- FreeBSD OpenBSD install updates

2018-06-30 19:33:10 +08:00 · 2018-06-30 19:33:10 +08:00 · 573952e7e6
parent ce7a2672a5
commit 573952e7e6
2 changed files with 49 additions and 42 deletions
--- a/INSTALL/INSTALL.FreeBSD.txt
+++ b/INSTALL/INSTALL.FreeBSD.txt
@ -1,5 +1,7 @@
 INSTALLATION INSTRUCTIONS
------------------------- for FreeBSD 11.1-amd64
+------------------------- for FreeBSD 11.2-amd64
+
+0/ WIP /!\ You are warned, this does not work yet! /!\

 1/ Minimal FreeBSD install
 --------------------------
@ -17,45 +19,53 @@ INSTALLATION INSTRUCTIONS
 # Install pkg and point to latest

 Install pkg by typing:
-
+```
+$ su -
 # pkg
+```

 Edit the default pkg location in /etc/pkg/FreeBSD.conf
 Change: quarterly to: latest
-
- perl -pi -w -e 's/quarterly/latest/g;' /etc/pkg/FreeBSD.conf
+```
+ # perl -pi -w -e 's/quarterly/latest/g;' /etc/pkg/FreeBSD.conf
+```

 # Install sudo

 pkg install sudo

-Edit: pw useradd misp -s bash -G wheel,www
-Make sure users in group wheel can sudo.
-
-# Update system
-
-sudo freebsd-update fetch install
-
 # Install bash

 sudo pkg install bash

-# Install postfix
+Make sure users in group wheel can sudo, uncomment in /usr/local/etc/sudoers :
+```
+%wheel ALL=(ALL) ALL
+```

+# Update system
+```
+sudo freebsd-update fetch install
+```
+
+# Install postfix
+```
 sudo pkg install postfix

 # Optional but useful, add a local misp user
-pw useradd misp -s /usr/local/bin/bash -G wheel,www
-mkdir /home/misp ; chown misp:misp /home/misp
-passwd misp
+sudo pw user add misp -s /usr/local/bin/bash -G wheel,www
+sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
+sudo passwd misp
+```

 # Install misc dependencies
-
-pkg install curl git python3 redis vim
+```
+sudo pkg install curl git python3 redis vim
+```

 # LAMP
-
-pkg install apache24 \
+```
+sudo pkg install apache24 \
    logrotate \
    gnupg \
    mariadb102-server mariadb102-client \
@ -72,7 +82,7 @@ pkg install apache24 \
    php72-dom \
    php72-opcache \
    php72-session \
-    mod_php72 \
+    mod_php72

 sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini

@ -82,9 +92,11 @@ sudo sysrc mysql_enable="yes"
 sudo sysrc mysql_args="--bind-address=127.0.0.1"
 sudo service apache24 start
 sudo service mysql-server start
-sudo usr/local/bin/mysql_secure_installation
+sudo /usr/local/bin/mysql_secure_installation
+```

-vi /usr/local/etc/apache24/Includes/php.conf
+```
+sudo vi /usr/local/etc/apache24/Includes/php.conf
 <IfModule dir_module>
    DirectoryIndex index.php index.html
    SetHandler application/x-httpd-php
@ -92,6 +104,7 @@ vi /usr/local/etc/apache24/Includes/php.conf
        SetHandler application/x-httpd-php-source
    </FilesMatch>
 </IfModule>
+```

 3/ MISP code
 ------------
@ -100,31 +113,27 @@ sudo mkdir /usr/local/www/MISP
 sudo chown www:www /usr/local/www/MISP
 cd /usr/local/www/MISP
 sudo -u www git clone https://github.com/MISP/MISP.git /usr/local/www/MISP
-sudo -u www git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
-# if the last shortcut doesn't work, specify the latest version manually
-# example: git checkout tags/v2.4.XY
-# the message regarding a "detached HEAD state" is expected behaviour
-# (you only have to create a new branch, if you want to change stuff and do a pull request for example)

 # Make git ignore filesystem permission differences
 sudo -u www git config core.filemode false

 # install Mitre's STIX and its dependencies by running the following commands:
-sudo apt-get install python-dev zlib1g-dev python-setuptools
+##sudo apt-get install python-dev zlib1g-dev python-setuptools
 sudo pkg install py27-pip py36-pip libxml2 libxslt
+
 cd /usr/local/www/MISP/app/files/scripts
 sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
 sudo -u www git clone https://github.com/STIXProject/python-stix.git
 cd /usr/local/www/MISP/app/files/scripts/python-cybox
-sudo python2 setup.py install
+sudo python3 setup.py install
 cd /usr/local/www/MISP/app/files/scripts/python-stix
-sudo python2 setup.py install
+sudo python3 setup.py install

 # install mixbox to accomodate the new STIX dependencies:
 cd /usr/local/www/MISP/app/files/scripts/
 sudo -u www git clone https://github.com/CybOXProject/mixbox.git
 cd /usr/local/www/MISP/app/files/scripts/mixbox
-sudo python2 setup.py install
+sudo python3 setup.py install

 4/ CakePHP
 -----------
@ -174,15 +183,9 @@ sudo -u www sh -c "mysql -u misp -p misp < /usr/local/www/MISP/INSTALL/MYSQL.sql
 -----------------------
 # Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/

-# 2.2
-sudo mkdir /usr/local/etc/apache22/sites-available/ /usr/local/etc/apache2/sites-enabled/
-
 #2.4
 sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/

-# If the apache version is 2.2:
-sudo cp /usr/local/www/MISP/INSTALL/apache.22.misp.ssl /usr/local/etc/apache22/sites-available/misp-ssl.conf
-
 # If the apache version is 2.4:
 sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf

@ -196,6 +199,9 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
 -subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
 -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt

+
+
+
 # Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)

 sudo mkdir /var/log/apache2/
@ -237,9 +243,10 @@ sudo mkdir /var/log/apache2/

 # activate new vhost
 cd /usr/local/etc/apache24/sites-enabled/
-ln -s ../sites-available/misp.conf
+sudo ln -s ../sites-available/misp.conf
 echo "Include etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf

+sudo vi /usr/local/etc/apache24/httpd.conf
 /!\ Enable mod_rewrite in httpd.conf /!\
 LoadModule rewrite_module libexec/apache24/mod_rewrite.so

--- a/INSTALL/INSTALL.OpenBSD.txt
+++ b/INSTALL/INSTALL.OpenBSD.txt
@ -10,9 +10,7 @@ INSTALLATION INSTRUCTIONS

 # System Hardening

- Clean /tmp
- Disable Syslogd network socket
- Disable Sendmail service
+- TBD

 # doas & pkg
 ```
@ -68,7 +66,7 @@ server "default" {
        listen on $ext6_addr port 80
        listen on $ext6_addr tls port 443

-        root "/htdocs/MISP/app"
+        root "/htdocs/MISP/app/webroot"

        tls {
                key "/etc/ssl/private/server.key"
@ -196,6 +194,8 @@ doas -u www git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP
 # Make git ignore filesystem permission differences
 doas -u www git config core.filemode false

+doas pkg_add py-pip py3-pip libxml libxslt
+
 cd /var/www/htdocs/MISP/app/files/scripts
 doas -u www git clone https://github.com/CybOXProject/python-cybox.git
 doas -u www git clone https://github.com/STIXProject/python-stix.git