mirror of https://github.com/MISP/MISP
Merge branch '2.4' into develop
commit
53d408c172
|
@ -117,7 +117,8 @@ MISPvars () {
|
||||||
# MISP configuration variables
|
# MISP configuration variables
|
||||||
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
||||||
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
||||||
|
## For future use
|
||||||
|
# TMPDIR="${TMPDIR:-$PATH_TO_MISP/app/tmp}"
|
||||||
|
|
||||||
FQDN="${FQDN:-misp.local}"
|
FQDN="${FQDN:-misp.local}"
|
||||||
|
|
||||||
|
@ -1541,6 +1542,9 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
||||||
|
|
||||||
|
# Set the default temp dir
|
||||||
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.tmpdir" "${PATH_TO_MISP}/app/tmp"
|
||||||
|
|
||||||
# Change base url, either with this CLI command or in the UI
|
# Change base url, either with this CLI command or in the UI
|
||||||
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
||||||
|
@ -1562,7 +1566,7 @@ coreCAKE () {
|
||||||
# Enable installer org and tune some configurables
|
# Enable installer org and tune some configurables
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true --force
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||||
|
@ -1573,7 +1577,7 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" ""
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||||
|
@ -1632,7 +1636,7 @@ coreCAKE () {
|
||||||
Plugin.ElasticSearch_logging_enable
|
Plugin.ElasticSearch_logging_enable
|
||||||
Plugin.S3_enable)
|
Plugin.S3_enable)
|
||||||
for PLUG in "${PLUGS[@]}"; do
|
for PLUG in "${PLUGS[@]}"; do
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false 2> /dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
# Plugin CustomAuth tuneable
|
# Plugin CustomAuth tuneable
|
||||||
|
@ -1648,7 +1652,7 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" ""
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||||
|
|
||||||
# Kafka settings
|
# Kafka settings
|
||||||
|
@ -1899,6 +1903,7 @@ mispmodules () {
|
||||||
# If you build an egg, the user you build it as need write permissions in the CWD
|
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||||
sudo chgrp $WWW_USER .
|
sudo chgrp $WWW_USER .
|
||||||
sudo chmod og+w .
|
sudo chmod og+w .
|
||||||
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pillow
|
||||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||||
sudo chgrp staff .
|
sudo chgrp staff .
|
||||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||||
|
@ -3045,10 +3050,6 @@ installSupported () {
|
||||||
echo "Proceeding with the installation of MISP core"
|
echo "Proceeding with the installation of MISP core"
|
||||||
space
|
space
|
||||||
|
|
||||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
||||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
|
||||||
progress 4
|
|
||||||
|
|
||||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
; Generated by RHash v1.3.9 on 2021-10-18 at 10:56.53
|
; Generated by RHash v1.4.2 on 2021-11-04 at 15:44.11
|
||||||
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
|
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
|
||||||
;
|
;
|
||||||
; 160201 10:56.53 2021-10-18 INSTALL.sh
|
; 160342 15:44.11 2021-11-04 INSTALL.sh
|
||||||
INSTALL.sh 8F59974F7AE69DFBF7B1C492E35F0B421AAC10C1 6F9E9C2C24880D2E69E04AB6AE490F72D8B5CBE5BB98596F4FA50C1CFEAA632F CBCFBA692B57E027A9861C4D4FB1D4808511A23148516946802B0364D428638E60087AD6EA7E2F016B2F65CD216DE288 7221893A49C924974F7D28C094C6CB27FC8ACA6E07FECD7B8DE4D55D283C9D6A5FF63409F55EEC110BF6612E8578BD1373E39B83A7986A6369ACF32A6A92F538
|
INSTALL.sh E10075FB44DD06A1C4248264085BDC8217B900CC 30E5EDCE721AF81B18744CA7B2062147BCF873FB5FE71798B8543EBA52F4FB4C 1E68603F4304D5B4EAA456A6B8A9A79C2CE86C48D595C9DCCD341A0D8959C52A7A9EEF0B3ABDB1C3534023350BC18B64 FAFAE6A7E6BD81C87AA1C90CD52721BF314BAD6BB41B33CF3E1E8070E5DDCA786761A6205AD104BF565DE68E4FF100EC7D55837D4F9CAD60A72825BCFFBE5D65
