mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final
commit
2a5112cc1e
|
@ -164,7 +164,6 @@ script:
|
|||
- git submodule update
|
||||
- pipenv install -d
|
||||
- pipenv run python tests/testlive_comprehensive.py
|
||||
- pipenv run python tests/test.py
|
||||
- pipenv run python tests/test_mispevent.py
|
||||
- popd
|
||||
- cp PyMISP/tests/keys.py PyMISP/examples/events/
|
||||
|
|
|
@ -148,9 +148,9 @@ MISPvars () {
|
|||
|
||||
# sudo config to run $LUSER commands
|
||||
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER} -g staff"
|
||||
else
|
||||
SUDO_USER="sudo -H -u ${MISP_USER}"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
||||
fi
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
|
||||
|
@ -544,12 +544,12 @@ checkID () {
|
|||
sudo adduser $MISP_USER $WWW_USER
|
||||
fi
|
||||
|
||||
# FIXME: the below SUDO_USER check is a duplicate from global variables, try to have just one check
|
||||
# FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check
|
||||
# sudo config to run $LUSER commands
|
||||
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER} -g staff"
|
||||
else
|
||||
SUDO_USER="sudo -H -u ${MISP_USER}"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
||||
fi
|
||||
|
||||
}
|
||||
|
@ -953,7 +953,8 @@ composer73 () {
|
|||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
|
||||
SHA384_SUM="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
|
@ -1008,11 +1009,12 @@ nuke () {
|
|||
# Final function to let the user know what happened
|
||||
theEnd () {
|
||||
space
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_USER tee /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_USER tee -a /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" |$SUDO_USER tee -a /home/${MISP_USER}/MISP-authkey.txt
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
# Commenting out, see: https://github.com/MISP/MISP/issues/5368
|
||||
# clear -x
|
||||
space
|
||||
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
||||
echo
|
||||
|
@ -1607,7 +1609,7 @@ mispmodules () {
|
|||
cd /usr/local/src/
|
||||
## TODO: checkUsrLocalSrc in main doc
|
||||
debug "Cloning misp-modules"
|
||||
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
|
||||
$SUDO_CMD git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# some misp-modules dependencies
|
||||
sudo apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y
|
||||
|
@ -1762,39 +1764,39 @@ mail2misp () {
|
|||
debug "Installing Mail2${LBLUE}MISP${NC}"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
|
||||
$SUDO_USER git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
$SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_CMD git clone git://github.com/stricaud/faup.git faup
|
||||
$SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
|
||||
cd gtcaca
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
cd ../../faup
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_CMD virtualenv -p python3 venv
|
||||
$SUDO_CMD ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_CMD ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
}
|
||||
|
||||
ssdeep () {
|
||||
debug "Install ssdeep 2.14.1"
|
||||
cd /usr/local/src
|
||||
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
|
||||
$SUDO_CMD wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_CMD tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_USER make
|
||||
$SUDO_CMD ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_CMD make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
|
@ -1822,25 +1824,25 @@ viper () {
|
|||
fi
|
||||
fi
|
||||
echo "Cloning Viper"
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper.git
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper-web.git
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper.git
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper-web.git
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper-web
|
||||
cd viper
|
||||
echo "Creating virtualenv"
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_CMD virtualenv -p python3 venv
|
||||
echo "Submodule update"
|
||||
# TODO: Check for current user install permissions
|
||||
$SUDO_USER git submodule update --init --recursive
|
||||
$SUDO_CMD git submodule update --init --recursive
|
||||
echo "pip install deps"
|
||||
$SUDO_USER ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install .
|
||||
$SUDO_CMD ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_CMD ./venv/bin/pip install .
