diff --git a/INSTALL/old/INSTALL.ubuntu1604.txt b/INSTALL/old/INSTALL.ubuntu1604.txt deleted file mode 100644 index f533d2102..000000000 --- a/INSTALL/old/INSTALL.ubuntu1604.txt +++ /dev/null @@ -1,341 +0,0 @@ -INSTALLATION INSTRUCTIONS -------------------------- for Ubuntu 16.04-server - -1/ Minimal Ubuntu install -------------------------- - -# Install a minimal Ubuntu 16.04-server system with the software: -- OpenSSH server - -# Make sure your system is up2date: -sudo apt-get update -sudo apt-get upgrade - -# install postfix, there will be some questions. -sudo apt-get install postfix -# Postfix Configuration: Satellite system -# change the relay server later with: -sudo postconf -e 'relayhost = example.com' -sudo postfix reload - - -2/ Install LAMP & dependencies ------------------------------- -Once the system is installed you can perform the following steps: - -# Install the dependencies: (some might already be installed) -sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip - -# Install MariaDB (a MySQL fork/alternative) -sudo apt-get install mariadb-client mariadb-server - -# Secure the MariaDB installation (especially by setting a strong root password) -sudo mysql_secure_installation - -# Install Apache2 -sudo apt-get install apache2 apache2-doc apache2-utils - -# Enable modules, settings, and default of SSL in Apache -sudo a2dismod status -sudo a2enmod ssl -sudo a2enmod rewrite -sudo a2enmod headers -sudo a2dissite 000-default -sudo a2ensite default-ssl - -# Install PHP and dependencies -sudo apt-get install libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml - -# Apply all changes -sudo systemctl restart apache2 - -3/ MISP code ------------- -# Download MISP using git in the /var/www/ directory. -sudo mkdir /var/www/MISP -sudo chown www-data:www-data /var/www/MISP -cd /var/www/MISP -sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP -sudo -u www-data git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) -# if the last shortcut doesn't work, specify the latest version manually -# example: git checkout tags/v2.4.XY -# the message regarding a "detached HEAD state" is expected behaviour -# (you only have to create a new branch, if you want to change stuff and do a pull request for example) - -# Make git ignore filesystem permission differences -sudo -u www-data git config core.filemode false - -# install Mitre's STIX and its dependencies by running the following commands: -sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -cd /var/www/MISP/app/files/scripts -sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git -sudo -u www-data git clone https://github.com/STIXProject/python-stix.git -cd /var/www/MISP/app/files/scripts/python-cybox -sudo python3 setup.py install -cd /var/www/MISP/app/files/scripts/python-stix -sudo python3 setup.py install - -# install mixbox to accommodate the new STIX dependencies: -cd /var/www/MISP/app/files/scripts/ -sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git -cd /var/www/MISP/app/files/scripts/mixbox -sudo python3 setup.py install - -# install PyMISP -cd /var/www/MISP/PyMISP -sudo python3 setup.py install - -# install support for STIX 2.0 -sudo pip3 install stix2 - -4/ CakePHP ------------ -# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it: -cd /var/www/MISP -sudo -u www-data git submodule init -sudo -u www-data git submodule update -# Make git ignore filesystem permission differences for submodules -sudo -u www-data git submodule foreach git config core.filemode false - -# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs: -cd /var/www/MISP/app -sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2 -sudo -u www-data php composer.phar config vendor-dir Vendor -sudo -u www-data php composer.phar install - -# Enable CakeResque with php-redis -sudo phpenmod redis - -# To use the scheduler worker for scheduled tasks, do the following: -sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php - -# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers -# The default Redis port can be updated in Plugin/CakeResque/Config/config.php - -5/ Set the permissions ----------------------- - -# Check if the permissions are set correctly using the following commands: -sudo chown -R www-data:www-data /var/www/MISP -sudo chmod -R 750 /var/www/MISP -sudo chmod -R g+ws /var/www/MISP/app/tmp -sudo chmod -R g+ws /var/www/MISP/app/files -sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp - - -6/ Create a database and user ------------------------------ -# Enter the mysql shell -sudo mysql -u root -p - -MariaDB [(none)]> create database misp; -MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX'; -MariaDB [(none)]> grant all privileges on misp.* to misp@localhost; -MariaDB [(none)]> flush privileges; -MariaDB [(none)]> exit - -# Import the empty MISP database from MYSQL.sql -sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql" -# enter the password you've set in line 129 when prompted - - -7/ Apache configuration ------------------------ -# Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/ - -# If the apache version is 2.2: -sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf - -# If the apache version is 2.4: -sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf - -# Be aware that the configuration files for apache 2.4 and up have changed. -# The configuration file has to have the .conf extension in the sites-available directory -# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html - -# If a valid SSL certificate is not already created for the server, create a self-signed certificate: -sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ --subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress=admin@" \ --keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt - -# Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL - -# Also remember to verify