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
8f59974f7ae69dfbf7b1c492e35f0b421aac10c1 INSTALL.sh
|
e10075fb44dd06a1c4248264085bdc8217b900cc INSTALL.sh
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
6f9e9c2c24880d2e69e04ab6ae490f72d8b5cbe5bb98596f4fa50c1cfeaa632f INSTALL.sh
|
30e5edce721af81b18744ca7b2062147bcf873fb5fe71798b8543eba52f4fb4c INSTALL.sh
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
cbcfba692b57e027a9861c4d4fb1d4808511a23148516946802b0364d428638e60087ad6ea7e2f016b2f65cd216de288 INSTALL.sh
|
1e68603f4304d5b4eaa456a6b8a9a79c2ce86c48d595c9dccd341a0d8959c52a7a9eef0b3abdb1c3534023350bc18b64 INSTALL.sh
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
7221893a49c924974f7d28c094c6cb27fc8aca6e07fecd7b8de4d55d283c9d6a5ff63409f55eec110bf6612e8578bd1373e39b83a7986a6369acf32a6a92f538 INSTALL.sh
|
fafae6a7e6bd81c87aa1c90cd52721bf314bad6bb41b33cf3e1e8070e5ddca786761a6205ad104bf565de68e4ff100ec7d55837d4f9cad60a72825bcffbe5d65 INSTALL.sh
|
||||||
|
|
|
@ -260,10 +260,6 @@ installSupported () {
|
||||||
echo "Proceeding with the installation of MISP core"
|
echo "Proceeding with the installation of MISP core"
|
||||||
space
|
space
|
||||||
|
|
||||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
||||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
|
||||||
progress 4
|
|
||||||
|
|
||||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||||
|
|
|
@ -6082,7 +6082,7 @@ components:
|
||||||
format: date
|
format: date
|
||||||
example: "2021-03-05"
|
example: "2021-03-05"
|
||||||
org:
|
org:
|
||||||
description: "Filter events by matching an the creator organisation name"
|
description: "Filter events by matching the creator organisation name"
|
||||||
type: string
|
type: string
|
||||||
nullable: true
|
nullable: true
|
||||||
example: "CIRCL"
|
example: "CIRCL"
|
||||||
|
|
|
@ -25,6 +25,9 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
|
||||||
|
|
||||||
|
# Set the default temp dir
|
||||||
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.tmpdir" "${PATH_TO_MISP}/app/tmp"
|
||||||
|
|
||||||
# Change base url, either with this CLI command or in the UI
|
# Change base url, either with this CLI command or in the UI
|
||||||
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
|
||||||
|
@ -46,7 +49,7 @@ coreCAKE () {
|
||||||
# Enable installer org and tune some configurables
|
# Enable installer org and tune some configurables
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true --force
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||||
|
@ -57,7 +60,7 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" ""
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||||
|
@ -116,7 +119,7 @@ coreCAKE () {
|
||||||
Plugin.ElasticSearch_logging_enable
|
Plugin.ElasticSearch_logging_enable
|
||||||
Plugin.S3_enable)
|
Plugin.S3_enable)
|
||||||
for PLUG in "${PLUGS[@]}"; do
|
for PLUG in "${PLUGS[@]}"; do
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false 2> /dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
# Plugin CustomAuth tuneable
|
# Plugin CustomAuth tuneable
|
||||||
|
@ -132,7 +135,7 @@ coreCAKE () {
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" ""
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" false
|
||||||
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||||
|
|
||||||
# Kafka settings
|
# Kafka settings
|
||||||
|
|
|
@ -30,7 +30,7 @@ sudo update-grub > /dev/null 2>&1
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! notice
|
!!! notice
|
||||||
On recent Ubuntu install Netplan is default and you need to change the Network name.
