mirror of https://github.com/MISP/MISP
parent
b178358f2a
commit
34cc73b21a
|
@ -83,8 +83,7 @@
|
|||
* ));
|
||||
*/
|
||||
Cache::config('default', array('engine' => 'File'));
|
||||
|
||||
|
||||
Configure::load('config');
|
||||
|
||||
if (!Configure::read('MISP.baseurl')) {
|
||||
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
|
||||
|
@ -93,87 +92,6 @@ if (!Configure::read('MISP.baseurl')) {
|
|||
Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
|
||||
}
|
||||
}
|
||||
Configure::write('MISP.name', 'MISP');
|
||||
Configure::write('MISP.footerpart1', 'Powered by MISP');
|
||||
Configure::write('MISP.footerpart2', '© Belgian Defense CERT & NCIRC');
|
||||
// The following field is optional
|
||||
// Configure::write('MISP.footer_logo', 'imagename'); // Logo for the bottom right corner of the screen. Place a .png image into your app/webroot/img folder
|
||||
Configure::write('MISP.org', 'ORGNAME'); // if sync this will be Event.org content on the peer side
|
||||
Configure::write('MISP.logo', 'orgs/ORGNAME.png'); // used in Events::index for owned events
|
||||
|
||||
|
||||
Configure::write('MISP.showorg', true); // show the name/flag of the organisation that uploaded the data
|
||||
|
||||
Configure::write('MISP.background_jobs', false); // Use CakeResque to delegate jobs to a background worker and to schedule jobs (synchronisation, e-mailing, caching of exports) - Please also enable CakeResque (at the end of this file)
|
||||
Configure::write('MISP.cached_attachments', false); // Include the attachments in the xml exports
|
||||
|
||||
Configure::write('MISP.email', 'email@address.com'); // email from for all the mails
|
||||
Configure::write('MISP.contact', 'email@address.com'); // contact address for this instance's support person / group
|
||||
|
||||
Configure::write('GnuPG.onlyencrypted', true); // only allow encrypted email, do not allow plaintext mails
|
||||
Configure::write('GnuPG.email', 'email@address.com');
|
||||
Configure::write('GnuPG.password', 'yourpassword');
|
||||
Configure::write('GnuPG.homedir', '/path/to/your/.gnupg/');
|
||||
|
||||
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
|
||||
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
|
||||
|
||||
Configure::write('MISP.dns', 'false'); // there is a nameserver available to do resolution.
|
||||
|
||||
Configure::write('MISP.cveurl', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId='); // Default URL for NVD/CVE reference.
|
||||
|
||||
// The following 4 fields are optional
|
||||
|
||||
// Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s'); // used in Events::login before the MISP logo
|
||||
// Configure::write('MISP.welcome_text_bottom', 'instance'); // used in Events::login after the MISP logo
|
||||
// Configure::write('MISP.welcome_logo', 'organisation'); // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png
|
||||
// Configure::write('MISP.welcome_logo2', 'organisation2'); // used in Events::login to the right of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation2.png
|
||||
Configure::write('MISP.disablerestalert', 'false');
|
||||
// Events will be created with the default distribution setting based on this. Valid options: '0', '1', '2', '3'
|
||||
Configure::write('MISP.default_event_distribution', '3');
|
||||
// Setting this to 'event' will create attributes that take the event's distribution as the initial setting. Valid options: '0', '1', '2', '3', 'event'
|
||||
Configure::write('MISP.default_attribute_distribution', 'event');
|
||||
|
||||
// Enable the tagging feature, it shou
|
||||
Configure::write('MISP.tagging', true);
|
||||
Configure::write('MISP.full_tags_on_event_index', false);
|
||||
// enabling this flag will allow the event description to be transmitted in the alert e-mail's subject. Be aware that this is not encrypted by PGP, so only enable it if you accept that part of the event description will be sent out in clear-text
|
||||
Configure::write('MISP.extended_alert_subject', false);
|
||||
|
||||
/**
|
||||
* The settings below can be used to set additional paths to models, views and controllers.
