MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Several changes for the diagnostic tool 

- Added extra diagnostic tools
pull/304/merge
iglocska 2014-09-10 16:55:34 +02:00
parent b178358f2a
commit 34cc73b21a
7 changed files with 150 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
app/Config/bootstrap.default.php
View File

@ -83,8 +83,7 @@
* ));
*/
Cache::config('default', array('engine' => 'File'));
Configure::load('config');
if (!Configure::read('MISP.baseurl')) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
@ -93,87 +92,6 @@ if (!Configure::read('MISP.baseurl')) {
Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
}
}
Configure::write('MISP.name', 'MISP');
Configure::write('MISP.footerpart1', 'Powered by MISP');
Configure::write('MISP.footerpart2', '© Belgian Defense CERT & NCIRC');
// The following field is optional
// Configure::write('MISP.footer_logo', 'imagename'); // Logo for the bottom right corner of the screen. Place a .png image into your app/webroot/img folder
Configure::write('MISP.org', 'ORGNAME'); // if sync this will be Event.org content on the peer side
Configure::write('MISP.logo', 'orgs/ORGNAME.png'); // used in Events::index for owned events
Configure::write('MISP.showorg', true); // show the name/flag of the organisation that uploaded the data
Configure::write('MISP.background_jobs', false); // Use CakeResque to delegate jobs to a background worker and to schedule jobs (synchronisation, e-mailing, caching of exports) - Please also enable CakeResque (at the end of this file)
Configure::write('MISP.cached_attachments', false); // Include the attachments in the xml exports
Configure::write('MISP.email', 'email@address.com'); // email from for all the mails
Configure::write('MISP.contact', 'email@address.com'); // contact address for this instance's support person / group
Configure::write('GnuPG.onlyencrypted', true); // only allow encrypted email, do not allow plaintext mails
Configure::write('GnuPG.email', 'email@address.com');
Configure::write('GnuPG.password', 'yourpassword');
Configure::write('GnuPG.homedir', '/path/to/your/.gnupg/');
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
Configure::write('MISP.dns', 'false'); // there is a nameserver available to do resolution.
Configure::write('MISP.cveurl', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId='); // Default URL for NVD/CVE reference.
// The following 4 fields are optional
// Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s'); // used in Events::login before the MISP logo
// Configure::write('MISP.welcome_text_bottom', 'instance'); // used in Events::login after the MISP logo
// Configure::write('MISP.welcome_logo', 'organisation'); // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png
// Configure::write('MISP.welcome_logo2', 'organisation2'); // used in Events::login to the right of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation2.png
Configure::write('MISP.disablerestalert', 'false');
// Events will be created with the default distribution setting based on this. Valid options: '0', '1', '2', '3'
Configure::write('MISP.default_event_distribution', '3');
// Setting this to 'event' will create attributes that take the event's distribution as the initial setting. Valid options: '0', '1', '2', '3', 'event'
Configure::write('MISP.default_attribute_distribution', 'event');
// Enable the tagging feature, it shou
Configure::write('MISP.tagging', true);
Configure::write('MISP.full_tags_on_event_index', false);
// enabling this flag will allow the event description to be transmitted in the alert e-mail's subject. Be aware that this is not encrypted by PGP, so only enable it if you accept that part of the event description will be sent out in clear-text
Configure::write('MISP.extended_alert_subject', false);
/**
* The settings below can be used to set additional paths to models, views and controllers.
*
* App::build(array(
* 'Model' => array('/path/to/models', '/next/path/to/models'),
* 'Model/Behavior' => array('/path/to/behaviors', '/next/path/to/behaviors'),
* 'Model/Datasource' => array('/path/to/datasources', '/next/path/to/datasources'),
* 'Model/Datasource/Database' => array('/path/to/databases', '/next/path/to/database'),
* 'Model/Datasource/Session' => array('/path/to/sessions', '/next/path/to/sessions'),
* 'Controller' => array('/path/to/controllers', '/next/path/to/controllers'),
* 'Controller/Component' => array('/path/to/components', '/next/path/to/components'),
* 'Controller/Component/Auth' => array('/path/to/auths', '/next/path/to/auths'),
* 'Controller/Component/Acl' => array('/path/to/acls', '/next/path/to/acls'),
* 'View' => array('/path/to/views', '/next/path/to/views'),
* 'View/Helper' => array('/path/to/helpers', '/next/path/to/helpers'),
* 'Console' => array('/path/to/consoles', '/next/path/to/consoles'),
* 'Console/Command' => array('/path/to/commands', '/next/path/to/commands'),
* 'Console/Command/Task' => array('/path/to/tasks', '/next/path/to/tasks'),
* 'Lib' => array('/path/to/libs', '/next/path/to/libs'),
* 'Locale' => array('/path/to/locales', '/next/path/to/locales'),
* 'Vendor' => array('/path/to/vendors', '/next/path/to/vendors'),
* 'Plugin' => array('/path/to/plugins', '/next/path/to/plugins'),
* ));
*
*/
/**
* Custom Inflector rules, can be set to correctly pluralize or singularize table, model, controller names or whatever other
* string is passed to the inflection functions
*
* Inflector::rules('singular', array('rules' => array(), 'irregular' => array(), 'uninflected' => array()));
* Inflector::rules('plural', array('rules' => array(), 'irregular' => array(), 'uninflected' => array()));
*
*/
/**
* Plugins need to be loaded manually, you can either load them one by one or all of them in a single call