|
On recent Ubuntu install Netplan is default and you might need to change the Network name in its respective config file.
|
||||||
```
|
```
|
||||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/50-cloud-init.yaml
|
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/50-cloud-init.yaml
|
||||||
```
|
```
|
||||||
|
@ -38,3 +38,7 @@ sudo update-grub > /dev/null 2>&1
|
||||||
```
|
```
|
||||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/01-netcfg.yaml
|
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/01-netcfg.yaml
|
||||||
```
|
```
|
||||||
|
OR on Ubuntu 22.04
|
||||||
|
```
|
||||||
|
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/00-installer-config.yaml
|
||||||
|
```
|
||||||
|
|
|
@ -59,7 +59,8 @@ MISPvars () {
|
||||||
# MISP configuration variables
|
# MISP configuration variables
|
||||||
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}"
|
||||||
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts"
|
||||||
|
## For future use
|
||||||
|
# TMPDIR="${TMPDIR:-$PATH_TO_MISP/app/tmp}"
|
||||||
|
|
||||||
FQDN="${FQDN:-misp.local}"
|
FQDN="${FQDN:-misp.local}"
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,7 @@ mispmodules () {
|
||||||
# If you build an egg, the user you build it as need write permissions in the CWD
|
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||||
sudo chgrp $WWW_USER .
|
sudo chgrp $WWW_USER .
|
||||||
sudo chmod og+w .
|
sudo chmod og+w .
|
||||||
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pillow
|
||||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||||
sudo chgrp staff .
|
sudo chgrp staff .
|
||||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||||
|
|
|
@ -0,0 +1,531 @@
|
||||||
|
# INSTALLATION INSTRUCTIONS
|
||||||
|
## for Ubuntu 22.04-server
|
||||||
|
|
||||||
|
{!generic/manual-install-notes.md!}
|
||||||
|
|
||||||
|
### -1/ Installer and Manual install instructions
|
||||||
|
|
||||||
|
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu2004/).
|
||||||
|
|
||||||
|
### 0/ MISP Ubuntu 20.04-server install - status
|
||||||
|
-------------------------
|
||||||
|
!!! notice
|
||||||
|
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20211002
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu2204/).
|
||||||
|
|
||||||
|
{!generic/core.md!}
|
||||||
|
|
||||||
|
### 1/ Minimal Ubuntu install
|
||||||
|
-------------------------
|
||||||
|
|
||||||
|
#### Install a minimal Ubuntu 20.04-server system with the software:
|
||||||
|
- OpenSSH server
|
||||||
|
- This guide assumes a user name of 'misp' with sudo working but can be overwritten by setting the environment variable: *${MISP_USER}*
|
||||||
|
|
||||||
|
#### Make sure your system is up2date
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 0_apt-upgrade.sh>
|
||||||
|
aptUpgrade () {
|
||||||
|
debug "Upgrading system"
|
||||||
|
checkAptLock
|
||||||
|
|
||||||
|
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
||||||
|
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
export DEBIAN_PRIORITY=critical
|
||||||
|
sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade
|
||||||
|
sudo -E apt-get -qy autoclean
|
||||||
|
else
|
||||||
|
sudo apt-get upgrade -qy
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
# <snippet-end 0_apt-upgrade.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
{!generic/sudo_etckeeper.md!}
|
||||||
|
|
||||||
|
{!generic/ethX.md!}
|
||||||
|
|
||||||
|
#### install postfix, there will be some questions.
|
||||||
|
```bash
|
||||||
|
# <snippet-begin postfix.sh>
|
||||||
|
sudo apt-get install postfix dialog -qy
|
||||||
|
# <snippet-end postfix.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
Postfix Configuration: Satellite system<br />
|
||||||
|
change the relay server later with:
|
||||||
|
```bash
|
||||||
|
sudo postconf -e 'relayhost = example.com'
|
||||||
|
sudo postfix reload
|
||||||
|
```
|
||||||
|
|
||||||
|
{!generic/globalVariables.md!}
|
||||||
|
|
||||||
|
### 2/ Install LAMP & dependencies
|
||||||
|
------------------------------
|
||||||
|
Once the system is installed you can perform the following steps.