|
||||
*
|
||||
* App::build(array(
|
||||
* 'Model' => array('/path/to/models', '/next/path/to/models'),
|
||||
* 'Model/Behavior' => array('/path/to/behaviors', '/next/path/to/behaviors'),
|
||||
* 'Model/Datasource' => array('/path/to/datasources', '/next/path/to/datasources'),
|
||||
* 'Model/Datasource/Database' => array('/path/to/databases', '/next/path/to/database'),
|
||||
* 'Model/Datasource/Session' => array('/path/to/sessions', '/next/path/to/sessions'),
|
||||
* 'Controller' => array('/path/to/controllers', '/next/path/to/controllers'),
|
||||
* 'Controller/Component' => array('/path/to/components', '/next/path/to/components'),
|
||||
* 'Controller/Component/Auth' => array('/path/to/auths', '/next/path/to/auths'),
|
||||
* 'Controller/Component/Acl' => array('/path/to/acls', '/next/path/to/acls'),
|
||||
* 'View' => array('/path/to/views', '/next/path/to/views'),
|
||||
* 'View/Helper' => array('/path/to/helpers', '/next/path/to/helpers'),
|
||||
* 'Console' => array('/path/to/consoles', '/next/path/to/consoles'),
|
||||
* 'Console/Command' => array('/path/to/commands', '/next/path/to/commands'),
|
||||
* 'Console/Command/Task' => array('/path/to/tasks', '/next/path/to/tasks'),
|
||||
* 'Lib' => array('/path/to/libs', '/next/path/to/libs'),
|
||||
* 'Locale' => array('/path/to/locales', '/next/path/to/locales'),
|
||||
* 'Vendor' => array('/path/to/vendors', '/next/path/to/vendors'),
|
||||
* 'Plugin' => array('/path/to/plugins', '/next/path/to/plugins'),
|
||||
* ));
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Custom Inflector rules, can be set to correctly pluralize or singularize table, model, controller names or whatever other
|
||||
* string is passed to the inflection functions
|
||||
*
|
||||
* Inflector::rules('singular', array('rules' => array(), 'irregular' => array(), 'uninflected' => array()));
|
||||
* Inflector::rules('plural', array('rules' => array(), 'irregular' => array(), 'uninflected' => array()));
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Plugins need to be loaded manually, you can either load them one by one or all of them in a single call
|
||||
|
|
|
@ -311,6 +311,7 @@ class ServersController extends AppController {
|
|||
'deprecated' => array(),
|
||||
'overallHealth' => 3,
|
||||
);
|
||||
$dumpResults = array();
|
||||
foreach ($results as $k => $result) {
|
||||
if ($result['level'] == 3) $issues['deprecated']++;
|
||||
$tabs[$result['tab']]['count']++;
|
||||
|
@ -320,12 +321,71 @@ class ServersController extends AppController {
|
|||
$tabs[$result['tab']]['errors']++;
|
||||
if ($result['level'] < $tabs[$result['tab']]['severity']) $tabs[$result['tab']]['severity'] = $result['level'];
|
||||
}
|
||||
$dumpResults[] = $result;
|
||||
if ($result['tab'] != $tab) unset($results[$k]);
|
||||
}
|
||||
// Diagnostics portion
|
||||
$diagnostic_errors = 0;
|
||||
App::uses('File', 'Utility');
|
||||
App::uses('Folder', 'Utility');
|
||||
|
||||
// check writeable directories
|
||||
$writeableDirs = array(
|
||||
'tmp' => 0, 'files' => 0, 'scripts' . DS . 'tmp' => 0,
|
||||
'tmp' . DS . 'csv_all' => 0, 'tmp' . DS . 'csv_sig' => 0, 'tmp' . DS . 'md5' => 0, 'tmp' . DS . 'sha1' => 0,
|
||||
'tmp' . DS . 'snort' => 0, 'tmp' . DS . 'suricata' => 0, 'tmp' . DS . 'text' => 0, 'tmp' . DS . 'xml' => 0,
|
||||
'tmp' . DS . 'files' => 0, 'tmp' . DS . 'logs' => 0,
|
||||
);
|
||||
foreach ($writeableDirs as $path => &$error) {
|
||||
$dir = new Folder(APP . DS . $path);
|
||||
if (is_null($dir->path)) $error = 1;
|
||||
$file = new File (APP . DS . $path . DS . 'test.txt', true);