60
app/Controller/ServersController.php
View File

@ -311,6 +311,7 @@ class ServersController extends AppController {
'deprecated' => array(),
'overallHealth' => 3,
);
$dumpResults = array();
foreach ($results as $k => $result) {
if ($result['level'] == 3) $issues['deprecated']++;
$tabs[$result['tab']]['count']++;
@ -320,12 +321,71 @@ class ServersController extends AppController {
$tabs[$result['tab']]['errors']++;
if ($result['level'] < $tabs[$result['tab']]['severity']) $tabs[$result['tab']]['severity'] = $result['level'];
}
$dumpResults[] = $result;
if ($result['tab'] != $tab) unset($results[$k]);
}
// Diagnostics portion
$diagnostic_errors = 0;
App::uses('File', 'Utility');
App::uses('Folder', 'Utility');
// check writeable directories
$writeableDirs = array(
'tmp' => 0, 'files' => 0, 'scripts' . DS . 'tmp' => 0,
'tmp' . DS . 'csv_all' => 0, 'tmp' . DS . 'csv_sig' => 0, 'tmp' . DS . 'md5' => 0, 'tmp' . DS . 'sha1' => 0,
'tmp' . DS . 'snort' => 0, 'tmp' . DS . 'suricata' => 0, 'tmp' . DS . 'text' => 0, 'tmp' . DS . 'xml' => 0,
'tmp' . DS . 'files' => 0, 'tmp' . DS . 'logs' => 0,
);
foreach ($writeableDirs as $path => &$error) {
$dir = new Folder(APP . DS . $path);
if (is_null($dir->path)) $error = 1;
$file = new File (APP . DS . $path . DS . 'test.txt', true);
if ($error == 0 && !$file->write('test')) $error = 2;
if ($error != 0) $diagnostic_errors++;
$file->delete();
$file->close();
}
$this->set('writeableDirs', $writeableDirs);
// check if the STIX and Cybox libraries are working using the test script stixtest.py
$stix = shell_exec('python ' . APP . 'files' . DS . 'scripts' . DS . 'stixtest.py');
$stix = json_decode($stix)->success;
$this->set('stix', $stix);
if ($stix == 0) $diagnostic_errors++;
// if GPG is set up in the settings, try to encrypt a test message
$gpgStatus = 0;
if (Configure::read('GnuPG.email') && Configure::read('GnuPG.homedir')) {
$continue = true;
try {
require_once 'Crypt/GPG.php';
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
$key = $gpg->addEncryptKey(Configure::read('GnuPG.email'));
} catch (Exception $e) {
$gpgStatus = 2;
$continue = false;
}
if ($continue) {
try {
$gpgStatus = 0;
$enc = $gpg->encrypt('test', true);
} catch (Exception $e){
$gpgStatus = 3;
}
}
} else {
$gpgStatus = 1;
}
if ($gpgStatus != 0) $diagnostic_errors++;
$this->set('gpgStatus', $gpgStatus);
$this->set('diagnostic_errors', $diagnostic_errors);
$this->set('tab', $tab);
$this->set('tabs', $tabs);
$this->set('issues', $issues);
$this->set('finalSettings', $results);
$dump = array('gpgStatus' => $gpgStatus, 'stix' => $stix, 'writeableDirs' => $writeableDirs, 'finalSettings' => $dumpResults);
$this->set('dump', $dump);
$priorities = array(0 => 'Critical', 1 => 'Recommended', 2 => 'Optional', 3 => 'Deprecated');
$priorityErrorColours = array(0 => 'red', 1 => 'yellow', 2 => 'green');
$this->set('priorities', $priorities);

