mirror of https://github.com/MISP/MISP
new: [docs] Added new sub-sections in seperate files that are shared between install guides.
new: [docs] ethX.md to bring back eth0 new: [docs] mail to misp install debian flavored guide new: [docs] ssdeep install debian flavored guide new: [docs] viper install debian flavored guide new: [docs] sudo/etckeeper install debian flavored guide new: [docs] misp dashboard install debian flavored guidepull/3798/head
parent
e752a761af
commit
14c23958b8
|
@ -0,0 +1,19 @@
|
|||
#### Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
!!! notice
|
||||
On recent Ubuntu install Netplan is default and you need to change the Network name.
|
||||
```
|
||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/50-cloud-init.yaml
|
||||
```
|
|
@ -0,0 +1,22 @@
|
|||
#### Install mail to misp
|
||||
--------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
|
@ -0,0 +1,76 @@
|
|||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
|
@ -0,0 +1,19 @@
|
|||
#### Experimental ssdeep correlations
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
|
@ -0,0 +1,9 @@
|
|||
#### install etckeeper and sudo (optional)
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
|
@ -0,0 +1,26 @@
|
|||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
###sudo pip3 uninstall yara -y
|
||||
###./venv/bin/pip uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
Loading…
Reference in New Issue