MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/4861/head
chrisr3d 2019-07-08 16:32:36 +02:00
parent 4dd780c25d 1873284223
commit 119502775b
33 changed files with 767 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.travis.yml
View File

@ -133,6 +133,7 @@ script:
- popd
after_failure:
- ls -Rl `pwd`/app
- curl http://misp.local
- cat /etc/apache2/sites-available/misp.local.conf
- sudo ls -l /var/log/apache2

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":4, "hotfix":109}
{"major":2, "minor":4, "hotfix":110}

2
app/Console/Command/AdminShell.php
View File

@ -305,7 +305,7 @@ class AdminShell extends AppShell
'conditions' => array('setting' => 'db_version')
));
if (!empty($db_version)) {
$db_version['value'] = trim($this->args[0]);
$db_version['AdminSetting']['value'] = trim($this->args[0]);
$this->AdminSetting->save($db_version);
echo 'Database version set. MISP will replay all of the upgrade scripts since the selected version on the next user login.' . PHP_EOL;
} else {

60
app/Controller/AttributesController.php
View File

@ -3037,7 +3037,9 @@ class AttributesController extends AppController
if ($id === 'selected') {
$idList = json_decode($this->request->data['attribute_ids'], true);
}
$local = !empty($this->params['named']['local']);
if (!$this->request->is('post')) {
$this->set('local', $local);
$this->set('object_id', $id);
$this->set('scope', 'Attribute');
$this->layout = false;
@ -3146,15 +3148,35 @@ class AttributesController extends AppController
continue;
}
$this->Attribute->AttributeTag->create();
if ($this->Attribute->AttributeTag->save(array('attribute_id' => $id, 'tag_id' => $tag_id, 'event_id' => $eventId))) {
$event['Event']['published'] = 0;
$date = new DateTime();
$event['Event']['timestamp'] = $date->getTimestamp();
$result = $this->Attribute->Event->save($event);
$attribute['Attribute']['timestamp'] = $date->getTimestamp();
$this->Attribute->save($attribute);
if ($this->Attribute->AttributeTag->save(array('attribute_id' => $id, 'tag_id' => $tag_id, 'event_id' => $eventId, 'local' => $local))) {
if (!$local) {
$event['Event']['published'] = 0;
$date = new DateTime();
$event['Event']['timestamp'] = $date->getTimestamp();
$result = $this->Attribute->Event->save($event);
$attribute['Attribute']['timestamp'] = $date->getTimestamp();
$this->Attribute->save($attribute);
}
$log = ClassRegistry::init('Log');
$log->createLogEntry($this->Auth->user(), 'tag', 'Attribute', $id, 'Attached tag (' . $tag_id . ') "' . $tag['Tag']['name'] . '" to attribute (' . $id . ')', 'Attribute (' . $id . ') tagged as Tag (' . $tag_id . ')');
$log->createLogEntry(
$this->Auth->user(),
'tag',
'Attribute',
$id,
sprintf(
'Attached%s tag (%s) "%s" to attribute (%s)',
$local ? ' local' : '',
$tag_id,
$tag['Tag']['name'],
$id
),
sprintf(
'Attribute (%s) tagged as Tag (%s)%s',
$id,
$tag_id,
$local ? ' locally' : ''
)
);
$success++;
} else {
$fails++;
@ -3233,11 +3255,6 @@ class AttributesController extends AppController
if (!$this->_isRest()) {
$this->Attribute->Event->insertLock($this->Auth->user(), $eventId);
}
// org should allow to (un)tag too, so that an event that gets pushed can be (un)tagged locally by the owning org
if ((($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'] && $event['Event']['distribution'] == 0) || (!$this->userRole['perm_tagger'])) && !$this->_isSiteAdmin()) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status' => 200, 'type' => 'json'));
}
$this->Attribute->recursive = -1;
$attributeTag = $this->Attribute->AttributeTag->find('first', array(
'conditions' => array(
@ -3246,6 +3263,23 @@ class AttributesController extends AppController
),
'recursive' => -1,
));
// org should allow to (un)tag too, so that an event that gets pushed can be (un)tagged locally by the owning org
if (
(
(
$this->Auth->user('org_id') !== $event['Event']['orgc_id'] ||
(
$this->Auth->user('org_id') == Configure::read('MISP.host_org_id') &&
!empty($attributeTag['AttributeTag']['local'])
)
) ||
!$this->userRole['perm_tagger']
) &&
!$this->_isSiteAdmin()
) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status' => 200, 'type' => 'json'));
}
$this->autoRender = false;
if (empty($attributeTag)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid attribute - tag combination.')), 'status' => 200, 'type' => 'json'));

2
app/Controller/Component/RestResponseComponent.php
View File

@ -75,7 +75,7 @@ class RestResponseComponent extends Component
Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export).
This API allows pagination via the page and limit parameters.",
'mandatory' => array('returnFormat'),
'optional' => array('page', 'limit', 'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'date', 'last', 'eventid', 'withAttachments', 'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'eventinfo'),
'optional' => array('page', 'limit', 'value', 'type', 'category', 'org', 'tag', 'tags', 'searchall', 'date', 'last', 'eventid', 'withAttachments', 'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'eventinfo', 'excludeLocalTags'),
'params' => array()
)
),

68
app/Controller/EventsController.php
View File

@ -677,6 +677,9 @@ class EventsController extends AppController
$this->paginate['conditions']['AND'][] = $test;
$v = $filterString;
break;
case 'minimal':
$this->paginate['conditions']['AND'][] = array('NOT' => array('Event.attribute_count' => 0));
break;
default:
continue 2;
break;
@ -698,6 +701,7 @@ class EventsController extends AppController
),
));
$this->loadModel('GalaxyCluster');
// for REST, don't use the pagination. With this, we'll escape the limit of events shown on the index.
if ($this->_isRest()) {
$rules = array();
@ -3330,7 +3334,8 @@ class EventsController extends AppController
$paramArray = array(
'value', 'type', 'category', 'object_relation', 'org', 'tag', 'tags', 'searchall', 'from', 'to', 'last', 'eventid', 'withAttachments',
'metadata', 'uuid', 'published', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'sgReferenceOnly', 'returnFormat',
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy', 'deleted'
'limit', 'page', 'requested_attributes', 'includeContext', 'headerless', 'includeWarninglistHits', 'attackGalaxy', 'deleted',
'excludeLocalTags'
);
$filterData = array(
'request' => $this->request,
@ -3634,7 +3639,9 @@ class EventsController extends AppController
if (empty($event)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid event.')), 'status'=>200, 'type' => 'json'));
}
$local = !empty($this->params['named']['local']);
if (!$this->request->is('post')) {
$this->set('local', $local);
$this->set('object_id', $id);
$this->set('scope', 'Event');
$this->layout = false;
@ -3723,13 +3730,33 @@ class EventsController extends AppController
continue;
}
$this->Event->EventTag->create();
if ($this->Event->EventTag->save(array('event_id' => $id, 'tag_id' => $tag_id))) {
$event['Event']['published'] = 0;
$date = new DateTime();
$event['Event']['timestamp'] = $date->getTimestamp();
$this->Event->save($event);
if ($this->Event->EventTag->save(array('event_id' => $id, 'tag_id' => $tag_id, 'local' => $local))) {
if (!$local) {
$event['Event']['published'] = 0;
$date = new DateTime();
$event['Event']['timestamp'] = $date->getTimestamp();
$this->Event->save($event);
}
$log = ClassRegistry::init('Log');
$log->createLogEntry($this->Auth->user(), 'tag', 'Event', $id, 'Attached tag (' . $tag_id . ') "' . $tag['Tag']['name'] . '" to event (' . $id . ')', 'Event (' . $id . ') tagged as Tag (' . $tag_id . ')');
$log->createLogEntry(
$this->Auth->user(),
'tag',
'Event',
$id,
sprintf(
'Attached%s tag (%s) "%s" to event (%s)',
$local ? ' local' : '',
$tag_id,
$tag['Tag']['name'],
$id
),
sprintf(
'Event (%s) tagged as Tag (%s)%s',
$id,
$tag_id,
$local ? ' locally' : ''
)
);
$success = __('Tag(s) added.');
} else {
$fail = __('Tag could not be added.');
@ -3783,11 +3810,6 @@ class EventsController extends AppController
}
$this->Event->recursive = -1;
$event = $this->Event->read(array(), $id);
// org should allow to tag too, so that an event that gets pushed can be tagged locally by the owning org
if ((($this->Auth->user('org_id') !== $event['Event']['orgc_id']) || (!$this->userRole['perm_tagger'])) && !$this->_isSiteAdmin()) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200, 'type' => 'json'));
}
$this->Event->insertLock($this->Auth->user(), $id);
$eventTag = $this->Event->EventTag->find('first', array(
'conditions' => array(
'event_id' => $id,
@ -3795,6 +3817,24 @@ class EventsController extends AppController
),
'recursive' => -1,
));
// org should allow to (un)tag too, so that an event that gets pushed can be (un)tagged locally by the owning org
if (
(
(
$this->Auth->user('org_id') !== $event['Event']['orgc_id'] ||
(
$this->Auth->user('org_id') == Configure::read('MISP.host_org_id') &&
!empty($eventTag['EventTag']['local'])
)
) ||
!$this->userRole['perm_tagger']
) &&
!$this->_isSiteAdmin()
) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200, 'type' => 'json'));
}
$this->Event->insertLock($this->Auth->user(), $id);
$this->autoRender = false;
if (empty($eventTag)) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Invalid event - ' . ($galaxy ? 'galaxy' : 'tag') . ' combination.')), 'status'=>200, 'type' => 'json'));
@ -4615,7 +4655,7 @@ class EventsController extends AppController
App::uses('FileAccessTool', 'Tools');
$fileAccessTool = new FileAccessTool();
foreach ($data['files'] as $file) {
$tmpdir = Configure::read('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : '/var/www/MISP/app/tmp';
$tmpdir = Configure::read('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : APP . 'tmp';
$tmpfile = $fileAccessTool->createTempFile($tmpdir, $prefix = 'MISP_upload');
$fileAccessTool->writeToFile($tmpfile, base64_decode($file['data']));
$tmpfile = new File($tmpfile);
@ -4915,6 +4955,8 @@ class EventsController extends AppController
public function viewGalaxyMatrix($scope_id, $galaxy_id, $scope='event', $disable_picking=false)
{
$local = !empty($this->params['named']['local']);
$this->set('local', $local);
$this->loadModel('Galaxy');
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
$matrixData = $this->Galaxy->getMatrix($galaxy_id);