|
||||
echo 'update-modules' |/usr/local/src/viper/venv/bin/viper
|
||||
cd /usr/local/src/viper-web
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
$SUDO_USER /usr/local/src/viper/venv/bin/pip install -r requirements.txt
|
||||
$SUDO_CMD sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
$SUDO_CMD /usr/local/src/viper/venv/bin/pip install -r requirements.txt
|
||||
echo "Launching viper-web"
|
||||
$SUDO_USER /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 &
|
||||
$SUDO_CMD /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/home/misp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
|
||||
|
@ -1852,8 +1854,8 @@ viper () {
|
|||
fi
|
||||
|
||||
echo "Setting misp_url/misp_key"
|
||||
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_CMD sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_CMD sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
echo "Fixing admin.db with default password"
|
||||
VIPER_COUNT=0
|
||||
|
@ -2004,7 +2006,7 @@ installSupported () {
|
|||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
# TODO: Work on possibility to install as user X and install MISP for user Y
|
||||
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
||||
# TODO: Check if logout needed. (run SUDO_CMD in installer)
|
||||
# <snippet-begin add-user.sh>
|
||||
# TODO: Double check how to properly handle postfix
|
||||
# <snippet-begin postfix.sh>
|
||||
|
|
|
@ -1 +1 @@
|
|||
5bb0ceb0ab45af769c8a3b044f9a494e8733b1cb INSTALL.sh
|
||||
966b18b8623bd83c9235c8a210d741db25a937d7 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
9402bcf66dd2c8a82b8871c5c414a5710d5faa0b1ad40bb0edec57a8883f52f7 INSTALL.sh
|
||||
61c7f3242e7eeae16ac3cf65b60eb893c642f90f8b819be0670d25407ffd8b79 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
616975d3ec3ca34c590570f272ac244535ececcf535b66aa765b4e36c68e78649e65e5d719977d18b6d69ff59f709cc0 INSTALL.sh
|
||||
41d7749f890bb150d3914bae0a986609073b1b7403cb561cd662957c529fc3bf382f7d7a7692e8fe1525cdc49d7b1cad INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
5baa423f8306b0b2e16fc91380e1e551550f31ed013a38233b049040aab81579bad4e3c81203c0ec324bc17010bc1063e1d67bddf45a922ec7cec3a551aa49ee INSTALL.sh
|
||||
f7fd098037a4b57a4b37a254ca4ddc80e418cab557518d4de73ef1ae4e382195729f71919510199e48e5e92af522f8d9bfe7c03ed6ad4423534c75a9016ef40f INSTALL.sh
|
||||
|
|
|
@ -220,7 +220,7 @@ installSupported () {
|
|||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
# TODO: Work on possibility to install as user X and install MISP for user Y
|
||||
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
||||
# TODO: Check if logout needed. (run SUDO_CMD in installer)
|
||||
# <snippet-begin add-user.sh>
|
||||
# TODO: Double check how to properly handle postfix
|
||||
# <snippet-begin postfix.sh>
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 218 KiB |
Binary file not shown.
After Width: | Height: | Size: 160 KiB |
Binary file not shown.
After Width: | Height: | Size: 248 KiB |
Binary file not shown.
After Width: | Height: | Size: 215 KiB |
2
PyMISP
2
PyMISP
|
@ -1 +1 @@
|
|||
Subproject commit fac748dd4c63c9eef4056c5fc5201e811a97be10
|
||||
Subproject commit 2e7215bbec6c2fa1d527e09be99d4280fdda3fd1
|
|
@ -1188,6 +1188,9 @@ class AppController extends Controller
|
|||
if ($returnFormat === 'download') {
|
||||
$returnFormat = 'json';
|
||||
}
|
||||
if ($returnFormat === 'stix' && $this->_isJson()) {
|
||||
$returnFormat = 'stix-json';
|
||||
}
|
||||
$elementCounter = 0;
|
||||
$renderView = false;
|
||||
$final = $this->$scope->restSearch($user, $returnFormat, $filters, false, false, $elementCounter, $renderView);
|
||||
|
|
|
@ -1098,6 +1098,9 @@ class AttributesController extends AppController
|
|||
$event['Event']['timestamp'] = $date->getTimestamp();
|
||||
$event['Event']['published'] = 0;
|
||||
$this->Attribute->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
|
||||
if ($attribute['Attribute']['object_id'] != 0) {
|
||||
$this->Attribute->Object->updateTimestamp($attribute['Attribute']['object_id'], $date->getTimestamp());
|
||||
}
|
||||
$this->autoRender = false;
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Field updated.', 'check_publish' => true)), 'status'=>200, 'type' => 'json'));
|
||||
} else {
|
||||
|
@ -2948,6 +2951,9 @@ class AttributesController extends AppController
|
|||
$event['Event']['timestamp'] = $date->getTimestamp();
|
||||
$result = $this->Attribute->Event->save($event);
|
||||
$attribute['Attribute']['timestamp'] = $date->getTimestamp();
|
||||
if ($attribute['Attribute']['object_id'] != 0) {
|
||||
