Merge pull request #1988 from RichieB2B/ncsc-nl/misp-wipe

Script to wipe (reset) a MISP installation
2017-02-24 12:19:36 +01:00 · 2017-02-24 12:19:36 +01:00 · 390ad0288a
parent 470f90b5b5 c269e64b0c
commit 390ad0288a
3 changed files with 136 additions and 0 deletions
--- a/tools/misp-wipe/misp-wipe.conf.sample
+++ b/tools/misp-wipe/misp-wipe.conf.sample
@ -0,0 +1 @@
+MISPPath=/var/www/MISP
--- a/tools/misp-wipe/misp-wipe.sh
+++ b/tools/misp-wipe/misp-wipe.sh
@ -0,0 +1,84 @@
+#@IgnoreInspection BashAddShebang
+#/!bin/sh
+##
+## script to wipe MISP on debian/ubuntu
+##
+## Adapted from misp-backup by daverstephens@gmail.com
+## https://github.com/daverstephens/The-SOC-Shop
+## and @alexanderjaeger
+## https://github.com/deralexxx/misp-backup
+
+##
+## This script can be used to reset a MISP instance
+## by clearing all events, orgs and users.
+## It is highy recommended ## to run misp-backup.sh first!
+##
+## Tested against MISP 2.4.55
+##
+## Run the script as the standard user with the command below
+##
+## cp misp-wipe.conf.sample misp-wipe.conf
+## vi misp-wipe.conf # adjust values
+## sudo sh -x misp-wipe.sh 2>&1 | tee misp-wipe.log
+##
+## Time to set some variables
+##
+
+
+FILE=./misp-wipe.conf
+SQL=./misp-wipe.sql
+
+# Source configuration file
+if [ -f $FILE ];
+then
+   echo "File $FILE exists."
+   . $FILE
+else
+        echo "Config File $FILE does not exist. Please enter values manually"
+        ## MySQL stuff
+        echo 'Please enter your MySQL root account username'
+        read MySQLRUser
+        echo 'Please enter your MySQL root account password'
+        read MySQLRPass
+        echo 'What would you like to call the backup archive?'
+        echo 'Eg. MISPBackup'
+        read OutputFileName
+        echo 'Where would you like to save the file?'
+        echo 'Eg. /tmp'
+        read OutputDirName
+fi
+
+
+# Fill in any missing values with defaults
+
+# MISP path
+MISPPath=${MISPPath:-$(locate MISP/app/webroot/index.php|sed 's/\/app\/webroot\/index\.php//')}
+# Output
+OutputFileName=${OutputFileName:-MISP-Backup}
+OutputDirName=${OutputDirName:-/tmp}
+# database.php
+MySQLUUser=$(grep -o -P "(?<='login' => ').*(?=')" $MISPPath/app/Config/database.php)
+MySQLUPass=$(grep -o -P "(?<='password' => ').*(?=')" $MISPPath/app/Config/database.php)
+MISPDB=$(grep -o -P "(?<='database' => ').*(?=')" $MISPPath/app/Config/database.php)
+DB_Port=$(grep -o -P "(?<='port' => ).*(?=,)" $MISPPath/app/Config/database.php)
+MISPDBHost=$(grep -o -P "(?<='host' => ').*(?=')" $MISPPath/app/Config/database.php)
+
+echo "Wiping MySQL tables"
+MySQLRUser=${MySQLRUser:-$MySQLUUser}
+MySQLRPass=${MySQLRPass:-$MySQLUPass}
+mysql -u $MySQLRUser -p$MySQLRPass $MISPDB < $SQL
+
+echo "Inserting default values to MySQL tables"
+TMP=/tmp/misp-wipe-$$.sql
+cd $MISPPath
+sed -n '/Default values for initial installation/ { s///; :a; n; p; ba; }' INSTALL/MYSQL.sql | egrep -v '(admin_settings|db_version)' > $TMP
+mysql -u $MySQLRUser -p$MySQLRPass $MISPDB < $TMP
+rm -f $TMP
+
+echo "Wiping files"
+git clean -f -x app/webroot/img/orgs
+#git clean -f -x app/webroot/img/custom
+git clean -f -x app/tmp/logs/
+git clean -f -d -x app/files
+
+echo 'MISP Wipe Complete!!!'
--- a/tools/misp-wipe/misp-wipe.sql
+++ b/tools/misp-wipe/misp-wipe.sql
@ -0,0 +1,51 @@
+-- Clear tables that should be empty
+TRUNCATE `attributes`;
+TRUNCATE `correlations`;
+TRUNCATE `events`;
+TRUNCATE `event_delegations`;
+TRUNCATE `event_tags`;
+TRUNCATE `favourite_tags`;
+TRUNCATE `jobs`;
+TRUNCATE `logs`;
+TRUNCATE `posts`;
+TRUNCATE `servers`;
+TRUNCATE `shadow_attributes`;
+TRUNCATE `shadow_attribute_correlations`;
+TRUNCATE `sharing_groups`;
+TRUNCATE `sharing_group_orgs`;
+TRUNCATE `sharing_group_servers`;
+TRUNCATE `sightings`;
+TRUNCATE `threads`;
+TRUNCATE `bruteforces`;
+TRUNCATE `news`;
+TRUNCATE `template_tags`;
+TRUNCATE `whitelist`;
+
+-- Clear tables that can be re-populated
+TRUNCATE `taxonomies`;
+TRUNCATE `taxonomy_entries`;
+TRUNCATE `taxonomy_predicates`;
+TRUNCATE `warninglists`;
+TRUNCATE `warninglist_entries`;
+TRUNCATE `warninglist_types`;
+TRUNCATE `galaxies`;
+TRUNCATE `galaxy_clusters`;
+TRUNCATE `galaxy_elements`;
+TRUNCATE `galaxy_reference`;
+
+-- Clear tables that have defaults
+TRUNCATE `feeds`;
+TRUNCATE `regexp`;
+TRUNCATE `roles`;
+TRUNCATE `threat_levels`;
+TRUNCATE `templates`;
+TRUNCATE `template_elements`;
+TRUNCATE `template_element_attributes`;
+TRUNCATE `template_element_files`;
+TRUNCATE `template_element_texts`;
+
+-- Remove entries from tables and reset index
+DELETE FROM `users` WHERE id > 3;
+ALTER TABLE `users` AUTO_INCREMENT = 4;
+DELETE FROM `organisations` WHERE id > 2;
+ALTER TABLE `organisations` AUTO_INCREMENT = 3;