mirror of https://github.com/MISP/MISP
Merge branch '2.4' into develop
commit
53d408c172
|
@ -117,7 +117,8 @@ MISPvars () {
|
|||
# MISP configuration variables
|
||||
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
||||
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
||||
|
||||
## For future use
|
||||
# TMPDIR="${TMPDIR:-$PATH_TO_MISP/app/tmp}"
|
||||
|
||||
FQDN="${FQDN:-misp.local}"
|
||||
|
||||
|
@ -1541,6 +1542,9 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
||||
|
||||
# Set the default temp dir
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.tmpdir" "${PATH_TO_MISP}/app/tmp"
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
||||
|
@ -1562,7 +1566,7 @@ coreCAKE () {
|
|||
# Enable installer org and tune some configurables
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true --force
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
@ -1573,7 +1577,7 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" ""
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
@ -1632,7 +1636,7 @@ coreCAKE () {
|
|||
Plugin.ElasticSearch_logging_enable
|
||||
Plugin.S3_enable)
|
||||
for PLUG in "${PLUGS[@]}"; do
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false 2> /dev/null
|
||||
done
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
|
@ -1648,7 +1652,7 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Kafka settings
|
||||
|
@ -1899,6 +1903,7 @@ mispmodules () {
|
|||
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||
sudo chgrp $WWW_USER .
|
||||
sudo chmod og+w .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pillow
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo chgrp staff .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||
|
@ -3045,10 +3050,6 @@ installSupported () {
|
|||
echo "Proceeding with the installation of MISP core"
|
||||
space
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
||||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
; Generated by RHash v1.3.9 on 2021-10-18 at 10:56.53
|
||||
; Generated by RHash v1.4.2 on 2021-11-04 at 15:44.11
|
||||
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
|
||||
;
|
||||
; 160201 10:56.53 2021-10-18 INSTALL.sh
|
||||
INSTALL.sh 8F59974F7AE69DFBF7B1C492E35F0B421AAC10C1 6F9E9C2C24880D2E69E04AB6AE490F72D8B5CBE5BB98596F4FA50C1CFEAA632F CBCFBA692B57E027A9861C4D4FB1D4808511A23148516946802B0364D428638E60087AD6EA7E2F016B2F65CD216DE288 7221893A49C924974F7D28C094C6CB27FC8ACA6E07FECD7B8DE4D55D283C9D6A5FF63409F55EEC110BF6612E8578BD1373E39B83A7986A6369ACF32A6A92F538
|
||||
; 160342 15:44.11 2021-11-04 INSTALL.sh
|
||||
INSTALL.sh E10075FB44DD06A1C4248264085BDC8217B900CC 30E5EDCE721AF81B18744CA7B2062147BCF873FB5FE71798B8543EBA52F4FB4C 1E68603F4304D5B4EAA456A6B8A9A79C2CE86C48D595C9DCCD341A0D8959C52A7A9EEF0B3ABDB1C3534023350BC18B64 FAFAE6A7E6BD81C87AA1C90CD52721BF314BAD6BB41B33CF3E1E8070E5DDCA786761A6205AD104BF565DE68E4FF100EC7D55837D4F9CAD60A72825BCFFBE5D65
|
||||
|
|
|
@ -1 +1 @@
|
|||
8f59974f7ae69dfbf7b1c492e35f0b421aac10c1 INSTALL.sh
|
||||
e10075fb44dd06a1c4248264085bdc8217b900cc INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
6f9e9c2c24880d2e69e04ab6ae490f72d8b5cbe5bb98596f4fa50c1cfeaa632f INSTALL.sh
|
||||
30e5edce721af81b18744ca7b2062147bcf873fb5fe71798b8543eba52f4fb4c INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
cbcfba692b57e027a9861c4d4fb1d4808511a23148516946802b0364d428638e60087ad6ea7e2f016b2f65cd216de288 INSTALL.sh
|
||||
1e68603f4304d5b4eaa456a6b8a9a79c2ce86c48d595c9dccd341a0d8959c52a7a9eef0b3abdb1c3534023350bc18b64 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
7221893a49c924974f7d28c094c6cb27fc8aca6e07fecd7b8de4d55d283c9d6a5ff63409f55eec110bf6612e8578bd1373e39b83a7986a6369acf32a6a92f538 INSTALL.sh
|
||||
fafae6a7e6bd81c87aa1c90cd52721bf314bad6bb41b33cf3e1e8070e5ddca786761a6205ad104bf565de68e4ff100ec7d55837d4f9cad60a72825bcffbe5d65 INSTALL.sh
|
||||
|
|
|
@ -260,10 +260,6 @@ installSupported () {
|
|||
echo "Proceeding with the installation of MISP core"
|
||||
space
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
||||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||
|
|
|
@ -6082,7 +6082,7 @@ components:
|
|||
format: date
|
||||
example: "2021-03-05"
|
||||
org:
|
||||
description: "Filter events by matching an the creator organisation name"
|
||||
description: "Filter events by matching the creator organisation name"
|
||||
type: string
|
||||
nullable: true
|
||||
example: "CIRCL"
|
||||
|
|
|
@ -25,6 +25,9 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
||||
|
||||
# Set the default temp dir
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.tmpdir" "${PATH_TO_MISP}/app/tmp"
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
||||
|
@ -46,7 +49,7 @@ coreCAKE () {
|
|||
# Enable installer org and tune some configurables
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true --force
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
@ -57,7 +60,7 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" ""
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
@ -116,7 +119,7 @@ coreCAKE () {
|
|||
Plugin.ElasticSearch_logging_enable
|
||||
Plugin.S3_enable)
|
||||
for PLUG in "${PLUGS[@]}"; do
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false 2> /dev/null
|
||||
done
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
|
@ -132,7 +135,7 @@ coreCAKE () {
|
|||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" false
|
||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Kafka settings
|
||||
|
|
|
@ -30,7 +30,7 @@ sudo update-grub > /dev/null 2>&1
|
|||
```
|
||||
|
||||
!!! notice
|
||||
On recent Ubuntu install Netplan is default and you need to change the Network name.
|
||||
On recent Ubuntu install Netplan is default and you might need to change the Network name in its respective config file.
|
||||
```
|
||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/50-cloud-init.yaml
|
||||
```
|
||||
|
@ -38,3 +38,7 @@ sudo update-grub > /dev/null 2>&1
|
|||
```
|
||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/01-netcfg.yaml
|
||||
```
|
||||
OR on Ubuntu 22.04
|
||||
```
|
||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/00-installer-config.yaml
|
||||
```
|
||||
|
|
|
@ -59,7 +59,8 @@ MISPvars () {
|
|||
# MISP configuration variables
|
||||
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
||||
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
||||
|
||||
## For future use
|
||||
# TMPDIR="${TMPDIR:-$PATH_TO_MISP/app/tmp}"
|
||||
|
||||
FQDN="${FQDN:-misp.local}"
|
||||
|
||||
|
|
|
@ -38,6 +38,7 @@ mispmodules () {
|
|||
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||
sudo chgrp $WWW_USER .
|
||||
sudo chmod og+w .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pillow
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo chgrp staff .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||
|
|
|
@ -0,0 +1,531 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Ubuntu 22.04-server
|
||||
|
||||
{!generic/manual-install-notes.md!}
|
||||
|
||||
### -1/ Installer and Manual install instructions
|
||||
|
||||
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu2004/).
|
||||
|
||||
### 0/ MISP Ubuntu 20.04-server install - status
|
||||
-------------------------
|
||||
!!! notice
|
||||
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20211002
|
||||
|
||||
!!! notice
|
||||
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu2204/).