$this->Attribute->Object->updateTimestamp($attribute['Attribute']['object_id'], $date->getTimestamp());
|
||||
}
|
||||
$this->Attribute->save($attribute);
|
||||
}
|
||||
$log = ClassRegistry::init('Log');
|
||||
|
@ -3094,6 +3100,9 @@ class AttributesController extends AppController
|
|||
$date = new DateTime();
|
||||
$event['Event']['timestamp'] = $date->getTimestamp();
|
||||
$this->Attribute->Event->save($event);
|
||||
if ($this->Attribute->data['Attribute']['object_id'] != 0) {
|
||||
$this->Attribute->Object->updateTimestamp($this->Attribute->data['Attribute']['object_id'], $date->getTimestamp());
|
||||
}
|
||||
$this->Attribute->data['Attribute']['timestamp'] = $date->getTimestamp();
|
||||
$this->Attribute->save($this->Attribute->data);
|
||||
}
|
||||
|
|
|
@ -1309,7 +1309,7 @@ class EventsController extends AppController
|
|||
foreach ($event['Object'] as $k => $object) {
|
||||
if (!empty($object['Attribute'])) {
|
||||
foreach ($object['Attribute'] as $attribute) {
|
||||
if ($oldest_timestamp == false || $oldest_timestamp < $attribute['timestamp']) {
|
||||
if ($oldest_timestamp == false || $oldest_timestamp > $attribute['timestamp']) {
|
||||
$oldest_timestamp = $attribute['timestamp'];
|
||||
}
|
||||
}
|
||||
|
@ -1407,7 +1407,7 @@ class EventsController extends AppController
|
|||
$startDate = null;
|
||||
$modificationMap = array();
|
||||
foreach ($event['Attribute'] as $k => $attribute) {
|
||||
if ($oldest_timestamp == false || $oldest_timestamp < $attribute['timestamp']) {
|
||||
if ($oldest_timestamp == false || $oldest_timestamp > $attribute['timestamp']) {
|
||||
$oldest_timestamp = $attribute['timestamp'];
|
||||
}
|
||||
if ($startDate === null || $attribute['timestamp'] < $startDate) {
|
||||
|
@ -2147,7 +2147,6 @@ class EventsController extends AppController
|
|||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
$original_file = !empty($this->data['Event']['original_file']) ? $this->data['Event']['stix']['name'] : '';
|
||||
if ($this->_isRest()) {
|
||||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
|
||||
|
@ -2158,8 +2157,8 @@ class EventsController extends AppController
|
|||
$this->Auth->user(),
|
||||
$randomFileName,
|
||||
$stix_version,
|
||||
$original_file,
|
||||
$this->data['Event']['publish']
|
||||
'uploaded_stix_file.' . ($stix_version == '1' ? 'xml' : 'json'),
|
||||
false
|
||||
);
|
||||
if (is_array($result)) {
|
||||
return $this->RestResponse->saveSuccessResponse('Events', 'upload_stix', false, $this->response->type(), 'STIX document imported, event\'s created: ' . implode(', ', $result) . '.');
|
||||
|
@ -2174,6 +2173,7 @@ class EventsController extends AppController
|
|||
return $this->RestResponse->saveFailResponse('Events', 'upload_stix', false, $result, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
$original_file = !empty($this->data['Event']['original_file']) ? $this->data['Event']['stix']['name'] : '';
|
||||
if (isset($this->data['Event']['stix']) && $this->data['Event']['stix']['size'] > 0 && is_uploaded_file($this->data['Event']['stix']['tmp_name'])) {
|
||||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
|
||||
|
@ -4868,7 +4868,7 @@ class EventsController extends AppController
|
|||
$options = array();
|
||||
foreach ($enabledModules['modules'] as $temp) {
|
||||
if ($temp['name'] == $module) {
|
||||
$format = (isset($temp['mispattributes']['format']) ? $temp['mispattributes']['format'] : 'simplified');
|
||||
$format = (!empty($temp['mispattributes']['format']) ? $temp['mispattributes']['format'] : 'simplified');
|
||||
if (isset($temp['meta']['config'])) {
|
||||
foreach ($temp['meta']['config'] as $conf) {
|
||||
$options[$conf] = Configure::read('Plugin.' . $type . '_' . $module . '_' . $conf);
|
||||
|
@ -5132,7 +5132,7 @@ class EventsController extends AppController
|
|||
throw new Exception($result);
|
||||
}
|
||||
$importComment = !empty($result['comment']) ? $result['comment'] : 'Enriched via the ' . $module['name'] . ' module';
|
||||
if (isset($module['mispattributes']['format']) && $module['mispattributes']['format'] === 'misp_standard') {
|
||||
if (!empty($module['mispattributes']['format']) && $module['mispattributes']['format'] === 'misp_standard') {
|
||||
$event = $this->Event->handleMispFormatFromModuleResult($result);
|
||||
$event['Event'] = array('id' => $eventId);
|
||||
if ($this->_isRest()) {
|
||||
|
|
|
@ -416,7 +416,7 @@ class LogsController extends AppController
|
|||
$this->set('actions', $actions);
|
||||
|
||||
// combobox for models
|
||||