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 0_installCoreDeps.sh>
|
||||||
|
installCoreDeps () {
|
||||||
|
debug "Installing core dependencies"
|
||||||
|
# Install the dependencies: (some might already be installed)
|
||||||
|
sudo apt-get install curl gcc git gpg-agent make python3 openssl redis-server sudo vim zip unzip virtualenv libfuzzy-dev sqlite3 moreutils -qy
|
||||||
|
|
||||||
|
# Install MariaDB (a MySQL fork/alternative)
|
||||||
|
sudo apt-get install mariadb-client mariadb-server -qy
|
||||||
|
|
||||||
|
# Install Apache2
|
||||||
|
sudo apt-get install apache2 apache2-doc apache2-utils -qy
|
||||||
|
|
||||||
|
# install Mitre's STIX and its dependencies by running the following commands:
|
||||||
|
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy
|
||||||
|
}
|
||||||
|
# <snippet-end 0_installCoreDeps.sh>
|
||||||
|
|
||||||
|
# <snippet-begin 0_installDepsPhp80.sh>
|
||||||
|
# Install Php 8.0 dependencies
|
||||||
|
# FIXME: Ugly hack to get 7.4 working until 8.0 (cake4) will be implemented.
|
||||||
|
echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu devel main" |sudo tee /etc/apt/sources.list.d/ondrej-ubuntu-php-devel.list
|
||||||
|
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C
|
||||||
|
sudo apt update
|
||||||
|
installDepsPhp80 () {
|
||||||
|
debug "Installing PHP 8.0 dependencies"
|
||||||
|
PHP_ETC_BASE=/etc/php/7.4
|
||||||
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||||
|
checkAptLock
|
||||||
|
sudo apt install -qy \
|
||||||
|
libapache2-mod-php7.4 \
|
||||||
|
php7.4 php7.4-cli \
|
||||||
|
php7.4-dev \
|
||||||
|
php-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline php7.4-mbstring php7.4-zip \
|
||||||
|
php-redis php-gnupg \
|
||||||
|
php7.4-intl php7.4-bcmath \
|
||||||
|
php7.4-gd
|
||||||
|
|
||||||
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||||
|
do
|
||||||
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||||
|
done
|
||||||
|
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
|
||||||
|
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
|
||||||
|
}
|
||||||
|
# <snippet-end 0_installDepsPhp80.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 3/ MISP code
|
||||||
|
------------
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 1_mispCoreInstall.sh>
|
||||||
|
installCore () {
|
||||||
|
debug "Installing ${LBLUE}MISP${NC} core"