|
||||
|
||||
{!generic/core.md!}
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
||||
#### Install a minimal Ubuntu 20.04-server system with the software:
|
||||
- OpenSSH server
|
||||
- This guide assumes a user name of 'misp' with sudo working but can be overwritten by setting the environment variable: *${MISP_USER}*
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
# <snippet-begin 0_apt-upgrade.sh>
|
||||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
|
||||
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
||||
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
export DEBIAN_PRIORITY=critical
|
||||
sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade
|
||||
sudo -E apt-get -qy autoclean
|
||||
else
|
||||
sudo apt-get upgrade -qy
|
||||
fi
|
||||
}
|
||||
# <snippet-end 0_apt-upgrade.sh>
|
||||
```
|
||||
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### install postfix, there will be some questions.
|
||||
```bash
|
||||
# <snippet-begin postfix.sh>
|
||||
sudo apt-get install postfix dialog -qy
|
||||
# <snippet-end postfix.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Postfix Configuration: Satellite system<br />
|
||||
change the relay server later with:
|
||||
```bash
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
```
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
### 2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps.
|
||||
```bash
|
||||
# <snippet-begin 0_installCoreDeps.sh>
|
||||
installCoreDeps () {
|
||||
debug "Installing core dependencies"
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gpg-agent make python3 openssl redis-server sudo vim zip unzip virtualenv libfuzzy-dev sqlite3 moreutils -qy
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server -qy
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -qy
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy
|
||||
}
|
||||
# <snippet-end 0_installCoreDeps.sh>
|
||||
|
||||
# <snippet-begin 0_installDepsPhp80.sh>
|
||||
# Install Php 8.0 dependencies
|
||||
# FIXME: Ugly hack to get 7.4 working until 8.0 (cake4) will be implemented.
|
||||
echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu devel main" |sudo tee /etc/apt/sources.list.d/ondrej-ubuntu-php-devel.list
|
||||
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C
|
||||
sudo apt update
|
||||
installDepsPhp80 () {
|
||||
debug "Installing PHP 8.0 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.4
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.4 \
|
||||
php7.4 php7.4-cli \
|
||||
php7.4-dev \
|
||||
php-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline php7.4-mbstring php7.4-zip \
|
||||
php-redis php-gnupg \
|
||||
php7.4-intl php7.4-bcmath \
|
||||
php7.4-gd
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
|
||||
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp80.sh>
|
||||
```
|
||||
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```bash
|
||||
# <snippet-begin 1_mispCoreInstall.sh>
|
||||
installCore () {
|
||||
debug "Installing ${LBLUE}MISP${NC} core"
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
if [[ ! -d ${PATH_TO_MISP} ]]; then
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done
|
||||
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
${SUDO_WWW} git -C ${PATH_TO_MISP} submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
${SUDO_WWW} git -C ${PATH_TO_MISP} config core.filemode false
|
||||
|
||||
# Create a python3 virtualenv
|
||||
${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
|
||||
|
||||
# install python-stix dependencies
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ordered-set python-dateutil six weakrefmethod
|
||||
|
||||
debug "Install PyMISP"
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/PyMISP
|
||||
|
||||
# FIXME: Remove libfaup etc once the egg has the library baked-in
|
||||
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||
cd /tmp
|
||||
false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/faup.git faup; done
|
||||
false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/gtcaca.git gtcaca; done
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
|
||||
cd gtcaca
|
||||
${SUDO_CMD} mkdir -p build
|
||||
cd build
|
||||
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
|
||||
sudo make install
|
||||
cd ../../faup
|
||||
${SUDO_CMD} mkdir -p build
|
||||
cd build
|
||||
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
|
||||
# install pydeep
|
||||
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
|
||||
|
||||