$models = array('Attribute', 'Event', 'EventBlacklist', 'EventTag', 'DecayingModel', 'MispObject', 'Organisation', 'Post', 'Regexp', 'Role', 'Server', 'ShadowAttribute', 'SharingGroup', 'Tag', 'Task', 'Taxonomy', 'Template', 'Thread', 'User', 'Whitelist');
|
||||
$models = array('Attribute', 'Event', 'EventBlacklist', 'EventTag', 'Feed', 'DecayingModel', 'MispObject', 'Organisation', 'Post', 'Regexp', 'Role', 'Server', 'ShadowAttribute', 'SharingGroup', 'Tag', 'Task', 'Taxonomy', 'Template', 'Thread', 'User', 'Whitelist');
|
||||
$models = array('' => 'ALL') + $this->_arrayToValuesIndexArray($models);
|
||||
$this->set('models', $models);
|
||||
$this->set('actionDefinitions', $this->{$this->defaultModel}->actionDefinitions);
|
||||
|
|
|
@ -93,7 +93,7 @@ class Attribute extends AppModel
|
|||
),
|
||||
'Artifacts dropped' => array(
|
||||
'desc' => __('Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system'),
|
||||
'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy','filename|pehash', 'regkey', 'regkey|value', 'pattern-in-file', 'pattern-in-memory','pdb', 'stix2-pattern', 'yara', 'sigma', 'attachment', 'malware-sample', 'named pipe', 'mutex', 'windows-scheduled-task', 'windows-service-name', 'windows-service-displayname', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'cookie', 'gene', 'mime-type', 'anonymised')
|
||||
'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy', 'authentihash', 'cdhash', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|impfuzzy','filename|pehash', 'regkey', 'regkey|value', 'pattern-in-file', 'pattern-in-memory','pdb', 'stix2-pattern', 'yara', 'sigma', 'attachment', 'malware-sample', 'named pipe', 'mutex', 'windows-scheduled-task', 'windows-service-name', 'windows-service-displayname', 'comment', 'text', 'hex', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'other', 'cookie', 'gene', 'kusto-query', 'mime-type', 'anonymised')
|
||||
),
|
||||
'Payload installation' => array(
|
||||
'desc' => __('Info on where the malware gets installed in the system'),
|
||||
|
@ -191,6 +191,7 @@ class Attribute extends AppModel
|
|||
'stix2-pattern' => array('desc' => __('STIX 2 pattern'), 'default_category' => 'Payload installation', 'to_ids' => 1),
|
||||
'sigma' => array('desc' => __('Sigma - Generic Signature Format for SIEM Systems'), 'default_category' => 'Payload installation', 'to_ids' => 1),
|
||||
'gene' => array('desc' => __('GENE - Go Evtx sigNature Engine'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0),
|
||||
'kusto-query' => array('desc' => __('Kusto query - Kusto from Microsoft Azure is a service for storing and running interactive analytics over Big Data.'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0),
|
||||
'mime-type' => array('desc' => __('A media type (also MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet'), 'default_category' => 'Artifacts dropped', 'to_ids' => 0),
|
||||
'identity-card-number' => array('desc' => __('Identity card number'), 'default_category' => 'Person', 'to_ids' => 0),
|
||||
'cookie' => array('desc' => __('HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie.'), 'default_category' => 'Network activity', 'to_ids' => 0),
|
||||
|
@ -1306,6 +1307,7 @@ class Attribute extends AppModel
|
|||
case 'stix2-pattern':
|
||||
case 'sigma':
|
||||
case 'gene':
|
||||
case 'kusto-query':
|
||||
case 'mime-type':
|
||||
case 'identity-card-number':
|
||||
case 'cookie':
|
||||
|
@ -4078,7 +4080,8 @@ class Attribute extends AppModel
|
|||
if (isset($attribute['uuid'])) {
|
||||
$existingAttribute = $this->find('first', array(
|
||||
'conditions' => array('Attribute.uuid' => $attribute['uuid']),
|
||||
'recursive' => -1
|
||||
'contain' => array('AttributeTag' => 'Tag'),
|
||||
'recursive' => -1,
|
||||
));
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
if (count($existingAttribute)) {
|
||||
|
@ -4191,28 +4194,36 @@ class Attribute extends AppModel
|
|||
));
|
||||
return $this->validationErrors;
|
||||
} else {
|
||||
if (isset($attribute['Tag']) && $user['Role']['perm_tagger']) {
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag_id = $this->AttributeTag->Tag->captureTag($tag, $user);
|
||||
if ($tag_id) {
|
||||
// fix the IDs here
|
||||
$this->AttributeTag->attachTagToAttribute($this->id, $attribute['event_id'], $tag_id);
|
||||
} else {
|
||||
// If we couldn't attach the tag it is most likely because we couldn't create it - which could have many reasons
|
||||
// However, if a tag couldn't be added, it could also be that the user is a tagger but not a tag editor
|
||||
// In which case if no matching tag is found, no tag ID is returned. Logging these is pointless as it is the correct behaviour.