|
||||||
|
# Download MISP using git in the /var/www/ directory.
|
||||||
|
if [[ ! -d ${PATH_TO_MISP} ]]; then
|
||||||
|
sudo mkdir ${PATH_TO_MISP}
|
||||||
|
sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||||
|
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done
|
||||||
|
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done
|
||||||
|
# Make git ignore filesystem permission differences for submodules
|
||||||
|
${SUDO_WWW} git -C ${PATH_TO_MISP} submodule foreach --recursive git config core.filemode false
|
||||||
|
|
||||||
|
# Make git ignore filesystem permission differences
|
||||||
|
${SUDO_WWW} git -C ${PATH_TO_MISP} config core.filemode false
|
||||||
|
|
||||||
|
# Create a python3 virtualenv
|
||||||
|
${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||||
|
|
||||||
|
# make pip happy
|
||||||
|
sudo mkdir /var/www/.cache/
|
||||||
|
sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
|
||||||
|
|
||||||
|
# install python-stix dependencies
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ordered-set python-dateutil six weakrefmethod
|
||||||
|
|
||||||
|
debug "Install PyMISP"
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/PyMISP
|
||||||
|
|
||||||
|
# FIXME: Remove libfaup etc once the egg has the library baked-in
|
||||||
|
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||||
|
cd /tmp
|
||||||
|
false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/faup.git faup; done
|
||||||
|
false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/gtcaca.git gtcaca; done
|
||||||
|
sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
|
||||||
|
cd gtcaca
|
||||||
|
${SUDO_CMD} mkdir -p build
|
||||||
|
cd build
|
||||||
|
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
|
||||||
|
sudo make install
|
||||||
|
cd ../../faup
|
||||||
|
${SUDO_CMD} mkdir -p build
|
||||||
|
cd build
|
||||||
|
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
|
||||||
|
sudo make install
|
||||||
|
sudo ldconfig
|
||||||
|
|
||||||
|
# install pydeep
|
||||||
|
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
|
||||||
|
|
||||||
|
# install lief
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
|
||||||
|
|
||||||
|
# install zmq needed by mispzmq
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis
|
||||||
|
|
||||||
|
# install python-magic
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||||
|
|
||||||
|
# install plyara
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
|
||||||
|
else
|
||||||
|
debug "Trying to git pull existing install"
|
||||||
|
${SUDO_WWW} git pull -C ${PATH_TO_MISP}
|
||||||
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done
|
||||||
|
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/PyMISP
|
||||||
|
false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U git+https://github.com/kbandla/pydeep.git; done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
# <snippet-end 1_mispCoreInstall.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 4/ CakePHP
|
||||||
|
-----------
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 1_installCake.sh>
|
||||||
|
installCake () {
|
||||||
|
debug "Installing CakePHP"
|
||||||
|
# Make composer cache happy
|
||||||
|
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||||
|
sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
|
||||||
|
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install --no-dev"
|
||||||
|
|
||||||
|
# Enable CakeResque with php-redis
|
||||||
|
sudo phpenmod redis
|
||||||
|
sudo phpenmod gnupg
|
||||||
|
|
||||||
|
# To use the scheduler worker for scheduled tasks, do the following:
|
||||||
|
${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||||
|
|
||||||
|
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||||
|
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||||
|
}
|
||||||
|
# <snippet-end 1_installCake.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 5/ Set the permissions
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 2_permissions.sh>
|
||||||
|
# Main function to fix permissions to something sane
|
||||||
|
permissions () {
|
||||||
|
debug "Setting permissions"
|
||||||
|
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||||
|
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||||
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||||
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||||
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
|
||||||
|
}
|
||||||
|
# <snippet-end 2_permissions.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 6/ Create a database and user
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
#### Set-up DB, User and import empty MISP DB
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 1_prepareDB.sh>
|
||||||
|
prepareDB () {
|
||||||
|
if sudo test ! -e "/var/lib/mysql/mysql/"; then
|
||||||
|
#Make sure initial tables are created in MySQL
|
||||||
|
debug "Install mysql tables"
|
||||||
|
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
|
||||||
|
sudo service mysql start
|
||||||
|
fi
|
||||||
|
|
||||||
|
if sudo test ! -e "/var/lib/mysql/misp/"; then
|
||||||
|
debug "Start mysql"
|
||||||
|
sudo service mysql start
|
||||||
|
|
||||||
|
debug "Setting up database"
|
||||||
|
# Kill the anonymous users
|
||||||
|
sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'localhost'"
