|
|
|
@ -10,16 +10,16 @@
|
|
|
|
|
############################################################
|
|
|
|
|
#INSTALLATION INSTRUCTIONS #
|
|
|
|
|
##########################################################
|
|
|
|
|
#------------------------- for Debian Flavored Linux Distributions
|
|
|
|
|
#------------------------- for Linux Distributions
|
|
|
|
|
#
|
|
|
|
|
#-------------------------------------------------------|
|
|
|
|
|
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
|
|
|
|
#-------------------------------------------------------|
|
|
|
|
|
#
|
|
|
|
|
# 20200513: Ubuntu 20.04 tested and working. -- sCl
|
|
|
|
|
# 20200412: Ubuntu 18.04.4 tested and working. -- sCl
|
|
|
|
|
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
|
|
|
|
# 20190208: Kali Linux tested and working. -- sCl
|
|
|
|
|
# 20210401: Ubuntu 21.04 tested and working. -- sCl
|
|
|
|
|
# 20210401: Ubuntu 20.04.2 tested and working. -- sCl
|
|
|
|
|
# 20210401: Ubuntu 18.04.5 tested and working. -- sCl
|
|
|
|
|
# 20210331: Kali Linux 2021.1 tested and working. -- sCl
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
#-------------------------------------------------------------------------------------------------|
|
|
|
|
@ -68,7 +68,7 @@
|
|
|
|
|
#
|
|
|
|
|
#### BEGIN AUTOMATED SECTION ####
|
|
|
|
|
#
|
|
|
|
|
# $ eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | grep -v \`\`\`)"
|
|
|
|
|
# $ eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | awk '/^# <snippet-begin/,0' | grep -v \`\`\`)"
|
|
|
|
|
# $ MISPvars
|
|
|
|
|
MISPvars () {
|
|
|
|
|
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours" 2> /dev/null
|
|
|
|
@ -76,9 +76,16 @@ MISPvars () {
|
|
|
|
|
MISP_USER="${MISP_USER:-misp}"
|
|
|
|
|
MISP_PASSWORD="${MISP_PASSWORD:-$(openssl rand -hex 32)}"
|
|
|
|
|
|
|
|
|
|
# Cheap distribution detector
|
|
|
|
|
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
|
|
|
|
|
STREAM="$(. /etc/os-release && echo "$NAME"| grep -o -i stream |tr '[:upper:]' '[:lower:]')"
|
|
|
|
|
DIST_VER="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
|
|
|
DISTRI=${FLAVOUR}${DIST_VER}${STREAM}
|
|
|
|
|
|
|
|
|
|
# The web server user
|
|
|
|
|
# RHEL/CentOS
|
|
|
|
|
if [[ -f "/etc/redhat-release" ]]; then
|
|
|
|
|
SE_LINUX=$(sestatus -v -b |grep "^SELinux status"| grep enabled ; echo $?)
|
|
|
|
|
WWW_USER="apache"
|
|
|
|
|
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
|
|
|
|
# Debian flavoured
|
|
|
|
@ -322,12 +329,13 @@ checkFlavour () {
|
|
|
|
|
fi
|
|
|
|
|
echo "${FLAVOUR} support is experimental at the moment"
|
|
|
|
|
;;
|
|
|
|
|
rhel|ol|sles)
|
|
|
|
|
rhel|ol|sles|fedora)
|
|
|
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
|
|
|
# FIXME: On fedora the trimming fails
|
|
|
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
|
|
|
dist_version=${dist_version:0:1} # Only interested about major version
|
|
|
|
|
dist_version=${dist_version:0:1} # Only interested about major version
|
|
|
|
|
fi
|
|
|
|
|
# Only tested for RHEL 7 so far
|
|
|
|
|
# FIXME: Only tested for RHEL 7 so far
|
|
|
|
|
echo "${FLAVOUR} support is experimental at the moment"
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
@ -397,7 +405,7 @@ EOF
|
|
|
|
|
|
|
|
|
|
checkInstaller () {
|
|
|
|
|
# Workaround: shasum is not available on RHEL, only checking sha512
|
|
|
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
|
|
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then
|
|
|
|
|
INSTsum=$(sha512sum ${0} | cut -f1 -d\ )
|
|
|
|
|
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512
|
|
|
|
|
chsum=$(cat /tmp/INSTALL.sh.sha512)
|
|
|
|
@ -1534,13 +1542,13 @@ coreCAKE () {
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.cookieTimeout" 3600
|
|
|
|
|
|
|
|
|
|
# Change base url, either with this CLI command or in the UI
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Baseurl $MISP_BASEURL
|
|
|
|
|
[[ ! -z ${MISP_BASEURL} ]] && $SUDO_WWW $RUN_PHP -- $CAKE Baseurl $MISP_BASEURL
|
|
|
|
|
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
|
|
|
|
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
|
|
|
|
# 'baseurl' => '',
|
|
|
|
|
# The base url of the application (in the format https://www.mymispinstance.com) as visible externally/by other MISPs.
|
|
|
|
|
# MISP will encode this URL in sharing groups when including itself. If this value is not set, the baseurl is used as a fallback.
