mirror of https://github.com/MISP/MISP
chg: [docs] Leveled both install docs, updated debian testing and verified working.
parent
af883df21b
commit
1d011ac9a9
|
@ -13,7 +13,7 @@
|
|||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_BASEURL='""'
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
|
@ -68,6 +68,8 @@ su -
|
|||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
||||
|
||||
#### Make sure your system is up2date
|
||||
|
@ -109,21 +111,50 @@ sudo postfix reload
|
|||
|
||||
```bash
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server vim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
curl gcc git gnupg-agent make openssl redis-server vim zip libyara-dev \
|
||||
python3-setuptools python3-dev python3-pip python3-yara python3-redis python3-zmq virtualenv \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-readline php-redis php7.0-mbstring php-pear python3 \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-mbstring php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.2-opcache php7.0-readline php-redis php-gnupg \
|
||||
libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
sudo apt install expect -y
|
||||
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
|
@ -131,10 +162,6 @@ sudo a2enmod ssl rewrite
|
|||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
|
@ -164,22 +191,28 @@ sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
|||
#### Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
#### Create a python3 virtualenv
|
||||
|
||||
sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
|
@ -188,7 +221,7 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
|
|||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
|
@ -206,6 +239,7 @@ sudo -u www-data php composer.phar install
|
|||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
@ -337,7 +371,7 @@ sudo systemctl restart apache2
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
|
@ -371,7 +405,6 @@ class DATABASE_CONFIG {
|
|||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
@ -572,23 +605,29 @@ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --h
|
|||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
## /!\ Check wtf is going on with yara.
|
||||
# Start misp-modules
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand yara
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
@ -611,6 +650,12 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
!!! warning
|
||||
If you have install a python virtualenv to the recommended place of */var/www/MISP/venv* set the following MISP configurable
|
||||
```bash
|
||||
sudo $CAKE Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||
```
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
@ -623,16 +668,39 @@ echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
|||
|
||||
### Optional features
|
||||
-------------------
|
||||
```bash
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
!!! note
|
||||
You can add the following to your shell startup rc scripts to have the *cake* and *viper-cli* commands in your $PATH
|
||||
```bash
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
PATH="$PATH:/usr/local/src/viper"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
PATH="$PATH:/var/www/MISP/app/Console"
|
||||
fi
|
||||
fi
|
||||
```
|
||||
|
||||
#### Experimental ssdeep correlations¶
|
||||
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
||||
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
@ -640,10 +708,15 @@ fi
|
|||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo apt install python3-redis -y
|
||||
|
||||
## install pyzmq
|
||||
# install pyzmq
|
||||
sudo apt install python3-zmq -y
|
||||
```
|
||||
|
||||
In case you are using a virtualenv make sure pyzmq is installed therein.
|
||||
```bash
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
|
@ -656,7 +729,7 @@ sudo /var/www/misp-dashboard/install_dependencies.sh
|
|||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
|
@ -697,7 +770,10 @@ echo "<VirtualHost *:8001>
|
|||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
|
@ -719,23 +795,30 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|||
```
|
||||
|
||||
|
||||
#### Install viper framework
|
||||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git submodule update --init --recursive
|
||||
sudo pip3 install -r requirements.txt
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
./venv/bin/pip uninstall yara -y
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
#### Install mail to misp
|
||||
|
@ -743,19 +826,20 @@ sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$i
|
|||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
||||
|
|
|
@ -9,13 +9,17 @@
|
|||
uses for testing, qc and random development.