the SSLCertificateChainFile property in your config file - this is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below. - -# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment) - -============================================= Begin sample working SSL config for MISP -:80> - ServerName - - Redirect permanent / https:// - - LogLevel warn - ErrorLog /var/log/apache2/misp.local_error.log - CustomLog /var/log/apache2/misp.local_access.log combined - ServerSignature Off - - -:443> - ServerAdmin admin@ - ServerName - DocumentRoot /var/www/MISP/app/webroot - - Options -Indexes - AllowOverride all - Order allow,deny - allow from all - - - SSLEngine On - SSLCertificateFile /etc/ssl/private/misp.local.crt - SSLCertificateKeyFile /etc/ssl/private/misp.local.key -# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt - - LogLevel warn - ErrorLog /var/log/apache2/misp.local_error.log - CustomLog /var/log/apache2/misp.local_access.log combined - ServerSignature Off - -============================================= End sample working SSL config for MISP - -# activate new vhost -sudo a2dissite default-ssl -sudo a2ensite misp-ssl - -# Restart apache -sudo systemctl restart apache2 - -8/ Log rotation ---------------- -# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs -# To rotate these logs install the supplied logrotate script: - -sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp - -9/ MISP configuration ---------------------- -# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied -sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php -sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php -sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php -sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php - -# Configure the fields in the newly created files: -sudo -u www-data vim /var/www/MISP/app/Config/database.php -# DATABASE_CONFIG has to be filled -# With the default values provided in section 6, this would look like: -# class DATABASE_CONFIG { -# public $default = array( -# 'datasource' => 'Database/Mysql', -# 'persistent' => false, -# 'host' => 'localhost', -# 'login' => 'misp', // grant usage on *.* to misp@localhost -# 'port' => 3306, -# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX'; -# 'database' => 'misp', // create database misp; -# 'prefix' => '', -# 'encoding' => 'utf8', -# ); -#} - -# Important! Change the salt key in /var/www/MISP/app/Config/config.php -# The salt key must be a string at least 32 bytes long. -# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user -# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, -# you can reset the admin password with the following command -/var/www/MISP/app/Console/cake Password admin@admin.test Password1234 - -# Change baseurl -/var/www/MISP/app/Console/cake Baseurl https:// -# alternatively, you can leave this field empty if you would like to use relative pathing in MISP. -# This however is highly advised against. - -# and make sure the file permissions are still OK -sudo chown -R www-data:www-data /var/www/MISP/app/Config -sudo chmod -R 750 /var/www/MISP/app/Config - -# Generate a GPG encryption key. -sudo -u www-data mkdir /var/www/MISP/.gnupg -sudo chmod 700 /var/www/MISP/.gnupg -sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key -# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file - -# NOTE: if entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly - -# And export the public key to the webroot -sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc" - -# To make the background workers start on boot -sudo chmod +x /var/www/MISP/app/Console/worker/start.sh -sudo vim /etc/rc.local -# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user: -sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh - -# Now log in using the webinterface: -# The default user/pass = admin@admin.test/admin - -# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference -# It is especially vital that no critical issues remain! -# start the workers by navigating to the workers tab and clicking restart all workers - -# Don't forget to change the email, password and authentication key after installation. - -# Once done, have a look at the diagnostics - -# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions -# you can do this by running the following commands: - -sudo chmod -R 750 /var/www/MISP/ -sudo chown -R www-data:www-data /var/www/MISP/ - -# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items - -# If anything goes wrong, make sure that you check MISP's logs for errors: -# /var/www/MISP/app/tmp/logs/error.log -# /var/www/MISP/app/tmp/logs/resque-worker-error.log -# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log -# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date - - -Recommended actions -------------------- -- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior. - -- You should really harden your OS -- You should really harden the configuration of Apache -- You should really harden the configuration of MySQL/MariaDB -- Keep your software up2date (OS, MISP, CakePHP and everything else) -- Log and audit - - -Optional features ------------------ -# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command -sudo pip install pyzmq -# ZeroMQ depends on the Python client for Redis -sudo pip install redis - -# For the experimental ssdeep correlations, run the following installation: -# installing ssdeep -wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz -tar zxvf ssdeep-2.13.tar.gz -cd ssdeep-2.13 -./configure -make -sudo make install -ssdeep -h # test - -#installing ssdeep_php -sudo pecl install ssdeep - -# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version -echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini -sudo phpenmod ssdeep -sudo service apache2 restart - -Optional features: misp-modules -------------------------------- -# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules: -# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules -# Then the enrichment, export and import modules can be enabled in MISP via the settings. diff --git a/INSTALL/old/INSTALL.ubuntu1604.txt b/INSTALL/old/INSTALL.ubuntu1604.txt new file mode 120000 index 000000000..19f97ccc3 --- /dev/null +++ b/INSTALL/old/INSTALL.ubuntu1604.txt @@ -0,0 +1 @@ +../../docs/archive/INSTALL.ubuntu1604.md \ No newline at end of file diff --git a/INSTALL/old/old-2_3to2_4-UPGRADE.txt b/INSTALL/old/old-2_3to2_4-UPGRADE.txt index 97b3352a3..2e7b30c3d 120000 --- a/INSTALL/old/old-2_3to2_4-UPGRADE.txt +++ b/INSTALL/old/old-2_3to2_4-UPGRADE.txt @@ -1 +1 @@ -../../docs/old-2_3to2_4-UPGRADE.md \ No newline at end of file +../../docs/archive/old-2_3to2_4-UPGRADE.md \ No newline at end of file diff --git a/docs/UPDATE.md b/docs/UPDATE.md index 4aeb5407d..426af4e26 100644 --- a/docs/UPDATE.md +++ b/docs/UPDATE.md @@ -23,7 +23,7 @@ git submodule update --init --recursive # Upgrades from minor version to another !!! notice - If you would like to upgrade from a minor version to another, look at the Upgrade MISP guides instead (such as [2.3.xyz -> 2.4.xyz](old-2_3to2_4-UPGRADE.md)) + If you would like to upgrade from a minor version to another, look at the Upgrade MISP guides instead (such as [2.3.xyz -> 2.4.xyz](archive/old-2_3to2_4-UPGRADE.md)) !!! warning If for any reason something goes wrong with the above instructions, walk through the following manual upgrade diff --git a/docs/archive/INSTALL.ubuntu1604.md b/docs/archive/INSTALL.ubuntu1604.md new file mode 100644 index 000000000..d7b6fdb77 --- /dev/null +++ b/docs/archive/INSTALL.ubuntu1604.md @@ -0,0 +1,458 @@ +# INSTALLATION INSTRUCTIONS +## for Ubuntu 16.04.5-server + +### 0/ MISP Ubuntu 16.04-server install - status +------------------------- +!!! notice + Tested working by @SteveClement on 20181025 + +{!generic/community.md!} + +{!generic/globalVariables.md!} + +```bash +PHP_ETC_BASE=/etc/php/7.0 +PHP_INI=${PHP_ETC_BASE}/apache2/php.ini +``` + +### 1/ Minimal Ubuntu install +------------------------- + +#### Install a minimal Ubuntu 16.04-server system with the software: +- OpenSSH server +- This guide assumes a user name of 'misp' with sudo working + +{!generic/sudo_etckeeper.md!} + +{!generic/ethX.md!} + +#### Make sure your system is up2date +```bash +# Install python 3.6 from ppa due to this domaintools_api bug: https://github.com/DomainTools/python_api/issues/31 +sudo add-apt-repository ppa:jonathonf/python-3.6 +sudo apt-get update +sudo apt-get upgrade +``` + +#### install postfix, there will be some questions. +```bash +sudo apt-get install postfix -y +``` +!!! notice + Postfix Configuration: Satellite system
+ change the relay server later with: + ```bash + sudo postconf -e 'relayhost = example.com' + sudo postfix reload + ``` + +### 2/ Install LAMP & dependencies +------------------------------ +Once the system is installed you can perform the following steps. +```bash +# Make sure you have enabled the Universe repository +# (ie. for redis-server), enable it with: +# sudo add-apt-repository universe + +# Install the dependencies: (some might already be installed) +sudo apt-get install curl gcc git gnupg-agent make python python3 python3.6 virtualenv openssl redis-server sudo vim zip -y + +# Install MariaDB (a MySQL fork/alternative) +sudo apt-get install mariadb-client mariadb-server -y + +sudo apt install expect -y + +# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines +pw="Password1234" + +expect -f - <<-EOF + set timeout 10 + + spawn sudo mysql_secure_installation + expect "*?assword*" + send -- "$pw\r" + expect "Enter current password for root (enter for none):" + send -- "\r" + expect "Set root password?" + send -- "y\r" + expect "New password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Re-enter new password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Remove anonymous users?" + send -- "y\r" + expect "Disallow root login remotely?" + send -- "y\r" + expect "Remove test database and access to it?" + send -- "y\r" + expect "Reload privilege tables now?" + send -- "y\r" + expect eof +EOF +sudo apt-get purge -y expect ; sudo apt autoremove -y + +# Install Apache2 +sudo apt-get install apache2 apache2-doc apache2-utils -y + +# Enable modules, settings, and default of SSL in Apache +sudo a2dismod status +sudo a2enmod ssl +sudo a2enmod rewrite +sudo a2enmod headers +sudo a2dissite 000-default +sudo a2ensite default-ssl + +# Install PHP and dependencies +sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y + +# Apply all changes +sudo systemctl restart apache2 +``` + +### 3/ MISP code +------------ +```bash +# Download MISP using git in the /var/www/ directory. +sudo mkdir /var/www/MISP +sudo chown www-data:www-data /var/www/MISP +cd /var/www/MISP +sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP +sudo -u www-data git submodule update --init --recursive +# Make git ignore filesystem permission differences for submodules +sudo -u www-data git submodule foreach --recursive git config core.filemode false + +# Make git ignore filesystem permission differences +sudo -u www-data git config core.filemode false + +# Create a python3 virtualenv +sudo -u www-data virtualenv -p python3.6 /var/www/MISP/venv + +# make pip happy +sudo mkdir /var/www/.cache/ +sudo chown www-data:www-data /var/www/.cache + +# install Mitre's STIX and its dependencies by running the following commands: +sudo apt-get install python3.6-dev libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y +cd /var/www/MISP/app/files/scripts +sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git +sudo -u www-data git clone https://github.com/STIXProject/python-stix.git +# install mixbox to accommodate the new STIX dependencies: +sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git +cd /var/www/MISP/app/files/scripts/mixbox +sudo -H -u www-data /var/www/MISP/venv/bin/pip install . +cd /var/www/MISP/app/files/scripts/python-cybox +sudo -H -u www-data /var/www/MISP/venv/bin/pip install . +cd /var/www/MISP/app/files/scripts/python-stix +sudo -H -u www-data /var/www/MISP/venv/bin/pip install . + +# install PyMISP +cd /var/www/MISP/PyMISP +sudo -H -u www-data /var/www/MISP/venv/bin/pip install . +``` + +### 4/ CakePHP +----------- + +```bash +# Once done, install CakeResque along with its dependencies +# if you intend to use the built in background jobs: +cd /var/www/MISP/app +# Make composer cache happy +# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ +sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer +sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2 +sudo -H -u www-data php composer.phar config vendor-dir Vendor +sudo -H -u www-data php composer.phar install + +# Enable CakeResque with php-redis +sudo phpenmod redis +sudo phpenmod gnupg + +# To use the scheduler worker for scheduled tasks, do the following: +sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php + +# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers +# The default Redis port can be updated in Plugin/CakeResque/Config/config.php +``` + +### 5/ Set the permissions +---------------------- + +```bash +# Check if the permissions are set correctly using the following commands: +sudo chown -R www-data:www-data /var/www/MISP +sudo chmod -R 750 /var/www/MISP +sudo chmod -R g+ws /var/www/MISP/app/tmp +sudo chmod -R g+ws /var/www/MISP/app/files +sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp +``` + +### 6/ Create a database and user +----------------------------- +```bash +# Enter the mysql shell +sudo mysql -u root -p +``` + +``` +MariaDB [(none)]> create database misp; +MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX'; +MariaDB [(none)]> grant all privileges on misp.* to misp@localhost; +MariaDB [(none)]> flush privileges; +MariaDB [(none)]> exit +``` + +#### copy/paste: +```bash +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" +``` + +#### Import the empty MISP database from MYSQL.sql +```bash +# Import the empty MISP database from MYSQL.sql +sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME +``` + +### 7/ Apache configuration +----------------------- +Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/ + +#### Apache version 2.2 config: +```bash +sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf +``` + +#### Apache version 2.4 config: +```bash +sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf +``` + +!!! notice + Be aware that the configuration files for apache 2.4 and up have changed. + The configuration file has to have the .conf extension in the sites-available directory + For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html + +```bash +# If a valid SSL certificate is not already created for the server, +# create a self-signed certificate: +sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ +-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ +-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt +``` + +!!! notice + Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL).
+ Also remember to verify the SSLCertificateChainFile property in your config file.
+ This is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.
+ Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment) + +``` +============================================= Begin sample working SSL config for MISP +:80> + ServerName + + Redirect permanent / https:// + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + + +:443> + ServerAdmin admin@ + ServerName + DocumentRoot /var/www/MISP/app/webroot + + Options -Indexes + AllowOverride all + Order allow,deny + allow from all + + + SSLEngine On + SSLCertificateFile /etc/ssl/private/misp.local.crt + SSLCertificateKeyFile /etc/ssl/private/misp.local.key +# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + +============================================= End sample working SSL config for MISP +``` + +```bash +# activate new vhost +sudo a2dissite default-ssl +sudo a2ensite misp-ssl + +for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit +do + sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI +done + +# Restart apache +sudo systemctl restart apache2 +``` + +### 8/ Log rotation +--------------- +```bash +# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs +# To rotate these logs install the supplied logrotate script: + +sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp +sudo chmod 0640 /etc/logrotate.d/misp +``` + +### 9/ MISP configuration +--------------------- +```bash +# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied +sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php +sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php +sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php +sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php + +echo " 'Database/Mysql', + //'datasource' => 'Database/Postgres', + 'persistent' => false, + 'host' => '$DBHOST', + 'login' => '$DBUSER_MISP', + 'port' => 3306, // MySQL & MariaDB + //'port' => 5432, // PostgreSQL + 'password' => '$DBPASSWORD_MISP', + 'database' => '$DBNAME', + 'prefix' => '', + 'encoding' => 'utf8', + ); +}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php + +# Important! Change the salt key in /var/www/MISP/app/Config/config.php +# The salt key must be a string at least 32 bytes long. +# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user +# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, +# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) + +# and make sure the file permissions are still OK +sudo chown -R www-data:www-data /var/www/MISP/app/Config +sudo chmod -R 750 /var/www/MISP/app/Config + +# Generate a GPG