_params' => compact($paramArray)
|
||||
);
|
||||
$exception = false;
|
||||
$filters = $this->_harvestParameters($filterData, $exception);
|
||||
unset($filterData);
|
||||
if ($filters === false) {
|
||||
return $exception;
|
||||
}
|
||||
$conditions = array();
|
||||
foreach ($filters as $filter => $data) {
|
||||
if ($filter === 'created') {
|
||||
$tempData = $data;
|
||||
if (!is_array($data)) {
|
||||
$tempData = array($data);
|
||||
}
|
||||
foreach ($tempData as $k => $v) {
|
||||
$tempData[$k] = $this->Log->resolveTimeDelta($v);
|
||||
}
|
||||
if (count($tempData) == 1) {
|
||||
$conditions['AND']['created >='] = date("Y-m-d H:i:s", $tempData[0]);
|
||||
} else {
|
||||
if ($tempData[0] < $tempData[1]) {
|
||||
$temp = $tempData[1];
|
||||
$tempData[1] = $tempData[0];
|
||||
$tempData[0] = $temp;
|
||||
}
|
||||
$conditions['AND'][] = array('created <= ' => date("Y-m-d H:i:s", $tempData[0]));
|
||||
$conditions['AND'][] = array('created >= ' => date("Y-m-d H:i:s", $tempData[1]));
|
||||
}
|
||||
} else {
|
||||
$data = array('OR' => $data);
|
||||
$conditions = $this->Log->generic_add_filter($conditions, $data, 'Log.' . $filter);
|
||||
}
|
||||
}
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$orgRestriction = $this->Auth->user('Organisation')['name'];
|
||||
$conditions['AND']['Log.org'] = $orgRestriction;
|
||||
}
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1
|
||||
);
|
||||
if (isset($filters['limit'])) {
|
||||
$params['limit'] = $filters['limit'];
|
||||
}
|
||||
if (isset($filters['page'])) {
|
||||
$params['page'] = $filters['page'];
|
||||
}
|
||||
$log_entries = $this->Log->find('all', $params);
|
||||
return $this->RestResponse->viewData($log_entries, 'json');
|
||||
} else {
|
||||
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
|
||||
if (!$this->userRole['perm_audit']) {
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index', 'admin' => false));
|
||||
}
|
||||
$this->set('isSearch', 0);
|
||||
$this->recursive = 0;
|
||||
$validFilters = $this->Log->logMeta;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$orgRestriction = $this->Auth->user('Organisation')['name'];
|
||||
$conditions['Log.org'] = $orgRestriction;
|
||||
$this->paginate = array(
|
||||
'limit' => 60,
|
||||
'conditions' => $conditions,
|
||||
'order' => array('Log.id' => 'DESC')
|
||||
);
|
||||
} else {
|
||||
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
|
||||
}
|
||||
if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) {
|
||||
$this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values'];
|
||||
}
|
||||
$this->set('validFilters', $validFilters);
|
||||
$this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false);
|
||||
$this->set('list', $this->paginate());
|
||||
}
|
||||
if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) {
|
||||
$this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values'];
|
||||
}
|
||||
$this->set('validFilters', $validFilters);
|
||||
$this->set('filter', isset($this->params['named']['filter']) ? $this->params['named']['filter'] : false);
|
||||
$this->set('list', $this->paginate());
|
||||
}
|
||||
|
||||
// Shows a minimalistic history for the currently selected event
|
||||
|
|
|
@ -7,7 +7,7 @@ class NewsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 5,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'News.id' => 'DESC'
|
||||
),
|
||||
|
@ -31,8 +31,10 @@ class NewsController extends AppController
|
|||
}
|
||||
}
|
||||
$this->User->id = $this->Auth->user('id');
|
||||
//if ($this->User->exists()) {
|
||||
$this->User->saveField('newsread', time());
|
||||
$this->set('newsItems', $newsItems);
|
||||
//}
|
||||
}
|
||||
|
||||
public function add()
|
||||
|
|
|
@ -162,6 +162,7 @@ class ObjectReferencesController extends AppController
|
|||
$relationships[$v['ObjectRelationship']['name']] = $v['ObjectRelationship']['name'];
|
||||
}
|
||||
$relationships['custom'] = 'custom';
|
||||
ksort($relationships);
|
||||
$this->set('relationships', $relationships);
|
||||
$this->set('event', $event);
|
||||
$this->set('objectId', $objectId);
|
||||
|
|
|
@ -17,36 +17,91 @@ class ObjectTemplatesController extends AppController
|
|||
'recursive' => -1
|
||||
);
|
||||
|
||||
public function objectChoice($event_id)
|
||||
{
|
||||
$this->ObjectTemplate->populateIfEmpty($this->Auth->user());
|
||||
$templates_raw = $this->ObjectTemplate->find('all', array(
|
||||
public function objectMetaChoice($event_id) {
|
||||
$metas = $this->ObjectTemplate->find('list', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('ObjectTemplate.active' => 1),
|
||||
'fields' => array('meta-category', 'meta-category'),
|
||||
'group' => array('ObjectTemplate.meta-category'),
|
||||
'order' => array('ObjectTemplate.meta-category asc')
|
||||
));
|
||||
|
||||
$items = array();
|
||||
$items[] = array(
|
||||
'name' => __('All Objects'),
|
||||
'value' => "/ObjectTemplates/objectChoice/" . h($event_id) . "/" . "0"
|
||||
);
|
||||
foreach($metas as $meta) {
|
||||
$items[] = array(
|
||||
'name' => $meta,
|
||||
'value' => "/ObjectTemplates/objectChoice/" . h($event_id) . "/" . h($meta)
|
||||
);
|
||||
}
|
||||
|
||||
$this->set('items', $items);
|
||||
$this->set('options', array(
|
||||
'multiple' => 0,
|
||||
));
|
||||
$this->render('/Elements/generic_picker');
|
||||
}
|
||||
|
||||
public function objectChoice($event_id, $category=false)
|
||||
{
|
||||
$this->ObjectTemplate->populateIfEmpty($this->Auth->user());
|
||||
$conditions = array('ObjectTemplate.active' => 1);
|
||||
if ($category !== false && $category !== "0") {
|
||||
$conditions['meta-category'] = $category;
|
||||
}
|
||||
$templates_raw = $this->ObjectTemplate->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => $conditions,
|
||||
'fields' => array('id', 'meta-category', 'name', 'description', 'org_id'),
|