|
||||||
|
# Because our hostname varies we'll use some Bash magic here.
|
||||||
|
sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'$(hostname)'"
|
||||||
|
# Kill off the demo database
|
||||||
|
sudo mysql -h $DBHOST -e "DROP DATABASE IF EXISTS test"
|
||||||
|
# No root remote logins
|
||||||
|
sudo mysql -h $DBHOST -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
|
||||||
|
# Make sure that NOBODY can access the server without a password
|
||||||
|
sudo mysqladmin -h $DBHOST -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}"
|
||||||
|
# Make our changes take effect
|
||||||
|
sudo mysql -h $DBHOST -e "FLUSH PRIVILEGES"
|
||||||
|
|
||||||
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};"
|
||||||
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
|
||||||
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT USAGE ON *.* to '${DBUSER_MISP}'@'localhost';"
|
||||||
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
|
||||||
|
sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES;"
|
||||||
|
# Import the empty MISP database from MYSQL.sql
|
||||||
|
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -h $DBHOST -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME}
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
# <snippet-end 1_prepareDB.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 7/ Apache configuration
|
||||||
|
-----------------------
|
||||||
|
Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
|
||||||
|
|
||||||
|
#### Apache version 2.4 config:
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
Be aware that the configuration files for apache 2.4 and up have changed.
|
||||||
|
The configuration file has to have the .conf extension in the sites-available directory
|
||||||
|
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 1_apacheConfig.sh>
|
||||||
|
apacheConfig () {
|
||||||
|
debug "Generating Apache config, if this hangs, make sure you have enough entropy (install: haveged or wait)"
|
||||||
|
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||||
|
|
||||||
|
if [[ ! -z ${MISP_BASEURL} ]] && [[ "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "http" || "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "https" ]]; then
|
||||||
|
|
||||||
|
echo "Potentially replacing misp.local with $MISP_BASEURL in misp-ssl.conf"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If a valid SSL certificate is not already created for the server,
|
||||||
|
# create a self-signed certificate:
|
||||||
|
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||||
|
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||||
|
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||||
|
|
||||||
|
# Enable modules, settings, and default of SSL in Apache
|
||||||
|
sudo a2dismod status
|
||||||
|
sudo a2enmod ssl
|
||||||
|
sudo a2enmod rewrite
|
||||||
|
sudo a2enmod headers
|
||||||
|
sudo a2dissite 000-default
|
||||||
|
sudo a2ensite default-ssl
|
||||||
|
|
||||||
|
# Apply all changes
|
||||||
|
sudo systemctl restart apache2
|
||||||
|
# activate new vhost
|
||||||
|
sudo a2dissite default-ssl
|
||||||
|
sudo a2ensite misp-ssl
|
||||||
|
|
||||||
|
# Restart apache
|
||||||
|
sudo systemctl restart apache2
|
||||||
|
}
|
||||||
|
# <snippet-end 1_apacheConfig.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL).<br />
|
||||||
|
Also remember to verify the SSLCertificateChainFile property in your config file.<br />
|
||||||
|
This is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.<br />
|
||||||
|
Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||||
|
|
||||||
|
```
|
||||||
|
============================================= Begin sample working SSL config for MISP
|
||||||
|
<VirtualHost <IP, FQDN, or *>:80>
|
||||||
|
ServerName <your.FQDN.here>
|
||||||
|
|
||||||
|
Redirect permanent / https://<your.FQDN.here>
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
ErrorLog /var/log/apache2/misp.local_error.log
|
||||||
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||||
|
ServerSignature Off
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost <IP, FQDN, or *>:443>
|
||||||
|
ServerAdmin admin@<your.FQDN.here>