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.external_baseurl" $MISP_BASEURL
|
|
|
|
|
[[ ! -z ${MISP_BASEURL} ]] && $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.external_baseurl" $MISP_BASEURL
|
|
|
|
|
|
|
|
|
|
# Enable GnuPG
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
|
|
|
|
@ -1576,8 +1584,54 @@ coreCAKE () {
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_sighting_db_enable" false
|
|
|
|
|
|
|
|
|
|
# Plugin Enrichment hover defaults
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_hover_popover_only" false
|
|
|
|
|
# Set API_Required modules to false
|
|
|
|
|
for PLUG in $(echo "Plugin.Enrichment_cuckoo_submit_enabled
|
|
|
|
|
Plugin.Enrichment_vmray_submit_enabled
|
|
|
|
|
Plugin.Enrichment_circl_passivedns_enabled
|
|
|
|
|
Plugin.Enrichment_circl_passivessl_enabled
|
|
|
|
|
Plugin.Enrichment_domaintools_enabled
|
|
|
|
|
Plugin.Enrichment_eupi_enabled
|
|
|
|
|
Plugin.Enrichment_farsight_passivedns_enabled
|
|
|
|
|
Plugin.Enrichment_passivetotal_enabled
|
|
|
|
|
Plugin.Enrichment_passivetotal_enabled
|
|
|
|
|
Plugin.Enrichment_virustotal_enabled
|
|
|
|
|
Plugin.Enrichment_whois_enabled
|
|
|
|
|
Plugin.Enrichment_shodan_enabled
|
|
|
|
|
Plugin.Enrichment_geoip_asn_enabled
|
|
|
|
|
Plugin.Enrichment_geoip_city_enabled
|
|
|
|
|
Plugin.Enrichment_geoip_country_enabled
|
|
|
|
|
Plugin.Enrichment_iprep_enabled
|
|
|
|
|
Plugin.Enrichment_otx_enabled
|
|
|
|
|
Plugin.Enrichment_vulndb_enabled
|
|
|
|
|
Plugin.Enrichment_crowdstrike_falcon_enabled
|
|
|
|
|
Plugin.Enrichment_onyphe_enabled
|
|
|
|
|
Plugin.Enrichment_xforceexchange_enabled
|
|
|
|
|
Plugin.Enrichment_vulners_enabled
|
|
|
|
|
Plugin.Enrichment_macaddress_io_enabled
|
|
|
|
|
Plugin.Enrichment_intel471_enabled
|
|
|
|
|
Plugin.Enrichment_backscatter_io_enabled
|
|
|
|
|
Plugin.Enrichment_hibp_enabled
|
|
|
|
|
Plugin.Enrichment_greynoise_enabled
|
|
|
|
|
Plugin.Enrichment_joesandbox_submit_enabled
|
|
|
|
|
Plugin.Enrichment_virustotal_public_enabled
|
|
|
|
|
Plugin.Enrichment_apiosintds_enabled
|
|
|
|
|
Plugin.Enrichment_urlscan_enabled
|
|
|
|
|
Plugin.Enrichment_securitytrails_enabled
|
|
|
|
|
Plugin.Enrichment_apivoid_enabled
|
|
|
|
|
Plugin.Enrichment_assemblyline_submit_enabled
|
|
|
|
|
Plugin.Enrichment_assemblyline_query_enabled
|
|
|
|
|
Plugin.Enrichment_ransomcoindb_enabled
|
|
|
|
|
Plugin.Enrichment_lastline_query_enabled
|
|
|
|
|
Plugin.Enrichment_sophoslabs_intelix_enabled
|
|
|
|
|
Plugin.Enrichment_cytomic_orion_enabled
|
|
|
|
|
Plugin.Enrichment_censys_enrich_enabled
|
|
|
|
|
Plugin.Enrichment_trustar_enrich_enabled
|
|
|
|
|
Plugin.Enrichment_recordedfuture_enabled
|
|
|
|
|
Plugin.ElasticSearch_logging_enable
|
|
|
|
|
Plugin.S3_enable"); do
|
|
|
|
|
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Plugin CustomAuth tuneable
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
|
|
|
@ -1595,6 +1649,52 @@ coreCAKE () {
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
|
|
|
|
|
|
|
|
|
# Kafka settings
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_brokers" "kafka:9092"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_rdkafka_config" "/etc/rdkafka.ini"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_include_attachments" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_notifications_topic" "misp_event"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_publish_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_publish_notifications_topic" "misp_event_publish"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_notifications_topic" "misp_object"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_reference_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_reference_notifications_topic" "misp_object_reference"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_attribute_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_attribute_notifications_topic" "misp_attribute"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_shadow_attribute_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_shadow_attribute_notifications_topic" "misp_shadow_attribute"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_tag_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_tag_notifications_topic" "misp_tag"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_sighting_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_sighting_notifications_topic" "misp_sighting"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_user_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_user_notifications_topic" "misp_user"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_organisation_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_organisation_notifications_topic" "misp_organisation"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_audit_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_audit_notifications_topic" "misp_audit"
|
|
|
|
|
|
|
|
|
|
# ZeroMQ settings
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_host" "127.0.0.1"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_port" 50000
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
|
|
|
|
|
|
|
|
|
# Force defaults to make MISP Server Settings less RED
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.language" "eng"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
|
|
|
@ -1635,6 +1735,7 @@ coreCAKE () {