||||
'contain' => array('Organisation.name'),
|
||||
'sort' => array('ObjectTemplate.name asc')
|
||||
'order' => array('ObjectTemplate.name asc')
|
||||
));
|
||||
$templates = array('all' => array());
|
||||
foreach ($templates_raw as $k => $template) {
|
||||
unset($template['ObjectTemplate']['meta-category']);
|
||||
$template['ObjectTemplate']['org_name'] = $template['Organisation']['name'];
|
||||
$templates[$templates_raw[$k]['ObjectTemplate']['meta-category']][] = $template['ObjectTemplate'];
|
||||
$templates['all'][] = $template['ObjectTemplate'];
|
||||
|
||||
$items = array();
|
||||
foreach($templates_raw as $template) {
|
||||
$template = $template['ObjectTemplate'];
|
||||
$items[] = array(
|
||||
'name' => $template['name'],
|
||||
'value' => $template['id'],
|
||||
'template' => array(
|
||||
'name' => $template['name'],
|
||||
'infoExtra' => $template['description'],
|
||||
'infoContextual' => $template['meta-category']
|
||||
)
|
||||
);
|
||||
}
|
||||
foreach ($templates as $category => $template_list) {
|
||||
$templates[$category] = Hash::sort($templates[$category], '{n}.name');
|
||||
}
|
||||
$template_categories = array_keys($templates);
|
||||
$this->layout = false;
|
||||
$this->set('template_categories', $template_categories);
|
||||
$this->set('eventId', $event_id);
|
||||
$this->set('templates', $templates);
|
||||
$this->render('ajax/object_choice');
|
||||
|
||||
$fun = 'redirectAddObject';
|
||||
$this->set('items', $items);
|
||||
$this->set('options', array(
|
||||
'functionName' => $fun,
|
||||
'multiple' => 0,
|
||||
'select_options' => array(
|
||||
'additionalData' => array('event_id' => $event_id),
|
||||
),
|
||||
));
|
||||
$this->render('/Elements/generic_picker');
|
||||
}
|
||||
|
||||
public function view($id)
|
||||
{
|
||||
if (Validation::uuid($id)) {
|
||||
$temp = $this->ObjectTemplate->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('ObjectTemplate.uuid' => $id),
|
||||
'fields' => array('ObjectTemplate.id', 'ObjectTemplate.uuid'),
|
||||
'order' => array('ObjectTemplate.version desc')
|
||||
));
|
||||
if (empty($temp)) {
|
||||
throw new NotFoundException(__('Invalid object template'));
|
||||
}
|
||||
$id = $temp['ObjectTemplate']['id'];
|
||||
} elseif (!is_numeric($id)) {
|
||||
throw new NotFoundException(__('Invalid object template id.'));
|
||||
}
|
||||
$params = array(
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
|
|
|
@ -42,7 +42,7 @@ class ObjectsController extends AppController
|
|||
)
|
||||
));
|
||||
$event = $this->MispObject->Event->find('first', $eventFindParams);
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
throw new NotFoundException(__('Invalid event.'));
|
||||
}
|
||||
$sharing_groups = array();
|
||||
|
@ -105,7 +105,7 @@ class ObjectsController extends AppController
|
|||
$eventFindParams = array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.id', 'Event.uuid', 'Event.orgc_id'),
|
||||
'conditions' => array('Event.id' => $eventId)
|
||||
'conditions' => array()
|
||||
);
|
||||
|
||||
if (!empty($templateId) && Validation::uuid($templateId)) {
|
||||
|
@ -140,13 +140,14 @@ class ObjectsController extends AppController
|
|||
throw new NotFoundException(__('Invalid event.'));
|
||||
}
|
||||
$event = $this->MispObject->Event->find('first', $eventFindParams);
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
throw new NotFoundException(__('Invalid event.'));
|
||||
}
|
||||
$eventId = $event['Event']['id'];
|
||||
if (!$this->_isRest()) {
|
||||
$this->MispObject->Event->insertLock($this->Auth->user(), $eventId);
|
||||
}
|
||||
$error = false;
|
||||
if (!empty($templateId) || !$this->_isRest()) {
|
||||
$templates = $this->MispObject->ObjectTemplate->find('all', array(
|
||||
'conditions' => array('ObjectTemplate.id' => $templateId),
|
||||
|
@ -166,10 +167,9 @@ class ObjectsController extends AppController
|
|||
$template = $temp;
|
||||
}
|
||||
}
|
||||
}
|
||||
$error = false;
|
||||
if (empty($template)) {
|
||||
$error = 'No valid template found to edit the object.';
|
||||
if (empty($template)) {
|
||||
$error = 'No valid template found to edit the object.';
|
||||
}
|
||||
}
|
||||
// If we have received a POST request
|
||||
if ($this->request->is('post')) {
|
||||
|
@ -194,6 +194,7 @@ class ObjectsController extends AppController
|
|||
$error = 'Could not save the object as no attributes were set.';
|
||||
} else {
|
||||
foreach ($object['Attribute'] as $k => $attribute) {
|
||||
unset($object['Attribute'][$k]['id']);
|
||||
$object['Attribute'][$k]['event_id'] = $eventId;
|
||||
$this->MispObject->Event->Attribute->set($attribute);
|
||||
if (!$this->MispObject->Event->Attribute->validates()) {
|
||||
|
@ -217,11 +218,15 @@ class ObjectsController extends AppController
|
|||
}
|
||||
}
|
||||
if (!empty($template)) {
|
||||
$error = $this->MispObject->ObjectTemplate->checkTemplateConformity($template, $object);
|
||||
$conformity = $this->MispObject->ObjectTemplate->checkTemplateConformity($template, $object);
|
||||
if ($conformity !== true) {
|
||||
$error = $conformity;
|
||||
}
|
||||
}
|
||||
if ($error === true) {
|
||||
if (empty($error)) {
|
||||
unset($object['Object']['id']);
|
||||
$result = $this->MispObject->saveObject($object, $eventId, $template, $this->Auth->user(), $errorBehaviour = 'halt');
|
||||
if ($result === true) {
|
||||
if (is_numeric($result)) {
|
||||
$this->MispObject->Event->unpublishEvent($eventId);
|
||||
}
|
||||
} else {
|
||||
|
@ -234,6 +239,10 @@ class ObjectsController extends AppController
|
|||
'conditions' => array('Object.id' => $result),
|
||||
'contain' => array('Attribute')
|
||||
));
|
||||
if (!empty($object)) {
|
||||
$object['Object']['Attribute'] = $object['Attribute'];
|
||||
unset($object['Attribute']);
|
||||
}
|
||||