|
||||||
|
ServerName <your.FQDN.here>
|
||||||
|
DocumentRoot /var/www/MISP/app/webroot
|
||||||
|
<Directory /var/www/MISP/app/webroot>
|
||||||
|
Options -Indexes
|
||||||
|
AllowOverride all
|
||||||
|
Order allow,deny
|
||||||
|
allow from all
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
SSLEngine On
|
||||||
|
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||||
|
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
ErrorLog /var/log/apache2/misp.local_error.log
|
||||||
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||||
|
ServerSignature Off
|
||||||
|
</VirtualHost>
|
||||||
|
============================================= End sample working SSL config for MISP
|
||||||
|
```
|
||||||
|
|
||||||
|
### 8/ Log rotation
|
||||||
|
---------------
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 2_logRotation.sh>
|
||||||
|
logRotation () {
|
||||||
|
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||||
|
# To rotate these logs install the supplied logrotate script:
|
||||||
|
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||||
|
sudo chmod 0640 /etc/logrotate.d/misp
|
||||||
|
}
|
||||||
|
# <snippet-end 2_logRotation.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
### 9/ MISP configuration
|
||||||
|
---------------------
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 2_configMISP.sh>
|
||||||
|
configMISP () {
|
||||||
|
debug "Generating ${LBLUE}MISP${NC} config files"
|
||||||
|
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||||
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||||
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||||
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||||
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||||
|
|
||||||
|
echo "<?php
|
||||||
|
class DATABASE_CONFIG {
|
||||||
|
public \$default = array(
|
||||||
|
'datasource' => 'Database/Mysql',
|
||||||
|
//'datasource' => 'Database/Postgres',
|
||||||
|
'persistent' => false,
|
||||||
|
'host' => '$DBHOST',
|
||||||
|
'login' => '$DBUSER_MISP',
|
||||||
|
'port' => 3306, // MySQL & MariaDB
|
||||||
|
//'port' => 5432, // PostgreSQL
|
||||||
|
'password' => '$DBPASSWORD_MISP',
|
||||||
|
'database' => '$DBNAME',
|
||||||
|
'prefix' => '',
|
||||||
|
'encoding' => 'utf8',
|
||||||
|
);
|
||||||
|
}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
|
||||||
|
|
||||||
|
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||||
|
# The salt key must be a string at least 32 bytes long.
|
||||||
|
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||||
|
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||||
|
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||||
|
|
||||||
|
# and make sure the file permissions are still OK
|
||||||
|
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
|
||||||
|
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||||
|
}
|
||||||
|
# <snippet-end 2_configMISP.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
{!generic/gnupg.md!}
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
If entropy is not high enough, you can install havegd and then start the service
|
||||||
|
```bash
|
||||||
|
sudo apt install haveged -qy
|
||||||
|
sudo service haveged start
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 2_backgroundWorkers.sh>
|
||||||
|
backgroundWorkers () {
|
||||||
|
debug "Setting up background workers"
|
||||||
|
# To make the background workers start on boot
|
||||||
|
sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
|
||||||
|
|
||||||
|
if [ ! -e /etc/rc.local ]
|
||||||
|
then
|
||||||
|
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||||
|
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||||
|
sudo chmod u+x /etc/rc.local
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "[Unit]
|
||||||
|
Description=MISP background workers
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
User=${WWW_USER}
|
||||||
|
Group=${WWW_USER}
|
||||||
|
ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-workers.service
|
||||||
|
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl enable --now misp-workers
|
||||||
|
|
||||||
|