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.attachments_dir" "$PATH_TO_MISP/app/files"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.download_attachments_on_load" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.event_alert_metadata_only" false
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.title_text" "MISP"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.terms_download" false
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showorgalternate" false
|
|
|
|
@ -1643,6 +1744,7 @@ coreCAKE () {
|
|
|
|
|
# Force defaults to make MISP Server Settings less GREEN
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "debug" 0
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.auth_enforced" false
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.log_each_individual_auth_fail" false
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.rest_client_baseurl" ""
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.advanced_authkeys" false
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_length" 12
|
|
|
|
@ -1804,47 +1906,70 @@ mispmodules () {
|
|
|
|
|
|
|
|
|
|
# Sleep 9 seconds to give misp-modules a chance to spawn
|
|
|
|
|
sleep 9
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
modulesCAKE () {
|
|
|
|
|
# Enable Enrichment, set better timeouts
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_popover_only" false
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
|
|
|
|
# TODO:"Investigate why the next one fails"
|
|
|
|
|
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_btc_steroids_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_query_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pdf_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_docx_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_xlsx_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pptx_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ods_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_odt_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_services_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_popover_only" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_timeout" 300
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_bgpranking_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_countrycode_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_cve_advanced_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_cpe_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_eql_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_btc_steroids_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_ipasn_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_reversedns_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_yara_query_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_wiki_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_threatminer_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_threatcrowd_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_hashdd_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_rbl_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_sigma_syntax_validator_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_stix2_pattern_syntax_validator_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_sigma_queries_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_dbl_spamhaus_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_btc_scam_check_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_macvendors_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_qrcode_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_ocr_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_pdf_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_docx_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_xlsx_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_pptx_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_ods_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_odt_enrich_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_urlhaus_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_malwarebazaar_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_html_to_markdown_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_socialscan_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Enrichment_services_port" 6666
|
|
|
|
|
|
|
|
|
|
# Enable Import modules, set better timeout
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_mispjson_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_services_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_services_port" 6666
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_timeout" 300
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_ocr_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_mispjson_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_openiocimport_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Import_csvimport_enabled" true
|
|
|
|
|
|
|
|
|
|
# Enable Export modules, set better timeout
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Export_services_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Export_services_port" 6666
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Export_timeout" 300
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Main MISP Dashboard install function
|
|
|
|
@ -1918,22 +2043,23 @@ mispDashboard () {
|
|
|
|
|
|
|
|
|
|
dashboardCAKE () {
|
|
|
|
|
# Enable ZeroMQ for misp-dashboard
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
|
|