return $this->RestResponse->viewData($object, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveFailResponse('Objects', 'add', false, $error, $this->response->type());
|
||||
|
@ -246,7 +255,6 @@ class ObjectsController extends AppController
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
// In the case of a GET request or if the object could not be validated, show the form / the requirement
|
||||
if ($this->_isRest()) {
|
||||
if ($error) {
|
||||
|
@ -324,7 +332,7 @@ class ObjectsController extends AppController
|
|||
);
|
||||
|
||||
$event = $this->MispObject->Event->find('first', $eventFindParams);
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
throw new NotFoundException(__('Invalid object.'));
|
||||
}
|
||||
if (!$this->_isRest()) {
|
||||
|
@ -370,6 +378,10 @@ class ObjectsController extends AppController
|
|||
'conditions' => array('Object.id' => $id),
|
||||
'contain' => array('Attribute')
|
||||
));
|
||||
if (!empty($objectToSave)) {
|
||||
$objectToSave['Object']['Attribute'] = $objectToSave['Attribute'];
|
||||
unset($objectToSave['Attribute']);
|
||||
}
|
||||
$this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
|
||||
return $this->RestResponse->viewData($objectToSave, $this->response->type());
|
||||
} else {
|
||||
|
|
|
@ -19,7 +19,7 @@ class OrgBlacklistsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => array(
|
||||
'OrgBlacklist.created' => 'DESC'
|
||||
),
|
||||
|
|
|
@ -15,10 +15,10 @@ class OrganisationsController extends AppController
|
|||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'maxLimit' => 9999, // LATER we will bump here on a problem once we have more than 9999 events <- no we won't, this is the max a user van view/page.
|
||||
'order' => 'LOWER(Organisation.name)'
|
||||
//'order' => array(
|
||||
// 'Organisation.name' => 'ASC'
|
||||
// 'Organisation.name' => 'ASC'
|
||||
//),
|
||||
);
|
||||
|
||||
|
@ -116,7 +116,7 @@ class OrganisationsController extends AppController
|
|||
}
|
||||
if ($this->Organisation->save($this->request->data)) {
|
||||
if (isset($this->request->data['Organisation']['logo']['size']) && $this->request->data['Organisation']['logo']['size'] > 0 && $this->request->data['Organisation']['logo']['error'] == 0) {
|
||||
$filename = basename($this->request->data['Organisation']['id'] . '.png');
|
||||
$filename = basename($this->Organisation->id . '.png');
|
||||
if (preg_match("/^[0-9a-z\-\_\.]*\.(png)$/i", $filename)) {
|
||||
if (!empty($this->request->data['Organisation']['logo']['tmp_name']) && is_uploaded_file($this->request->data['Organisation']['logo']['tmp_name'])) {
|
||||
$result = move_uploaded_file($this->request->data['Organisation']['logo']['tmp_name'], APP . 'webroot/img/orgs/' . $filename);
|
||||
|
@ -171,8 +171,8 @@ class OrganisationsController extends AppController
|
|||
} else {
|
||||
$temp['Organisation'][$field] = $existingOrg['Organisation'][$field];
|
||||
}
|
||||
$this->request->data = $temp;
|
||||
}
|
||||
$this->request->data = $temp;
|
||||
}
|
||||
$this->request->data['Organisation']['id'] = $id;
|
||||
if ($this->Organisation->save($this->request->data)) {
|
||||
|
|
|
@ -4,7 +4,7 @@ App::uses('Xml', 'Utility');
|
|||
|
||||
class ServersController extends AppController
|
||||
{
|
||||
public $components = array('Security' ,'RequestHandler'); // XXX ACL component
|
||||
public $components = array('Security' ,'RequestHandler'); // XXX ACL component
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 60,
|
||||
|
@ -31,7 +31,7 @@ class ServersController extends AppController
|
|||
public function beforeFilter()
|
||||
{
|
||||
parent::beforeFilter();
|
||||
|
||||
$this->Security->unlockedActions[] = 'getApiInfo';
|
||||
// permit reuse of CSRF tokens on some pages.
|
||||
switch ($this->request->params['action']) {
|
||||
case 'push':
|
||||
|
@ -51,27 +51,37 @@ class ServersController extends AppController
|
|||
$this->paginate['conditions'] = array('Server.org_id LIKE' => $this->Auth->user('org_id'));
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
$params = array(
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'Organisation' => array('Organisation.id', 'Organisation.name', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type'),
|
||||
'RemoteOrg' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
|
||||
)
|
||||
);
|
||||
$servers = $this->Server->find('all', $params);
|
||||
return $this->RestResponse->viewData($servers, $this->response->type());
|
||||
} else {
|
||||
$this->set('servers', $this->paginate());
|
||||
$collection = array();
|
||||
$collection['orgs'] = $this->Server->Organisation->find('list', array(
|
||||
'fields' => array('id', 'name'),
|
||||
));
|
||||
$this->loadModel('Tag');
|
||||
$collection['tags'] = $this->Tag->find('list', array(
|
||||
'fields' => array('id', 'name'),
|
||||
));
|
||||
$this->set('collection', $collection);
|
||||
}
|
||||
$params = array(
|
||||
'recursive' => -1,
|
||||
'contain' => array(
|
||||
'User' => array(
|
||||
'fields' => array('User.id', 'User.org_id', 'User.email'),
|
||||
),
|
||||
'Organisation' => array(
|
||||
'fields' => array('Organisation.id', 'Organisation.name', 'Organisation.uuid', 'Organisation.nationality', 'Organisation.sector', 'Organisation.type'),
|
||||
),
|
||||
'RemoteOrg' => array(
|
||||
'fields' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
|
||||
),
|
||||
),
|
||||
);
|
||||
$servers = $this->Server->find('all', $params);
|
||||
$servers = $this->Server->attachServerCacheTimestamps($servers);
|
||||
return $this->RestResponse->viewData($servers, $this->response->type());
|
||||
} else {
|
||||
$servers = $this->paginate();
|
||||
$servers = $this->Server->attachServerCacheTimestamps($servers);
|
||||
$this->set('servers', $servers);
|
||||
$collection = array();
|
||||
$collection['orgs'] = $this->Server->Organisation->find('list', array(
|
||||
'fields' => array('id', 'name'),