25
app/Controller/GalaxiesController.php
View File

@ -112,6 +112,7 @@ class GalaxiesController extends AppController
public function selectGalaxy($target_id, $target_type='event', $namespace='misp')
{
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
$local = !empty($this->params['named']['local']) ? $this->params['named']['local'] : '0';
$conditions = $namespace == '0' ? array() : array('namespace' => $namespace);
$galaxies = $this->Galaxy->find('all', array(
'recursive' => -1,
@ -122,13 +123,13 @@ class GalaxiesController extends AppController
$items = array();
$items[] = array(
'name' => __('All clusters'),
'value' => "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'
'value' => "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'. '/local:' . $local
);
foreach ($galaxies as $galaxy) {
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
$items[] = array(
'name' => h($galaxy['Galaxy']['name']),
'value' => "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'],
'value' => "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'] . '/local:' . $local,
'template' => array(
'preIcon' => 'fa-' . $galaxy['Galaxy']['icon'],
'name' => $galaxy['Galaxy']['name'],
@ -138,7 +139,13 @@ class GalaxiesController extends AppController
} else { // should use matrix instead
$param = array(
'name' => $galaxy['Galaxy']['name'],
'functionName' => "getMatrixPopup('" . $target_type . "', '" . $target_id . "', " . $galaxy['Galaxy']['id'] . ")",
'functionName' => sprintf(
"getMatrixPopup('%s', '%s', '%s/local:%s')",
$target_type,
$target_id,
$galaxy['Galaxy']['id'],
$local
),
'isPill' => true,
'isMatrix' => true
);
@ -161,16 +168,16 @@ class GalaxiesController extends AppController
'group' => array('namespace'),
'order' => array('namespace asc')
));
$local = !empty($this->params['named']['local']) ? '1' : '0';
$items = array();
$items[] = array(
'name' => __('All namespaces'),
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/0'
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/0' . '/local:' . $local
);
foreach ($namespaces as $namespace) {
$items[] = array(
'name' => $namespace,
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/' . $namespace
'value' => "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/' . $namespace . '/local:' . $local
);
}
@ -187,6 +194,7 @@ class GalaxiesController extends AppController
if ($selectGalaxy) {
$conditions = array('GalaxyCluster.galaxy_id' => $selectGalaxy);
}
$local = !empty($this->params['named']['local']) ? $this->params['named']['local'] : '0';
$data = $this->Galaxy->GalaxyCluster->find('all', array(
'conditions' => $conditions,
'fields' => array('value', 'description', 'source', 'type', 'id'),
@ -264,6 +272,7 @@ class GalaxiesController extends AppController
'additionalData' => array(
'target_id' => $target_id,
'target_type' => $target_type,
'local' => $local
)
),
));
@ -280,6 +289,8 @@ class GalaxiesController extends AppController
public function attachMultipleClusters($target_id, $target_type = 'event')
{
$local = !empty($this->params['named']['local']);
$this->set('local', $local);
if ($this->request->is('post')) {
if ($target_id === 'selected') {
$target_id_list = json_decode($this->request->data['Galaxy']['attribute_ids']);
@ -301,7 +312,7 @@ class GalaxiesController extends AppController
}
foreach ($cluster_ids as $cluster_id) {
foreach ($target_id_list as $target_id) {
$result = $this->Galaxy->attachCluster($this->Auth->user(), $target_type, $target_id, $cluster_id);
$result = $this->Galaxy->attachCluster($this->Auth->user(), $target_type, $target_id, $cluster_id, $local);
}
}
if ($this->request->is('ajax')) {

26
app/Controller/TagsController.php
View File

@ -468,8 +468,11 @@ class TagsController extends AppController
'Tag.name !=' => $cluster_names
),
'contain' => array('Tag'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name', 'EventTag.local'),
));
foreach ($tags as $k => $tag) {
$tags[$k]['local'] = $tag['EventTag']['local'];
}
$this->set('tags', $tags);
$event = $this->Tag->EventTag->Event->find('first', array(
'recursive' => -1,
@ -499,8 +502,11 @@ class TagsController extends AppController
'attribute_id' => $id
),
'contain' => array('Tag'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name', 'AttributeTag.local'),
));
foreach ($attributeTags as $k => $at) {
$attributeTags[$k]['local'] = $at['AttributeTag']['local'];
}
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
foreach ($attributeTags as $k => $attributeTag) {
@ -573,27 +579,28 @@ class TagsController extends AppController
if (!$this->_isSiteAdmin() && !$this->userRole['perm_tagger']) {
throw new NotFoundException('You don\'t have permission to do that.');
}
$localFlag = !empty($this->params['named']['local']) ? '/local:1' : '';
$items = array();
$favourites = $this->Tag->FavouriteTag->find('count', array('conditions' => array('FavouriteTag.user_id' => $this->Auth->user('id'))));
if ($favourites) {
$items[] = array(
'name' => __('Favourite Tags'),
'value' => "/tags/selectTag/" . h($id) . "/favourites/" . h($scope)
'value' => "/tags/selectTag/" . h($id) . "/favourites/" . h($scope) . $localFlag
);
}
if ($scope !== 'tag_collection') {
$items[] = array(
'name' => __('Tag Collections'),
'value' => "/tags/selectTag/" . h($id) . "/collections/" . h($scope)
'value' => "/tags/selectTag/" . h($id) . "/collections/" . h($scope) . $localFlag
);
}
$items[] = array(
'name' => __('Custom Tags'),
'value' => "/tags/selectTag/" . h($id) . "/0/" . h($scope)
'value' => "/tags/selectTag/" . h($id) . "/0/" . h($scope) . $localFlag
);
$items[] = array(
'name' => __('All Tags'),
'value' => "/tags/selectTag/" . h($id) . "/all/" . h($scope)
'value' => "/tags/selectTag/" . h($id) . "/all/" . h($scope) . $localFlag
);
$this->loadModel('Taxonomy');
@ -601,7 +608,7 @@ class TagsController extends AppController
foreach ($options as $k => $option) {
$items[] = array(
'name' => __('Taxonomy Library') . ":" . h($option),
'value' => "/tags/selectTag/" . h($id) . "/" . h($k) . "/" . h($scope)
'value' => "/tags/selectTag/" . h($id) . "/" . h($k) . "/" . h($scope . $localFlag)
);
}
$this->set('items', $items);
@ -746,7 +753,6 @@ class TagsController extends AppController
} else {
$onClickForm = 'quickSubmitTagForm';
}
$items = array();
foreach ($tags as $k => $tag) {
$tagName = $tag['name'];
@ -779,10 +785,12 @@ class TagsController extends AppController
'multiple' => -1,
'select_options' => array(
'additionalData' => array(
'id' => $id
'id' => $id,
'local' => !empty($this->params['named']['local'])
),
),
));
$this->set('local', !empty($this->params['named']['local']));
$this->render('ajax/select_tag');
}

6
app/Model/AppModel.php
View File

@ -75,7 +75,7 @@ class AppModel extends Model
13 => false, 14 => false, 15 => false, 18 => false, 19 => false, 20 => false,
21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
33 => false, 34 => false, 35 => false
33 => false, 34 => false, 35 => false, 36 => false
);
public $advanced_updates_description = array(
@ -1194,6 +1194,10 @@ class AppModel extends Model
KEY `type` (`type`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;";
break;
case 36:
$sqlArray[] = "ALTER TABLE `event_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
$sqlArray[] = "ALTER TABLE `attribute_tags` ADD `local` tinyint(1) NOT NULL DEFAULT 0;";
break;
case 'fixNonEmptySharingGroupID':
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';

39
app/Model/Event.php
View File

@ -1801,8 +1801,12 @@ class Event extends AppModel
'eventsExtendingUuid',
'extended',
'excludeGalaxy',
'includeRelatedTags'
'includeRelatedTags',
'excludeLocalTags'
);
if (!isset($options['excludeLocalTags']) && !empty($user['Role']['perm_sync']) && empty($user['Role']['perm_site_admin'])) {
$options['excludeLocalTags'] = 1;
}
if (!isset($options['excludeGalaxy']) || !$options['excludeGalaxy']) {
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
}
@ -2042,6 +2046,14 @@ class Event extends AppModel
)
)
);
if (!empty($options['excludeLocalTags'])) {
$params['contain']['EventTag']['conditions'] = array(
'EventTag.local' => 0
);
$params['contain']['Attribute']['AttributeTag']['conditions'] = array(
'AttributeTag.local' => 0
);
}
if ($flatten) {
unset($params['contain']['Object']);
}
@ -2241,14 +2253,14 @@ class Event extends AppModel
return $results;
}
private function __cacheRelatedEventTags($eventTagCache, $relatedAttribute)
private function __cacheRelatedEventTags($eventTagCache, $relatedAttribute, $local = 0)
{
if (empty($eventTagCache[$relatedAttribute['id']])) {
$params = array(
'contain' => array(
'Tag' => array(
'fields' => array(
'Tag.id', 'Tag.name', 'Tag.colour', 'Tag.numerical_value'
'Tag.id', 'Tag.name', 'Tag.colour', 'Tag.numerical_value', 'Tag.local'
)
)
),
@ -2257,6 +2269,9 @@ class Event extends AppModel
'EventTag.event_id' => $relatedAttribute['id']
)
);
if ($local) {
$params['conditions']['EventTag.local'] = 1;
}
$eventTags = $this->EventTag->find('all', $params);
if (!empty($eventTags)) {
foreach ($eventTags as $et) {
@ -2283,7 +2298,7 @@ class Event extends AppModel
}
}
foreach ($relatedAttributes as $relatedAttribute) {
$eventTagCache = $this->__cacheRelatedEventTags($eventTagCache, $relatedAttribute);
$eventTagCache = $this->__cacheRelatedEventTags($eventTagCache, $relatedAttribute, empty($options['excludeLocalTags']) ? 0 : 1);
if (!empty($eventTagCache[$relatedAttribute['id']])) {
if (!isset($event['Attribute'][$attributePos]['RelatedTags'])) {
$event['Attribute'][$attributePos]['RelatedTags'] = array();
@ -2294,7 +2309,7 @@ class Event extends AppModel
'contain' => array(
'Tag' => array(
'fields' => array(
'Tag.id', 'Tag.name', 'Tag.colour', 'Tag.numerical_value'
'Tag.id', 'Tag.name', 'Tag.colour', 'Tag.numerical_value', 'Tag.local'
)
)
),
@ -2303,6 +2318,9 @@ class Event extends AppModel
'AttributeTag.attribute_id' => $relatedAttribute['attribute_id']
)
);
if (!empty($options['excludeLocalTags'])) {
$params['conditions']['AttributeTag.local'] = 0;
}
$attributeTags = $this->Attribute->AttributeTag->find('all', $params);
if (!empty($attributeTags)) {
foreach ($attributeTags as $at) {
@ -4019,7 +4037,8 @@ class Event extends AppModel
'includeAttachments' => true,
'includeAllTags' => true,
'deleted' => array(0,1),
'excludeGalaxy' => 1
'excludeGalaxy' => 1,
'excludeLocalTags' => 1
));
$event = $this->fetchEvent($elevatedUser, $params);
$event = $event[0];
@ -4361,8 +4380,13 @@ class Event extends AppModel
$uuidsToCheck[$event['uuid']] = $k;
}
$localEvents = $this->find('list', array('recursive' => -1, 'fields' => array('Event.uuid', 'Event.timestamp')));
$localEvents = array();
$temp = $this->find('all', array('recursive' => -1, 'fields' => array('Event.uuid', 'Event.timestamp', 'Event.locked')));
foreach ($temp as $e) {
$localEvents[$e['Event']['uuid']] = array('timestamp' => $temp['Event']['timestamp'], 'locked' => $temp['Event']['locked']);
}
foreach ($uuidsToCheck as $uuid => $eventArrayId) {
if (isset($localEvents[$uuid]) && $localEvents[$uuid] >= $eventArray[$eventArrayId]['timestamp']) {
if (isset($localEvents[$uuid]) && $localEvents[$uuid]['timestamp'] >= $eventArray[$eventArrayId]['timestamp'] || !$localEvents[$uuid]['locked']) {
unset($eventArray[$eventArrayId]);
}
}
@ -5924,6 +5948,7 @@ class Event extends AppModel
$cluster = $this->GalaxyCluster->getCluster($dataTag['Tag']['name']);
if ($cluster) {
$found = false;
$cluster['GalaxyCluster']['local'] = $dataTag['local'];
foreach ($data['Galaxy'] as $j => $galaxy) {
if ($galaxy['id'] == $cluster['GalaxyCluster']['Galaxy']['id']) {
$found = true;

13
app/Model/Galaxy.php
View File

@ -199,13 +199,14 @@ class Galaxy extends AppModel
return true;
}
private function __attachClusterToEvent($user, $target_id, $cluster_id) {
}
public function attachCluster($user, $target_type, $target_id, $cluster_id)
public function attachCluster($user, $target_type, $target_id, $cluster_id, $local = false)
{
$connectorModel = Inflector::camelize($target_type) . 'Tag';
if ($local == 1 || $local === true) {
$local = 1;
} else {
$local = 0;
}
$cluster = $this->GalaxyCluster->find('first', array('recursive' => -1, 'conditions' => array('id' => $cluster_id), 'fields' => array('tag_name', 'id', 'value')));
$this->Tag = ClassRegistry::init('Tag');
if ($target_type === 'event') {
@ -225,7 +226,7 @@ class Galaxy extends AppModel
return 'Cluster already attached.';
}
$this->Tag->$connectorModel->create();
$toSave = array($target_type . '_id' => $target_id, 'tag_id' => $tag_id);
$toSave = array($target_type . '_id' => $target_id, 'tag_id' => $tag_id, 'local' => $local);
if ($target_type === 'attribute') {
$event = $this->Tag->EventTag->Event->find('first', array(
'conditions' => array(

1
app/Model/GalaxyCluster.php
View File

@ -196,6 +196,7 @@ class GalaxyCluster extends AppModel
$cluster = $this->getCluster($eventTag['Tag']['name']);
if ($cluster) {
$cluster['GalaxyCluster']['tag_id'] = $eventTag['Tag']['id'];
$cluster['GalaxyCluster']['local'] = $eventTag['local'];
$events[$k]['GalaxyCluster'][] = $cluster['GalaxyCluster'];
if ($replace) {
unset($events[$k]['EventTag'][$k2]);

10
app/View/Attributes/ajax/ajaxAttributeTags.ctp
View File

@ -1,4 +1,12 @@
<?php
$mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id'] && $event['Event']['orgc_id'] == $me['org_id']) || ($isAclModifyOrg && $event['Event']['orgc_id'] == $me['org_id']));
echo $this->element('ajaxAttributeTags', array('attributeId' => $attributeId, 'attributeTags' => $attributeTags, 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id'])));
echo $this->element(
'ajaxTags',
array(
'attributeId' => $attributeId,
'tags' => $attributeTags,
'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']),
'scope' => 'attribute'
)
);
?>

2
app/View/Elements/Events/View/row_attribute.ctp
View File

@ -156,7 +156,7 @@
</td>
<td class="shortish">
<div class="attributeTagContainer" id="#Attribute_<?php echo h($object['id']);?>_tr .attributeTagContainer">
<?php echo $this->element('ajaxAttributeTags', array('attributeId' => $object['id'], 'attributeTags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']), 'context' => $context)); ?>
<?php echo $this->element('ajaxTags', array('attributeId' => $object['id'], 'tags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']), 'context' => $context, 'scope' => 'attribute')); ?>
</div>
</td>
<?php