# install lief
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
|
||||
|
||||
# install zmq needed by mispzmq
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
|
||||
|
||||
# install python-magic
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||
|
||||
# install plyara
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
|
||||
else
|
||||
debug "Trying to git pull existing install"
|
||||
${SUDO_WWW} git pull -C ${PATH_TO_MISP}
|
||||
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done
|
||||
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/PyMISP
|
||||
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U git+https://github.com/kbandla/pydeep.git; done
|
||||
fi
|
||||
}
|
||||
# <snippet-end 1_mispCoreInstall.sh>
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
|
||||
```bash
|
||||
# <snippet-begin 1_installCake.sh>
|
||||
installCake () {
|
||||
debug "Installing CakePHP"
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
|
||||
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install --no-dev"
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
}
|
||||
# <snippet-end 1_installCake.sh>
|
||||
```
|
||||
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```bash
|
||||
# <snippet-begin 2_permissions.sh>
|
||||
# Main function to fix permissions to something sane
|
||||
permissions () {
|
||||
debug "Setting permissions"
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
|
||||
}
|
||||
# <snippet-end 2_permissions.sh>
|
||||
```
|
||||
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
|
||||
#### Set-up DB, User and import empty MISP DB
|
||||
|
||||
```bash
|
||||
# <snippet-begin 1_prepareDB.sh>
|
||||
prepareDB () {
|
||||
if sudo test ! -e "/var/lib/mysql/mysql/"; then
|
||||
#Make sure initial tables are created in MySQL
|
||||
debug "Install mysql tables"
|
||||
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
|
||||
sudo service mysql start
|
||||
fi
|
||||
|
||||
if sudo test ! -e "/var/lib/mysql/misp/"; then
|
||||
debug "Start mysql"
|
||||
sudo service mysql start
|
||||
|
||||
debug "Setting up database"
|
||||
# Kill the anonymous users
|
||||
sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'localhost'"
|
||||
# Because our hostname varies we'll use some Bash magic here.
|
||||
sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'$(hostname)'"
|
||||
# Kill off the demo database
|
||||
sudo mysql -h $DBHOST -e "DROP DATABASE IF EXISTS test"
|
||||
# No root remote logins
|
||||
sudo mysql -h $DBHOST -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
|
||||
# Make sure that NOBODY can access the server without a password
|
||||
sudo mysqladmin -h $DBHOST -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}"
|
||||
# Make our changes take effect
|
||||
sudo mysql -h $DBHOST -e "FLUSH PRIVILEGES"
|
||||
|
||||
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};"
|
||||
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
|
||||
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT USAGE ON *.* to '${DBUSER_MISP}'@'localhost';"
|
||||
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
|
||||
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES;"
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -h $DBHOST -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME}
|
||||
fi
|
||||
}
|
||||
# <snippet-end 1_prepareDB.sh>
|
||||
```
|
||||
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
|
||||
|
||||
#### Apache version 2.4 config:
|
||||
|
||||
!!! notice
|
||||
Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
The configuration file has to have the .conf extension in the sites-available directory
|
||||
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
```bash
|
||||
# <snippet-begin 1_apacheConfig.sh>
|
||||
apacheConfig () {
|
||||
debug "Generating Apache config, if this hangs, make sure you have enough entropy (install: haveged or wait)"
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
if [[ ! -z ${MISP_BASEURL} ]] && [[ "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "http" || "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "https" ]]; then
|
||||
|
||||
echo "Potentially replacing misp.local with $MISP_BASEURL in misp-ssl.conf"
|
||||
|
||||
fi
|
||||
|
||||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
}
|
||||
# <snippet-end 1_apacheConfig.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL).<br />
|
||||
Also remember to verify the SSLCertificateChainFile property in your config file.<br />
|
||||
