mirror of https://github.com/MISP/MISP
chg: [doc] More tweaks to the CentOS howto
parent
0df94022fb
commit
19c525639a
|
|
@ -190,114 +190,117 @@ sudo systemctl enable --now haveged.service
|
|||
|
||||
```bash
|
||||
# <snippet-begin 1_mispCoreInstall_RHEL.sh>
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
cd /var/www
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git
|
||||
cd $PATH_TO_MISP
|
||||
##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
installCoreRHEL () {
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
cd /var/www
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git
|
||||
cd $PATH_TO_MISP
|
||||
##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Fetch submodules
|
||||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
# Make git ignore filesystem permission differences
|
||||
$SUDO_WWW git config core.filemode false
|
||||
# Fetch submodules
|
||||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
# Make git ignore filesystem permission differences
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
# Install packaged pears
|
||||
sudo $RUN_PHP "pear channel-update pear.php.net"
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
|
||||
# Install packaged pears
|
||||
sudo $RUN_PHP "pear channel-update pear.php.net"
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
|
||||
|
||||
# Create a python3 virtualenv
|
||||
$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
|
||||
sudo mkdir /usr/share/httpd/.cache
|
||||
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
|
||||
# Create a python3 virtualenv
|
||||
$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
|
||||
sudo mkdir /usr/share/httpd/.cache
|
||||
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
|
||||
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd $PATH_TO_MISP/cti-python-stix2
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd $PATH_TO_MISP/cti-python-stix2
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
# install maec
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
|
||||
# install maec
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
|
||||
|
||||
# install zmq
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
|
||||
# install zmq
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
|
||||
|
||||
# install redis
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
|
||||
# install redis
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
|
||||
|
||||
# lief needs manual compilation
|
||||
sudo yum install devtoolset-7 cmake3 cppcheck -y
|
||||
# lief needs manual compilation
|
||||
sudo yum install devtoolset-7 cmake3 cppcheck -y
|
||||
|
||||
# FIXME: This does not work!
|
||||
cd $PATH_TO_MISP/app/files/scripts/lief
|
||||
$SUDO_WWW mkdir build
|
||||
cd build
|
||||
$SUDO_WWW scl enable devtoolset-7 rh-python36 "bash -c 'cmake3 \
|
||||
-DLIEF_PYTHON_API=on \
|
||||
-DPYTHON_VERSION=3.6 \
|
||||
-DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \
|
||||
-DLIEF_DOC=off \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
..'"
|
||||
$SUDO_WWW make -j3 pyLIEF
|
||||
# FIXME: This does not work!
|
||||
cd $PATH_TO_MISP/app/files/scripts/lief
|
||||
$SUDO_WWW mkdir build
|
||||
cd build
|
||||
$SUDO_WWW scl enable devtoolset-7 rh-python36 "bash -c 'cmake3 \
|
||||
-DLIEF_PYTHON_API=on \
|
||||
-DPYTHON_VERSION=3.6 \
|
||||
-DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \
|
||||
-DLIEF_DOC=off \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
..'"
|
||||
$SUDO_WWW make -j3 pyLIEF
|
||||
|
||||
# In case you get "internal compiler error: Killed (program cc1plus)"
|
||||
# You ran out of memory.
|
||||
# Create some swap
|
||||
# sudo dd if=/dev/zero of=/var/swap.img bs=1024k count=4000
|
||||
# sudo mkswap /var/swap.img
|
||||
# sudo swapon /var/swap.img
|
||||
# And compile again
|
||||
# $SUDO_WWW make -j3 pyLIEF
|
||||
# In case you get "internal compiler error: Killed (program cc1plus)"
|
||||
# You ran out of memory.
|
||||
# Create some swap
|
||||
# sudo dd if=/dev/zero of=/var/swap.img bs=1024k count=4000
|
||||
# sudo mkswap /var/swap.img
|
||||
# sudo swapon /var/swap.img
|
||||
# And compile again
|
||||
# $SUDO_WWW make -j3 pyLIEF
|
||||
|
||||
# The following adds a PYTHONPATH to where the pyLIEF module has been compiled
|
||||
echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.6/site-packages/lief.pth
|
||||
# The following adds a PYTHONPATH to where the pyLIEF module has been compiled
|
||||
echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.6/site-packages/lief.pth
|
||||
|
||||
# install magic, pydeep
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
|
||||
# install magic, pydeep
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U .