86
app/View/Elements/Events/eventIndexTable.ctp
View File

@ -107,58 +107,46 @@
</td>
<td class="shortish">
<?php
$clusterList = array();
$galaxyList = array();
$galaxy_id = 0;
if (isset($event['GalaxyCluster'])):
foreach ($event['GalaxyCluster'] as $cluster):
$galaxy_id = $cluster['Galaxy']['id'];
if (!isset($galaxyList[$cluster['Galaxy']['id']])) {
$galaxyList[$cluster['Galaxy']['id']] = $cluster['Galaxy']['name'];
$galaxies = array();
if (!empty($event['GalaxyCluster'])) {
foreach ($event['GalaxyCluster'] as $gk => $galaxy_cluster) {
$galaxy_id = $galaxy_cluster['Galaxy']['id'];
if (!isset($galaxies[$galaxy_id])) {
$galaxies[$galaxy_id] = $galaxy_cluster['Galaxy'];
}
$clusterList[$cluster['Galaxy']['id']][] = array('value' => $cluster['value'], 'id' => $cluster['id'], 'tag_id' => $cluster['tag_id']);
endforeach;
endif;
$first = true;
foreach ($clusterList as $galaxy_id => $clusters):
if (!$first) {
echo '<br />';
} else {
$first = false;
$galaxy_id = $galaxy_cluster['Galaxy']['id'];
unset($galaxy_cluster['Galaxy']);
$galaxies[$galaxy_id]['GalaxyCluster'][] = $galaxy_cluster;
}
?>
<span class="blue bold"><a href="<?php echo $baseurl; ?>/galaxies/view/<?php echo h($galaxy_id); ?>"><?php echo h($galaxyList[$galaxy_id]); ?></a>:</span>
<?php
foreach ($clusters as $cluster):
?>
<br />
<span class="blue">
&nbsp;
<a href="<?php echo $baseurl; ?>/events/index/searchtag:<?php echo h($cluster['tag_id']); ?>"><?php echo h($cluster['value']); ?></a>
<a aria-label="<?php echo __('View cluster');?>" href="<?php echo $baseurl; ?>/galaxy_clusters/view/<?php echo h($cluster['id']); ?>"><i class="black fa fa-search"></i></a>
</span>
<?php
endforeach;
endforeach;
?>&nbsp;
echo $this->element('galaxyQuickViewMini', array(
'mayModify' => false,
'isAclTagger' => false,
'data' => $galaxies,
'target_id' => $event['Event']['id'],
'target_type' => 'event',
'static_tags_only' => 1
));
}
?>
</td>
<?php if (Configure::read('MISP.tagging')): ?>
<td style = "max-width: 200px;width:10px;">
<?php foreach ($event['EventTag'] as $tag):
$tagText = "&nbsp;";
if (Configure::read('MISP.full_tags_on_event_index') == 1) $tagText = h($tag['Tag']['name']);
else if (Configure::read('MISP.full_tags_on_event_index') == 2) {
if (strpos($tag['Tag']['name'], '=')) {
$tagText = explode('=', $tag['Tag']['name']);
$tagText = h(trim(end($tagText), "\""));
}
else $tagText = h($tag['Tag']['name']);
}
?>
<a class="tag useCursorPointer" style="margin-bottom:3px;background-color:<?php echo h($tag['Tag']['colour']);?>;color:<?php echo $this->TextColour->getTextColour($tag['Tag']['colour']);?>;" title="<?php echo h($tag['Tag']['name']); ?>" onClick="document.location.href='<?php echo $baseurl; ?>/events/index/searchtag:<?php echo h($tag['Tag']['id']);?>';"><?php echo $tagText; ?></a>
<?php endforeach; ?>
</td>
<?php endif; ?>
<?php
if (Configure::read('MISP.tagging')) {
echo sprintf(
'<td class="shortish">%s</td>',
$this->element(
'ajaxTags',
array(
'event' => $event,
'tags' => $event['EventTag'],
'tagAccess' => false,
'required_taxonomies' => false,
'columnised' => true,
'static_tags_only' => true
)
)
);
}
?>
<td style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'">
<?php echo $event['Event']['attribute_count']; ?>&nbsp;
</td>

1
app/View/Elements/ajaxAttributeTags.ctp
View File

@ -4,6 +4,7 @@
$context = 'event';
}
$full = $isAclTagger && $tagAccess;
$host_org_user = (int)$me['org_id'] === Configure::read('MISP.host_org_id');
foreach ($attributeTags as $tag):
if (!isset($tag['Tag'])) $tag = array('Tag' => $tag);
$tagClass = $full ? 'tagFirstHalf' : 'tag';

194
app/View/Elements/ajaxTags.ctp
View File

@ -1,71 +1,139 @@
<?php
if (!empty($required_taxonomies)) {
foreach ($required_taxonomies as $k => $v) {
foreach ($tags as $tag) {
$temp_tag = explode(':', $tag['Tag']['name']);
if (count($temp_tag) > 1) {
if ($temp_tag[0] == $v) {
unset($required_taxonomies[$k]);
break;
if (empty($scope)) {
$scope = 'event';
}
switch ($scope) {
case 'event':
$searchUrl = '/events/index/searchtag:';
$id = h($event['Event']['id']);
if (!empty($required_taxonomies)) {
foreach ($required_taxonomies as $k => $v) {
foreach ($tags as $tag) {
$temp_tag = explode(':', $tag['Tag']['name']);
if (count($temp_tag) > 1) {
if ($temp_tag[0] == $v) {
unset($required_taxonomies[$k]);
break;
}
}
}
}
if (!empty($required_taxonomies)) {
echo sprintf(
'Missing taxonomies: <span class="red bold">%s</span><br />',
implode(', ', $required_taxonomies)
);
}
}
}
if (!empty($required_taxonomies)) {
echo sprintf(
'Missing taxonomies: <span class="red bold">%s</span><br />',
implode(', ', $required_taxonomies)
);
}
break;
case 'attribute':
$id = $attributeId;
$searchUrl = '/attributes/search/tags:';
if (!empty($server)) {
$searchUrl = sprintf("/servers/previewIndex/%s/searchtag:", h($server['Server']['id']));
}
break;
}
?>
<span style="display:inline-block;">
<?php
$full = $isAclTagger && $tagAccess && empty($static_tags_only);
$tagData = "";
foreach ($tags as $tag) {
if (empty($tag['Tag'])) {
$tag['Tag'] = $tag;
}
if (empty($tag['Tag']['colour'])) {
$tag['Tag']['colour'] = '#0088cc';
}
$aStyle = 'display:inline-block; background-color:' . h($tag['Tag']['colour']) . ';color:' . $this->TextColour->getTextColour($tag['Tag']['colour']) . ';';
$aClass = $full ? 'tagFirstHalf' : 'tag';
$aText = h($tag['Tag']['name']);
if (!empty($tag['Tag']['id'])) {
$aSearchTagUrl = $baseurl . '/events/index/searchtag: ' . h($tag['Tag']['id']);
$span1 = sprintf('<a href="%s" style="%s" class="%s">%s</a>', $aSearchTagUrl, $aStyle, $aClass, $aText);
} else {
$span1 = sprintf('<span style="%s" class="%s">%s</span>', $aStyle, $aClass, $aText);
}
$span2 = '';
if ($full) {
$spanClass = "tagSecondHalf useCursorPointer noPrint";
$spanTitle = __('Remove tag');
$spanRole = "button";
$spanTabIndex = "0";
$spanAriaLabel = __('Remove tag %s', h($tag['Tag']['name']));
$spanOnClick = "removeObjectTagPopup(this, 'event', '" . h($event['Event']['id']) . "', '" . h($tag['Tag']['id']) . "')";
$span2 = sprintf('<span class="%s" title="%s" role="%s" tabindex="%s" aria-label="%s" onClick="%s">x</span>', $spanClass, $spanTitle, $spanRole, $spanTabIndex, $spanAriaLabel, $spanOnClick);
}
$tagData .= '<span style="white-space:nowrap;">' . $span1 . $span2 . '</span> ';
$full = $isAclTagger && $tagAccess && empty($static_tags_only);
$host_org_editor = (int)$me['org_id'] === Configure::read('MISP.host_org_id') && $isAclTagger && empty($static_tags_only);
$tagData = "";
foreach ($tags as $tag) {
if (empty($tag['Tag'])) {
$tag['Tag'] = $tag;
}
$buttonData = "&nbsp;";
if ($full) {
$buttonVars = array(
'addTagButton',
__('Add a tag'),
'button',
'0',
__('Add a tag'),
'btn btn-inverse noPrint',
'line-height:10px; padding: 4px 4px;',
'popoverPopup(this, \'' . h($event['Event']['id']) . '\', \'tags\', \'selectTaxonomy\');'
if (empty($tag['Tag']['colour'])) {
$tag['Tag']['colour'] = '#0088cc';
}
$aStyle = 'background-color:' . h($tag['Tag']['colour']) . ';color:' . $this->TextColour->getTextColour($tag['Tag']['colour']) . ';';
$aClass = 'tag nowrap';
$aText = h($tag['Tag']['name']);
$span_scope = sprintf(
'<span class="%s" title="%s" aria-label="%s"><i class="fas fa-%s"></i></span>',
'black-white tag',
$tag['local'] ? __('Local tag') : __('Global tag'),
$tag['local'] ? __('Local tag') : __('Global tag'),
$tag['local'] ? 'user' : 'globe-americas'
);
if (!empty($tag['Tag']['id'])) {
$span_tag = sprintf(
'<a href="%s" style="%s" class="%s">%s</a>',
sprintf(
'%s%s%s',
$baseurl,
$searchUrl,
h($tag['Tag']['id'])
),
$aStyle,
$aClass,
$aText
);
} else {
$span_tag = sprintf(
'<span style="%s" class="%s">%s</span>',
$aStyle,
$aClass,
$aText
);
$buttonData = vsprintf('<button id="%s" title="%s" role ="%s" tabindex="%s" aria-label="%s" class="%s" style="%s" onClick="%s">+</button>', $buttonVars);
}
$tagData .= $buttonData;
?>
<span style="padding:1px; display:flex; display: inline-block; margin-right:2px;word-wrap:break-word;"><?php echo $tagData; ?></span>
</span>
$span_delete = '';
if ($full) {
$span_delete = sprintf(
'<span class="%s" title="%s" role="%s" tabindex="%s" aria-label="%s" onClick="%s">x</span>',
'black-white tag useCursorPointer noPrint',
__('Remove tag'),
"button",
"0",
__('Remove tag %s', h($tag['Tag']['name'])),
sprintf(
"removeObjectTagPopup(this, '%s', '%s', '%s')",
$scope,
$id,
h($tag['Tag']['id'])
)
);
}
$tagData .= '<span class="tag-container nowrap ">' . $span_scope . $span_tag . $span_delete . '</span> ';
}
$buttonData = array();
if ($full) {
$buttonData[] = sprintf(
'<button id="%s" title="%s" role ="button" tabindex="0" aria-label="%s" class="%s" style="%s" onClick="%s">%s</button>',
'addTagButton',
__('Add a tag'),
__('Add a tag'),
'btn btn-inverse noPrint',
'line-height:10px; padding: 2px;',
sprintf(
"popoverPopup(this, '%s%s', '%s', '%s');",
$id,
($scope === 'event') ? '' : ('/' . $scope),
'tags',
'selectTaxonomy'
),
'<i class="fas fa-globe-americas"></i> +'
);
}
if ($host_org_editor || $full) {
$buttonData[] = sprintf(
'<button id="%s" title="%s" role ="button" tabindex="0" aria-label="%s" class="%s" style="%s" onClick="%s">%s</button>',
'addLocalTagButton',
__('Add a local tag'),
__('Add a local tag'),
'btn btn-inverse noPrint',
'line-height:10px; padding: 2px;',
sprintf(
"popoverPopup(this, '%s%s', '%s', '%s')",
$id,
($scope === 'event') ? '' : ('/' . $scope),
'tags',
'selectTaxonomy/local:1'
),
'<i class="fas fa-user"></i> +'
);
}
$tagData .= implode(' ', $buttonData);
echo sprintf(
'<span class="tag-list-container">%s</span>',
$tagData
);
?>