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_host" "127.0.0.1"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_port" 50000
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
|
|
|
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Main mail2misp install function
|
|
|
|
@ -1959,7 +2085,6 @@ mail2misp () {
|
|
|
|
|
sudo ldconfig
|
|
|
|
|
cd ../../mail_to_misp
|
|
|
|
|
$SUDO_CMD virtualenv -p python3 venv
|
|
|
|
|
$SUDO_CMD ./venv/bin/pip install lief
|
|
|
|
|
$SUDO_CMD ./venv/bin/pip install -r requirements.txt
|
|
|
|
|
$SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py
|
|
|
|
|
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
|
|
|
@ -2054,10 +2179,12 @@ viper () {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
enableReposRHEL () {
|
|
|
|
|
sudo subscription-manager refresh
|
|
|
|
|
sudo subscription-manager repos --enable rhel-7-server-optional-rpms
|
|
|
|
|
sudo subscription-manager repos --enable rhel-7-server-extras-rpms
|
|
|
|
|
enableOptionalRHEL8 () {
|
|
|
|
|
sudo subscription-manager refresh
|
|
|
|
|
|
|
|
|
|
# The following is needed for -devel repos and ONLY for misp-modules, ignore if not needed
|
|
|
|
|
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
|
|
|
|
|
# Software Collections is available for Red Hat Enterprise Linux 7 and previous supported releases. Starting with Red Hat Enterprise Linux 8, the content traditionally consumed via Software Collections is now part of Application Streams. Please see the Application Streams Life Cycle documentation for that release. Source: https://access.redhat.com/support/policy/updates/rhscl
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
centosEPEL () {
|
|
|
|
@ -2067,70 +2194,96 @@ centosEPEL () {
|
|
|
|
|
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
|
|
|
|
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
|
|
|
|
sudo yum install centos-release-scl -y
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enableEPEL () {
|
|
|
|
|
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
|
|
|
|
|
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
|
|
|
|
|
sudo yum install yum-utils -y
|
|
|
|
|
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
|
|
|
|
|
sudo yum-config-manager --enable remi-php74
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
yumInstallCoreDeps () {
|
|
|
|
|
# Install the dependencies:
|
|
|
|
|
sudo yum install gcc git zip \
|
|
|
|
|
PHP_BASE="/etc/"
|
|
|
|
|
PHP_INI="/etc/php.ini"
|
|
|
|
|
sudo dnf install @httpd -y
|
|
|
|
|
sudo dnf install gcc git zip \
|
|
|
|
|
httpd \
|
|
|
|
|
mod_ssl \
|
|
|
|
|
redis \
|
|
|
|
|
mariadb \
|
|
|
|
|
mariadb-server \
|
|
|
|
|
python3-devel python3-pip python3-virtualenv \
|
|
|
|
|
python3-policycoreutils \
|
|
|
|
|
policycoreutils-python-utils \
|
|
|
|
|
libxslt-devel zlib-devel ssdeep-devel -y
|
|
|
|
|
sudo alternatives --set python /usr/bin/python3
|
|
|
|
|
|
|
|
|
|
# Enable and start redis
|
|
|
|
|
sudo systemctl enable --now redis.service
|
|
|
|
|
|
|
|
|
|
# Install MariaDB
|
|
|
|
|
sudo yum install wget -y
|
|
|
|
|
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
|
|
|
|
|
chmod +x mariadb_repo_setup
|
|
|
|
|
sudo ./mariadb_repo_setup
|
|
|
|
|
rm mariadb_repo_setup
|
|
|
|
|
sudo yum install MariaDB-server -y
|
|
|
|
|
# Install PHP 7.4 from Remi's repo, see https://rpms.remirepo.net/enterprise/8/php74/x86_64/repoview/
|
|
|
|
|
sudo dnf install php php-fpm php-devel \
|
|
|
|
|
php-mysqlnd \
|
|
|
|
|
php-mbstring \
|
|
|
|
|
php-xml \
|
|
|
|
|
php-bcmath \
|
|
|
|
|
php-opcache \
|
|
|
|
|
php-zip \
|
|
|
|
|
php-pear \
|
|
|
|
|
php-brotli \
|
|
|
|
|
php-intl \
|
|
|
|
|
php-gd -y
|
|
|
|
|
|
|
|
|
|
WWW_USER="apache"
|
|
|
|
|
SUDO_WWW="sudo -H -u $WWW_USER"
|
|
|
|
|
PHP_INI="/etc/opt/remi/php74/php.ini"
|
|
|
|
|
# Install PHP 7.4 from Remi's repo, see https://rpms.remirepo.net/enterprise/7/php74/x86_64/repoview/
|
|
|
|
|
sudo yum install php74 php74-php-fpm php74-php-devel \
|
|
|
|
|
php74-php-mysqlnd \
|
|
|
|
|
php74-php-mbstring \
|
|
|
|
|
php74-php-xml \
|
|
|
|
|
php74-php-bcmath \
|
|
|
|
|
php74-php-opcache \
|
|
|
|
|
php74-php-zip \
|
|
|
|
|
php74-php-pear \
|
|
|
|
|
php74-php-brotli \
|
|
|
|
|
php74-php-intl \
|
|
|
|
|
php74-php-gd -y
|
|
|
|
|
|
|
|
|
|
# cake has php baked in, thus we link to it
|
|
|
|
|
sudo ln -s /usr/bin/php74 /usr/bin/php
|
|
|
|
|
|
|
|
|
|
# Python 3.6 is now available in RHEL 7.7 base
|
|
|
|
|
sudo yum install python3 python3-devel -y
|
|
|
|
|
|
|
|
|
|
sudo systemctl enable --now php74-php-fpm.service
|
|
|
|
|
# cake has php baked in, thus we link to it if necessary.
|
|
|
|
|
[[ ! -e "/usr/bin/php" ]] && sudo ln -s /usr/bin/php74 /usr/bin/php
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
installCoreRHEL () {
|
|
|
|
|
compileLiefRHEL8 () {
|
|
|
|
|
cd $PATH_TO_MISP/app/files/scripts
|
|
|
|
|
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
|
|
|
|
# lief might need manual compilation
|
|
|
|
|
sudo dnf groupinstall "Development Tools" -y
|
|
|
|
|
|
|
|
|
|
cd $PATH_TO_MISP/app/files/scripts/lief
|
|
|
|
|
$SUDO_WWW git config core.filemode false
|
|
|
|
|
$SUDO_WWW mkdir build
|
|
|
|
|
cd build
|
|
|
|
|
$SUDO_WWW ${CMAKE_BIN} \
|
|
|
|
|
-DLIEF_PYTHON_API=on \
|
|
|
|
|
-DPYTHON_VERSION=3.6 \
|
|
|
|
|
-DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \
|
|
|
|
|
-DLIEF_DOC=off \
|
|
|
|
|
-DCMAKE_BUILD_TYPE=Release \
|
|
|
|
|
..