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U .
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php72/sysconfig/php-fpm
|
||||
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php72-php-fpm.service
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php72/sysconfig/php-fpm
|
||||
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php72-php-fpm.service
|
||||
|
||||
umask $UMASK
|
||||
umask $UMASK
|
||||
|
||||
# Enable dependencies detection in the diagnostics page
|
||||
# This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
|
||||
# The LD_LIBRARY_PATH setting is needed for rh-git218 to work, one might think to install httpd24 and not just httpd ...
|
||||
echo "env[PATH] = /opt/rh/rh-git218/root/usr/bin:/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
echo "env[LD_LIBRARY_PATH] = /opt/rh/httpd24/root/usr/lib64/" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php72-php-fpm.service
|
||||
# Enable dependencies detection in the diagnostics page
|
||||
# This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
|
||||
# The LD_LIBRARY_PATH setting is needed for rh-git218 to work, one might think to install httpd24 and not just httpd ...
|
||||
echo "env[PATH] = /opt/rh/rh-git218/root/usr/bin:/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
echo "env[LD_LIBRARY_PATH] = /opt/rh/httpd24/root/usr/lib64/" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php72-php-fpm.service
|
||||
}
|
||||
# <snippet-end 1_mispCoreInstall_RHEL.sh>
|
||||
```
|
||||
|
||||
|
|
@ -331,7 +334,7 @@ installCake_RHEL ()
|
|||
sudo ln -s /etc/opt/rh/rh-php72/php-fpm.d/redis.ini /etc/opt/rh/rh-php72/php.d/99-redis.ini
|
||||
|
||||
# Install gnupg extension
|
||||
sudo yum install gpgme-devel
|
||||
sudo yum install gpgme-devel -y
|
||||
sudo scl enable rh-php72 'pecl install gnupg'
|
||||
echo "extension=gnupg.so" |sudo tee /etc/opt/rh/rh-php72/php-fpm.d/gnupg.ini
|
||||
sudo ln -s /etc/opt/rh/rh-php72/php-fpm.d/gnupg.ini /etc/opt/rh/rh-php72/php.d/99-gnupg.ini
|
||||
|
|
@ -484,7 +487,6 @@ apacheConfig_RHEL () {
|
|||
sudo systemctl restart httpd.service
|
||||
|
||||
# Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
sudo chcon -t usr_t $PATH_TO_MISP/venv
|
||||
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files
|
||||
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/terms
|
||||
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
|
@ -494,17 +496,12 @@ apacheConfig_RHEL () {
|
|||
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/mispzmq/mispzmq.py
|
||||
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/mispzmq/mispzmqtest.py
|
||||
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/lief/build/api/python/lief.so
|
||||
sudo chcon -t httpd_sys_script_exec_t /usr/bin/gpg
|
||||
sudo chcon -t httpd_sys_script_exec_t /usr/bin/gpg-agent
|
||||
sudo chcon -t httpd_sys_script_exec_t /usr/bin/whoami
|
||||
sudo chcon -t httpd_sys_rw_content_t /tmp
|
||||
sudo chcon -R -t usr_t $PATH_TO_MISP/venv
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.git
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.gnupg
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Lib
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/orgs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
|
||||
|
|
@ -644,6 +641,7 @@ EOF
|
|||
sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
sudo rm -f /tmp/gen-key-script
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/.gnupg
|
||||
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.gnupg
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ echo "<VirtualHost *:8001>
|
|||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/httpd/conf.d/misp-dashboard.conf
|
||||
|
||||
sudo semanage port -a -t http_port_t -p tcp 8001
|
||||
sudo systemctl restart httpd.service
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
|
|
|
|||
Loading…
Reference in New Issue