3
app/View/Elements/eventdiscussion.ctp
View File

@ -134,6 +134,7 @@
<?php
if (isset($currentEvent)) $url = '/posts/add/event/' . $currentEvent;
else $url = '/posts/add/thread/' . $thread['Thread']['id'];
$url = h($url);
echo $this->Form->create('Post', array('url' => $url));
?>
<fieldset>
@ -153,7 +154,7 @@
));
?>
</fieldset>
<button class="btn btn-primary" onClick="submitMessageForm('<?php echo h($url);?>', 'PostViewForm', 'top'); return false;"><?php echo __('Send');?></button>
<button class="btn btn-primary" onClick="submitMessageForm('<?php echo $url;?>', 'PostViewForm', 'top'); return false;"><?php echo __('Send');?></button>
<?php
echo $this->Form->end();
?>

262
app/View/Elements/galaxyQuickView.ctp
View File

@ -1,116 +1,156 @@
<?php
<?php
$fixed_fields = array('synonyms', 'description', 'meta', 'authors', 'source');
foreach ($data as $galaxy):
?>
<div style="margin-left:10px;">
<span title="<?php echo isset($galaxy['description']) ? h($galaxy['description']) : h($galaxy['name']);?>" class="bold blue" style="font-size:14px;">
<?php echo h($galaxy['name']); ?>&nbsp;
<a href="<?php echo $baseurl; ?>/galaxies/view/<?php echo h($galaxy['id']); ?>" class="fa fa-search" title="<?php echo __('View details about this galaxy');?>" aria-label="<?php echo __('View galaxy');?>"></a>
</span>
<?php
foreach ($galaxy['GalaxyCluster'] as $cluster):
?>
<div style="margin-left:8px;">
<span class="bold blue expandContainer">
<span class="collapse-status-container useCursorPointer">
<span class="collapse-status" style="font-size: 16px;">+</span>
</span>
<span><?php echo h($cluster['value']); ?></span>
<a href="<?php echo $baseurl; ?>/galaxy_clusters/view/<?php echo h($cluster['id']); ?>" class="fa fa-search" title="<?php echo __('View details about this cluster');?>" aria-label="<?php echo __('View cluster');?>"></a>&nbsp;
<a href="<?php echo $baseurl; ?>/events/index/searchtag:<?php echo h($cluster['tag_id']); ?>" class="fa fa-list" title="<?php echo __('View all events containing this cluster.');?>" aria-label="<?php echo __('View all events containing this cluster.');?>"></a>
<?php
if ($isSiteAdmin || ($mayModify && $isAclTagger)) {
echo $this->Form->create(false, array('url' => $baseurl . '/galaxy_clusters/detach/' . ucfirst(h($target_id)) . '/' . h($target_type) . '/' . $cluster['tag_id'], 'style' => 'display: inline-block; margin: 0px;'));
echo '<it href="#" class="fa fa-trash useCursorPointer" role="button" tabindex="0" aria-label="' . __('detach') . '" title="' . __('Are you sure you want to detach %s from this event?', h($cluster['value'])) . '" onclick="popoverConfirm(this)"></it>';
echo $this->Form->end();
foreach ($data as $galaxy) {
$cluster_data = '';
foreach ($galaxy['GalaxyCluster'] as $cluster) {
$cluster_fields = array();
if (isset($cluster['description'])) {
$cluster_fields[] = array('key' => 'description', 'value' => $cluster['description']);
}
if (isset($cluster['meta']['synonyms'])) {
$cluster_fields[] = array('key' => 'synonyms', 'value' => $cluster['meta']['synonyms']);
}
if (isset($cluster['source'])) {
$cluster_fields[] = array('key' => 'source', 'value' => $cluster['source']);
}
if (isset($cluster['authors'])) {
$cluster_fields[] = array('key' => 'authors', 'value' => $cluster['authors']);
}
if (!empty($cluster['meta'])) {
foreach ($cluster['meta'] as $metaKey => $metaField) {
if ($metaKey != 'synonyms') {
$cluster_fields[] = array('key' => $metaKey, 'value' => $metaField);
}
}
}
$data = '';
foreach ($cluster_fields as $cluster_field) {
$dataKey = h(ucfirst($cluster_field['key']));
$dataValue = '';
if (is_array($cluster_field['value'])) {
if ($cluster_field['key'] == 'refs') {
$value = array();
foreach ($cluster_field['value'] as $k => $v) {
$v_name = strlen($v) > 30 ? substr($v, 0, 30) . '...' : $v;
$value[$k] = sprintf('<a href="%s" title="%s">%s</a>', h($v), h($v), h($v_name));
}
?>
<div style="margin-left:15px;display:none;" class="blue galaxy_data">
<?php
$cluster_fields = array();
if (isset($cluster['description'])) {
$cluster_fields[] = array('key' => 'description', 'value' => $cluster['description']);
}
if (isset($cluster['meta']['synonyms'])) {
$cluster_fields[] = array('key' => 'synonyms', 'value' => $cluster['meta']['synonyms']);
}
if (isset($cluster['source'])) {
$cluster_fields[] = array('key' => 'source', 'value' => $cluster['source']);
}
if (isset($cluster['authors'])) {
$cluster_fields[] = array('key' => 'authors', 'value' => $cluster['authors']);
}
if (!empty($cluster['meta'])) {
foreach ($cluster['meta'] as $metaKey => $metaField) {
if ($metaKey != 'synonyms') {
$cluster_fields[] = array('key' => $metaKey, 'value' => $metaField);
}
}
}
$data = array();
foreach ($cluster_fields as $cluster_field) {
$dataKey = h(ucfirst($cluster_field['key']));
$dataValue = '';
if (is_array($cluster_field['value'])) {
if ($cluster_field['key'] == 'refs') {
$value = array();
foreach ($cluster_field['value'] as $k => $v) {
$v_name = strlen($v) > 30 ? substr($v, 0, 30) . '...' : $v;
$value[$k] = sprintf('<a href="%s" title="%s">%s</a>', h($v), h($v), h($v_name));
}
$dataValue .= nl2br(implode("\n", $value));
} else if($cluster_field['key'] == 'country') {
$value = array();
foreach ($cluster_field['value'] as $k => $v) {
$value[] = '<div class="famfamfam-flag-' . strtolower(h($v)) . '" ></div>&nbsp;' . h($v);
}
$dataValue .= nl2br(implode("\n", $value));
} else {
$dataValue .= nl2br(h(implode("\n", $cluster_field['value'])));
}
} else {
if ($cluster_field['key'] == 'source' && filter_var($cluster_field['value'], FILTER_VALIDATE_URL)) {
$dataValue .= '<a href="' . h($cluster_field['value']) . '">' . h($cluster_field['value']) . '</a>';;
} else {
$dataValue .= h($cluster_field['value']);
}
}
$dataKey = sprintf('<div class="span3 info_container_key">%s</div>', $dataKey);
$dataValue = sprintf('<div class="span9 info_container_value">%s</div>', $dataValue);
echo sprintf('<div class="row-fluid cluster_%s">%s%s</div>', h($cluster_field['key']), $dataKey, $dataValue);
}
?>
</div>
</span>
</div>
<?php
endforeach;
?>
</div>
<?php
endforeach;
?>
<?php
if ($isSiteAdmin || ($mayModify && $isAclTagger)):
?>
<span class="useCursorPointer btn btn-inverse addGalaxy" data-target-type="<?php echo h($target_type);?>" data-target-id="<?php echo h($target_id); ?>" role="button" tabindex="0" aria-label="Add new cluster" style="padding: 1px 5px !important;font-size: 12px !important;"><?php echo __('Add'); ?></span>
<?php
endif;
?>
<script type="text/javascript">
$(document).ready(function () {
$('.collapse-status-container').click(function() {
$(this).parent().children('.galaxy_data').toggle();
if ($(this).parent().children('.collapse-status-container').children('.collapse-status').html() == '+') {
$(this).parent().children('.collapse-status-container').children('.collapse-status').html('-');
} else {
$(this).parent().children('.collapse-status-container').children('.collapse-status').html('+');
$dataValue .= nl2br(implode("\n", $value));
} else if($cluster_field['key'] == 'country') {
$value = array();
foreach ($cluster_field['value'] as $k => $v) {
$value[] = '<div class="famfamfam-flag-' . strtolower(h($v)) . '" ></div>&nbsp;' . h($v);
}
$dataValue .= nl2br(implode("\n", $value));
} else {
$dataValue .= nl2br(h(implode("\n", $cluster_field['value'])));
}
} else {
if ($cluster_field['key'] == 'source' && filter_var($cluster_field['value'], FILTER_VALIDATE_URL)) {
$dataValue .= '<a href="' . h($cluster_field['value']) . '">' . h($cluster_field['value']) . '</a>';;
} else {
$dataValue .= h($cluster_field['value']);
}
}
$data .= sprintf(
'<div class="blue galaxy_data">%s</div>',
sprintf(