|
|
|
|
|
$SUDO_WWW make -j3 pyLIEF
|
|
|
|
|
|
|
|
|
|
if [ $? == 2 ]; then
|
|
|
|
|
# In case you get "internal compiler error: Killed (program cc1plus)"
|
|
|
|
|
# You ran out of memory.
|
|
|
|
|
# Create some swap
|
|
|
|
|
TEMP_DIR=$(mktemp -d)
|
|
|
|
|
TEMP_SWAP=${TEMP_DIR}/swap.img
|
|
|
|
|
sudo dd if=/dev/zero of=${TEMP_SWAP} bs=1024k count=4000
|
|
|
|
|
sudo mkswap ${TEMP_SWAP}
|
|
|
|
|
sudo swapon ${TEMP_SWAP}
|
|
|
|
|
# And compile again
|
|
|
|
|
${SUDO_WWW} make -j3 pyLIEF
|
|
|
|
|
sudo swapoff ${TEMP_SWAP}
|
|
|
|
|
sudo rm -r ${TEMP_DIR}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# The following adds a PYTHONPATH to where the pyLIEF module has been compiled
|
|
|
|
|
echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.6/site-packages/lief.pth
|
|
|
|
|
[[ "${DISTRI}" == "fedora33" ]] && (echo /var/www/MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee /var/www/MISP/venv/lib/python3.9/site-packages/lief.pth)
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic plyara
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
installCoreRHEL8 () {
|
|
|
|
|
# Download MISP using git in the $PATH_TO_MISP directory.
|
|
|
|
|
sudo mkdir -p $(dirname $PATH_TO_MISP)
|
|
|
|
|
sudo chown $WWW_USER:$WWW_USER $(dirname $PATH_TO_MISP)
|
|
|
|
|
cd $(dirname $PATH_TO_MISP)
|
|
|
|
|
$SUDO_WWW git clone https://github.com/MISP/MISP.git
|
|
|
|
|
cd $PATH_TO_MISP
|
|
|
|
|
##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
|
|
|
|
# if the last shortcut doesn't work, specify the latest version manually
|
|
|
|
|
# example: git checkout tags/v2.4.XY
|
|
|
|
|
# the message regarding a "detached HEAD state" is expected behaviour
|
|
|
|
|
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
|
|
|
|
|
|
|
|
|
# Fetch submodules
|
|
|
|
|
$SUDO_WWW git submodule update --init --recursive
|
|
|
|
@ -2140,8 +2293,8 @@ installCoreRHEL () {
|
|
|
|
|
$SUDO_WWW git config core.filemode false
|
|
|
|
|
|
|
|
|
|
# Create a python3 virtualenv
|
|
|
|
|
sudo pip3 install virtualenv
|
|
|
|
|
$SUDO_WWW python3 -m venv $PATH_TO_MISP/venv
|
|
|
|
|
[[ -e $(which virtualenv-3 2>/dev/null) ]] && $SUDO_WWW virtualenv-3 -p python3 $PATH_TO_MISP/venv
|
|
|
|
|
[[ -e $(which virtualenv 2>/dev/null) ]] && $SUDO_WWW virtualenv -p python3 $PATH_TO_MISP/venv
|
|
|
|
|
sudo mkdir /usr/share/httpd/.cache
|
|
|
|
|
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
|
|
|
|
@ -2149,10 +2302,15 @@ installCoreRHEL () {
|
|
|
|
|
cd $PATH_TO_MISP/app/files/scripts
|
|
|
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
|
|
|
|
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
|
|
|
|
##$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
|
|
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
|
|
|
|
|
|
|
|
|
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
|
|
|
|
$SUDO_WWW git config core.filemode false
|
|
|
|
|
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
|
|
|
|
([[ ${DISTRI} == 'fedora33' ]] || [[ ${DISTRI} == 'rhel8.3' ]]) && sudo dnf install cmake3 -y && CMAKE_BIN='cmake3'
|
|
|
|
|
[[ ${DISTRI} == 'centos8stream' ]] && sudo dnf install cmake -y && CMAKE_BIN='cmake'
|
|
|
|
|
[[ ${DISTRI} == 'centos8' ]] && sudo dnf install cmake -y && CMAKE_BIN='cmake'
|
|
|
|
|
|
|
|
|
|
UMASK=$(umask)
|
|
|
|
|
umask 0022
|
|
|
|
|
|
|
|
|
@ -2173,17 +2331,14 @@ installCoreRHEL () {
|
|
|
|
|
cd $PATH_TO_MISP/cti-python-stix2
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
|
|
|
|
|
|
|
|
|
# install maec
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
|
|
|
|
|
# install maec, zmq, redis
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec zmq redis
|
|
|
|
|
|
|
|
|
|
# install zmq
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
|
|
|
|
|
# install magic, pydeep
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara
|
|
|
|
|
|
|
|
|
|
# install redis
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
|
|
|
|
|
|
|
|
|
|
# install magic, pydeep, lief
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara lief
|
|
|
|
|