|
||||
));
|
||||
$this->loadModel('Tag');
|
||||
$collection['tags'] = $this->Tag->find('list', array(
|
||||
'fields' => array('id', 'name'),
|
||||
));
|
||||
$this->set('collection', $collection);
|
||||
}
|
||||
}
|
||||
|
||||
public function previewIndex($id)
|
||||
|
@ -236,6 +246,7 @@ class ServersController extends AppController
|
|||
$defaults = array(
|
||||
'push' => 0,
|
||||
'pull' => 0,
|
||||
'caching_enabled' => 0,
|
||||
'json' => '[]',
|
||||
'push_rules' => '[]',
|
||||
'pull_rules' => '[]',
|
||||
|
@ -422,7 +433,7 @@ class ServersController extends AppController
|
|||
}
|
||||
if (!$fail) {
|
||||
// say what fields are to be updated
|
||||
$fieldList = array('id', 'url', 'push', 'pull', 'unpublish_event', 'publish_without_email', 'remote_org_id', 'name' ,'self_signed', 'cert_file', 'client_cert_file', 'push_rules', 'pull_rules', 'internal', 'skip_proxy');
|
||||
$fieldList = array('id', 'url', 'push', 'pull', 'caching_enabled', 'unpublish_event', 'publish_without_email', 'remote_org_id', 'name' ,'self_signed', 'cert_file', 'client_cert_file', 'push_rules', 'pull_rules', 'internal', 'skip_proxy');
|
||||
$this->request->data['Server']['id'] = $id;
|
||||
if (isset($this->request->data['Server']['authkey']) && "" != $this->request->data['Server']['authkey']) {
|
||||
$fieldList[] = 'authkey';
|
||||
|
@ -563,6 +574,7 @@ class ServersController extends AppController
|
|||
}
|
||||
$this->set('allTags', $allTags);
|
||||
$this->set('server', $s);
|
||||
$this->set('id', $id);
|
||||
$this->set('host_org_id', Configure::read('MISP.host_org_id'));
|
||||
}
|
||||
}
|
||||
|
@ -591,9 +603,9 @@ class ServersController extends AppController
|
|||
/**
|
||||
* Pull one or more events with attributes from a remote instance.
|
||||
* Set $technique to
|
||||
* full - download everything
|
||||
* incremental - only new events
|
||||
* <int> - specific id of the event to pull
|
||||
* full - download everything
|
||||
* incremental - only new events
|
||||
* <int> - specific id of the event to pull
|
||||
*/
|
||||
public function pull($id = null, $technique='full')
|
||||
{
|
||||
|
@ -602,67 +614,66 @@ class ServersController extends AppController
|
|||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
$s = $this->Server->read(null, $id);
|
||||
$error = false;
|
||||
$error = false;
|
||||
if (!$this->_isSiteAdmin() && !($s['Server']['org_id'] == $this->Auth->user('org_id') && $this->_isAdmin())) {
|
||||
throw new MethodNotAllowedException(__('You are not authorised to do that.'));
|
||||
throw new MethodNotAllowedException(__('You are not authorised to do that.'));
|
||||
}
|
||||
$this->Server->id = $id;
|
||||
if (!$this->Server->exists()) {
|
||||
throw new NotFoundException(__('Invalid server'));
|
||||
}
|
||||
if (false == $this->Server->data['Server']['pull'] && ($technique == 'full' || $technique == 'incremental')) {
|
||||
$error = __('Pull setting not enabled for this server.');
|
||||
$error = __('Pull setting not enabled for this server.');
|
||||
}
|
||||
if (empty($error)) {
|
||||
if (!Configure::read('MISP.background_jobs')) {
|
||||
$result = $this->Server->pull($this->Auth->user(), $id, $technique, $s);
|
||||
if (is_array($result)) {
|
||||
$success = sprintf(__('Pull completed. %s events pulled, %s events could not be pulled, %s proposals pulled.', count($result[0]), count($result[1]), count($result[2])));
|
||||
} else {
|
||||
$error = $result;
|
||||
}
|
||||
$this->set('successes', $result[0]);
|
||||
$this->set('fails', $result[1]);
|
||||
$this->set('pulledProposals', $result[2]);
|
||||
} else {
|
||||
$this->loadModel('Job');
|
||||
$this->Job->create();
|
||||
$data = array(
|
||||
'worker' => 'default',
|
||||
'job_type' => 'pull',
|
||||
'job_input' => 'Server: ' . $id,
|
||||
'status' => 0,
|
||||
'retries' => 0,
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'message' => 'Pulling.',
|
||||
);
|
||||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
$process_id = CakeResque::enqueue(
|
||||
'default',
|
||||
'ServerShell',
|
||||
array('pull', $this->Auth->user('id'), $id, $technique, $jobId)
|
||||
);
|
||||
$this->Job->saveField('process_id', $process_id);
|
||||
$success = sprintf(__('Pull queued for background execution. Job ID: %s'), $jobId);
|
||||
}
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
if (!empty($error)) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'pull', false, $error, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'pull', $success, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
if (!empty($error)) {
|
||||
$this->Flash->error($error);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
$this->Flash->success($success);
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
}
|
||||
if (empty($error)) {
|
||||
if (!Configure::read('MISP.background_jobs')) {
|
||||
$result = $this->Server->pull($this->Auth->user(), $id, $technique, $s);
|
||||
if (is_array($result)) {
|
||||
$success = sprintf(__('Pull completed. %s events pulled, %s events could not be pulled, %s proposals pulled.', count($result[0]), count($result[1]), count($result[2])));
|
||||
} else {
|
||||
$error = $result;
|
||||
}
|
||||
$this->set('successes', $result[0]);
|
||||
$this->set('fails', $result[1]);
|
||||
$this->set('pulledProposals', $result[2]);
|
||||
$this->set('lastpulledid', $result[3]);
|
||||
} else {
|
||||
$this->loadModel('Job');
|
||||
$this->Job->create();
|
||||
$data = array(
|
||||
'worker' => 'default',
|
||||
'job_type' => 'pull',
|
||||
'job_input' => 'Server: ' . $id,
|
||||
'status' => 0,
|
||||
'retries' => 0,
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'message' => 'Pulling.',
|
||||
);
|
||||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
$process_id = CakeResque::enqueue(
|
||||
'default',
|
||||
'ServerShell',
|
||||