'<div class="row-fluid cluster_%s">%s%s</div>',
h($cluster_field['key']),
sprintf('<div class="span3 info_container_key">%s</div>', $dataKey),
sprintf('<div class="span9 info_container_value">%s</div>', $dataValue)
)
);
}
$cluster_data .= sprintf(
'<div class="large-left-margin"><span class="bold blue expandContainer">%s %s %s %s %s %s</span></div>',
'<span class="collapse-status-container useCursorPointer"><span class="collapse-status">+</span></span>',
sprintf(
'<span><i class="fas fa-%s"></i> %s</span>',
$cluster['local'] ? 'user' : 'globe-americas',
h($cluster['value'])
),
sprintf(
'<a href="%s/galaxy_clusters/view/%s" class="fa fa-search" title="%s" aria-label="%s"></a>&nbsp;',
$baseurl,
h($cluster['id']),
__('View details about this cluster'),
__('View cluster')
),
sprintf(
'<a href="%s/events/index/searchtag:%s" class="fa fa-list" title="%s" aria-label="%s"></a>',
$baseurl,
h($cluster['tag_id']),
__('View all events containing this cluster.'),
__('View all events containing this cluster.')
),
!$isSiteAdmin && (!$mayModify || !$isAclTagger) ? '' : sprintf(
'%s%s%s',
$this->Form->create(
false,
array(
'url' => $baseurl . '/galaxy_clusters/detach/' . ucfirst(h($target_id)) . '/' . h($target_type) . '/' . $cluster['tag_id'],
'style' => 'display: inline-block; margin: 0px;'
)
),
sprintf(
'<it href="#" class="fa fa-trash useCursorPointer" role="button" tabindex="0" aria-label="%s" title="%s" onclick="popoverConfirm(this)"></it>',
__('detach'),
__('Are you sure you want to detach %s from this event?', h($cluster['value']))
),
$this->Form->end()
),
$data
);
}
echo sprintf(
'<div class="large-left-margin"><span title="%s" class="bold blue" style="%s">%s&nbsp;%s%s</span></div>',
isset($galaxy['description']) ? h($galaxy['description']) : h($galaxy['name']),
'font-size:14px;',
h($galaxy['name']),
sprintf(
'<a href="%s/galaxies/view/%s" class="fa fa-search" title="%s" aria-label="%s"></a>',
$baseurl,
h($galaxy['id']),
__('View details about this galaxy'),
__('View galaxy')
),
$cluster_data
);
}
if ($isSiteAdmin || ($mayModify && $isAclTagger)) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="false" role="button" tabindex="0" aria-label="Add new cluster" style="%s">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',
h($target_type),
h($target_id),
'line-height:10px; padding: 2px; margin-right:5px;',
'<i class="fas fa-globe-americas"></i> +'
);
}
if ($isSiteAdmin || ($isAclTagger && Configure::read('MISP.host_org_id') == $me['org_id'])) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="true" role="button" tabindex="0" aria-label="Add new cluster" style="%s">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',
h($target_type),
h($target_id),
'line-height:10px; padding: 2px;',
'<i class="fas fa-user"></i> +'
);
}
?>
<script type="text/javascript">
$(document).ready(function () {
$('.collapse-status-container').click(function() {
$(this).parent().children('.galaxy_data').toggle();
if ($(this).parent().children('.collapse-status-container').children('.collapse-status').html() == '+') {
$(this).parent().children('.collapse-status-container').children('.collapse-status').html('-');
} else {
$(this).parent().children('.collapse-status-container').children('.collapse-status').html('+');
}
});
$('.delete-cluster').click(function() {
var tagName = $(this).data('tag-name');
removeTag($id = false, $tag_id = false, $galaxy = false);
});
});
$('.delete-cluster').click(function() {
var tagName = $(this).data('tag-name');
removeTag($id = false, $tag_id = false, $galaxy = false);
});
});
</script>

82
app/View/Elements/galaxyQuickViewMini.ctp
View File

@ -61,22 +61,47 @@
$value = sprintf('<span class="black">%s</span>', $value_contents);
$popover_data .= sprintf('<span>%s: %s</span><br />', $key, $value);
}
?>
<div style="margin-left:8px;">
<span class="bold blue expandable useCursorPointer" data-toggle="popover" data-content="<?php echo h($popover_data); ?>">
<?php echo h($cluster['value']); ?>
</span>&nbsp;
<a href="<?php echo $baseurl; ?>/galaxy_clusters/view/<?php echo h($cluster['id']); ?>" class="fa fa-search" title="<?php echo __('View details about this cluster');?>" aria-label="<?php echo __('View cluster');?>"></a>&nbsp;
<a href="<?php echo $baseurl; ?>/events/index/searchtag:<?php echo h($cluster['tag_id']); ?>" class="fa fa-list" title="<?php echo __('View all events containing this cluster.');?>" aria-label="<?php echo __('View all events containing this cluster.');?>"></a>
<?php
if ($isSiteAdmin || ($mayModify && $isAclTagger)) {
echo $this->Form->create(false, array('url' => $baseurl . '/galaxy_clusters/detach/' . ucfirst(h($target_id)) . '/' . h($target_type) . '/' . h($cluster['tag_id']), 'style' => 'display: inline-block; margin: 0px;'));
echo '<span href="#" class="fa fa-trash useCursorPointer" title="' . __('Are you sure you want to detach %s from this %s?', h($cluster['value']), h($target_type)) . '" onclick="popoverConfirm(this)"></span>';
echo $this->Form->end();
}
?>
</div>
<?php
echo sprintf(
'<div class="large-left-margin">%s %s %s %s</div>',
sprintf(
'<span class="bold blue expandable useCursorPointer" data-toggle="popover" data-content="%s">%s</span>',
h($popover_data),
sprintf(
'<span><i class="fas fa-%s"></i> %s</span>',
$cluster['local'] ? 'user' : 'globe-americas',
h($cluster['value'])
)
),
sprintf(
'<a href="%s/galaxy_clusters/view/%s" class="black fas fa-search" title="%s" aria-label="%s"></a>',
$baseurl,
h($cluster['id']),
__('View details about this cluster'),
__('View cluster')
),
sprintf(
'<a href="%s/events/index/searchtag:%s" class="black fas fa-list" title="%s" aria-label="%s"></a>',
$baseurl,
h($cluster['tag_id']),
__('View all events containing this cluster.'),
__('View all events containing this cluster.')
),
(!empty($static_tags_only) || (!$isSiteAdmin && (!$mayModify || !$isAclTagger))) ? '' : sprintf(
'%s%s%s',
$this->Form->create(
false,
array(
'url' => $baseurl . '/galaxy_clusters/detach/' . ucfirst(h($target_id)) . '/' . h($target_type) . '/' . h($cluster['tag_id']),
'style' => 'display: inline-block; margin: 0px;'
)
),
sprintf(
'<span href="#" class="fa fa-trash useCursorPointer" title="%s" onclick="popoverConfirm(this)"></span>',
__('Are you sure you want to detach %s from this %s?', h($cluster['value']), h($target_type))
),
$this->Form->end()
)
);
endforeach;
?>
</div>
@ -84,11 +109,26 @@
endforeach;
?>
<?php
if ($isSiteAdmin || ($mayModify && $isAclTagger)):
?>
<span class="btn btn-inverse noPrint addGalaxy" data-target-type="<?php echo h($target_type);?>" data-target-id="<?php echo h($target_id); ?>" role="button" tabindex="0" aria-label="<?php echo __('Add new cluster');?>" title="<?php echo __('Add new cluster');?>" style="padding: 1px 5px !important;font-size: 12px !important;"><?php echo __('Add');?></span>
<?php
endif;
if ($isSiteAdmin || ($mayModify && $isAclTagger)) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="false" role="button" tabindex="0" aria-label="Add new cluster" style="%s">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',
h($target_type),
h($target_id),
'line-height:10px; padding: 2px; margin-right:5px;',
'<i class="fas fa-globe-americas"></i> +'
);
}
if ($isSiteAdmin || ($isAclTagger && Configure::read('MISP.host_org_id') == $me['org_id'])) {
echo sprintf(
'<button class="%s" data-target-type="%s" data-target-id="%s" data-local="true" role="button" tabindex="0" aria-label="Add new cluster" style="%s">%s</button>',
'useCursorPointer btn btn-inverse addGalaxy',
h($target_type),
h($target_id),
'line-height:10px; padding: 2px;',
'<i class="fas fa-user"></i> +'
);
}
?>
<script type="text/javascript">