# install lief
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U lief || compileLiefRHEL8
|
|
|
|
|
|
|
|
|
|
# install PyMISP
|
|
|
|
|
cd $PATH_TO_MISP/PyMISP
|
|
|
|
@ -2191,7 +2346,7 @@ installCoreRHEL () {
|
|
|
|
|
|
|
|
|
|
# FIXME: Remove libfaup etc once the egg has the library baked-in
|
|
|
|
|
# BROKEN: This needs to be tested on RHEL/CentOS
|
|
|
|
|
sudo yum install libcaca-devel cmake3 -y
|
|
|
|
|
sudo dnf install libcaca-devel -y
|
|
|
|
|
cd /tmp
|
|
|
|
|
[[ ! -d "faup" ]] && $SUDO_CMD git clone https://github.com/stricaud/faup.git faup
|
|
|
|
|
[[ ! -d "gtcaca" ]] && $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca
|
|
|
|
@ -2199,43 +2354,46 @@ installCoreRHEL () {
|
|
|
|
|
cd gtcaca
|
|
|
|
|
$SUDO_CMD mkdir -p build
|
|
|
|
|
cd build
|
|
|
|
|
$SUDO_CMD cmake3 .. && $SUDO_CMD make
|
|
|
|
|
$SUDO_CMD ${CMAKE_BIN} .. && $SUDO_CMD make
|
|
|
|
|
sudo make install
|
|
|
|
|
cd ../../faup
|
|
|
|
|
$SUDO_CMD mkdir -p build
|
|
|
|
|
cd build
|
|
|
|
|
$SUDO_CMD cmake3 .. && $SUDO_CMD make
|
|
|
|
|
$SUDO_CMD ${CMAKE_BIN} .. && $SUDO_CMD make
|
|
|
|
|
sudo make install
|
|
|
|
|
sudo ldconfig
|
|
|
|
|
|
|
|
|
|
# Enable dependencies detection in the diagnostics page
|
|
|
|
|
# This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
|
|
|
|
|
echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/remi/php74/php-fpm.d/www.conf
|
|
|
|
|
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/remi/php74/php-fpm.d/www.conf
|
|
|
|
|
sudo systemctl restart php74-php-fpm.service
|
|
|
|
|
echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" |sudo tee -a ${PHP_BASE}/php-fpm.d/www.conf
|
|
|
|
|
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' ${PHP_BASE}/php-fpm.d/www.conf
|
|
|
|
|
sudo sed -i.org -e 's/^\(listen =\) \/run\/php-fpm\/www\.sock/\1 127.0.0.1:9000/' ${PHP_BASE}/php-fpm.d/www.conf
|
|
|
|
|
|
|
|
|
|
umask $UMASK
|
|
|
|
|
|
|
|
|
|
sudo systemctl restart php-fpm.service
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
installCake_RHEL ()
|
|
|
|
|
installCake_RHEL8 ()
|
|
|
|
|
{
|
|
|
|
|
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
|
|
|
|
sudo mkdir /usr/share/httpd/.composer
|
|
|
|
|
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.composer
|
|
|
|
|
cd $PATH_TO_MISP/app
|
|
|
|
|
# Update composer.phar (optional)
|
|
|
|
|
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
|
|
|
|
|
#$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
|
|
|
|
#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
|
|
|
|
#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
|
|
|
|
#$SUDO_WWW php composer-setup.php
|
|
|
|
|
#$SUDO_WWW php -r "unlink('composer-setup.php');"
|
|
|
|
|
$SUDO_WWW php composer.phar install
|
|
|
|
|
|
|
|
|
|
sudo yum install php74-php-pecl-redis php74-php-pecl-ssdeep php74-php-pecl-gnupg -y
|
|
|
|
|
sudo dnf install php-pecl-redis php-pecl-ssdeep php-pecl-gnupg -y
|
|
|
|
|
|
|
|
|
|
sudo systemctl restart php74-php-fpm.service
|
|
|
|
|
sudo systemctl restart php-fpm.service
|
|
|
|
|
|
|
|
|
|
# If you have not yet set a timezone in php.ini
|
|
|
|
|
echo 'date.timezone = "Asia/Tokyo"' |sudo tee /etc/opt/remi/php74/php.d/timezone.ini
|
|
|
|
|
echo 'date.timezone = "Asia/Tokyo"' |sudo tee /etc/php-fpm.d/timezone.ini
|
|
|
|
|
sudo ln -s ../php-fpm.d/timezone.ini /etc/php.d/99-timezone.ini
|
|
|
|
|
|
|
|
|
|
# Recommended: Change some PHP settings in /etc/opt/remi/php74/php.ini
|
|
|
|
|
# max_execution_time = 300
|
|
|
|
@ -2248,13 +2406,14 @@ installCake_RHEL ()
|
|
|
|
|
done
|
|
|
|
|
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
|
|
|
|
|
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
|
|
|
|
|
sudo systemctl restart php74-php-fpm.service
|
|
|
|
|
sudo systemctl restart php-fpm.service
|
|
|
|
|
|
|
|
|
|
# To use the scheduler worker for scheduled tasks, do the following:
|
|
|
|
|
sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prepareDB_RHEL () {
|
|
|
|
|
prepareDB_RHEL8 () {
|
|
|
|
|
# Enable, start and secure your mysql database server
|
|
|
|
|