array('pull', $this->Auth->user('id'), $id, $technique, $jobId)
|
||||
);
|
||||
$this->Job->saveField('process_id', $process_id);
|
||||
$success = sprintf(__('Pull queued for background execution. Job ID: %s'), $jobId);
|
||||
}
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
if (!empty($error)) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'pull', false, $error, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'pull', $success, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
if (!empty($error)) {
|
||||
$this->Flash->error($error);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
} else {
|
||||
$this->Flash->success($success);
|
||||
$this->redirect($this->referer());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function push($id = null, $technique=false)
|
||||
|
@ -682,24 +693,24 @@ class ServersController extends AppController
|
|||
$HttpSocket = $syncTool->setupHttpSocket($server);
|
||||
$result = $this->Server->push($id, $technique, false, $HttpSocket, $this->Auth->user());
|
||||
if ($result === false) {
|
||||
$error = __('The remote server is too outdated to initiate a push towards it. Please notify the hosting organisation of the remote instance.');
|
||||
} else if (!is_array($result)) {
|
||||
$error = $result;
|
||||
}
|
||||
if (!empty($error)) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'push', false, $error, $this->response->type());
|
||||
} else {
|
||||
$this->Flash->info($error);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'push', array(sprintf(__('Push complete. %s events pushed, %s events could not be pushed.', $result[0], $result[1]))), $this->response->type());
|
||||
} else {
|
||||
$this->set('successes', $result[0]);
|
||||
$this->set('fails', $result[1]);
|
||||
}
|
||||
$error = __('The remote server is too outdated to initiate a push towards it. Please notify the hosting organisation of the remote instance.');
|
||||
} elseif (!is_array($result)) {
|
||||
$error = $result;
|
||||
}
|
||||
if (!empty($error)) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'push', false, $error, $this->response->type());
|
||||
} else {
|
||||
$this->Flash->info($error);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'push', array(sprintf(__('Push complete. %s events pushed, %s events could not be pushed.', $result[0], $result[1]))), $this->response->type());
|
||||
} else {
|
||||
$this->set('successes', $result[0]);
|
||||
$this->set('fails', $result[1]);
|
||||
}
|
||||
} else {
|
||||
$this->loadModel('Job');
|
||||
$this->Job->create();
|
||||
|
@ -720,10 +731,10 @@ class ServersController extends AppController
|
|||
array('push', $this->Auth->user('id'), $id, $jobId)
|
||||
);
|
||||
$this->Job->saveField('process_id', $process_id);
|
||||
$message = sprintf(__('Push queued for background execution. Job ID: %s'), $jobId);
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'push', $message, $this->response->type());
|
||||
}
|
||||
$message = sprintf(__('Push queued for background execution. Job ID: %s'), $jobId);
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'push', $message, $this->response->type());
|
||||
}
|
||||
$this->Flash->success($message);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
|
@ -752,7 +763,7 @@ class ServersController extends AppController
|
|||
}
|
||||
$file = new File($server['Server'][$subm]['name']);
|
||||
$ext = $file->ext();
|
||||
if (($ext != 'pem') || !$server['Server'][$subm]['size'] > 0) {
|
||||
if (!$server['Server'][$subm]['size'] > 0) {
|
||||
$this->Flash->error('Incorrect extension or empty file.');
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
|
@ -822,6 +833,11 @@ class ServersController extends AppController
|
|||
return $this->Server->loadAvailableLanguages();
|
||||
}
|
||||
|
||||
private function __loadTagCollections()
|
||||
{
|
||||
return $this->Server->loadTagCollections($this->Auth->user());
|
||||
}
|
||||
|
||||
private function __loadLocalOrgs()
|
||||
{
|
||||
$this->loadModel('Organisation');
|
||||
|
@ -853,10 +869,11 @@ class ServersController extends AppController
|
|||
$zmqErrors = array(0 => 'OK', 1 => 'not enabled (so not tested)', 2 => 'Python ZeroMQ library not installed correctly.', 3 => 'ZeroMQ script not running.');
|
||||
$stixOperational = array(0 => 'Some of the libraries related to STIX are not installed. Make sure that all libraries listed below are correctly installed.', 1 => 'OK');
|
||||
$stixVersion = array(0 => 'Incorrect STIX version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$stix2Version = array(0 => 'Incorrect STIX2 version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$cyboxVersion = array(0 => 'Incorrect CyBox version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$mixboxVersion = array(0 => 'Incorrect mixbox version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$maecVersion = array(0 => 'Incorrect maec version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$pymispVersion = array(0 => 'Incorrect pymisp version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$pymispVersion = array(0 => 'Incorrect PyMISP version installed, found $current, expecting $expected', 1 => 'OK');
|
||||
$sessionErrors = array(0 => 'OK', 1 => 'High', 2 => 'Alternative setting used', 3 => 'Test failed');
|
||||
$moduleErrors = array(0 => 'OK', 1 => 'System not enabled', 2 => 'No modules found');
|
||||
|
||||
|
@ -919,10 +936,11 @@ class ServersController extends AppController
|
|||
$this->set('files', $files);
|
||||
}
|
||||
// Only run this check on the diagnostics tab
|
||||
if ($tab == 'diagnostics' || $tab == 'download') {
|
||||
if ($tab == 'diagnostics' || $tab == 'download' || $this->_isRest()) {
|
||||
$php_ini = php_ini_loaded_file();
|
||||
$this->set('php_ini', $php_ini);
|
||||
$advanced_attachments = shell_exec('python3 ' . APP . 'files/scripts/generate_file_objects.py -c');