|
||||
if ($user['Role']['perm_tag_editor']) {
|
||||
$this->Log->create();
|
||||
$this->Log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'Attrubute',
|
||||
'model_id' => $this->id,
|
||||
'email' => $user['email'],
|
||||
'action' => 'edit',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Failed create or attach Tag ' . $tag['name'] . ' to the attribute.',
|
||||
'change' => ''
|
||||
));
|
||||
if ($user['Role']['perm_tagger']) {
|
||||
/*
|
||||
We should uncomment the line below in the future once we have tag soft-delete
|
||||
A solution to still keep the behavior for previous instance could be to not soft-delete the Tag if the remote instance
|
||||
has a version below x
|
||||
*/
|
||||
// $this->AttributeTag->pruneOutdatedAttributeTagsFromSync(isset($attribute['Tag']) ? $attribute['Tag'] : array(), $existingAttribute['AttributeTag']);
|
||||
if (isset($attribute['Tag'])) {
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag_id = $this->AttributeTag->Tag->captureTag($tag, $user);
|
||||
if ($tag_id) {
|
||||
// fix the IDs here
|
||||
$this->AttributeTag->attachTagToAttribute($this->id, $attribute['event_id'], $tag_id);
|
||||
} else {
|
||||
// If we couldn't attach the tag it is most likely because we couldn't create it - which could have many reasons
|
||||
// However, if a tag couldn't be added, it could also be that the user is a tagger but not a tag editor
|
||||
// In which case if no matching tag is found, no tag ID is returned. Logging these is pointless as it is the correct behaviour.
|
||||
if ($user['Role']['perm_tag_editor']) {
|
||||
$this->Log->create();
|
||||
$this->Log->save(array(
|
||||
'org' => $user['Organisation']['name'],
|
||||
'model' => 'Attrubute',
|
||||
'model_id' => $this->id,
|
||||
'email' => $user['email'],
|
||||
'action' => 'edit',
|
||||
'user_id' => $user['id'],
|
||||
'title' => 'Failed create or attach Tag ' . $tag['name'] . ' to the attribute.',
|
||||
'change' => ''
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -103,6 +103,22 @@ class AttributeTag extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
// This function help mirroring the tags at attribute level. It will delete tags that are not present on the remote attribute
|
||||
public function pruneOutdatedAttributeTagsFromSync($newerTags, $originalAttributeTags)
|
||||
{
|
||||
$newerTagsName = array();
|
||||
foreach ($newerTags as $tag) {
|
||||
$newerTagsName[] = strtolower($tag['name']);
|
||||
}
|
||||
foreach ($originalAttributeTags as $k => $attributeTag) {
|
||||
if (!$attributeTag['local']) { //
|
||||
if (!in_array(strtolower($attributeTag['Tag']['name']), $newerTagsName)) {
|
||||
$this->softDelete($attributeTag['id']);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function countForTag($tag_id, $user)
|
||||
{
|
||||
return $this->find('count', array(
|
||||
|
|
|
@ -5276,11 +5276,26 @@ class Event extends AppModel
|
|||
|
||||
private function __fillAttribute($attribute, $defaultDistribution)
|
||||
{
|
||||
if (!isset($attribute['category'])) {
|
||||
$attribute['category'] = $this->Event->Attribute->typeDefinitions[$attribute['type']]['default_category'];
|
||||
if (is_array($attribute['type'])) {
|
||||
$attribute_type = $attribute['type'][0];
|
||||
if (empty($attribute['category'])) {
|
||||
$categories = array();
|
||||
foreach ($attribute['type'] as $type) {
|
||||
$category = $this->Attribute->typeDefinitions[$type]['default_category'];
|
||||
if (!in_array($category, $categories)) {
|
||||
$categories[] = $category;
|
||||
}
|
||||
}
|
||||
$attribute['category'] = count($categories) === 1 ? $categories[0] : $categories;
|
||||
}
|
||||
} else {
|
||||
$attribute_type = $attribute['type'];
|
||||
if (empty($attribute['category'])) {
|
||||
$attribute['category'] = $this->Attribute->typedefinitions[$attribute_type]['default_category'];
|
||||
}
|
||||
}
|
||||
if (!isset($attribute['to_ids'])) {
|
||||
$attribute['to_ids'] = $this->Event->Attribute->typeDefinitions[$attribute['type']]['to_ids'];
|
||||
$attribute['to_ids'] = $this->Attribute->typeDefinitions[$attribute_type]['to_ids'];
|
||||
}
|
||||
$attribute['value'] = $this->Attribute->runRegexp($attribute['type'], $attribute['value']);
|
||||
$attribute['distribution'] = (isset($attribute['distribution']) ? (int)$attribute['distribution'] : $defaultDistribution);
|
||||
|
|
|
@ -865,8 +865,6 @@ class MispObject extends AppModel
|
|||
'change' => 'Validation errors: ' . json_encode($this->validationErrors) . ' Full Object: ' . json_encode($attribute),
|
||||
));
|
||||
return $this->validationErrors;
|
||||
} else {
|
||||
$this->Event->unpublishEvent($eventId);
|
||||
}
|
||||
if (!empty($object['Attribute'])) {
|
||||
foreach ($object['Attribute'] as $attribute) {
|
||||
|
@ -876,14 +874,14 @@ class MispObject extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
public function updateTimestamp($id)
|
||||
public function updateTimestamp($id, $timestamp = false)
|
||||
{
|
||||
$date = new DateTime();
|
||||
$object = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => array('Object.id' => $id)
|
||||
));
|
||||