sudo systemctl enable --now mariadb.service
|
|
|
|
|
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
|
|
|
|
|
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
|
|
|
|
@ -2271,7 +2430,7 @@ prepareDB_RHEL () {
|
|
|
|
|
# Make sure that NOBODY can access the server without a password
|
|
|
|
|
sudo mysqladmin -h $DBHOST -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}"
|
|
|
|
|
# Make our changes take effect
|
|
|
|
|
sudo mysql -h $DBHOST -e "FLUSH PRIVILEGES"
|
|
|
|
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES"
|
|
|
|
|
|
|
|
|
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};"
|
|
|
|
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
|
|
|
|
@ -2282,7 +2441,7 @@ prepareDB_RHEL () {
|
|
|
|
|
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -h $DBHOST -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
apacheConfig_RHEL () {
|
|
|
|
|
apacheConfig_RHEL8 () {
|
|
|
|
|
# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
|
|
|
|
# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
|
|
|
|
|
|
|
|
|
@ -2317,6 +2476,7 @@ apacheConfig_RHEL () {
|
|
|
|
|
sudo sh -c "chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/worker/*.sh"
|
|
|
|
|
sudo sh -c "chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*.py"
|
|
|
|
|
sudo sh -c "chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*/*.py"
|
|
|
|
|
[[ -e ${PATH_TO_MISP}/app/files/scripts/lief/build/api/python/lief.so ]] && sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/lief/build/api/python/lief.so
|
|
|
|
|
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry
|
|
|
|
|
sudo sh -c "chcon -R -t bin_t $PATH_TO_MISP/venv/bin/*"
|
|
|
|
|
sudo find $PATH_TO_MISP/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t
|
|
|
|
@ -2347,7 +2507,7 @@ firewall_RHEL () {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Main function to fix permissions to something sane
|
|
|
|
|
permissions_RHEL () {
|
|
|
|
|
permissions_RHEL8 () {
|
|
|
|
|
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
|
|
|
|
## ? chown -R root:$WWW_USER $PATH_TO_MISP
|
|
|
|
|
sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
|
|
|
|
@ -2381,6 +2541,7 @@ logRotation_RHEL () {
|
|
|
|
|
sudo semanage fcontext -a -t httpd_sys_rw_content_t "$PATH_TO_MISP(/.*)?"
|
|
|
|
|
sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
|
|
|
|
|
sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
|
|
|
|
|
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
|
|
|
|
|
# Impact of the following: ?!?!?!!?111
|
|
|
|
|
##sudo restorecon -R $PATH_TO_MISP
|
|
|
|
|
|
|
|
|
@ -2476,7 +2637,7 @@ EOF
|
|
|
|
|
configWorkersRHEL () {
|
|
|
|
|
echo "[Unit]
|
|
|
|
|
Description=MISP background workers
|
|
|
|
|
After=mariadb.service redis.service php74-php-fpm.service
|
|
|
|
|
After=mariadb.service redis.service php-fpm.service
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Type=forking
|
|
|
|
@ -2496,19 +2657,25 @@ configWorkersRHEL () {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mispmodulesRHEL () {
|
|
|
|
|
# some misp-modules dependencies
|
|
|
|
|
sudo yum install openjpeg-devel gcc-c++ poppler-cpp-devel pkgconfig python-devel redhat-rpm-config -y
|
|
|
|
|
# some misp-modules dependencies for RHEL<8
|
|
|
|
|
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo yum install openjpeg-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
|
|
|
|
|
|
|
|
|
|
# some misp-modules dependencies for RHEL8
|
|
|
|
|
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[8].* ]]) && sudo yum install openjpeg2-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
|
|
|
|
|
|
|
|
|
|
sudo chmod 2777 /usr/local/src
|
|
|
|
|
sudo chown root:users /usr/local/src
|
|
|
|
|
cd /usr/local/src/
|
|
|
|
|
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-modules.git; done
|
|
|
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git; done
|
|
|
|
|
cd misp-modules
|
|
|
|
|
# pip install
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U -I -r REQUIREMENTS
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U .