|
||||
$advanced_attachments = shell_exec($this->Server->getPythonVersion() . ' ' . APP . 'files/scripts/generate_file_objects.py -c');
|
||||
|
||||
try {
|
||||
$advanced_attachments = json_decode($advanced_attachments, true);
|
||||
} catch (Exception $e) {
|
||||
|
@ -975,7 +993,7 @@ class ServersController extends AppController
|
|||
}
|
||||
|
||||
// check if the STIX and Cybox libraries are working and the correct version using the test script stixtest.py
|
||||
$stix = $this->Server->stixDiagnostics($diagnostic_errors, $stixVersion, $cyboxVersion, $mixboxVersion, $maecVersion, $pymispVersion);
|
||||
$stix = $this->Server->stixDiagnostics($diagnostic_errors, $stixVersion, $cyboxVersion, $mixboxVersion, $maecVersion, $stix2Version, $pymispVersion);
|
||||
|
||||
// if GnuPG is set up in the settings, try to encrypt a test message
|
||||
$gpgStatus = $this->Server->gpgDiagnostics($diagnostic_errors);
|
||||
|
@ -996,7 +1014,7 @@ class ServersController extends AppController
|
|||
$sessionStatus = $this->Server->sessionDiagnostics($diagnostic_errors, $sessionCount);
|
||||
$this->set('sessionCount', $sessionCount);
|
||||
|
||||
$additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'pymispVersion', 'moduleStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes');
|
||||
$additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'stix2Version', 'pymispVersion', 'moduleStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes');
|
||||
}
|
||||
// check whether the files are writeable
|
||||
$writeableDirs = $this->Server->writeableDirsDiagnostics($diagnostic_errors);
|
||||
|
@ -1015,14 +1033,14 @@ class ServersController extends AppController
|
|||
$this->set($viewVar, ${$viewVar});
|
||||
}
|
||||
|
||||
$workerIssueCount = 0;
|
||||
$workerIssueCount = 4;
|
||||
$worker_array = array();
|
||||
if (Configure::read('MISP.background_jobs')) {
|
||||
$this->set('worker_array', $this->Server->workerDiagnostics($workerIssueCount));
|
||||
} else {
|
||||
$workerIssueCount = 4;
|
||||
$this->set('worker_array', array());
|
||||
$workerIssueCount = 0;
|
||||
$worker_array = $this->Server->workerDiagnostics($workerIssueCount);
|
||||
}
|
||||
if ($tab == 'download') {
|
||||
$this->set('worker_array', $worker_array);
|
||||
if ($tab == 'download' || $this->_isRest()) {
|
||||
foreach ($dumpResults as $key => $dr) {
|
||||
unset($dumpResults[$key]['description']);
|
||||
}
|
||||
|
@ -1038,7 +1056,8 @@ class ServersController extends AppController
|
|||
'writeableFiles' => $writeableFiles,
|
||||
'readableFiles' => $readableFiles,
|
||||
'finalSettings' => $dumpResults,
|
||||
'extensions' => $extensions
|
||||
'extensions' => $extensions,
|
||||
'workers' => $worker_array
|
||||
);
|
||||
foreach ($dump['finalSettings'] as $k => $v) {
|
||||
if (!empty($v['redacted'])) {
|
||||
|
@ -1118,67 +1137,39 @@ class ServersController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
public function serverSettingsEdit($setting, $id = false, $forceSave = false)
|
||||
public function serverSettingsEdit($setting_name, $id = false, $forceSave = false)
|
||||
{
|
||||
// invalidate config.php from php opcode cache
|
||||
if (function_exists('opcache_reset')) {
|
||||
opcache_reset();
|
||||
}
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
if (!isset($setting) || !isset($id)) {
|
||||
if (!isset($setting_name) || !isset($id)) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
$this->set('id', $id);
|
||||
if (strpos($setting, 'Plugin.Enrichment') !== false || strpos($setting, 'Plugin.Import') !== false || strpos($setting, 'Plugin.Export') !== false || strpos($setting, 'Plugin.Cortex') !== false) {
|
||||
$serverSettings = $this->Server->getCurrentServerSettings();
|
||||
} else {
|
||||
$serverSettings = $this->Server->serverSettings;
|
||||
}
|
||||
$relevantSettings = (array_intersect_key(Configure::read(), $serverSettings));
|
||||
$found = null;
|
||||
foreach ($serverSettings as $k => $s) {
|
||||
if (isset($s['branch'])) {
|
||||
foreach ($s as $ek => $es) {
|
||||
if ($ek != 'branch') {
|
||||
if ($setting == $k . '.' . $ek) {
|
||||
$found = $es;
|
||||
continue 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ($setting == $k) {
|
||||
$found = $s;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
$setting = $this->Server->getSettingData($setting_name);
|
||||
if ($this->request->is('get')) {
|
||||
if ($found != null) {
|
||||
$value = Configure::read($setting);
|
||||
if ($setting != null) {
|
||||
$value = Configure::read($setting['name']);
|
||||
if ($value) {
|
||||
$found['value'] = $value;
|
||||
$setting['value'] = $value;
|
||||
}
|
||||
$found['setting'] = $setting;
|
||||
$setting['setting'] = $setting['name'];
|
||||
}
|
||||
if (isset($found['optionsSource']) && !empty($found['optionsSource'])) {
|
||||
$found['options'] = $this->{'__load' . $found['optionsSource']}();
|
||||
if (isset($setting['optionsSource']) && !empty($setting['optionsSource'])) {
|
||||
$setting['options'] = $this->{'__load' . $setting['optionsSource']}();
|
||||
}
|
||||
$subGroup = 'general';
|
||||
$subGroup = explode('.', $setting);
|
||||
$subGroup = explode('.', $setting['name']);
|
||||
if ($subGroup[0] === 'Plugin') {
|
||||
$subGroup = explode('_', $subGroup[1])[0];
|
||||
} else {
|
||||
$subGroup = 'general';
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->viewData(array($setting => $found['value']));
|
||||
return $this->RestResponse->viewData(array($setting['name'] => $setting['value']));
|
||||
} else {
|
||||
$this->set('subGroup', $subGroup);
|
||||
$this->set('setting', $found);
|
||||
$this->set('setting', $setting);
|
||||
$this->render('ajax/server_settings_edit');
|
||||
}
|
||||
}
|
||||
|
@ -1210,7 +1201,7 @@ class ServersController extends AppController
|
|||