$object['Object']['timestamp'] = $date->getTimestamp();
|
||||
$object['Object']['timestamp'] = $timestamp == false ? $date->getTimestamp() : $timestamp;
|
||||
$object['Object']['skip_zmq'] = 1;
|
||||
$object['Object']['skip_kafka'] = 1;
|
||||
$result = $this->save($object);
|
||||
|
|
|
@ -4594,7 +4594,7 @@ class Server extends AppModel
|
|||
if ($colElementDiff == 'column_default') {
|
||||
$expectedValue = $column['column_default'];
|
||||
$actualValue = $keyedActualColumn[$columnName]['column_default'];
|
||||
if (preg_match(sprintf('/(\'|")+%s(\1)+/', $expectedValue), $actualValue)) { // some version of mysql quote the default value
|
||||
if (preg_match(sprintf('@(\'|")+%s(\1)+@', $expectedValue), $actualValue) || (empty($expectedValue) && $actualValue === 'NULL')) { // some version of mysql quote the default value
|
||||
continue;
|
||||
} else {
|
||||
$isCritical = true;
|
||||
|
|
|
@ -10,9 +10,25 @@
|
|||
* - postLinkConfirm: As the user to confirm the POST before submission with the given message
|
||||
* - onClick: custom onClick action instead of a simple GET/POST request
|
||||
* - icon: FA icon (added using the helper, knowing the fa domain is not needed, just add the short name such as "edit")
|
||||
*/
|
||||
* - requirement evaluates to true/false
|
||||
* - complex_requirement - add complex requirements via lambda functions:
|
||||
* - function($row, $options): the lambda function. $row contain the row data
|
||||
* - options: array of options. datapaths described in the datapath keyname will be extracted and replaced with the actual row value
|
||||
*/
|
||||
echo '<td class="short action-links">';
|
||||
foreach ($actions as $action) {
|
||||
if (isset($action['complex_requirement'])) {
|
||||
if (isset($action['complex_requirement']['options']['datapath'])) {
|
||||
foreach ($action['complex_requirement']['options']['datapath'] as $name => $path) {
|
||||
$action['complex_requirement']['options']['datapath'][$name] = Hash::extract($row, $path)[0];
|
||||
}
|
||||
}
|
||||
$options = isset($action['complex_requirement']['options']) ? $action['complex_requirement']['options'] : array();
|
||||
$requirementMet = $action['complex_requirement']['function']($row, $options);
|
||||
if (!$requirementMet) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
$url_param_data_paths = '';
|
||||
$url = empty($action['url']) ? '#' : h($action['url']);
|
||||
if (!empty($action['url_params_data_paths'])) {
|
||||
|
|
|
@ -297,7 +297,7 @@
|
|||
if (is_array($attribute[$field])) {
|
||||
echo '<td class="short" style="width:40px;text-align:center;"><select ' . $field_header . 'Select" style="padding:0px;height:20px;margin-bottom:0px;">';
|
||||
foreach ($attribute[$field] as $v => $value) {
|
||||
echo '<option value="' . h($value) . '" ' . ($v ? '' : 'selected="selected"') . '>' . h($value) . '</option>';
|
||||
echo '<option value="' . h($value) . '">' . h($value) . '</option>';
|
||||
}
|
||||
echo '</select></td>';
|
||||
} else {
|
||||
|
|
|
@ -67,11 +67,12 @@ App::uses('AppHelper', 'View/Helper');
|
|||
if (!is_numeric($data) && ($trigger == 'event' || $trigger == 'thread')) {
|
||||
$replacement = '%MALFORMED URL%';
|
||||
} else {
|
||||
$url = str_replace('$1', $data, $this->__replacement[$trigger]['url']);
|
||||
if (filter_var(str_replace('$1', $data, $this->__replacement[$trigger]['url']), FILTER_VALIDATE_URL)) {
|
||||
if (substr($data, 0, 7) === 'http://' || substr($data, 0, 8) === 'https://') {
|
||||
if (substr($url, 0, 7) === 'http://' || substr($url, 0, 8) === 'https://') {
|
||||
$replacement = $this->Html->link(
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
|
||||
$url
|
||||
);
|
||||
} else {
|
||||
$replacement = '%MALFORMED URL%';
|
||||
|
|
|
@ -404,39 +404,6 @@
|
|||
"hide_tag": false
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "24",
|
||||
"name": "booterblacklist.com Latest",
|
||||
"provider": "booterblacklist.com",
|
||||
"url": "http://booterblacklist.com/data/booterlist_latest.txt",
|
||||
"rules": "",
|
||||
"enabled": true,
|
||||
"distribution": "0",
|
||||
"sharing_group_id": "0",
|
||||
"tag_id": "615",
|
||||
"default": false,
|
||||
"source_format": "freetext",
|
||||
"fixed_event": true,
|
||||
"delta_merge": true,
|
||||
"event_id": "6230",
|
||||
"publish": true,
|
||||
"override_ids": false,
|
||||
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
|
||||
"input_source": "network",
|
||||
"delete_local_file": false,
|
||||
"lookup_visible": false,
|
||||
"cache_timestamp": "1495871995"
|
||||
},
|
||||
"Tag": {
|
||||
"id": "615",
|
||||
"name": "osint:source-type=\"block-or-filter-list\"",
|
||||
"colour": "#004f89",
|
||||
"exportable": true,
|
||||
"org_id": "0",
|
||||
"hide_tag": false
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "27",
|
||||
|
@ -470,31 +437,6 @@
|
|||
"hide_tag": false
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "29",
|
||||
"name": "Ransomware Tracker CSV Feed",
|
||||
"provider": "Ransomware Tracker abuse.ch",
|
||||
"url": "https://ransomwaretracker.abuse.ch/feeds/csv/",
|
||||
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