61
app/View/Elements/healthElements/diagnostics.ctp Normal file
View File

@ -0,0 +1,61 @@
<div style="border:1px solid #dddddd; margin-top:1px; width:100%; padding:10px">
<h3>Writeable Directories</h3>
<p>The following directories have to be writeable for MISP to function properly. Make sure that the apache user has write privileges for the directories below.</p>
<div style="background-color:#f7f7f9;width:300px;">
<?php
foreach ($writeableDirs as $dir => $error) {
$colour = 'green';
$message = 'OK';
if ($error > 0) {
$colour = 'red';
if ($error == 1) {
$message = 'Directory doesn\'t exist';
} else {
$message = 'Directory is not writeable';
}
}
echo 'app/' . $dir . '.....<span style="color:' . $colour . ';">' . $message . '</span><br />';
}
?>
</div>
<h3>
STIX and Cybox libraries
</h3>
<p>Mitre's STIX and Cybox python libraries have to be installed in order for MISP's STIX export to work. Make sure that you install them (as described in the MISP installation instructions) if you receive an error below.</p>
<div style="background-color:#f7f7f9;width:300px;">
<?php
$colour = 'green';
$message = 'OK';
if ($stix == 0) {
$colour = 'red';
$message = 'FAIL.';
}
echo 'Testing STIX and Cybox libraries....<span style="color:' . $colour . ';">' . $message . '</span>';
?>
</div>
<h3>
GnuPG
</h3>
<p>This tool tests whether your GnuPG is set up correctly or not.</p>
<div style="background-color:#f7f7f9;width:300px;">
<?php
$colour = 'green';
$message = 'OK';
if ($gpgStatus > 0) {
$colour = 'red';
switch ($gpgStatus) {
case 1:
$message = 'FAIL: settings not set';
break;
case 2:
$message = 'FAIL: bad GnuPG.*';
break;
case 3:
$message = 'FAIL: encrypt failed';
break;
}
}
echo 'GnuPG installation and settings....<span style="color:' . $colour . ';">' . $message . '</span>';
?>
</div>
</div>

11
app/View/Elements/healthElements/overview.ctp
View File

@ -7,6 +7,7 @@
<?php
$health = array(0 => 'Critical, your MISP instance requires immediate attention.', 1 => 'Issues found, it is recommended that you resolve them.', 2 => 'Good, but there are some optional settings that are incorrect / not set.', 3 => 'In perfect health.');
$colour = '';
if ($diagnostic_errors > 0) $issues['overallHealth'] = 0;
if ($issues['overallHealth'] < 3) $colour = 'background-color:' . $priorityErrorColours[$issues['overallHealth']] . ';';
if ($issues['overallHealth'] == 0 || $issues['overallHealth'] == 2) $colour .= 'color:white;';
?>
@ -19,12 +20,18 @@
foreach ($issues['errors'] as $k => $v):
$colour = '';
if ($k < 3 && $v['value'] > 0) $colour = 'background-color:' . $priorityErrorColours[$k] . ';';
if ($k == 0 || $k == 2) $colour .= 'color:white;';
if (($k == 0 || $k == 2) && $v['value'] > 0) $colour .= 'color:white;';
?>
<tr>
<td style="<?php echo $colour; ?>"><?php echo h($priorities[$k]) . ' settings incorrectly or not set';?></td>
<td style="<?php echo $colour; ?>"><?php echo h($v['value']);?></td>
<td style="<?php echo $colour; ?>"><?php echo h($v['value']);?> incorrect settings.</td>
<td style="<?php echo $colour; ?>"><?php echo h($v['description']);?></td>
</tr>
<?php endforeach; ?>
<tr>
<?php $colour = ($diagnostic_errors > 0 ? 'background-color:red;color:white;' : '');?>
<td style="<?php echo $colour; ?>">Critical issues revealed by the diagnostics</td>
<td style="<?php echo $colour; ?>"><?php echo h($diagnostic_errors);?> issues detected.</td>
<td style="<?php echo $colour; ?>">Issues revealed here can be due to incorrect directory permissions or not correctly installed dependencies.</td>
</tr>
</table>

8
app/View/Elements/healthElements/tabs.ctp
View File

@ -23,4 +23,12 @@
$i++;
endforeach;
?>
<span class="tabMenuFixed tabMenuFixedCenter tabMenuSides" style="margin-left:50px;">
<a href = "/servers/serverSettings/diagnostics" id="create-button" title="Modify filters" class="discrete">
Diagnostics
<?php
if ($diagnostic_errors > 0) echo '<span style="color:red;"> (' . $diagnostic_errors . ')</span>';
?>
</a>
</span>
</div>

2
app/View/Servers/server_settings.ctp
View File

@ -4,6 +4,8 @@
echo $this->element('healthElements/tabs');
if (in_array($tab, array('MISP', 'Security', 'GnuPG', 'misc'))) {
echo $this->element('healthElements/settings_tab');
} else if ($tab == 'diagnostics') {
echo $this->element('healthElements/diagnostics');
} else {
echo $this->element('healthElements/overview');
}

9
app/files/scripts/stixtest.py Normal file
View File

@ -0,0 +1,9 @@
import json, sys
try:
import stix
import cybox
except ImportError:
print json.dumps({'success' : 0})
sys.exit(1)
print json.dumps({'success' : 1})
sys.exit(1)