encryption key. + +cat >/tmp/gen-key-script < /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local +sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local +sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local + +# Start the workers +sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh + +# some misp-modules dependencies +sudo apt-get install -y libpq5 libjpeg-dev libfuzzy-dev + +sudo chmod 2775 /usr/local/src +sudo chown root:staff /usr/local/src +cd /usr/local/src/ +git clone https://github.com/MISP/misp-modules.git +cd misp-modules +# pip install +sudo -H -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS +sudo -H -u www-data /var/www/MISP/venv/bin/pip install . +sudo apt install ruby-pygments.rb -y +sudo gem install asciidoctor-pdf --pre + +# install STIX2.0 library to support STIX 2.0 export: +sudo -H -u www-data /var/www/MISP/venv/bin/pip install stix2 + +# install additional dependencies for extended object generation and extraction +sudo -H -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib +sudo -H -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git + +# Start misp-modules +## /!\ Check wtf is going on with yara. +sudo -u www-data misp-modules -l 127.0.0.1 -s & + +echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" +echo "User (misp) DB Password: $DBPASSWORD_MISP" +``` + +{!generic/INSTALL.done.md!} + +{!generic/recommended.actions.md!} + +### Optional features +----------------- +#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command +```bash +sudo -H -u www-data /var/www/MISP/venv/bin/pip install pyzmq +``` + +{!generic/misp-dashboard-debian.md!} + +{!generic/viper-debian.md!} + +{!generic/ssdeep-debian.md!} + +{!generic/mail_to_misp-debian.md!} + +#### misp-modules (section deprecated) +------------------------------- +!!! notice + If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
+ https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
+ Then the enrichment, export and import modules can be enabled in MISP via the settings. diff --git a/docs/old-2_3to2_4-UPGRADE.md b/docs/archive/old-2_3to2_4-UPGRADE.md similarity index 100% rename from docs/old-2_3to2_4-UPGRADE.md rename to docs/archive/old-2_3to2_4-UPGRADE.md diff --git a/docs/generic/INSTALL.done.md b/docs/generic/INSTALL.done.md index a3af6ac61..79cb4e569 100644 --- a/docs/generic/INSTALL.done.md +++ b/docs/generic/INSTALL.done.md @@ -3,6 +3,10 @@ ```bash sudo $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python" ``` + or on CentOS + ```bash + sudo $RUN_PHP "$CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"" + ``` !!! warning Make sure that the STIX libraries and GnuPG work as intended, if not, refer to the relevant sections in the install guide you are currently reading. diff --git a/docs/generic/MISP_CAKE_init_centos.md b/docs/generic/MISP_CAKE_init_centos.md index 1cebdf492..8d16c846a 100644 --- a/docs/generic/MISP_CAKE_init_centos.md +++ b/docs/generic/MISP_CAKE_init_centos.md @@ -138,15 +138,15 @@ sudo $RUN_PHP "$CAKE Admin updateTaxonomies" # Updating the warning lists… ##sudo $RUN_PHP "$CAKE Admin updateWarningLists" -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/warninglists/update # Updating the notice lists… ## sudo $RUN_PHP "$CAKE Admin updateNoticeLists" -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/noticelists/update # Updating the object templates… ##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates" -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/objectTemplates/update # Set MISP Live sudo $RUN_PHP "$CAKE Live $MISP_LIVE" diff --git a/docs/generic/mail_to_misp-debian.md b/docs/generic/mail_to_misp-debian.md index f580a1dc5..c93c0daee 100644 --- a/docs/generic/mail_to_misp-debian.md +++ b/docs/generic/mail_to_misp-debian.md @@ -11,12 +11,11 @@ cd build cmake .. && make sudo make install sudo ldconfig -cd ../../ -cd mail_to_misp +cd ../../mail_to_misp virtualenv -p python3 venv ./venv/bin/pip install -r requirements.txt cp mail_to_misp_config.py-example mail_to_misp_config.py sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py -sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py +sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py ``` diff --git a/docs/generic/misp-dashboard-debian.md b/docs/generic/misp-dashboard-debian.md index 981a9e8da..b7f3dcdf8 100644 --- a/docs/generic/misp-dashboard-debian.md +++ b/docs/generic/misp-dashboard-debian.md @@ -6,7 +6,7 @@ sudo mkdir misp-dashboard sudo chown www-data:www-data misp-dashboard sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git cd misp-dashboard -sudo /var/www/misp-dashboard/install_dependencies.sh +sudo -H /var/www/misp-dashboard/install_dependencies.sh sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf diff --git a/docs/generic/ssdeep-debian.md b/docs/generic/ssdeep-debian.md index 680bda4e4..0adfb210a 100644 --- a/docs/generic/ssdeep-debian.md +++ b/docs/generic/ssdeep-debian.md @@ -13,7 +13,7 @@ sudo make install sudo pecl install ssdeep # You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version -echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini +echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini sudo phpenmod ssdeep sudo service apache2 restart ``` diff --git a/docs/generic/sudo_etckeeper.md b/docs/generic/sudo_etckeeper.md index c3be8f981..d478eaf52 100644 --- a/docs/generic/sudo_etckeeper.md +++ b/docs/generic/sudo_etckeeper.md @@ -1,9 +1,16 @@ #### install etckeeper and sudo (optional) + ```bash su - apt install -y etckeeper apt install -y sudo adduser misp sudo -# Add the user to the staff group to be able to write to /usr/local/src -adduser misp staff +``` + +##### add the misp user to staff and www-data (mandatory) +```bash +# Add the user to the staff group to be able to write to /usr/local/src +sudo adduser misp staff +sudo adduser misp www-data +logout ``` diff --git a/docs/generic/viper-debian.md b/docs/generic/viper-debian.md index 6005762a2..a925435fb 100644 --- a/docs/generic/viper-debian.md +++ b/docs/generic/viper-debian.md @@ -18,7 +18,7 @@ sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf -sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf +sed -i "s/^misp_key\ =/misp_key\ =\ ${AUTH_KEY}/g" ~/.viper/viper.conf # Reset admin password to: admin/Password1234 sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="' # Add viper-web to rc.local to be started on boot diff --git a/docs/xINSTALL.centos6.md b/docs/xINSTALL.centos6.md index f17d3ad57..efc5a093c 100644 --- a/docs/xINSTALL.centos6.md +++ b/docs/xINSTALL.centos6.md @@ -1,19 +1,24 @@ - # INSTALLATION INSTRUCTIONS +# INSTALLATION INSTRUCTIONS ## for CentOS 6.x ### 0/ MISP CentOS 6 Minimal NetInstall - Status -------------------------------------------- +!!! notice + Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20181025
+ It is still considered experimental as not everything works seemlessly. + + CentOS 6.10 [NetInstallURL](http://mirrors.sonic.net/centos/6.10/os/x86_64/) {!generic/globalVariables.md!} ```bash # CentOS Specific -RUN_PHP='/usr/bin/scl enable rh-php56 ' +RUN_PHP='/usr/bin/scl enable rh-php70 ' RUN_PYTHON='/usr/bin/scl enable rh-python36 ' -PHP_INI=/etc/opt/rh/rh-php56/php.ini +PHP_INI=/etc/opt/rh/rh-php70/php.ini ``` ### 1/ Minimal CentOS install @@ -28,7 +33,7 @@ Install a minimal CentOS 6.x system with the software: ```bash # Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname) -hostnamectl set-hostname misp.local # or whatever you want it to be +sudo hostnamectl set-hostname misp.local # or whatever you want it to be # Make sure your system is up2date: sudo yum update -y @@ -45,34 +50,36 @@ sudo rpm -Uvh /tmp/epel.rpm # Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides # Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL -sudo yum install centos-release-scl +sudo yum install centos-release-scl -y # Because vim is just so practical -sudo yum install vim +sudo yum install vim -y # Install the dependencies: -sudo yum install gcc git httpd zip redis mysql-server python-devel python-pip libxslt-devel zlib-devel +sudo yum install gcc git httpd zip redis mysql-server python-devel python-pip libxslt-devel zlib-devel -y -# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/ -sudo yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath +# Install PHP 7.0 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php70/ +sudo yum install rh-php70 rh-php70-php-fpm rh-php70-php-devel rh-php70-php-mysqlnd rh-php70-php-mbstring rh-php70-php-xml rh-php70-php-bcmath # Install Python 3.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-python36/ -sudo yum install rh-python36 +sudo yum install rh-python36 -y -# rh-php56-php only provided mod_php for httpd24-httpd from SCL -# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead -sudo chkconfig rh-php56-php-fpm on -sudo service rh-php56-php-fpm start +# rh-php70-php only provided mod_php for httpd24-httpd from SCL +# if we want to use httpd from CentOS base we can use rh-php70-php-fpm instead +sudo chkconfig rh-php70-php-fpm on +sudo service rh-php70-php-fpm start # php-fpm is accessed using the fcgi interface sudo yum install mod_fcgid mod_proxy_fcgi +``` -# Start a new shell with rh-php56 enabled -sudo scl enable rh-php56 bash +!!! notice + $RUN_PHP makes php available for you if using rh-php70. e.g: $RUN_PHP "pear list | grep Crypt_GPG" -sudo pear channel-update pear.php.net +```bash +sudo $RUN_PHP pear channel-update pear.php.net -sudo pear install Crypt_GPG # we need version >1.3.0 +sudo $RUN_PHP pear install Crypt_GPG # we need version >1.3.0 # GPG needs lots of entropy, haveged provides entropy sudo yum install haveged @@ -142,9 +149,9 @@ cd /var/www/MISP/PyMISP sudo $RUN_PYTHON "python3 setup.py install" # Enable python3 for php-fpm -echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php56/sysconfig/php-fpm -sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf -sudo service rh-php56-php-fpm restart +echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php70/sysconfig/php-fpm +sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php70/php-fpm.d/www.conf +sudo service rh-php70-php-fpm restart umask $UMASK ``` @@ -165,15 +172,15 @@ sudo -u apache $RUN_PHP "php composer.phar install" # CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis sudo $RUN_PHP "pecl install redis-2.2.8" -echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/redis.ini -sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini -sudo service rh-php56-php-fpm restart +echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php70/php-fpm.d/redis.ini +sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php70/php.d/99-redis.ini +sudo service rh-php70-php-fpm restart # If you have not yet set a timezone in php.ini -echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini -sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini +echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php70/php-fpm.d/timezone.ini +sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php70/php.d/99-timezone.ini -# Recommended: Change some PHP settings in /etc/opt/rh/rh-php56/php.ini +# Recommended: Change some PHP settings in /etc/opt/rh/rh-php70/php.ini # max_execution_time = 300 # memory_limit = 512M # upload_max_filesize = 50M @@ -182,7 +189,7 @@ for key in upload_max_filesize post_max_size max_execution_time max_input_time m do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done -sudo systemctl restart rh-php56-php-fpm.service +sudo systemctl restart rh-php70-php-fpm.service # To use the scheduler worker for scheduled tasks, do the following: sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ``` @@ -194,13 +201,19 @@ sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/Cake