This is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.<br />
|
||||
Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# <snippet-begin 2_logRotation.sh>
|
||||
logRotation () {
|
||||
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
}
|
||||
# <snippet-end 2_logRotation.sh>
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```bash
|
||||
# <snippet-begin 2_configMISP.sh>
|
||||
configMISP () {
|
||||
debug "Generating ${LBLUE}MISP${NC} config files"
|
||||
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
|
||||
|
||||
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||
}
|
||||
# <snippet-end 2_configMISP.sh>
|
||||
```
|
||||
|
||||
{!generic/gnupg.md!}
|
||||
|
||||
!!! notice
|
||||
If entropy is not high enough, you can install havegd and then start the service
|
||||
```bash
|
||||
sudo apt install haveged -qy
|
||||
sudo service haveged start
|
||||
```
|
||||
|
||||
```bash
|
||||
# <snippet-begin 2_backgroundWorkers.sh>
|
||||
backgroundWorkers () {
|
||||
debug "Setting up background workers"
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
|
||||
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
echo "[Unit]
|
||||
Description=MISP background workers
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=${WWW_USER}
|
||||
Group=${WWW_USER}
|
||||
ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-workers.service
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now misp-workers
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 2_backgroundWorkers.sh>
|
||||
```
|
||||
|
||||
```bash
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
{!generic/misp-modules-debian.md!}
|
||||
|
||||
{!generic/misp-modules-cake.md!}
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
### Optional features
|
||||
-----------------
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
```bash
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
|
||||
```bash
|
||||
# <snippet-begin 4_kafka.sh>
|
||||
installKafka () {
|
||||
sudo apt-get install librdkafka-dev php-dev -y
|
||||
sudo pecl channel-update pecl.php.net
|
||||
sudo pecl install rdkafka
|
||||
echo "extension=rdkafka.so" | sudo tee ${PHP_ETC_BASE}/mods-available/rdkafka.ini
|
||||
sudo phpenmod rdkafka
|
||||
sudo service apache2 restart
|
||||
}
|
||||
# <snippet-end 4_kafka.sh>
|
||||
```
|
||||
|
||||
{!generic/misp-dashboard-debian.md!}
|
||||
|
||||
{!generic/misp-dashboard-cake.md!}
|
||||
|
||||
{!generic/viper-debian.md!}
|
||||
|
||||
{!generic/ssdeep-debian.md!}
|
||||
|
||||
{!generic/mail_to_misp-debian.md!}
|
||||
|
||||
{!generic/hardening.md!}
|
||||
|
||||
# INSTALL.sh
|
||||
|
||||
!!! notice
|
||||
The following section is an administrative section that is used by the "[INSTALL.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh)" script.
|
||||
Please ignore.
|
||||
|
||||
{!generic/supportFunctions.md!}
|
|
@ -77,6 +77,7 @@ nav:
|
|||
- 'Debian 10': 'xINSTALL.debian10.md'
|
||||
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
|
||||
- 'OpenBSD 7.0': 'xINSTALL.OpenBSD.md'
|
||||
- 'Ubuntu 22.04': 'xINSTALL.ubuntu2204.md'
|
||||
- Config Guides:
|
||||
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
|
||||
- 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
# MISP fetcher
|
||||
|
||||
Simple shell script to generate a zip file containing MISP with all submodules and composer libraries.
|
||||
|
||||
Simply run the script from its directory and use the zip's contents to update an airgapped MISP's codebase.
|
||||
|
||||
You will need to have composer installed and accessible
|
||||
|
||||
Assuming the standard MISP install path and www-data as your apache user, just run the following to update your MISP
|
||||
|
||||
```
|
||||
unzip misp_flat.zip /var/www/MISP
|
||||
chown -R www-data:www-data /var/www/MISP
|
||||
```
|
|
@ -0,0 +1,18 @@
|
|||
# Stupid script to fetch MISP's install files including submodules and composer sourced libraries
|
||||
|
||||
# This is currently a relative path, highly recommended to replace with an absolute path
|
||||
# For example, if you want the fetcher to work in /foo/bar/baz, use "/foo/bar/baz/MISPflat"
|
||||
MISP_FLAT_ROOT="MISPflat"
|
||||
|
||||
git clone https://github.com/MISP/MISP.git $MISP_FLAT_ROOT
|
||||
cd $MISP_FLAT_ROOT
|
||||
git submodule update --init --recursive
|
||||
cd ..
|
||||
cd $MISP_FLAT_ROOT/app
|
||||
composer install --no-dev
|
||||
cd ../..
|
||||
cd $MISP_FLAT_ROOT
|
||||
zip -r ../misp_flat.zip .
|
||||
cd ..
|
||||
rm -rf $MISP_FLAT_ROOT
|
||||
|
Loading…
Reference in New Issue