|
||||
"enabled": true,
|
||||
"distribution": "0",
|
||||
"sharing_group_id": "0",
|
||||
"tag_id": "0",
|
||||
"default": false,
|
||||
"source_format": "csv",
|
||||
"fixed_event": true,
|
||||
"delta_merge": false,
|
||||
"event_id": "0",
|
||||
"publish": false,
|
||||
"override_ids": false,
|
||||
"settings": "{\"csv\":{\"value\":\"4,5,8\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
|
||||
"input_source": "network",
|
||||
"delete_local_file": false,
|
||||
"lookup_visible": true,
|
||||
"cache_timestamp": "1495872683"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "30",
|
||||
|
@ -1166,31 +1108,6 @@
|
|||
"cache_timestamp": "1514750889"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "61",
|
||||
"name": "conficker all domains generated",
|
||||
"provider": "cert.at",
|
||||
"url": "https://www.cert.at/static/downloads/data/conficker/all_domains.txt",
|
||||
"rules": "",
|
||||
"enabled": true,
|
||||
"distribution": "3",
|
||||
"sharing_group_id": "0",
|
||||
"tag_id": "0",
|
||||
"default": false,
|
||||
"source_format": "csv",
|
||||
"fixed_event": false,
|
||||
"delta_merge": false,
|
||||
"event_id": "0",
|
||||
"publish": false,
|
||||
"override_ids": false,
|
||||
"settings": "{\"csv\":{\"value\":\"1\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
|
||||
"input_source": "network",
|
||||
"delete_local_file": false,
|
||||
"lookup_visible": true,
|
||||
"cache_timestamp": "1514750904"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Feed": {
|
||||
"id": "64",
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 0bf4d8bafc71f44cd65c7ad291bc0b4270dcecb8
|
||||
Subproject commit f1b974790f0969fab4251046f292eedc59a272ca
|
|
@ -1 +1 @@
|
|||
Subproject commit 47e0d00555aef510fcac854f7d5d2fa18f502adb
|
||||
Subproject commit 5da0c7bd545ee93cf40786c1c535b9d4897943b1
|
|
@ -1 +1 @@
|
|||
Subproject commit 6179f6bb4adb02c99c9a0b133d2b0756758d0585
|
||||
Subproject commit d5cc5db3d736e5acede93d514070636834f385d4
|
|
@ -1 +1 @@
|
|||
Subproject commit 260171d89b494f4e8c84fa80ac263d296b43a2f9
|
||||
Subproject commit eee124de3401f9f957bb30a5a4989d422324eca8
|
|
@ -317,8 +317,9 @@ installCake_RHEL ()
|
|||
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.composer
|
||||
cd $PATH_TO_MISP/app
|
||||
# Update composer.phar (optional)
|
||||
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP "php composer-setup.php"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW $RUN_PHP "php composer.phar install"
|
||||
|
|
|
@ -85,9 +85,9 @@ MISPvars () {
|
|||
|
||||
# sudo config to run $LUSER commands
|
||||
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER} -g staff"
|
||||
else
|
||||
SUDO_USER="sudo -H -u ${MISP_USER}"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
||||
fi
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
|
||||
|
|
|
@ -8,29 +8,29 @@ mail2misp () {
|
|||
debug "Installing Mail2${LBLUE}MISP${NC}"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
|
||||
$SUDO_USER git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
$SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_CMD git clone git://github.com/stricaud/faup.git faup
|
||||
$SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
|
||||
cd gtcaca
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
cd ../../faup
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_CMD virtualenv -p python3 venv
|
||||
$SUDO_CMD ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_CMD ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
}
|
||||
# <snippet-end 5_mail_to_misp.sh>
|
||||
```
|
||||
|
|
|
@ -7,7 +7,7 @@ mispmodules () {
|
|||
cd /usr/local/src/
|
||||
## TODO: checkUsrLocalSrc in main doc
|
||||
debug "Cloning misp-modules"
|
||||
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
|
||||
$SUDO_CMD git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# some misp-modules dependencies
|
||||
sudo apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
ssdeep () {
|
||||
debug "Install ssdeep 2.14.1"
|
||||
cd /usr/local/src
|
||||
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
|
||||
$SUDO_CMD wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_CMD tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_USER make
|
||||
$SUDO_CMD ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_CMD make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
|
|
|
@ -385,12 +385,12 @@ checkID () {
|
|||
sudo adduser $MISP_USER $WWW_USER
|
||||
fi
|
||||
|
||||
# FIXME: the below SUDO_USER check is a duplicate from global variables, try to have just one check
|
||||
# FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check
|
||||
# sudo config to run $LUSER commands
|
||||
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER} -g staff"
|
||||
else
|
||||
SUDO_USER="sudo -H -u ${MISP_USER}"
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
||||
fi
|
||||
|
||||
}
|
||||
|
@ -798,7 +798,8 @@ composer73 () {
|
|||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
|
||||
SHA384_SUM="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
|
@ -853,11 +854,12 @@ nuke () {
|
|||