|
||||
if ($error == 0 && !$file->write('test')) $error = 2;
|
||||
if ($error != 0) $diagnostic_errors++;
|
||||
$file->delete();
|
||||
$file->close();
|
||||
}
|
||||
$this->set('writeableDirs', $writeableDirs);
|
||||
|
||||
// check if the STIX and Cybox libraries are working using the test script stixtest.py
|
||||
$stix = shell_exec('python ' . APP . 'files' . DS . 'scripts' . DS . 'stixtest.py');
|
||||
$stix = json_decode($stix)->success;
|
||||
$this->set('stix', $stix);
|
||||
if ($stix == 0) $diagnostic_errors++;
|
||||
|
||||
// if GPG is set up in the settings, try to encrypt a test message
|
||||
$gpgStatus = 0;
|
||||
if (Configure::read('GnuPG.email') && Configure::read('GnuPG.homedir')) {
|
||||
$continue = true;
|
||||
try {
|
||||
require_once 'Crypt/GPG.php';
|
||||
$gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir')));
|
||||
$key = $gpg->addEncryptKey(Configure::read('GnuPG.email'));
|
||||
} catch (Exception $e) {
|
||||
$gpgStatus = 2;
|
||||
$continue = false;
|
||||
}
|
||||
if ($continue) {
|
||||
try {
|
||||
$gpgStatus = 0;
|
||||
$enc = $gpg->encrypt('test', true);
|
||||
} catch (Exception $e){
|
||||
$gpgStatus = 3;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$gpgStatus = 1;
|
||||
}
|
||||
if ($gpgStatus != 0) $diagnostic_errors++;
|
||||
|
||||
$this->set('gpgStatus', $gpgStatus);
|
||||
$this->set('diagnostic_errors', $diagnostic_errors);
|
||||
$this->set('tab', $tab);
|
||||
$this->set('tabs', $tabs);
|
||||
$this->set('issues', $issues);
|
||||
$this->set('finalSettings', $results);
|
||||
$dump = array('gpgStatus' => $gpgStatus, 'stix' => $stix, 'writeableDirs' => $writeableDirs, 'finalSettings' => $dumpResults);
|
||||
$this->set('dump', $dump);
|
||||
$priorities = array(0 => 'Critical', 1 => 'Recommended', 2 => 'Optional', 3 => 'Deprecated');
|
||||
$priorityErrorColours = array(0 => 'red', 1 => 'yellow', 2 => 'green');
|
||||
$this->set('priorities', $priorities);
|
||||
|
|
|
@ -0,0 +1,61 @@
|
|||
<div style="border:1px solid #dddddd; margin-top:1px; width:100%; padding:10px">
|
||||
<h3>Writeable Directories</h3>
|
||||
<p>The following directories have to be writeable for MISP to function properly. Make sure that the apache user has write privileges for the directories below.</p>
|
||||
<div style="background-color:#f7f7f9;width:300px;">
|
||||
<?php
|
||||
foreach ($writeableDirs as $dir => $error) {
|
||||
$colour = 'green';
|
||||
$message = 'OK';
|
||||
if ($error > 0) {
|
||||
$colour = 'red';
|
||||
if ($error == 1) {
|
||||
$message = 'Directory doesn\'t exist';
|
||||
} else {
|
||||
$message = 'Directory is not writeable';
|
||||
}
|
||||
}
|
||||
echo 'app/' . $dir . '.....<span style="color:' . $colour . ';">' . $message . '</span><br />';
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<h3>
|
||||
STIX and Cybox libraries
|
||||
</h3>
|
||||
<p>Mitre's STIX and Cybox python libraries have to be installed in order for MISP's STIX export to work. Make sure that you install them (as described in the MISP installation instructions) if you receive an error below.</p>
|
||||
<div style="background-color:#f7f7f9;width:300px;">
|
||||
<?php
|
||||
$colour = 'green';
|
||||
$message = 'OK';
|
||||
if ($stix == 0) {
|
||||
$colour = 'red';
|
||||
$message = 'FAIL.';
|
||||
}
|
||||
echo 'Testing STIX and Cybox libraries....<span style="color:' . $colour . ';">' . $message . '</span>';
|
||||
?>
|
||||
</div>
|
||||
<h3>
|
||||
GnuPG
|
||||
</h3>
|
||||
<p>This tool tests whether your GnuPG is set up correctly or not.</p>
|
||||
<div style="background-color:#f7f7f9;width:300px;">
|
||||
<?php
|
||||
$colour = 'green';
|
||||
$message = 'OK';
|
||||
if ($gpgStatus > 0) {
|
||||
$colour = 'red';
|
||||
switch ($gpgStatus) {
|
||||
case 1:
|
||||
$message = 'FAIL: settings not set';
|
||||
break;
|
||||
case 2:
|
||||
$message = 'FAIL: bad GnuPG.*';
|
||||
break;
|
||||
case 3:
|
||||
$message = 'FAIL: encrypt failed';
|
||||
break;
|
||||
}
|
||||
}
|
||||
echo 'GnuPG installation and settings....<span style="color:' . $colour . ';">' . $message . '</span>';
|
||||
?>
|
||||
</div>
|
||||
</div>
|
|
@ -7,6 +7,7 @@
|
|||
<?php
|
||||
$health = array(0 => 'Critical, your MISP instance requires immediate attention.', 1 => 'Issues found, it is recommended that you resolve them.', 2 => 'Good, but there are some optional settings that are incorrect / not set.', 3 => 'In perfect health.');
|
||||
$colour = '';
|
||||
if ($diagnostic_errors > 0) $issues['overallHealth'] = 0;
|
||||
if ($issues['overallHealth'] < 3) $colour = 'background-color:' . $priorityErrorColours[$issues['overallHealth']] . ';';
|
||||
if ($issues['overallHealth'] == 0 || $issues['overallHealth'] == 2) $colour .= 'color:white;';
|
||||
?>
|
||||
|
@ -19,12 +20,18 @@
|
|||
foreach ($issues['errors'] as $k => $v):
|
||||
$colour = '';
|
||||
if ($k < 3 && $v['value'] > 0) $colour = 'background-color:' . $priorityErrorColours[$k] . ';';
|
||||
if ($k == 0 || $k == 2) $colour .= 'color:white;';
|
||||
if (($k == 0 || $k == 2) && $v['value'] > 0) $colour .= 'color:white;';
|
||||
?>
|
||||
<tr>
|
||||
<td style="<?php echo $colour; ?>"><?php echo h($priorities[$k]) . ' settings incorrectly or not set';?></td>
|
||||
<td style="<?php echo $colour; ?>"><?php echo h($v['value']);?></td>
|
||||
<td style="<?php echo $colour; ?>"><?php echo h($v['value']);?> incorrect settings.</td>
|
||||
<td style="<?php echo $colour; ?>"><?php echo h($v['description']);?></td>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
<tr>
|
||||
<?php $colour = ($diagnostic_errors > 0 ? 'background-color:red;color:white;' : '');?>
|
||||
<td style="<?php echo $colour; ?>">Critical issues revealed by the diagnostics</td>
|
||||
<td style="<?php echo $colour; ?>"><?php echo h($diagnostic_errors);?> issues detected.</td>
|
||||
<td style="<?php echo $colour; ?>">Issues revealed here can be due to incorrect directory permissions or not correctly installed dependencies.</td>
|
||||
</tr>
|
||||
</table>
|
|
@ -23,4 +23,12 @@
|
|||
$i++;
|
||||
endforeach;
|
||||
?>
|
||||
<span class="tabMenuFixed tabMenuFixedCenter tabMenuSides" style="margin-left:50px;">
|
||||
<a href = "/servers/serverSettings/diagnostics" id="create-button" title="Modify filters" class="discrete">
|
||||
Diagnostics
|
||||
<?php
|
||||
if ($diagnostic_errors > 0) echo '<span style="color:red;"> (' . $diagnostic_errors . ')</span>';
|
||||
?>
|
||||
</a>
|
||||
</span>
|
||||
</div>
|
|
@ -4,6 +4,8 @@
|
|||
echo $this->element('healthElements/tabs');
|
||||
if (in_array($tab, array('MISP', 'Security', 'GnuPG', 'misc'))) {
|
||||
echo $this->element('healthElements/settings_tab');
|
||||
} else if ($tab == 'diagnostics') {
|
||||
echo $this->element('healthElements/diagnostics');
|
||||
} else {
|
||||
echo $this->element('healthElements/overview');
|
||||
}
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
import json, sys
|
||||
try:
|
||||
import stix
|
||||
import cybox
|
||||
except ImportError:
|
||||
print json.dumps({'success' : 0})
|
||||
sys.exit(1)
|
||||
print json.dumps({'success' : 1})
|
||||
sys.exit(1)
|
Loading…
Reference in New Issue