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install pyfaup censys
|
|
|
|
|
sudo yum install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel -y
|
|
|
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U -I -r REQUIREMENTS
|
|
|
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U .
|
|
|
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyfaup censys
|
|
|
|
|
# some misp-modules dependencies for RHEL<8
|
|
|
|
|
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[7].* ]]) && sudo yum install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel -y
|
|
|
|
|
# some misp-modules dependencies for RHEL8
|
|
|
|
|
[[ "${DIST_VER}" =~ ^[8].* ]] && sudo dnf install https://packages.endpoint.com/rhel/8/main/x86_64/endpoint-repo-8-1.ep8.noarch.rpm -y && sudo yum install zbar-devel opencv-devel -y
|
|
|
|
|
|
|
|
|
|
echo "[Unit]
|
|
|
|
|
Description=MISP modules
|
|
|
|
@ -2516,8 +2683,8 @@ mispmodulesRHEL () {
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Type=simple
|
|
|
|
|
User=$WWW_USER
|
|
|
|
|
Group=$WWW_USER
|
|
|
|
|
User=${WWW_USER}
|
|
|
|
|
Group=${WWW_USER}
|
|
|
|
|
WorkingDirectory=/usr/local/src/misp-modules
|
|
|
|
|
Environment="PATH=/var/www/MISP/venv/bin"
|
|
|
|
|
ExecStart=\"${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s\"
|
|
|
|
@ -2529,48 +2696,8 @@ mispmodulesRHEL () {
|
|
|
|
|
|
|
|
|
|
sudo systemctl daemon-reload
|
|
|
|
|
# Test misp-modules
|
|
|
|
|
$SUDO_WWW $PATH_TO_MISP/venv/bin/misp-modules -l 127.0.0.1 -s &
|
|
|
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
|
|
|
|
|
sudo systemctl enable --now misp-modules
|
|
|
|
|
|
|
|
|
|
# Enable Enrichment, set better timeouts
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
|
|
|
|
# TODO:"Investigate why the next one fails"
|
|
|
|
|
#$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_btc_steroids_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_yara_query_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_pdf_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_docx_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_xlsx_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_pptx_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_ods_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_odt_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
|
|
|
|
|
|
|
|
|
# Enable Import modules, set better timeout
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_mispjson_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
|
|
|
|
|
|
|
|
|
# Enable Export modules, set better timeout
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
|
|
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -2612,12 +2739,12 @@ generateInstaller () {
|
|
|
|
|
cp ../INSTALL.tpl.sh .
|
|
|
|
|
|
|
|
|
|
# Pull code snippets out of Main Install Documents
|
|
|
|
|
for f in `echo INSTALL.ubuntu2004.md INSTALL.ubuntu1804.md xINSTALL.debian9.md INSTALL.kali.md xINSTALL.debian10.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md INSTALL.rhel7.md`; do
|
|
|
|
|
for f in `echo INSTALL.ubuntu2004.md INSTALL.ubuntu1804.md xINSTALL.debian10.md xINSTALL.tsurugi.md INSTALL.rhel7.md INSTALL.rhel8.md`; do
|
|
|
|
|
xsnippet . ../../docs/${f}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Pull out code snippets from generic Install Documents
|
|
|
|
|
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md misp-modules-centos.md`; do
|
|
|
|
|
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-dashboard-centos.md misp-dashboard-cake.md misp-modules-debian.md misp-modules-centos.md misp-modules-cake.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
|
|
|
|
|
xsnippet . ../../docs/generic/${f}
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
@ -2646,6 +2773,7 @@ generateInstaller () {
|
|
|
|
|
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 3_misp-modules-cake.sh ##/`cat 3_misp-modules-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
|
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
@ -3126,7 +3254,7 @@ installMISPRHEL () {
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
debug "Enabling Extras Repos (SCL)"
|
|
|
|
|
if [[ "${FLAVOUR}" == "rhel" ]]; then
|
|
|
|
|
if [[ "${DISTRI}" == "rhel7" ]]; then
|
|
|
|
|
sudo subscription-manager register --auto-attach
|
|
|
|
|
enableReposRHEL
|
|
|
|
|
enableEPEL
|
|
|
|
@ -3247,13 +3375,19 @@ fi
|
|
|
|
|
SUPPORT_MAP="
|
|
|
|
|
x86_64-centos-7
|
|
|
|
|
x86_64-rhel-7
|
|
|
|
|
x86_64-fedora-30
|
|
|
|
|
x86_64-centos-8
|
|
|
|
|
x86_64-rhel-8
|
|
|
|
|
x86_64-fedora-33
|
|
|
|
|
x86_64-debian-stretch
|
|
|
|
|
x86_64-debian-buster
|
|
|
|
|
x86_64-ubuntu-bionic
|
|
|
|
|
x86_64-ubuntu-focal
|
|
|
|
|
x86_64-ubuntu-hirsute
|
|
|
|
|
x86_64-kali-2020.4
|
|
|
|
|
x86_64-kali-2021.1
|
|
|
|
|
x86_64-kali-2021.2
|
|
|
|
|
x86_64-kali-2021.3
|
|
|
|
|
x86_64-kali-2021.4
|
|
|
|
|
armv6l-raspbian-stretch
|
|
|
|
|
armv7l-raspbian-stretch
|
|
|
|
|
armv7l-debian-jessie
|
|
|
|
@ -3358,7 +3492,7 @@ if [[ "${FLAVOUR}" == "kali" ]]; then
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# If RHEL/CentOS is detected, run appropriate script
|
|
|
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
|
|
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then
|
|
|
|
|
installMISPRHEL
|
|
|
|
|
echo "Installation done !"
|
|
|
|
|
exit
|
|
|
|
|