sudo chown -R root:apache /var/www/MISP sudo find /var/www/MISP -type d -exec chmod g=rx {} \; sudo chmod -R g+r,o= /var/www/MISP +sudo chmod -R 750 /var/www/MISP +sudo chmod -R g+ws /var/www/MISP/app/tmp +sudo chmod -R g+ws /var/www/MISP/app/files +sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp sudo chown apache:apache /var/www/MISP/app/files sudo chown apache:apache /var/www/MISP/app/files/terms sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp sudo chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp +sudo chown -R apache:apache /var/www/MISP/app/Config sudo chown -R apache:apache /var/www/MISP/app/tmp sudo chown -R apache:apache /var/www/MISP/app/webroot/img/orgs sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom +``` ### 6/ Create a database and user ----------------------------- @@ -318,12 +331,12 @@ sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > # Start the workers to enable background jobs sudo chmod +x /var/www/MISP/app/Console/worker/start.sh -su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh' +su -s /bin/bash apache -c 'scl enable rh-php70 /var/www/MISP/app/Console/worker/start.sh' # To make the background workers start on boot vi /etc/rc.local # Add the following line at the end -su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh' +su -s /bin/bash apache -c 'scl enable rh-php70 /var/www/MISP/app/Console/worker/start.sh' {!generic/MISP_CAKE_init_centos.md!} diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md index ff5598321..7c7016c2c 100644 --- a/docs/xINSTALL.centos7.md +++ b/docs/xINSTALL.centos7.md @@ -15,10 +15,10 @@ CentOS 7.5-1804 [NetInstallURL](http://mirror.centos.org/centos/7.5.1804/os/x86_ ```bash # CentOS Specific -RUN_PHP='/usr/bin/scl enable rh-php56 ' +RUN_PHP='/usr/bin/scl enable rh-php71 ' RUN_PYTHON='/usr/bin/scl enable rh-python36 ' -PHP_INI=/etc/opt/rh/rh-php56/php.ini +PHP_INI=/etc/opt/rh/rh-php71/php.ini ``` ### 1/ Minimal CentOS install @@ -33,7 +33,7 @@ Install a minimal CentOS 7.x system with the software: ```bash # Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname) -hostnamectl set-hostname misp.local # or whatever you want it to be +sudo hostnamectl set-hostname misp.local # or whatever you want it to be # Make sure your system is up2date: sudo yum update -y @@ -51,30 +51,30 @@ sudo yum install epel-release -y # Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL sudo yum install centos-release-scl -y -# Because vim is just so practical -sudo yum install vim +# Install vim (optional) +sudo yum install vim -y # Install the dependencies: sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel -y -# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/ -sudo yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath rh-php56-php-opcache -y +# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/ +sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y # Install Python 3.6 from SCL, see # https://www.softwarecollections.org/en/scls/rhscl/rh-python36/ sudo yum install rh-python36 -y -# rh-php56-php only provided mod_php for httpd24-httpd from SCL -# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead -sudo systemctl enable rh-php56-php-fpm.service -sudo systemctl start rh-php56-php-fpm.service +# rh-php71-php only provided mod_php for httpd24-httpd from SCL +# if we want to use httpd from CentOS base we can use rh-php71-php-fpm instead +sudo systemctl enable rh-php71-php-fpm.service +sudo systemctl start rh-php71-php-fpm.service -$RUN_PHP "pear channel-update pear.php.net" +sudo $RUN_PHP "pear channel-update pear.php.net" sudo $RUN_PHP "pear install Crypt_GPG" # we need version >1.3.0 ``` !!! notice - $RUN_PHP makes php available for you if using rh-php56. e.g: $RUN_PHP "pear list | grep Crypt_GPG" + $RUN_PHP makes php available for you if using rh-php71. e.g: sudo $RUN_PHP "pear list | grep Crypt_GPG" ```bash # GPG needs lots of entropy, haveged provides entropy @@ -82,6 +82,7 @@ sudo yum install haveged -y sudo systemctl enable haveged.service sudo systemctl start haveged.service + # Enable and start redis sudo systemctl enable redis.service sudo systemctl start redis.service @@ -91,68 +92,67 @@ sudo systemctl start redis.service ------------ ```bash # Download MISP using git in the /var/www/ directory. -cd /var/www/ -sudo git clone https://github.com/MISP/MISP.git -cd /var/www/MISP -sudo git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) +sudo mkdir $PATH_TO_MISP +sudo chown apache:apache $PATH_TO_MISP +cd /var/www +sudo -u apache git clone https://github.com/MISP/MISP.git +cd $PATH_TO_MISP +sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) # if the last shortcut doesn't work, specify the latest version manually # example: git checkout tags/v2.4.XY # the message regarding a "detached HEAD state" is expected behaviour # (you only have to create a new branch, if you want to change stuff and do a pull request for example) -# Make git ignore filesystem permission differences -sudo git config core.filemode false - # Fetch submodules -cd /var/www/MISP -sudo git submodule update --init --recursive +sudo -u apache git submodule update --init --recursive # Make git ignore filesystem permission differences for submodules -sudo git submodule foreach --recursive git config core.filemode false +sudo -u apache git submodule foreach --recursive git config core.filemode false + +# Create a python3 virtualenv +sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv" +sudo mkdir /var/www/.cache/ +sudo chown apache:apache /var/www/.cache +sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U pip # install Mitre's STIX and its dependencies by running the following commands: sudo yum install python-importlib python-lxml python-dateutil python-six -y cd /var/www/MISP/app/files/scripts -sudo git clone https://github.com/CybOXProject/python-cybox.git -sudo git clone https://github.com/STIXProject/python-stix.git +sudo -u apache git clone https://github.com/CybOXProject/python-cybox.git +sudo -u apache git clone https://github.com/STIXProject/python-stix.git cd /var/www/MISP/app/files/scripts/python-cybox -sudo git config core.filemode false # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules UMASK=$(umask) umask 0022 -sudo $RUN_PYTHON "python3 setup.py install" cd /var/www/MISP/app/files/scripts/python-stix -sudo git config core.filemode false -sudo $RUN_PYTHON "python3 setup.py install" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install . # install maec -sudo $RUN_PYTHON "pip install maec" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U maec # install zmq -sudo $RUN_PYTHON "pip install zmq" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U zmq # install redis -sudo $RUN_PYTHON "pip install redis" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U redis # install mixbox to accommodate the new STIX dependencies: cd /var/www/MISP/app/files/scripts/ -sudo git clone https://github.com/CybOXProject/mixbox.git +sudo -u apache git clone https://github.com/CybOXProject/mixbox.git cd /var/www/MISP/app/files/scripts/mixbox -sudo git config core.filemode false -sudo $RUN_PYTHON "python3 setup.py install" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install . # install PyMISP cd /var/www/MISP/PyMISP -sudo $RUN_PYTHON "python3 setup.py install" +sudo -u apache $PATH_TO_MISP/venv/bin/pip install . # Enable python3 for php-fpm -echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php56/sysconfig/php-fpm -sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf -sudo systemctl restart rh-php56-php-fpm.service +echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php71/sysconfig/php-fpm +sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf +sudo systemctl restart rh-php71-php-fpm.service umask $UMASK ``` - ### 4/ CakePHP ----------- #### CakePHP is now included as a submodule of MISP and has been fetch by a previous step. @@ -167,16 +167,16 @@ sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor" sudo -u apache $RUN_PHP "php composer.phar install" # CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis" -sudo $RUN_PHP "pecl install redis-2.2.8" -echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/redis.ini -sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini -sudo systemctl restart rh-php56-php-fpm.service +sudo $RUN_PHP "pecl install redis" +echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/redis.ini +sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini +sudo systemctl restart rh-php71-php-fpm.service # If you have not yet set a timezone in php.ini -echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini -sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini +echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/timezone.ini +sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php71/php.d/99-timezone.ini -# Recommended: Change some PHP settings in /etc/opt/rh/rh-php56/php.ini +# Recommended: Change some PHP settings in /etc/opt/rh/rh-php71/php.ini # max_execution_time = 300 # memory_limit = 512M # upload_max_filesize = 50M @@ -185,7 +185,7 @@ for key in upload_max_filesize post_max_size max_execution_time max_input_time m do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done -sudo systemctl restart rh-php56-php-fpm.service +sudo systemctl restart rh-php71-php-fpm.service # To use the scheduler worker for scheduled tasks, do the following: sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php @@ -219,9 +219,37 @@ sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom sudo systemctl enable mariadb.service sudo systemctl start mariadb.service -# If you want to continue copy pasting set the MySQL root password to $DBPASSWORD_ADMIN -echo $DBPASSWORD_ADMIN -sudo mysql_secure_installation +sudo yum install expect -y + +# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines +#pw="Password1234" + +expect -f - <<-EOF + set timeout 10 + + spawn sudo mysql_secure_installation + #expect "*?assword*" + #send -- "$pw\r" + expect "Enter current password for root (enter for none):" + send -- "\r" + expect "Set root password?" + send -- "y\r" + expect "New password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Re-enter new password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Remove anonymous users?" + send -- "y\r" + expect "Disallow root login remotely?" + send -- "y\r" + expect "Remove test database and access to it?" + send -- "y\r" + expect "Reload privilege tables now?" + send -- "y\r" + expect eof +EOF + +sudo yum remove tcl expect -y # Additionally, it is probably a good idea to make the database server listen on localhost only echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf @@ -250,7 +278,6 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" ``` #### Import the empty MySQL database from MYSQL.sql - ```bash sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME ``` @@ -265,10 +292,12 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB sudo cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf # Since SELinux is enabled, we need to allow httpd to write to certain directories +sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/venv sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp +sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/venv sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs @@ -384,13 +413,6 @@ class DATABASE_CONFIG { sudo chown apache:apache /var/www/MISP/app/Config/config.php sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php -# Set some MISP directives with the command line tool -sudo $RUN_PHP "$CAKE Live $MISP_LIVE" - -# Change base url -sudo $RUN_PHP "$CAKE Baseurl $MISP_BASEURL" - - # Generate a GPG encryption key. cat >/tmp/gen-key-script <