|
||||
Maintained and tested by @SteveClement on 20181023
|
||||
|
||||
!!! warning
|
||||
PHP 7.3.0RC2 is not working at the moment. Please us 7.2<br />
|
||||
**php-gnupg** and **php-redis** pull in PHP 7.3 thus they are installed with **pecl**
|
||||
|
||||
#### MISP configuration variables
|
||||
|
||||
```bash
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_BASEURL='""'
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
|
@ -70,6 +74,8 @@ su -
|
|||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
||||
|
||||
#### Make sure your system is up2date
|
||||
|
@ -111,21 +117,50 @@ sudo postfix reload
|
|||
|
||||
```bash
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev \
|
||||
python3-setuptools python3-dev python3-pip python3-yara python3-redis python3-zmq virtualenv \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php-pear php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \
|
||||
libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
sudo apt install expect -y
|
||||
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
|
@ -133,13 +168,6 @@ sudo a2enmod ssl rewrite
|
|||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
sudo pecl channel-update pecl.php.net
|
||||
sudo pecl install redis
|
||||
echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
|
@ -169,19 +197,28 @@ sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
|||
#### Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
#### Create a python3 virtualenv
|
||||
|
||||
sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
|
@ -190,13 +227,17 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
|
|||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
#### CakePHP is included as a submodule of MISP.
|
||||
|
||||
!!! warning
|
||||
PHP Warning: PHP Startup: Unable to load dynamic library 'redis.so' (tried: /usr/lib/php/20170718/redis.so (/usr/lib/php/20170718/redis.so: cannot open shared object file: No such file or directory), /usr/lib/php/20170718/redis.so.so (/usr/lib/php/20170718/redis.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0<br />
|
||||
This probably means you installed the package **php-redis** which pulls in PHP-7.3 which is not working yet. Please install with **pecl**
|
||||
|
||||
```bash
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
|
@ -206,8 +247,9 @@ sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
|||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
## /!\ This will only be possible once PHP 7.3 works with composer
|
||||
### Enable CakeResque with php-redis
|
||||
##sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
@ -319,6 +361,19 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pecl channel-update pecl.php.net
|
||||
yes no |sudo pecl install redis
|
||||
# gnupg dependency
|
||||
sudo apt-get install libgpgme11-dev
|
||||
sudo pecl install gnupg
|
||||
|
||||
echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
|
||||
echo "extension=gnupg.so" | sudo tee /etc/php/7.2/mods-available/gnupg.ini
|
||||
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/php/7.2/apache2/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
|
@ -340,7 +395,7 @@ sudo systemctl restart apache2
|
|||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
|
@ -373,8 +428,8 @@ class DATABASE_CONFIG {
|
|||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
@ -575,23 +630,29 @@ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --h
|
|||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
## /!\ Check wtf is going on with yara.
|
||||
# Start misp-modules
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand yara
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
@ -614,6 +675,12 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
!!! warning
|
||||
If you have install a python virtualenv to the recommended place of */var/www/MISP/venv* set the following MISP configurable
|
||||
```bash
|
||||
sudo $CAKE Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||
```
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
@ -626,16 +693,39 @@ echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
|||
|
||||
### Optional features
|
||||
-------------------
|
||||
```bash
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
!!! note
|
||||
You can add the following to your shell startup rc scripts to have the *cake* and *viper-cli* commands in your $PATH
|
||||
```bash
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
PATH="$PATH:/usr/local/src/viper"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
PATH="$PATH:/var/www/MISP/app/Console"
|
||||
fi
|
||||
fi
|
||||
```
|
||||
|
||||
#### Experimental ssdeep correlations¶
|
||||
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
||||
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
@ -643,10 +733,15 @@ fi
|
|||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo apt install python3-redis -y
|
||||
|
||||
## install pyzmq
|
||||
# install pyzmq
|
||||
sudo apt install python3-zmq -y
|
||||
```
|
||||
|
||||
In case you are using a virtualenv make sure pyzmq is installed therein.
|
||||
```bash
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
|
@ -659,7 +754,7 @@ sudo /var/www/misp-dashboard/install_dependencies.sh
|
|||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
|
@ -702,6 +797,8 @@ echo "<VirtualHost *:8001>
|
|||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
|
@ -723,23 +820,30 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|||
```
|
||||
|
||||
|
||||
#### Install viper framework
|
||||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git submodule update --init --recursive
|
||||
sudo pip3 install -r requirements.txt
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
./venv/bin/pip uninstall yara -y
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
#### Install mail to misp
|
||||
|
@ -747,19 +851,20 @@ sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$i
|
|||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue