diff --git a/app/Config/bootstrap.default.php b/app/Config/bootstrap.default.php index cf2267a1e..1c795864c 100755 --- a/app/Config/bootstrap.default.php +++ b/app/Config/bootstrap.default.php @@ -83,8 +83,7 @@ * )); */ Cache::config('default', array('engine' => 'File')); - - +Configure::load('config'); if (!Configure::read('MISP.baseurl')) { if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) { @@ -93,87 +92,6 @@ if (!Configure::read('MISP.baseurl')) { Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT'])); } } -Configure::write('MISP.name', 'MISP'); -Configure::write('MISP.footerpart1', 'Powered by MISP'); -Configure::write('MISP.footerpart2', '© Belgian Defense CERT & NCIRC'); -// The following field is optional -// Configure::write('MISP.footer_logo', 'imagename'); // Logo for the bottom right corner of the screen. Place a .png image into your app/webroot/img folder -Configure::write('MISP.org', 'ORGNAME'); // if sync this will be Event.org content on the peer side -Configure::write('MISP.logo', 'orgs/ORGNAME.png'); // used in Events::index for owned events - - -Configure::write('MISP.showorg', true); // show the name/flag of the organisation that uploaded the data - -Configure::write('MISP.background_jobs', false); // Use CakeResque to delegate jobs to a background worker and to schedule jobs (synchronisation, e-mailing, caching of exports) - Please also enable CakeResque (at the end of this file) -Configure::write('MISP.cached_attachments', false); // Include the attachments in the xml exports - -Configure::write('MISP.email', 'email@address.com'); // email from for all the mails -Configure::write('MISP.contact', 'email@address.com'); // contact address for this instance's support person / group - -Configure::write('GnuPG.onlyencrypted', true); // only allow encrypted email, do not allow plaintext mails -Configure::write('GnuPG.email', 'email@address.com'); -Configure::write('GnuPG.password', 'yourpassword'); -Configure::write('GnuPG.homedir', '/path/to/your/.gnupg/'); - -Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins -Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds - -Configure::write('MISP.dns', 'false'); // there is a nameserver available to do resolution. - -Configure::write('MISP.cveurl', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId='); // Default URL for NVD/CVE reference. - -// The following 4 fields are optional - -// Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s'); // used in Events::login before the MISP logo -// Configure::write('MISP.welcome_text_bottom', 'instance'); // used in Events::login after the MISP logo -// Configure::write('MISP.welcome_logo', 'organisation'); // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png -// Configure::write('MISP.welcome_logo2', 'organisation2'); // used in Events::login to the right of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation2.png -Configure::write('MISP.disablerestalert', 'false'); -// Events will be created with the default distribution setting based on this. Valid options: '0', '1', '2', '3' -Configure::write('MISP.default_event_distribution', '3'); -// Setting this to 'event' will create attributes that take the event's distribution as the initial setting. Valid options: '0', '1', '2', '3', 'event' -Configure::write('MISP.default_attribute_distribution', 'event'); - -// Enable the tagging feature, it shou -Configure::write('MISP.tagging', true); -Configure::write('MISP.full_tags_on_event_index', false); -// enabling this flag will allow the event description to be transmitted in the alert e-mail's subject. Be aware that this is not encrypted by PGP, so only enable it if you accept that part of the event description will be sent out in clear-text -Configure::write('MISP.extended_alert_subject', false); - -/** - * The settings below can be used to set additional paths to models, views and controllers. - * - * App::build(array( - * 'Model' => array('/path/to/models', '/next/path/to/models'), - * 'Model/Behavior' => array('/path/to/behaviors', '/next/path/to/behaviors'), - * 'Model/Datasource' => array('/path/to/datasources', '/next/path/to/datasources'), - * 'Model/Datasource/Database' => array('/path/to/databases', '/next/path/to/database'), - * 'Model/Datasource/Session' => array('/path/to/sessions', '/next/path/to/sessions'), - * 'Controller' => array('/path/to/controllers', '/next/path/to/controllers'), - * 'Controller/Component' => array('/path/to/components', '/next/path/to/components'), - * 'Controller/Component/Auth' => array('/path/to/auths', '/next/path/to/auths'), - * 'Controller/Component/Acl' => array('/path/to/acls', '/next/path/to/acls'), - * 'View' => array('/path/to/views', '/next/path/to/views'), - * 'View/Helper' => array('/path/to/helpers', '/next/path/to/helpers'), - * 'Console' => array('/path/to/consoles', '/next/path/to/consoles'), - * 'Console/Command' => array('/path/to/commands', '/next/path/to/commands'), - * 'Console/Command/Task' => array('/path/to/tasks', '/next/path/to/tasks'), - * 'Lib' => array('/path/to/libs', '/next/path/to/libs'), - * 'Locale' => array('/path/to/locales', '/next/path/to/locales'), - * 'Vendor' => array('/path/to/vendors', '/next/path/to/vendors'), - * 'Plugin' => array('/path/to/plugins', '/next/path/to/plugins'), - * )); - * - */ - -/** - * Custom Inflector rules, can be set to correctly pluralize or singularize table, model, controller names or whatever other - * string is passed to the inflection functions - * - * Inflector::rules('singular', array('rules' => array(), 'irregular' => array(), 'uninflected' => array())); - * Inflector::rules('plural', array('rules' => array(), 'irregular' => array(), 'uninflected' => array())); - * - */ /** * Plugins need to be loaded manually, you can either load them one by one or all of them in a single call diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index c835ae25b..cf4ffab42 100755 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -311,6 +311,7 @@ class ServersController extends AppController { 'deprecated' => array(), 'overallHealth' => 3, ); + $dumpResults = array(); foreach ($results as $k => $result) { if ($result['level'] == 3) $issues['deprecated']++; $tabs[$result['tab']]['count']++; @@ -320,12 +321,71 @@ class ServersController extends AppController { $tabs[$result['tab']]['errors']++; if ($result['level'] < $tabs[$result['tab']]['severity']) $tabs[$result['tab']]['severity'] = $result['level']; } + $dumpResults[] = $result; if ($result['tab'] != $tab) unset($results[$k]); } + // Diagnostics portion + $diagnostic_errors = 0; + App::uses('File', 'Utility'); + App::uses('Folder', 'Utility'); + + // check writeable directories + $writeableDirs = array( + 'tmp' => 0, 'files' => 0, 'scripts' . DS . 'tmp' => 0, + 'tmp' . DS . 'csv_all' => 0, 'tmp' . DS . 'csv_sig' => 0, 'tmp' . DS . 'md5' => 0, 'tmp' . DS . 'sha1' => 0, + 'tmp' . DS . 'snort' => 0, 'tmp' . DS . 'suricata' => 0, 'tmp' . DS . 'text' => 0, 'tmp' . DS . 'xml' => 0, + 'tmp' . DS . 'files' => 0, 'tmp' . DS . 'logs' => 0, + ); + foreach ($writeableDirs as $path => &$error) { + $dir = new Folder(APP . DS . $path); + if (is_null($dir->path)) $error = 1; + $file = new File (APP . DS . $path . DS . 'test.txt', true); + if ($error == 0 && !$file->write('test')) $error = 2; + if ($error != 0) $diagnostic_errors++; + $file->delete(); + $file->close(); + } + $this->set('writeableDirs', $writeableDirs); + + // check if the STIX and Cybox libraries are working using the test script stixtest.py + $stix = shell_exec('python ' . APP . 'files' . DS . 'scripts' . DS . 'stixtest.py'); + $stix = json_decode($stix)->success; + $this->set('stix', $stix); + if ($stix == 0) $diagnostic_errors++; + + // if GPG is set up in the settings, try to encrypt a test message + $gpgStatus = 0; + if (Configure::read('GnuPG.email') && Configure::read('GnuPG.homedir')) { + $continue = true; + try { + require_once 'Crypt/GPG.php'; + $gpg = new Crypt_GPG(array('homedir' => Configure::read('GnuPG.homedir'))); + $key = $gpg->addEncryptKey(Configure::read('GnuPG.email')); + } catch (Exception $e) { + $gpgStatus = 2; + $continue = false; + } + if ($continue) { + try { + $gpgStatus = 0; + $enc = $gpg->encrypt('test', true); + } catch (Exception $e){ + $gpgStatus = 3; + } + } + } else { + $gpgStatus = 1; + } + if ($gpgStatus != 0) $diagnostic_errors++; + + $this->set('gpgStatus', $gpgStatus); + $this->set('diagnostic_errors', $diagnostic_errors); $this->set('tab', $tab); $this->set('tabs', $tabs); $this->set('issues', $issues); $this->set('finalSettings', $results); + $dump = array('gpgStatus' => $gpgStatus, 'stix' => $stix, 'writeableDirs' => $writeableDirs, 'finalSettings' => $dumpResults); + $this->set('dump', $dump); $priorities = array(0 => 'Critical', 1 => 'Recommended', 2 => 'Optional', 3 => 'Deprecated'); $priorityErrorColours = array(0 => 'red', 1 => 'yellow', 2 => 'green'); $this->set('priorities', $priorities); diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp new file mode 100644 index 000000000..1e5a67a3c --- /dev/null +++ b/app/View/Elements/healthElements/diagnostics.ctp @@ -0,0 +1,61 @@ +
+

Writeable Directories

+

The following directories have to be writeable for MISP to function properly. Make sure that the apache user has write privileges for the directories below.

+
+ $error) { + $colour = 'green'; + $message = 'OK'; + if ($error > 0) { + $colour = 'red'; + if ($error == 1) { + $message = 'Directory doesn\'t exist'; + } else { + $message = 'Directory is not writeable'; + } + } + echo 'app/' . $dir . '.....' . $message . '
'; + } + ?> +
+

+ STIX and Cybox libraries +

+

Mitre's STIX and Cybox python libraries have to be installed in order for MISP's STIX export to work. Make sure that you install them (as described in the MISP installation instructions) if you receive an error below.

+
+ ' . $message . ''; + ?> +
+

+ GnuPG +

+

This tool tests whether your GnuPG is set up correctly or not.

+
+ 0) { + $colour = 'red'; + switch ($gpgStatus) { + case 1: + $message = 'FAIL: settings not set'; + break; + case 2: + $message = 'FAIL: bad GnuPG.*'; + break; + case 3: + $message = 'FAIL: encrypt failed'; + break; + } + } + echo 'GnuPG installation and settings....' . $message . ''; + ?> +
+
\ No newline at end of file diff --git a/app/View/Elements/healthElements/overview.ctp b/app/View/Elements/healthElements/overview.ctp index 508ba830c..12edfed0a 100644 --- a/app/View/Elements/healthElements/overview.ctp +++ b/app/View/Elements/healthElements/overview.ctp @@ -7,6 +7,7 @@ 'Critical, your MISP instance requires immediate attention.', 1 => 'Issues found, it is recommended that you resolve them.', 2 => 'Good, but there are some optional settings that are incorrect / not set.', 3 => 'In perfect health.'); $colour = ''; + if ($diagnostic_errors > 0) $issues['overallHealth'] = 0; if ($issues['overallHealth'] < 3) $colour = 'background-color:' . $priorityErrorColours[$issues['overallHealth']] . ';'; if ($issues['overallHealth'] == 0 || $issues['overallHealth'] == 2) $colour .= 'color:white;'; ?> @@ -19,12 +20,18 @@ foreach ($issues['errors'] as $k => $v): $colour = ''; if ($k < 3 && $v['value'] > 0) $colour = 'background-color:' . $priorityErrorColours[$k] . ';'; - if ($k == 0 || $k == 2) $colour .= 'color:white;'; + if (($k == 0 || $k == 2) && $v['value'] > 0) $colour .= 'color:white;'; ?> - + incorrect settings. + + 0 ? 'background-color:red;color:white;' : '');?> + Critical issues revealed by the diagnostics + issues detected. + Issues revealed here can be due to incorrect directory permissions or not correctly installed dependencies. + \ No newline at end of file diff --git a/app/View/Elements/healthElements/tabs.ctp b/app/View/Elements/healthElements/tabs.ctp index 5194e7bc7..87d00fe16 100644 --- a/app/View/Elements/healthElements/tabs.ctp +++ b/app/View/Elements/healthElements/tabs.ctp @@ -23,4 +23,12 @@ $i++; endforeach; ?> + + + Diagnostics + 0) echo ' (' . $diagnostic_errors . ')'; + ?> + + \ No newline at end of file diff --git a/app/View/Servers/server_settings.ctp b/app/View/Servers/server_settings.ctp index de81c19ca..88ff3d9aa 100644 --- a/app/View/Servers/server_settings.ctp +++ b/app/View/Servers/server_settings.ctp @@ -4,6 +4,8 @@ echo $this->element('healthElements/tabs'); if (in_array($tab, array('MISP', 'Security', 'GnuPG', 'misc'))) { echo $this->element('healthElements/settings_tab'); + } else if ($tab == 'diagnostics') { + echo $this->element('healthElements/diagnostics'); } else { echo $this->element('healthElements/overview'); } diff --git a/app/files/scripts/stixtest.py b/app/files/scripts/stixtest.py new file mode 100644 index 000000000..4a776f471 --- /dev/null +++ b/app/files/scripts/stixtest.py @@ -0,0 +1,9 @@ +import json, sys +try: + import stix + import cybox +except ImportError: + print json.dumps({'success' : 0}) + sys.exit(1) +print json.dumps({'success' : 1}) +sys.exit(1)