10
app/View/Elements/view_galaxy_matrix.ctp
View File

@ -94,7 +94,15 @@ foreach($tabs as $tabName => $column):
<?php if (isset($eventId)): ?>
<div class="hidden">
<?php
echo $this->Form->create('Galaxy', array('url' => '/galaxies/attachMultipleClusters/' . (empty($target_id) ? $eventId : $target_id ) . '/' . (empty($target_type) ? 'event' : $target_type), 'style' => 'margin:0px;'));
$url = sprintf(
'/galaxies/attachMultipleClusters/%s/%s/local:%s',
empty($target_id) ? $eventId : $target_id,
empty($target_type) ? 'event' : $target_type,
empty($local) ? '0' : '1'
);
echo $this->Form->create('Galaxy', array('url' => $url, 'style' => 'margin:0px;'));
echo $this->Form->input('target_ids', array('type' => 'text'));
echo $this->Form->end();
?>

10
app/View/Events/add_tag.ctp
View File

@ -1,5 +1,13 @@
<?php
echo $this->Form->create($scope, array('url' => array('controller' => Inflector::tableize($scope), 'action' => 'addTag', $object_id)));
$url = array('controller' => Inflector::tableize($scope), 'action' => 'addTag', $object_id);
$url = sprintf(
'/%s/%s/%s%s',
h(Inflector::tableize($scope)),
'addTag',
h($object_id),
$local ? '/local:1' : ''
);
echo $this->Form->create($scope, array('url' => $url));
if ($scope === 'Attribute') {
echo $this->Form->input('attribute_ids', array());
}

8
app/View/Galaxies/ajax/attach_multiple_clusters.ctp
View File

@ -1,5 +1,11 @@
<?php
echo $this->Form->create('Galaxy', array('url' => array('controller' => 'galaxies', 'action' => 'attachMultipleClusters', $target_id, $target_type), 'style' => 'margin:0px;'));
$url = sprintf(
'/galaxies/attachMultipleClusters/%s/%s/local:%s',
$target_id,
$target_type,
$local ? '1' : '0'
);
echo $this->Form->create('Galaxy', array('url' => $url, 'style' => 'margin:0px;'));
echo $this->Form->input('target_ids', array('type' => 'text'));
echo $this->Form->input('attribute_ids', array('style' => 'display:none;', 'label' => false));
echo $this->Form->end();

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit 9517c8b8782a9385874940eec6741a78597cad12
Subproject commit 483f048f7fac1045e54a8d7bfc85825a2ff9d58d

2
app/files/misp-objects

@ -1 +1 @@
Subproject commit c3618fcf5288496a6af079ab73a772e66b5dce87
Subproject commit ebdaa49cbd636322b0473c74342b09ddce3faf23

54
app/webroot/css/main.css
View File

@ -727,16 +727,47 @@ a.proposal_link_red:hover {
color:red;
}
.tag-container {
filter: drop-shadow(-1px 3px 2px rgba(50, 50, 0, 0.5));
}
.tag {
display: inline-block;
padding: 2px 4px;
font-size: 12px;
font-weight: bold;
line-height: 14px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
box-shadow: 3px 3px 3px #888888;
}
.tag:first-child {
-webkit-border-top-left-radius: 3px;
-moz-border-top-left-radius: 3px;
border-top-left-radius: 3px;
-webkit-border-bottom-left-radius: 3px;
-moz-border-bottom-left-radius: 3px;
border-bottom-left-radius: 3px;
}
.tag:last-child {
-webkit-border-top-right-radius: 3px;
-moz-border-top-right-radius: 3px;
border-top-right-radius: 3px;
-webkit-border-bottom-right-radius: 3px;
-moz-border-bottom-right-radius: 3px;
border-bottom-right-radius: 3px;
margin-right:2px;
}
.tag-list-container {
padding:1px;
display: inline-block;
margin-right:2px;
word-wrap:break-word;
}
.black-white {
background-color:black;
color:white;
}
.tagFirstHalf {
@ -2170,7 +2201,7 @@ table tr:hover .down-expand-button {
}
.nowrap {
word-wrap:nowrap;
white-space:nowrap;
}
.strikethrough {
@ -2307,3 +2338,16 @@ table tr:hover .down-expand-button {
border-radius: 6px;
box-shadow: 0 5px 10px rgba(0, 0, 0, 0.2);
}
.galaxy_data {
margin-left:15px;
display:none;
}
.collapse-status {
font-size: 16px;
}
.large-left-margin {
margin-left:8px;
}

44
app/webroot/js/misp.js
View File

@ -604,7 +604,12 @@ function submitForm(type, id, field, context) {
function quickSubmitTagForm(selected_tag_ids, addData) {
var event_id = addData.id;
fetchFormDataAjax("/events/addTag/" + event_id, function(formData) {
var localFlag = '';
if (undefined != addData['local'] && addData['local']) {
localFlag = '/local:1';
}
url = "/events/addTag/" + event_id + localFlag;
fetchFormDataAjax(url, function(formData) {
$('body').append($('<div id="temp"/>').html(formData));
$('#temp #EventTag').val(JSON.stringify(selected_tag_ids));
$.ajax({
@ -631,14 +636,19 @@ function quickSubmitTagForm(selected_tag_ids, addData) {
$('#temp').remove();
},
type:"post",
url:"/events/addTag/" + event_id
url:url
});
});
}
function quickSubmitAttributeTagForm(selected_tag_ids, addData) {
var attribute_id = addData.id;
fetchFormDataAjax("/attributes/addTag/" + attribute_id, function(formData) {
var localFlag = '';
if (undefined != addData['local'] && addData['local']) {
localFlag = '/local:1';
}
url = "/attributes/addTag/" + attribute_id + localFlag;
fetchFormDataAjax(url, function(formData) {
$('body').append($('<div id="temp"/>').html(formData));
$('#temp #AttributeTag').val(JSON.stringify(selected_tag_ids));
if (attribute_id == 'selected') {
@ -670,14 +680,19 @@ function quickSubmitAttributeTagForm(selected_tag_ids, addData) {
$('#temp').remove();
},
type:"post",
url:"/attributes/addTag/" + attribute_id
url: url
});
});
}
function quickSubmitTagCollectionTagForm(selected_tag_ids, addData) {
var tag_collection_id = addData.id;
fetchFormDataAjax("/tag_collections/addTag/" + tag_collection_id, function(formData) {
var localFlag = '';
if (undefined != addData['local'] && addData['local']) {
localFlag = '/local:1';
}
url = "/tag_collections/addTag/" + tag_collection_id + localFlag;
fetchFormDataAjax(url, function(formData) {
$('body').append($('<div id="temp"/>').html(formData));
$('#temp #TagCollectionTag').val(JSON.stringify(selected_tag_ids));
$.ajax({
@ -700,7 +715,7 @@ function quickSubmitTagCollectionTagForm(selected_tag_ids, addData) {
$('#temp').remove();
},
type:"post",
url:"/tag_collections/addTag/" + tag_collection_id
url: url
});
});
}
@ -3720,13 +3735,22 @@ $('.galaxy-toggle-button').click(function() {
function addGalaxyListener(id) {
var target_type = $(id).data('target-type');
var target_id = $(id).data('target-id');
popoverPopup(id, target_id + '/' + target_type, 'galaxies', 'selectGalaxyNamespace');
var local = $(id).data('local');
console.log(local);
if (local) {
local = 1;
} else {
local = 0;
}
popoverPopup(id, target_id + '/' + target_type + '/local:' + local, 'galaxies', 'selectGalaxyNamespace');
}
function quickSubmitGalaxyForm(cluster_ids, additionalData) {
var target_id = additionalData['target_id'];
var scope = additionalData['target_type'];
fetchFormDataAjax("/galaxies/attachMultipleClusters/" + target_id + "/" + scope, function(formData) {
var local = additionalData['local'];
var url = "/galaxies/attachMultipleClusters/" + target_id + "/" + scope + "/local:" + local;
fetchFormDataAjax(url, function(formData) {
$('body').append($('<div id="temp"/>').html(formData));
$('#temp #GalaxyTargetIds').val(JSON.stringify(cluster_ids));
if (target_id == 'selected') {
@ -3760,7 +3784,7 @@ function quickSubmitGalaxyForm(cluster_ids, additionalData) {
$('#temp').remove();
},
type:"post",
url: "/galaxies/attachMultipleClusters/" + target_id + "/" + scope
url: url
});
});
}
@ -4185,7 +4209,7 @@ function checkIfLoggedIn() {
window.location.replace(baseurl + "/users/login");
}
}).fail(function() {
window.location.replace(baseurl + "/users/login");
window.location.replace(baseurl + "/users/login");
});
}
setTimeout(function() { checkIfLoggedIn(); }, 5000);