'action' => 'serverSettingsEdit',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue witch changing ' . $setting . ' to ' . $this->request->data['Server']['value'] . '. The error message returned is: app/Config.config.php is not writeable to the apache user. No changes were made.',
|
||||
'change' => 'There was an issue witch changing ' . $setting['name'] . ' to ' . $this->request->data['Server']['value'] . '. The error message returned is: app/Config.config.php is not writeable to the apache user. No changes were made.',
|
||||
));
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, 'app/Config.config.php is not writeable to the apache user.', $this->response->type());
|
||||
|
@ -1218,92 +1209,19 @@ class ServersController extends AppController
|
|||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'app/Config.config.php is not writeable to the apache user.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($found['beforeHook'])) {
|
||||
$beforeResult = call_user_func_array(array($this->Server, $found['beforeHook']), array($setting, $this->request->data['Server']['value']));
|
||||
if ($beforeResult !== true) {
|
||||
$this->Log->create();
|
||||
$result = $this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Server',
|
||||
'model_id' => 0,
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'serverSettingsEdit',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue witch changing ' . $setting . ' to ' . $this->request->data['Server']['value'] . '. The error message returned is: ' . $beforeResult . 'No changes were made.',
|
||||
));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $beforeResult, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $beforeResult)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->request->data['Server']['value'] = trim($this->request->data['Server']['value']);
|
||||
if ($found['type'] == 'boolean') {
|
||||
$this->request->data['Server']['value'] = ($this->request->data['Server']['value'] ? true : false);
|
||||
}
|
||||
if ($found['type'] == 'numeric') {
|
||||
$this->request->data['Server']['value'] = intval($this->request->data['Server']['value']);
|
||||
}
|
||||
if (!empty($leafValue['test'])) {
|
||||
$testResult = $this->Server->{$found['test']}($this->request->data['Server']['value']);
|
||||
} else {
|
||||
$testResult = true; # No test defined for this setting: cannot fail
|
||||
}
|
||||
if (!$forceSave && $testResult !== true) {
|
||||
if ($testResult === false) {
|
||||
$errorMessage = $found['errorMessage'];
|
||||
} else {
|
||||
$errorMessage = $testResult;
|
||||
}
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $errorMessage, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $errorMessage)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
} else {
|
||||
$oldValue = Configure::read($setting);
|
||||
$this->Server->serverSettingsSaveValue($setting, $this->request->data['Server']['value']);
|
||||
$this->Log->create();
|
||||
$result = $this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Server',
|
||||
'model_id' => 0,
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'serverSettingsEdit',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Server setting changed',
|
||||
'change' => $setting . ' (' . $oldValue . ') => (' . $this->request->data['Server']['value'] . ')',
|
||||
));
|
||||
// execute after hook
|
||||
if (isset($found['afterHook'])) {
|
||||
$afterResult = call_user_func_array(array($this->Server, $found['afterHook']), array($setting, $this->request->data['Server']['value']));
|
||||
if ($afterResult !== true) {
|
||||
$this->Log->create();
|
||||
$result = $this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Server',
|
||||
'model_id' => 0,
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'serverSettingsEdit',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue after setting a new setting. The error message returned is: ' . $afterResult,
|
||||
));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $afterResult, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $afterResult)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->_isRest) {
|
||||
$result = $this->Server->serverSettingsEditValue($this->Auth->user(), $setting, $this->request->data['Server']['value'], $forceSave);
|
||||
if ($result === true) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'serverSettingsEdit', false, $this->response->type(), 'Field updated');
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Field updated.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
} else {
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $result, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $result)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1611,13 +1529,20 @@ class ServersController extends AppController
|
|||
return $this->RestResponse->viewData(array('uuid' => Configure::read('MISP.uuid')), $this->response->type());
|
||||
}
|
||||
|
||||
public function rest() {
|
||||
public function rest()
|
||||
{
|
||||
$allValidApis = $this->RestResponse->getAllApis($this->Auth->user());
|
||||
$allValidApisFieldsContraint = $this->RestResponse->getAllApisFieldsConstraint($this->Auth->user());
|
||||
if ($this->request->is('post')) {
|
||||
$request = $this->request->data;
|
||||
if (!empty($request['Server'])) {
|
||||
$request = $this->request->data['Server'];
|
||||
}
|
||||
$result = $this->__doRestQuery($request);
|
||||
$curl = '';
|
||||
$python = '';
|
||||
$result = $this->__doRestQuery($request, $curl, $python);
|
||||
$this->set('curl', $curl);
|
||||
$this->set('python', $python);
|
||||
if (!$result) {
|
||||
$this->Flash->error('Something went wrong. Make sure you set the http method, body (when sending POST requests) and URL correctly.');
|
||||
} else {
|
||||
|
@ -1629,23 +1554,35 @@ class ServersController extends AppController
|
|||
'Accept: application/json' . PHP_EOL .