# Final function to let the user know what happened
|
||||
theEnd () {
|
||||
space
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_USER tee /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_USER tee -a /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" |$SUDO_USER tee -a /home/${MISP_USER}/MISP-authkey.txt
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
# Commenting out, see: https://github.com/MISP/MISP/issues/5368
|
||||
# clear -x
|
||||
space
|
||||
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
||||
echo
|
||||
|
|
|
@ -18,25 +18,25 @@ viper () {
|
|||
fi
|
||||
fi
|
||||
echo "Cloning Viper"
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper.git
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper-web.git
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper.git
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper-web.git
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper-web
|
||||
cd viper
|
||||
echo "Creating virtualenv"
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_CMD virtualenv -p python3 venv
|
||||
echo "Submodule update"
|
||||
# TODO: Check for current user install permissions
|
||||
$SUDO_USER git submodule update --init --recursive
|
||||
$SUDO_CMD git submodule update --init --recursive
|
||||
echo "pip install deps"
|
||||
$SUDO_USER ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install .
|
||||
$SUDO_CMD ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_CMD ./venv/bin/pip install .
|
||||
echo 'update-modules' |/usr/local/src/viper/venv/bin/viper
|
||||
cd /usr/local/src/viper-web
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
$SUDO_USER /usr/local/src/viper/venv/bin/pip install -r requirements.txt
|
||||
$SUDO_CMD sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
$SUDO_CMD /usr/local/src/viper/venv/bin/pip install -r requirements.txt
|
||||
echo "Launching viper-web"
|
||||
$SUDO_USER /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 &
|
||||
$SUDO_CMD /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/home/misp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
|
||||
|
@ -48,8 +48,8 @@ viper () {
|
|||
fi
|
||||
|
||||
echo "Setting misp_url/misp_key"
|
||||
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_CMD sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_CMD sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
echo "Fixing admin.db with default password"
|
||||
VIPER_COUNT=0
|
||||
|
|
|
@ -399,8 +399,9 @@ doas /usr/local/virtualenvs/MISP/bin/pip install git+https://github.com/kbandla/
|
|||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/htdocs/MISP/app
|
||||
doas mkdir /var/www/.composer ; doas chown www:www /var/www/.composer
|
||||
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
doas -u www php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
doas -u www php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
doas -u www php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
doas -u www env HOME=/var/www php composer-setup.php
|
||||
doas -u www php -r "unlink('composer-setup.php');"
|
||||
doas -u www env HOME=/var/www php composer.phar install
|
||||
|
|
|
@ -240,8 +240,9 @@ sudo mkdir /var/www/.composer/
|
|||
sudo chown apache:apache /var/www/.composer/
|
||||
cd $PATH_TO_MISP/app
|
||||
# Update composer.phar (optional)
|
||||
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP "php composer-setup.php"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW $RUN_PHP "php composer.phar install"
|
||||
|
|
|
@ -223,8 +223,9 @@ sudo mkdir /usr/share/httpd/.composer
|
|||
sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.composer
|
||||
cd $PATH_TO_MISP/app
|
||||
# Update composer.phar (optional)
|
||||
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
#$SUDO_WWW $RUN_PHP "php composer-setup.php"
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW $RUN_PHP "php composer.phar install"
|
||||
|
|
|
@ -217,8 +217,9 @@ cd $PATH_TO_MISP/app
|
|||
# Make composer cache happy
|
||||
sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
|
||||
# Update composer.phar
|
||||
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
# $SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
# $SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
# $SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
# $SUDO_WWW php composer-setup.php
|
||||
# $SUDO_WWW php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar install
|
||||
|
|
|
@ -617,24 +617,24 @@ function installMISPonTsurugi() {
|
|||
git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
|
||||
cd gtcaca
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
cd ../../faup
|
||||
$SUDO_USER mkdir -p build
|
||||
$SUDO_CMD mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
$SUDO_CMD cmake .. && $SUDO_CMD make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_CMD virtualenv -p python3 venv
|
||||
$SUDO_CMD ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_CMD ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
echo ""
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
|
|
Loading…
Reference in New Issue