12
docs/generic/known-issues-debian.md Normal file
View File

@ -0,0 +1,12 @@
# Known issues on Debian
## Debian 9.9 & 10
### misp-workers
#### Issue
Currently there is an [issue](https://github.com/MISP/MISP/issues/4047) with the misp-workers not being started on boot.
#### Workaround
Restart all workers in the Web UI.

4
docs/generic/sudo_etckeeper.md
View File

@ -11,8 +11,10 @@ checkSudoKeeper () {
su -c "apt install etckeeper -y"
echo "Please enter your root password below to install sudo"
su -c "apt install sudo -y"
echo "Please enter your root password below to install sudo"
su -c "apt install curl -y"
echo "Please enter your root password below to add ${MISP_USER} to sudo group"
su -c "adduser ${MISP_USER} sudo"
su -c "/usr/sbin/adduser ${MISP_USER} sudo"
echo "We added ${MISP_USER} to group sudo and now we need to log out and in again."
exit
else

17
docs/xINSTALL.OpenBSD.md
View File

@ -5,6 +5,7 @@
This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
LIEF, will probably not be available for a long long time on OpenBSD, until someone is brave enough to make it work.
GnuPG also needs some more TLC.
misp-modules are broken because of the python-opencv dependency.
### 0/ WIP! You are warned, this does only partially work!
------------
@ -50,7 +51,7 @@ echo "permit nopass setenv { ENV PS1 HOME=/var/www } www" >> /etc/doas.conf
```bash
cd /tmp
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
doas tar -x -z -f /tmp/ports.tar.gz -C /usr
```
@ -59,10 +60,10 @@ doas tar -x -z -f /tmp/ports.tar.gz -C /usr
```bash
cd /tmp
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xbase$(uname -r| tr -d \.).tgz,SHA256.sig}
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xbase$(uname -r| tr -d \.).tgz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xbase$(uname -r |tr -d \.).tgz
doas tar -xzphf /tmp/xbase$(uname -r| tr -d \.).tgz -C /
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xshare$(uname -r| tr -d \.).tgz,SHA256.sig}
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xshare$(uname -r| tr -d \.).tgz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xshare$(uname -r |tr -d \.).tgz
doas tar -xzphf /tmp/xshare$(uname -r| tr -d \.).tgz -C /
```
@ -408,9 +409,13 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/kbandla/
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd /var/www/htdocs/MISP/app
doas mkdir /var/www/.composer ; doas chown www:www /var/www/.composer
doas -u www php composer.phar require kamisama/cake-resque:4.1.2
doas -u www php composer.phar config vendor-dir Vendor
doas -u www php composer.phar install
doas -u www php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
doas -u www php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
doas -u www env HOME=/var/www php composer-setup.php
doas -u www php -r "unlink('composer-setup.php');"
doas -u www env HOME=/var/www php composer.phar require kamisama/cake-resque:4.1.2
doas -u www env HOME=/var/www php composer.phar config vendor-dir Vendor
doas -u www env HOME=/var/www php composer.phar install
# To use the scheduler worker for scheduled tasks, do the following:
doas -u www cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php

56
docs/xINSTALL.debian_testing.md → docs/xINSTALL.debian10.md
View File

@ -1,18 +1,19 @@
# INSTALLATION INSTRUCTIONS
## for Debian testing "buster" server
## for Debian 10 "buster"
### 0/ MISP testing dev install - Status
### 0/ MISP debian stable install - Status
------------------------------------
!!! notice
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
uses for testing, qc and random development.
Maintained and tested by @SteveClement on 20190405
This is mostly the install [@SteveClement](https://twitter.com/SteveClement) uses for testing, qc and random development.
Maintained and tested by @SteveClement on 20190707
!!! warning
PHP 7.3.0RC4 is not working at the moment with the packaged composer.phar<br />
PHP 7.3.4-2 is not working at the moment with the packaged composer.phar<br />
You need to manually update composer.phar as outlined below.
{!generic/known-issues-debian.md!}
{!generic/globalVariables.md!}
```bash
@ -31,10 +32,18 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
{!generic/ethX.md!}
#### Make sure your system is up2date
#### Add $MISP_USER to staff and $WWW_USER
```bash
sudo adduser $MISP_USER staff
sudo adduser $MISP_USER $WWW_USER
```
#### Make sure your system is up2date and curl installed
```bash
sudo apt update
sudo apt -y dist-upgrade
sudo apt dist-upgrade -y
sudo apt install curl -y
```
#### install postfix, there will be some questions. (optional)
@ -67,10 +76,10 @@ jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \
libxml2-dev libxslt1-dev zlib1g-dev -y
# Start haveged to get more entropy (optional)
sudo apt install haveged -y
sudo apt install haveged -qqy
sudo service haveged start
sudo apt install expect -y
sudo apt install expect -qqy
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
@ -99,7 +108,7 @@ expect -f - <<-EOF
send -- "y\r"
expect eof
EOF
sudo apt-get purge -y expect ; sudo apt autoremove -y
sudo apt purge -qqy expect ; sudo apt autoremove -qqy
# Enable modules, settings, and default of SSL in Apache
sudo a2dismod status
@ -149,11 +158,29 @@ cd $PATH_TO_MISP/app/files/scripts/python-stix
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/python-maec
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd $PATH_TO_MISP/PyMISP
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
# install pydeep
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# install lief
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
# install zmq needed by mispzmq
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq
# install python-magic
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
# install plyara
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
# Install Crypt_GPG and Console_CommandLine
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
@ -378,8 +405,8 @@ $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
echo "[Unit]
Description=MISP's background workers
After=rh-mariadb102-mariadb.service rh-redis32-redis.service rh-php72-php-fpm.service
Description=MISP background workers
After=mariadb.service redis-server.service
[Service]
Type=forking
@ -445,7 +472,8 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
#### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
```bash
sudo apt-get install librdkafka-dev php-dev
sudo apt install librdkafka-dev php-dev
sudo pecl channel-update pecl.php.net
sudo pecl install rdkafka
echo "extension=rdkafka.so" | sudo tee ${PHP_ETC_BASE}/mods-available/rdkafka.ini
sudo phpenmod rdkafka

12
docs/xINSTALL.debian9.md
View File

@ -4,6 +4,10 @@
### 0/ MISP debian stable install - Status
------------------------------------
!!! notice
Please use [Debian 10](https://misp.github.io/MISP/xINSTALL.debian10/) as everything works as expected.
!!! notice
Maintained and tested by @SteveClement on 20190702
@ -15,10 +19,12 @@
### 1/ Minimal Debian install
-------------------------
#### Install a minimal Debian 9 "stretch" server system with the software:
#### Install a minimal Debian 9.9 "stretch" server system with the software:
- OpenSSH server
- This guide assumes a user name of 'misp' with sudo working
{!generic/known-issues-debian.md!}
{!generic/globalVariables.md!}
```bash
@ -56,9 +62,7 @@ sudo postfix reload
#### Install all the dependencies (some might already be installed)
You need to update python3.5 to python3.7 for [PyMISP](https://github.com/MISP/PyMISP) to work properly.
FIXME: The below breaks redis-server and mariadb-server
You need to use at least Python3.6 for [PyMISP](https://github.com/MISP/PyMISP) to work properly.
```bash
# Manual Python3.7.3 install in $HOME

4
mkdocs.yml
View File

@ -75,8 +75,8 @@ nav:
- xInstall Guides:
- 'Warning': 'xINSTALL.md'
- 'Centos 6': 'xINSTALL.centos6.md'
- 'Debian stable': 'xINSTALL.debian9.md'
- 'Debian testing': 'xINSTALL.debian_testing.md'
- 'Debian 10': 'xINSTALL.debian10.md'
- 'Debian 9.9': 'xINSTALL.debian9.md'
- 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
- 'OpenBSD 6.5': 'xINSTALL.OpenBSD.md'