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||||
|
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||||
|
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||||
|
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||||
|
}
|
||||||
|
# <snippet-end 2_backgroundWorkers.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||||
|
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||||
|
```
|
||||||
|
|
||||||
|
{!generic/MISP_CAKE_init.md!}
|
||||||
|
|
||||||
|
{!generic/misp-modules-debian.md!}
|
||||||
|
|
||||||
|
{!generic/misp-modules-cake.md!}
|
||||||
|
|
||||||
|
{!generic/INSTALL.done.md!}
|
||||||
|
|
||||||
|
{!generic/recommended.actions.md!}
|
||||||
|
|
||||||
|
### Optional features
|
||||||
|
-----------------
|
||||||
|
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||||
|
```bash
|
||||||
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
||||||
|
```
|
||||||
|
|
||||||
|
#### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
|
||||||
|
```bash
|
||||||
|
# <snippet-begin 4_kafka.sh>
|
||||||
|
installKafka () {
|
||||||
|
sudo apt-get install librdkafka-dev php-dev -y
|
||||||
|
sudo pecl channel-update pecl.php.net
|
||||||
|
sudo pecl install rdkafka
|
||||||
|
echo "extension=rdkafka.so" | sudo tee ${PHP_ETC_BASE}/mods-available/rdkafka.ini
|
||||||
|
sudo phpenmod rdkafka
|
||||||
|
sudo service apache2 restart
|
||||||
|
}
|
||||||
|
# <snippet-end 4_kafka.sh>
|
||||||
|
```
|
||||||
|
|
||||||
|
{!generic/misp-dashboard-debian.md!}
|
||||||
|
|
||||||
|
{!generic/misp-dashboard-cake.md!}
|
||||||
|
|
||||||
|
{!generic/viper-debian.md!}
|
||||||
|
|
||||||
|
{!generic/ssdeep-debian.md!}
|
||||||
|
|
||||||
|
{!generic/mail_to_misp-debian.md!}
|
||||||
|
|
||||||
|
{!generic/hardening.md!}
|
||||||
|
|
||||||
|
# INSTALL.sh
|
||||||
|
|
||||||
|
!!! notice
|
||||||
|
The following section is an administrative section that is used by the "[INSTALL.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh)" script.
|
||||||
|
Please ignore.
|
||||||
|
|
||||||
|
{!generic/supportFunctions.md!}
|
|
@ -77,6 +77,7 @@ nav:
|
||||||
- 'Debian 10': 'xINSTALL.debian10.md'
|
- 'Debian 10': 'xINSTALL.debian10.md'
|
||||||
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
|
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
|
||||||
- 'OpenBSD 7.0': 'xINSTALL.OpenBSD.md'
|
- 'OpenBSD 7.0': 'xINSTALL.OpenBSD.md'
|
||||||
|
- 'Ubuntu 22.04': 'xINSTALL.ubuntu2204.md'
|
||||||
- Config Guides:
|
- Config Guides:
|
||||||
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
|
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
|
||||||
- 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
|
- 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# MISP fetcher
|
||||||
|
|
||||||
|
Simple shell script to generate a zip file containing MISP with all submodules and composer libraries.
|
||||||
|
|
||||||
|
Simply run the script from its directory and use the zip's contents to update an airgapped MISP's codebase.
|
||||||
|
|
||||||
|
You will need to have composer installed and accessible
|
||||||
|
|
||||||
|
Assuming the standard MISP install path and www-data as your apache user, just run the following to update your MISP
|
||||||
|
|
||||||
|
```
|
||||||
|
unzip misp_flat.zip /var/www/MISP
|
||||||
|
chown -R www-data:www-data /var/www/MISP
|
||||||
|
```
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Stupid script to fetch MISP's install files including submodules and composer sourced libraries
|
||||||
|
|
||||||
|
# This is currently a relative path, highly recommended to replace with an absolute path
|
||||||
|
# For example, if you want the fetcher to work in /foo/bar/baz, use "/foo/bar/baz/MISPflat"
|
||||||
|
MISP_FLAT_ROOT="MISPflat"
|
||||||
|
|
||||||
|
git clone https://github.com/MISP/MISP.git $MISP_FLAT_ROOT
|
||||||
|
cd $MISP_FLAT_ROOT
|
||||||
|
git submodule update --init --recursive
|
||||||
|
cd ..
|
||||||
|
cd $MISP_FLAT_ROOT/app
|
||||||
|
composer install --no-dev
|
||||||
|
cd ../..
|
||||||
|
cd $MISP_FLAT_ROOT
|
||||||
|
zip -r ../misp_flat.zip .
|
||||||
|
cd ..
|
||||||
|
rm -rf $MISP_FLAT_ROOT
|
||||||
|
|
Loading…
Reference in New Issue