|
||||
'Content-Type: application/json';
|
||||
$this->set('header', $header);
|
||||
$this->set('allValidApis', $allValidApis);
|
||||
// formating for optgroup
|
||||
$allValidApisFormated = array();
|
||||
foreach ($allValidApis as $endpoint_url => $endpoint_data) {
|
||||
$allValidApisFormated[$endpoint_data['controller']][] = array('url' => $endpoint_url, 'action' => $endpoint_data['action']);
|
||||
}
|
||||
$this->set('allValidApisFormated', $allValidApisFormated);
|
||||
$this->set('allValidApisFieldsContraint', $allValidApisFieldsContraint);
|
||||
}
|
||||
|
||||
private function __doRestQuery($request) {
|
||||
private function __doRestQuery($request, &$curl = false, &$python = false)
|
||||
{
|
||||
App::uses('SyncTool', 'Tools');
|
||||
$params = array(
|
||||
|
||||
);
|
||||
$params = array();
|
||||
if (!empty($request['url'])) {
|
||||
$path = parse_url($request['url'], PHP_URL_PATH);
|
||||
$query = parse_url($request['url'], PHP_URL_QUERY);
|
||||
if (!empty($query)) {
|
||||
$path .= '?' . $query;
|
||||
if (empty($request['use_full_path'])) {
|
||||
$path = preg_replace('#^(://|[^/?])+#', '', $request['url']);
|
||||
$url = Configure::read('MISP.baseurl') . $path;
|
||||
unset($request['url']);
|
||||
} else {
|
||||
$url = $request['url'];
|
||||
}
|
||||
$url = Configure::read('MISP.baseurl') . '/' . $path;
|
||||
} else {
|
||||
throw new InvalidArgumentException('Url not set.');
|
||||
}
|
||||
if (!empty($request['skip_ssl_validation'])) {
|
||||
$params['ssl_verify_peer'] = false;
|
||||
}
|
||||
$params['timeout'] = 300;
|
||||
App::uses('HttpSocket', 'Network/Http');
|
||||
$HttpSocket = new HttpSocket($params);
|
||||
$view_data = array();
|
||||
|
@ -1666,12 +1603,24 @@ class ServersController extends AppController
|
|||
!empty($request['method']) &&
|
||||
$request['method'] === 'GET'
|
||||
) {
|
||||
if ($curl !== false) {
|
||||
$curl = $this->__generateCurlQuery('get', $request, $url);
|
||||
}
|
||||
if ($python !== false) {
|
||||
$python = $this->__generatePythonScript($request, $url);
|
||||
}
|
||||
$response = $HttpSocket->get($url, false, array('header' => $request['header']));
|
||||
} else if (
|
||||
} elseif (
|
||||
!empty($request['method']) &&
|
||||
$request['method'] === 'POST' &&
|
||||
!empty($request['body'])
|
||||
) {
|
||||
if ($curl !== false) {
|
||||
$curl = $this->__generateCurlQuery('post', $request, $url);
|
||||
}
|
||||
if ($python !== false) {
|
||||
$python = $this->__generatePythonScript($request, $url);
|
||||
}
|
||||
$response = $HttpSocket->post($url, $request['body'], array('header' => $request['header']));
|
||||
} else {
|
||||
return false;
|
||||
|
@ -1691,4 +1640,136 @@ class ServersController extends AppController
|
|||
}
|
||||
return $view_data;
|
||||
}
|
||||
|
||||
private function __generatePythonScript($request, $url)
|
||||
{
|
||||
$slashCounter = 0;
|
||||
$baseurl = '';
|
||||
$relative = '';
|
||||
$verifyCert = ($url[4] === 's') ? 'True' : 'False';
|
||||
for ($i = 0; $i < strlen($url); $i++) {
|
||||
//foreach ($url as $url[$i]) {
|
||||
if ($url[$i] === '/') {
|
||||
$slashCounter += 1;
|
||||
if ($slashCounter == 3) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if ($slashCounter < 3) {
|
||||
$baseurl .= $url[$i];
|
||||
} else {
|
||||
$relative .= $url[$i];
|
||||
}
|
||||
}
|
||||
$python_script =
|
||||
sprintf(
|
||||
'misp_url = \'%s\'
|
||||
misp_key = \'%s\'
|
||||
misp_verifycert = %s
|
||||
relative_path = \'%s\'
|
||||
body = %s
|
||||
|
||||
from pymisp import PyMISP
|
||||
|
||||
misp = PyMISP(misp_url, misp_key, misp_verifycert)
|
||||
misp.direct_call(relative_path, body)
|
||||
',
|
||||
$baseurl,
|
||||
$request['header']['Authorization'],
|
||||
$verifyCert,
|
||||
$relative,
|
||||
(empty($request['body']) ? 'Null' : '\'' . $request['body'] . '\'')
|
||||
);
|
||||
return $python_script;
|
||||
}
|
||||
|
||||
private function __generateCurlQuery($type, $request, $url)
|
||||
{
|
||||
if ($type === 'get') {
|
||||
$curl = sprintf(
|
||||
'curl \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s %s',
|
||||
PHP_EOL,
|
||||
$request['header']['Authorization'],
|
||||
PHP_EOL,
|
||||
$request['header']['Accept'],
|
||||
PHP_EOL,
|
||||
$request['header']['Content-Type'],
|
||||
PHP_EOL,
|
||||
$url
|
||||
);
|
||||
} else {
|
||||
$curl = sprintf(
|
||||
'curl \%s -d \'%s\' \%s -H "Authorization: %s" \%s -H "Accept: %s" \%s -H "Content-type: %s" \%s -X POST %s',
|
||||
PHP_EOL,
|
||||
json_encode(json_decode($request['body']), true),
|
||||
PHP_EOL,
|
||||
$request['header']['Authorization'],
|
||||
PHP_EOL,
|
||||
$request['header']['Accept'],
|
||||
PHP_EOL,
|
||||
$request['header']['Content-Type'],
|
||||
PHP_EOL,
|
||||
$url
|
||||
);
|
||||
}
|
||||
return $curl;
|
||||
}
|
||||
|
||||
public function getApiInfo()
|
||||
{
|
||||
$relative_path = $this->request->data['url'];
|
||||
$result = $this->RestResponse->getApiInfo($relative_path);
|
||||
if ($this->_isRest()) {
|
||||
return $result;
|
||||
} else {
|
||||
$result = json_decode($result, true);
|
||||
if (empty($result)) {
|
||||
return $this->RestResponse->viewData(' ', $this->response->type());
|
||||
}
|
||||
$this->layout = false;
|
||||
$this->autoRender = false;
|
||||
$this->set('api_info', $result);
|
||||
$this->render('ajax/get_api_info');
|
||||
}
|
||||
}
|
||||
|
||||
public function cache($id = 'all')
|
||||
{
|
||||
if (Configure::read('MISP.background_jobs')) {
|
||||
$this->loadModel('Job');
|
||||
$this->Job->create();
|
||||
$data = array(
|
||||
'worker' => 'default',
|
||||
'job_type' => 'cache_servers',
|
||||
'job_input' => intval($id) ? $id : 'all',
|
||||
'status' => 0,
|
||||
'retries' => 0,
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'message' => __('Starting server caching.'),
|
||||
);
|
||||
$this->Job->save($data);
|
||||
$jobId = $this->Job->id;
|
||||
$process_id = CakeResque::enqueue(
|
||||
'default',
|
||||
'ServerShell',
|
||||
array('cacheServer', $this->Auth->user('id'), $id, $jobId),
|
||||
true
|
||||
);
|
||||
$this->Job->saveField('process_id', $process_id);
|
||||
$message = 'Server caching job initiated.';
|
||||
} else {
|
||||
$result = $this->Server->cacheServerInitiator($this->Auth->user(), $id);
|
||||
if (!$result) {
|
||||
$this->Flash->error(__('Caching the servers has failed.'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
$message = __('Caching the servers has successfully completed.');
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('Server', 'cache', false, $this->response->type(), $message);
|
||||
} else {
|
||||
$this->Flash->info($message);
|
||||
$this->redirect(array('action' => 'index'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue