MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' into tools

pull/4488/head
Steve Clement 2019-04-17 11:11:08 +09:00
parent 03c7a15992 14d40daa17
commit 6a8a02b505
46 changed files with 3613 additions and 3156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PyMISP

@ -1 +1 @@
Subproject commit a68bd80ab9dceaee9674bd9a2b0bffc4f387fcdc
Subproject commit e8334be9caaddab229d850c92cb029812222dd82

467
app/Console/Command/AdminShell.php
View File

@ -2,173 +2,281 @@
App::uses('AppShell', 'Console/Command');
class AdminShell extends AppShell
{
public $uses = array('Event', 'Post', 'Attribute', 'Job', 'User', 'Task', 'Whitelist', 'Server', 'Organisation', 'AdminSetting', 'Galaxy', 'Taxonomy', 'Warninglist', 'Noticelist', 'ObjectTemplate', 'Bruteforce', 'Role');
public $uses = array('Event', 'Post', 'Attribute', 'Job', 'User', 'Task', 'Whitelist', 'Server', 'Organisation', 'AdminSetting', 'Galaxy', 'Taxonomy', 'Warninglist', 'Noticelist', 'ObjectTemplate', 'Bruteforce', 'Role');
public function jobGenerateCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Attribute');
$this->Attribute->generateCorrelation($jobId, 0);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function jobGenerateCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Attribute');
$this->Attribute->generateCorrelation($jobId, 0);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function jobPurgeCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Attribute');
$this->Attribute->purgeCorrelations();
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function jobPurgeCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Attribute');
$this->Attribute->purgeCorrelations();
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function jobGenerateShadowAttributeCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('ShadowAttribute');
$this->ShadowAttribute->generateCorrelation($jobId);
}
public function jobGenerateShadowAttributeCorrelation() {
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('ShadowAttribute');
$this->ShadowAttribute->generateCorrelation($jobId);
}
public function updateMISP() {
$status = array('branch' => '2.4');
echo $this->Server->update($status) . PHP_EOL;
}
public function restartWorkers() {
public function restartWorkers()
{
$this->Server->restartWorkers();
echo PHP_EOL . 'Workers restarted.' . PHP_EOL;
}
public function updateGalaxies() {
// The following is 7.x upwards only
//$value = $this->args[0] ?? $this->args[0] ?? 0;
$value = empty($this->args[0]) ? null : $this->args[0];
if ($value === 'false') $value = 0;
if ($value === 'true') $value = 1;
if ($value === 'force') $value = 1;
$force = $value;
$result = $this->Galaxy->update($force);
if ($result) {
echo 'Galaxies updated';
} else {
echo 'Could not update Galaxies';
}
}
public function updateAfterPull() {
$this->loadModel('Job');
$this->loadModel('Server');
$submodule_name = $this->args[0];
$jobId = $this->args[1];
$userId = $this->args[2];
$this->Job->id = $jobId;
$result = $this->Server->updateAfterPull($submodule_name, $userId);
$this->Job->saveField('progress', 100);
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
if ($result) {
$this->Job->saveField('message', __('Database updated: ' . $submodule_name));
} else {
$this->Job->saveField('message', __('Could not update the database: ' . $submodule_name));
}
}
# FIXME: Make Taxonomy->update() return a status string on API if successful
public function updateTaxonomies() {
$result = $this->Taxonomy->update();
if ($result) {
echo 'Taxonomies updated';
} else {
echo 'Could not update Taxonomies';
}
}
public function restartWorker()
{
if (empty($this->args[0]) || !is_numeric($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin restartWorker [PID]';
}
$pid = $this->args[0];
$result = $this->Server->restartWorker($pid);
if ($result === true) {
$response = __('Worker restarted.');
} else {
$response = __('Could not restart the worker. Reason: %s', $result);
}
echo sprintf(
'%s%s%s',
PHP_EOL,
$response,
PHP_EOL
);
}
public function updateWarningLists() {
$result = $this->Galaxy->update();
if ($result) {
echo 'Warning lists updated';
} else {
echo 'Could not update warning lists';
}
}
public function killWorker()
{
if (empty($this->args[0]) || !is_numeric($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin killWorker [PID]';
die();
}
$pid = $this->args[0];
$result = $this->Server->killWorker($pid, false);
echo sprintf(
'%s%s%s',
PHP_EOL,
__('Worker killed.'),
PHP_EOL
);
}
public function updateNoticeLists() {
$result = $this->Noticelist->update();
if ($result) {
echo 'Notice lists updated';
} else {
echo 'Could not update notice lists';
}
}
public function startWorker()
{
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin startWorker [queue]';
die();
}
$queue = $this->args[0];
$this->Server->startWorker($queue);
echo sprintf(
'%s%s%s',
PHP_EOL,
__('Worker started.'),
PHP_EOL
);
}
# FIXME: Debug and make it work, fails to pass userId/orgId properly
public function updateObjectTemplates() {
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin updateNoticeLists [user_id]';
} else {
$userId = $this->args[0];
$user = $this->User->find('first', array(
'recursive' => -1,
'conditions' => array(
'User.id' => $userId,
),
'fields' => array('User.id', 'User.org_id')
));
if (empty($user)) {
echo 'User not found';
} else {
$result = $this->ObjectTemplate->update($user, false,false);
if ($result) {
echo 'Object templates updated';
} else {
echo 'Could not update object templates';
}
}
}
}
public function updateJSON() {
echo 'Updating all JSON structures.' . PHP_EOL;
$results = $this->Server->updateJSON();
foreach ($results as $type => $result) {
if ($result !== false) {
echo sprintf(
__('%s updated.') . PHP_EOL,
Inflector::pluralize(Inflector::humanize($type))
);
} else {
echo sprintf(
__('Could not update %s.') . PHP_EOL,
Inflector::pluralize(Inflector::humanize($type))
);
}
}
echo 'All JSON structures updated. Thank you and have a very safe and productive day.' . PHP_EOL;
}
public function jobUpgrade24() {
$jobId = $this->args[0];
$user_id = $this->args[1];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Server');
$this->Server->upgrade2324($user_id, $jobId);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function updateGalaxies() {
// The following is 7.x upwards only
//$value = $this->args[0] ?? $this->args[0] ?? 0;
$value = empty($this->args[0]) ? null : $this->args[0];
if ($value === 'false') $value = 0;
if ($value === 'true') $value = 1;
if ($value === 'force') $value = 1;
$force = $value;
$result = $this->Galaxy->update($force);
if ($result) {
echo 'Galaxies updated';
} else {
echo 'Could not update Galaxies';
}
}
public function prune_update_logs() {
$jobId = $this->args[0];
$user_id = $this->args[1];
$user = $this->User->getAuthUser($user_id);
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Log');
$this->Log->pruneUpdateLogs($jobId, $user);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
# FIXME: Make Taxonomy->update() return a status string on API if successful
public function updateTaxonomies() {
$result = $this->Taxonomy->update();
if ($result) {
echo 'Taxonomies updated';
} else {
echo 'Could not update Taxonomies';
}
}
public function getWorkers() {
$result = $this->Server->workerDiagnostics($workerIssueCount);
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
public function updateWarningLists() {
$result = $this->Galaxy->update();
if ($result) {
echo 'Warning lists updated';
} else {
echo 'Could not update warning lists';
}
}
public function updateNoticeLists() {
$result = $this->Noticelist->update();
if ($result) {
echo 'Notice lists updated';
} else {
echo 'Could not update notice lists';
}
}
# FIXME: Debug and make it work, fails to pass userId/orgId properly
public function updateObjectTemplates() {
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin updateNoticeLists [user_id]';
} else {
$userId = $this->args[0];
$user = $this->User->find('first', array(
'recursive' => -1,
'conditions' => array(
'User.id' => $userId,
),
'fields' => array('User.id', 'User.org_id')
));
if (empty($user)) {
echo 'User not found';
} else {
$result = $this->ObjectTemplate->update($user, false,false);
if ($result) {
echo 'Object templates updated';
} else {
echo 'Could not update object templates';
}
}
}
}
public function jobUpgrade24() {
$jobId = $this->args[0];
$user_id = $this->args[1];
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Server');
$this->Server->upgrade2324($user_id, $jobId);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function prune_update_logs() {
$jobId = $this->args[0];
$user_id = $this->args[1];
$user = $this->User->getAuthUser($user_id);
$this->loadModel('Job');
$this->Job->id = $jobId;
$this->loadModel('Log');
$this->Log->pruneUpdateLogs($jobId, $user);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done.');
$this->Job->saveField('status', 4);
}
public function getWorkers() {
$result = $this->Server->workerDiagnostics($workerIssueCount);
$query = 'all';
if (!empty($this->args[0])) {
$query = $this->args[0];
}
if ($query === 'dead') {
$dead_workers = array();
foreach ($result as $queue => $data) {
if (!empty($data['workers'])) {
foreach ($data['workers'] as $k => $worker) {
if ($worker['alive']) {
unset($result[$queue]['workers'][$k]);
}
}
}
if (empty($result[$queue]['workers'])) {
unset($result[$queue]);
}
}
}
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
}
public function getSetting() {
$param = empty($this->args[0]) ? 'all' : $this->args[0];
$settings = $this->Server->serverSettingsRead();
$result = $settings;
if (!empty($param)) {
$result = 'No valid setting found for ' . $param;
foreach ($settings as $setting) {
if ($setting['setting'] == $param) {
$result = $setting;
break;
}
}
}
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
}
public function getSetting() {
$param = empty($this->args[0]) ? 'all' : $this->args[0];
$settings = $this->Server->serverSettingsRead();
$result = $settings;
if (!empty($param)) {
$result = 'No valid setting found for ' . $param;
foreach ($settings as $setting) {
if ($setting['setting'] == $param) {
$result = $setting;
break;
}
}
}
echo json_encode($result, JSON_PRETTY_PRINT) . PHP_EOL;
}
public function setSetting() {
$setting_name = !isset($this->args[0]) ? null : $this->args[0];
$value = !isset($this->args[1]) ? null : $this->args[1];
if ($value === 'false') $value = 0;
if ($value === 'true') $value = 1;
public function setSetting() {
$setting_name = !isset($this->args[0]) ? null : $this->args[0];
$value = !isset($this->args[1]) ? null : $this->args[1];
if ($value === 'false') $value = 0;
if ($value === 'true') $value = 1;
$cli_user = array('id' => 0, 'email' => 'SYSTEM', 'Organisation' => array('name' => 'SYSTEM'));
if (empty($setting_name) || $value === null) {
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setSetting [setting_name] [setting_value]';
} else {
if (empty($setting_name) || $value === null) {
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setSetting [setting_name] [setting_value]';
} else {
$setting = $this->Server->getSettingData($setting_name);
if (empty($setting)) {
echo 'Invalid setting. Please make sure that the setting that you are attempting to change exists.';
@ -179,25 +287,25 @@ class AdminShell extends AppShell
} else {
echo $result;
}
}
}
echo PHP_EOL;
}
}
public function setDatabaseVersion() {
if (empty($this->args[0])) echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setDatabaseVersion [db_version]' . PHP_EOL;
else {
$db_version = $this->AdminSetting->find('first', array(
'conditions' => array('setting' => 'db_version')
));
if (!empty($db_version)) {
$db_version['value'] = trim($this->args[0]);
$this->AdminSetting->save($db_version);
echo 'Database version set. MISP will replay all of the upgrade scripts since the selected version on the next user login.' . PHP_EOL;
} else {
echo 'Something went wrong. Could not find the existing db version.' . PHP_EOL;
}
}
}
public function setDatabaseVersion() {
if (empty($this->args[0])) echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setDatabaseVersion [db_version]' . PHP_EOL;
else {
$db_version = $this->AdminSetting->find('first', array(
'conditions' => array('setting' => 'db_version')
));
if (!empty($db_version)) {
$db_version['value'] = trim($this->args[0]);
$this->AdminSetting->save($db_version);
echo 'Database version set. MISP will replay all of the upgrade scripts since the selected version on the next user login.' . PHP_EOL;
} else {
echo 'Something went wrong. Could not find the existing db version.' . PHP_EOL;
}
}
}
public function updateDatabase() {
echo 'Executing all updates to bring the database up to date with the current version.' . PHP_EOL;
@ -222,20 +330,20 @@ class AdminShell extends AppShell
}
}
public function clearBruteforce()
{
$conditions = array('Bruteforce.username !=' => '');
if (!empty($this->args[0])) {
public function clearBruteforce()
{
$conditions = array('Bruteforce.username !=' => '');
if (!empty($this->args[0])) {
$conditions = array('Bruteforce.username' => $this->args[0]);
}
$result = $this->Bruteforce->deleteAll($conditions, false, false);
$target = empty($this->args[0]) ? 'all users' : $this->args[0];
if ($result) {
echo 'Brutefoce entries for ' . $target . ' deleted.' . PHP_EOL;
} else {
echo 'Something went wrong, could not delete bruteforce entries for ' . $target . '.' . PHP_EOL;
}
}
$result = $this->Bruteforce->deleteAll($conditions, false, false);
$target = empty($this->args[0]) ? 'all users' : $this->args[0];
if ($result) {
echo 'Brutefoce entries for ' . $target . ' deleted.' . PHP_EOL;
} else {
echo 'Something went wrong, could not delete bruteforce entries for ' . $target . '.' . PHP_EOL;
}
}
public function setDefaultRole()
{
@ -296,4 +404,17 @@ class AdminShell extends AppShell
}
echo 'Updated, new key:' . PHP_EOL . $authKey . PHP_EOL;
}
public function getOptionParser() {
$parser = parent::getOptionParser();
$parser->addSubcommand('updateJSON', array(
'help' => __('Update the JSON definitions of MISP.'),
'parser' => array(
'arguments' => array(
'update' => array('help' => __('Update the submodules before ingestion.'), 'short' => 'u', 'boolean' => 1)
)
)
));
return $parser;
}
}

59
app/Console/worker/start.sh
View File

@ -1,57 +1,18 @@
#!/usr/bin/env bash
# TODO: Put some logic inside if many worker PIDs are detected
# Extract base directory where this script is and cd into it
cd "${0%/*}"
# Set to the current webroot owner
WWW_USER=$(ls -l ../cake |awk {'print $3'}|tail -1)
# In most cases the owner of the cake script is also the user as which it should be executed.
if [[ "$USER" != "$WWW_USER" ]]; then
echo "You run this script as $USER and the owner of the cake command is $WWW_USER. This might be an issue."
fi
# Check if run as root
if [[ "$EUID" -eq "0" ]]; then
if [ "$EUID" -eq 0 ]; then
echo "Please DO NOT run the worker script as root"
exit 1
fi
# Check if jq is present and enable advanced checks
if [[ "$(jq -V > /dev/null 2> /dev/null; echo $?)" != 0 ]]; then
echo "jq is not installed, disabling advanced checks."
ADVANCED="0"
else
ADVANCED="1"
fi
# Extract base directory where this script is and cd into it
cd "${0%/*}"
../cake CakeResque.CakeResque stop --all
../cake CakeResque.CakeResque start --interval 5 --queue default
../cake CakeResque.CakeResque start --interval 5 --queue prio
../cake CakeResque.CakeResque start --interval 5 --queue cache
../cake CakeResque.CakeResque start --interval 5 --queue email
../cake CakeResque.CakeResque startscheduler --interval 5
if [[ "$ADVANCED" == "1" ]]; then
for worker in `echo cache default email prio scheduler`; do
workerStatus=$(../cake Admin getWorkers |tail -n +7 |jq -r ".$worker" |jq -r '.ok')
PIDcount=$(../cake admin getWorkers |tail -n +7 |jq -r ".$worker.workers" |grep pid | wc -l)
echo -n "$worker has $PIDcount PID(s)"
if [[ "$workerStatus" != "true" ]]; then
echo ", trying to restart."
if [[ "$worker" != "scheduler" ]]; then
../cake CakeResque.CakeResque start --interval 5 --queue $worker
else
../cake CakeResque.CakeResque startscheduler --interval 5
fi
else
echo ", up and running."
fi
done
exit 0
else
../cake CakeResque.CakeResque stop --all
../cake CakeResque.CakeResque start --interval 5 --queue default
../cake CakeResque.CakeResque start --interval 5 --queue prio
../cake CakeResque.CakeResque start --interval 5 --queue cache
../cake CakeResque.CakeResque start --interval 5 --queue email
../cake CakeResque.CakeResque startscheduler --interval 5
exit 0
fi
exit 0

57
app/Console/worker/start_dynamic.sh Normal file
View File

@ -0,0 +1,57 @@
#!/usr/bin/env bash
# TODO: Put some logic inside if many worker PIDs are detected
# Extract base directory where this script is and cd into it
cd "${0%/*}"
# Set to the current webroot owner
WWW_USER=$(ls -l ../cake |awk {'print $3'}|tail -1)
# In most cases the owner of the cake script is also the user as which it should be executed.
if [[ "$USER" != "$WWW_USER" ]]; then
echo "You run this script as $USER and the owner of the cake command is $WWW_USER. This might be an issue."
fi
# Check if run as root
if [[ "$EUID" -eq "0" ]]; then
echo "Please DO NOT run the worker script as root"
exit 1
fi
# Check if jq is present and enable advanced checks
if [[ "$(jq -V > /dev/null 2> /dev/null; echo $?)" != 0 ]]; then
echo "jq is not installed, disabling advanced checks."
ADVANCED="0"
else
ADVANCED="1"
fi
if [[ "$ADVANCED" == "1" ]]; then
for worker in `echo cache default email prio scheduler`; do
workerStatus=$(../cake Admin getWorkers |tail -n +7 |jq -r ".$worker" |jq -r '.ok')
PIDcount=$(../cake admin getWorkers |tail -n +7 |jq -r ".$worker.workers" |grep pid | wc -l)
echo -n "$worker has $PIDcount PID(s)"
if [[ "$workerStatus" != "true" ]]; then
echo ", trying to restart."
if [[ "$worker" != "scheduler" ]]; then
../cake CakeResque.CakeResque start --interval 5 --queue $worker
else
../cake CakeResque.CakeResque startscheduler --interval 5
fi
else
echo ", up and running."
fi
done
exit 0
else
../cake CakeResque.CakeResque stop --all
../cake CakeResque.CakeResque start --interval 5 --queue default
../cake CakeResque.CakeResque start --interval 5 --queue prio
../cake CakeResque.CakeResque start --interval 5 --queue cache
../cake CakeResque.CakeResque start --interval 5 --queue email
../cake CakeResque.CakeResque startscheduler --interval 5
exit 0
fi

2
app/Controller/AppController.php
View File

@ -46,7 +46,7 @@ class AppController extends Controller
public $helpers = array('Utility', 'OrgImg', 'FontAwesome');
private $__queryVersion = '65';
private $__queryVersion = '66';
public $pyMispVersion = '2.4.103';
public $phpmin = '7.0';
public $phprec = '7.2';

82
app/Controller/AttributesController.php
View File

@ -1197,7 +1197,7 @@ class AttributesController extends AppController
}
}
public function viewPicture($id, $thumbnail=false, $width=200, $height=200)
public function viewPicture($id, $thumbnail=false)
{
if (Validation::uuid($id)) {
$temp = $this->Attribute->find('first', array(
@ -1221,11 +1221,15 @@ class AttributesController extends AppController
'Attribute.id' => $id,
'Attribute.type' => 'attachment'
),
'withAttachments' => true,
'includeAllTags' => false,
'includeAttributeUuid' => true,
'flatten' => true
);
if ($this->_isRest()) {
$conditions['withAttachments'] = true;
}
$attribute = $this->Attribute->fetchAttributes($this->Auth->user(), $conditions);
if (empty($attribute)) {
throw new MethodNotAllowedException('Invalid attribute');
@ -1235,49 +1239,11 @@ class AttributesController extends AppController
if ($this->_isRest()) {
return $this->RestResponse->viewData($attribute['Attribute']['data'], $this->response->type());
} else {
$width = isset($this->request->params['named']['width']) ? $this->request->params['named']['width'] : 200;
$height = isset($this->request->params['named']['height']) ? $this->request->params['named']['height'] : 200;
$image_data = $this->Attribute->getPictureData($attribute, $thumbnail, $width, $height);
$extension = explode('.', $attribute['Attribute']['value']);
$extension = end($extension);
if (extension_loaded('gd')) {
$image = ImageCreateFromString(base64_decode($attribute['Attribute']['data']));
if (!$thumbnail) {
ob_start ();
switch ($extension) {
case 'gif':
imagegif($image);
break;
case 'jpg':
case 'jpeg':
imagejpeg($image);
break;
case 'png':
imagepng($image);
break;
default:
break;
}
$image_data = $extension != 'gif' ? ob_get_contents() : base64_decode($attribute['Attribute']['data']);
ob_end_clean ();
imagedestroy($image);
} else { // thumbnail requested, resample picture with desired dimension
$width = isset($this->request->params['named']['width']) ? $this->request->params['named']['width'] : 150;
$height = isset($this->request->params['named']['height']) ? $this->request->params['named']['height'] : 150;
if ($extension == 'gif') {
$image_data = base64_decode($attribute['Attribute']['data']);
} else {
$extension = 'jpg';
$imageTC = ImageCreateTrueColor($width, $height);
ImageCopyResampled($imageTC, $image, 0, 0, 0, 0, $width, $height, ImageSX($image), ImageSY($image));
ob_start ();
imagejpeg ($imageTC);
$image_data = ob_get_contents();
ob_end_clean ();
imagedestroy($image);
imagedestroy($imageTC);
}
}
} else {
$image_data = base64_decode($attribute['Attribute']['data']);
}
$this->response->type(strtolower(h($extension)));
$this->response->body($image_data);
$this->autoRender = false;
@ -3161,21 +3127,23 @@ class AttributesController extends AppController
$success = 0;
$fails = 0;
foreach ($idList as $id) {
$this->Attribute->id = $id;
if (!$this->Attribute->exists()) {
$attribute = $this->Attribute->find('first', array(
'recursive' => -1,
'conditions' => array('Attribute.id' => $id, 'Attribute.deleted' => 0),
'contain' => array('Event.orgc_id')
));
if (empty($attribute)) {
throw new NotFoundException(__('Invalid attribute'));
}
$this->Attribute->read();
if (!$this->_isSiteAdmin() && $this->Attribute->data['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
if (!$this->_isSiteAdmin() && $attribute['Event']['orgc_id'] !== $this->Auth->user('org_id')) {
$fails++;
continue;
}
if ($this->Attribute->data['Attribute']['deleted']) {
throw new NotFoundException(__('Invalid attribute'));
}
$eventId = $this->Attribute->data['Attribute']['event_id'];
$this->Attribute->Event->recursive = -1;
$event = $this->Attribute->Event->read(array(), $eventId);
$eventId = $attribute['Attribute']['event_id'];
$event = $this->Attribute->Event->find('first', array(
'conditions' => array('Event.id' => $eventId),
'recursive' => -1
));
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status' => 200, 'type' => 'json'));
@ -3184,8 +3152,6 @@ class AttributesController extends AppController
if (!$this->_isRest()) {
$this->Attribute->Event->insertLock($this->Auth->user(), $eventId);
}
$this->Attribute->recursive = -1;
foreach ($tag_id_list as $tag_id) {
$this->Attribute->AttributeTag->Tag->id = $tag_id;
if (!$this->Attribute->AttributeTag->Tag->exists()) {
@ -3214,9 +3180,9 @@ class AttributesController extends AppController
$event['Event']['published'] = 0;
$date = new DateTime();
$event['Event']['timestamp'] = $date->getTimestamp();
$this->Attribute->Event->save($event);
$this->Attribute->data['Attribute']['timestamp'] = $date->getTimestamp();
$this->Attribute->save($this->Attribute->data);
$result = $this->Attribute->Event->save($event);
$attribute['Attribute']['timestamp'] = $date->getTimestamp();
$this->Attribute->save($attribute);
$log = ClassRegistry::init('Log');
$log->createLogEntry($this->Auth->user(), 'tag', 'Attribute', $id, 'Attached tag (' . $tag_id . ') "' . $tag['Tag']['name'] . '" to attribute (' . $id . ')', 'Attribute (' . $id . ') tagged as Tag (' . $tag_id . ')');
$success++;

1
app/Controller/Component/ACLComponent.php
View File

@ -358,6 +358,7 @@ class ACLComponent extends Component
'stopZeroMQServer' => array(),
'testConnection' => array('perm_sync'),
'update' => array(),
'updateJSON' => array(),
'updateSubmodule' => array(),
'uploadFile' => array(),
'clearWorkerQueue' => array()

2
app/Controller/Component/RestResponseComponent.php
View File

@ -1552,7 +1552,7 @@ class RestResponseComponent extends Component
$field['values'] = $tags;
}
private function __overwriteNationality($scope, &$field) {
$field['values'] = array_keys(ClassRegistry::init("Organisation")->countries);
$field['values'] = ClassRegistry::init("Organisation")->countries;
}
private function __overwriteAction($scope, &$field) {
$field['values'] = array_keys(ClassRegistry::init("Log")->actionDefinitions);

46
app/Controller/EventsController.php
View File

@ -4204,60 +4204,60 @@ class EventsController extends AppController
// #TODO i18n
$exports = array(
'xml' => array(
'url' => '/events/restSearch/xml/false/false/false/false/false/false/false/false/false/' . $id . '/false.xml',
'url' => '/events/restSearch/xml/eventid:' . $id . '.xml',
'text' => 'MISP XML (metadata + all attributes)',
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Encode Attachments',
'checkbox_set' => '/events/restSearch/xml/false/false/false/false/false/false/false/false/false/' . $id . '/true.xml',
'checkbox_set' => '/events/restSearch/xml/eventid:' . $id . '/withAttachments:1.xml',
'checkbox_default' => true
),
'json' => array(
'url' => '/events/restSearch/json/false/false/false/false/false/false/false/false/false/' . $id . '/false.json',
'url' => '/events/restSearch/json/eventid:' . $id . '.json',
'text' => 'MISP JSON (metadata + all attributes)',
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Encode Attachments',
'checkbox_set' => '/events/restSearch/json/false/false/false/false/false/false/false/false/false/' . $id . '/true.json',
'checkbox_set' => '/events/restSearch/json/withAttachments:1/eventid:' . $id . '.json',
'checkbox_default' => true
),
'openIOC' => array(
'url' => '/events/downloadOpenIOCEvent/download/' . $id,
'text' => 'OpenIOC (all indicators marked to IDS)',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => false,
),
'csv' => array(
'url' => '/events/csv/download/' . $id,
'text' => 'CSV',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Include non-IDS marked attributes',
'checkbox_set' => '/events/csv/download/' . $id . '/1'
),
'csv_with_context' => array(
'url' => '/events/csv/download/' . $id . '/0/0/0/0/1',
'url' => '/events/restSearch/returnFormat:csv/eventid:' . $id,
'text' => 'CSV with additional context',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Include non-IDS marked attributes',
'checkbox_set' => '/events/csv/download/' . $id . '/1/0/0/0/1'
'checkbox_set' => '/events/restSearch/returnFormat:csv/to_ids:1||0/published:1||0/eventid:' . $id
),
'stix_xml' => array(
'url' => '/events/restSearch/stix/eventid:' . $id,
'text' => 'STIX XML (metadata + all attributes)',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Encode Attachments',
'checkbox_set' => '/events/restSearch/stix/eventid:' . $id . '/withAttachments:1'
),
'stix_json' => array(
'url' => '/events/stix/download/' . $id . '.json',
'url' => '/events/restSearch/stix/eventid:' . $id . '.json',
'text' => 'STIX JSON (metadata + all attributes)',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Encode Attachments',
'checkbox_set' => '/events/stix/download/' . $id . '/true.json'
'checkbox_set' => '/events/restSearch/stix/withAttachments:1/eventid:' . $id . '.json'
),
'stix2_json' => array(
'url' => '/events/restSearch/stix2/eventid:' . $id,
@ -4268,36 +4268,36 @@ class EventsController extends AppController
'checkbox_set' => '/events/restSearch/stix2/eventid:' . $id . '/withAttachments:1'
),
'rpz' => array(
'url' => '/attributes/rpz/download/false/' . $id,
'url' => '/attributes/restSearch/returnFormat:rpz/published:1||0/eventid:' . $id,
'text' => 'RPZ Zone file',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => false,
),
'suricata' => array(
'url' => '/events/nids/suricata/download/' . $id,
'url' => '/events/restSearch/returnFormat:suricata/published:1||0/eventid:' . $id,
'text' => 'Download Suricata rules',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => false,
),
'snort' => array(
'url' => '/events/nids/snort/download/' . $id,
'url' => '/events/restSearch/returnFormat:snort/published:1||0/eventid:' . $id,
'text' => 'Download Snort rules',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => false,
),
'bro' => array(
'url' => '/attributes/bro/download/all/false/' . $id,
'text' => 'Download Bro rules',
'requiresPublished' => true,
'requiresPublished' => false,
'checkbox' => false
),
'text' => array(
'url' => '/attributes/text/download/all/false/' . $id,
'text' => 'Export all attribute values as a text file',
'requiresPublished' => true,
'url' => '/attributes/restSearch/returnFormat:text/published:1||0/eventid:' . $id,
'requiresPublished' => false,
'checkbox' => true,
'checkbox_text' => 'Include non-IDS marked attributes',
'checkbox_set' => '/attributes/text/download/all/false/' . $id . '/true'
'checkbox_set' => '/attributes/restSearch/returnFormat:text/published:1||0/to_ids:1||0/eventid:' . $id
),
);
if ($event['Event']['published'] == 0) {

8
app/Controller/ServersController.php
View File

@ -1555,7 +1555,7 @@ class ServersController extends AppController
if ($this->request->is('post')) {
$request = $this->request->data;
$submodule = $request['Server']['submodule'];
$res = $this->Server->updateSubmodule($submodule);
$res = $this->Server->updateSubmodule($this->Auth->user(), $submodule);
return new CakeResponse(array('body'=> json_encode($res), 'type' => 'json'));
} else {
throw new MethodNotAllowedException();
@ -1832,4 +1832,10 @@ misp.direct_call(relative_path, body)
$this->redirect(array('action' => 'index'));
}
}
public function updateJSON()
{
$results = $this->Server->updateJSON();
return $this->RestResponse->viewData($results, $this->response->type());
}
}

1
app/Controller/TaxonomiesController.php
View File

@ -60,6 +60,7 @@ class TaxonomiesController extends AppController
$this->loadModel('AttributeTag');
foreach ($taxonomy['entries'] as $key => $value) {
$count = 0;
$count_a = 0;
if (!empty($value['existing_tag'])) {
foreach ($value['existing_tag'] as $et) {
$count = $this->EventTag->find('count', array(

4
app/Lib/Export/StixExport.php
View File

@ -58,7 +58,7 @@ class StixExport
$randomFileName = $this->generateRandomFileName();
$this->__tmp_dir = $this->__scripts_dir . 'tmp/';
$this->__framing = json_decode(shell_exec($framing_cmd), true);
$this->__stix_file = new File($this->__tmp_dir . $randomFileName . '.stix');
$this->__stix_file = new File($this->__tmp_dir . $randomFileName . '.' . $this->__return_type);
unset($randomFileName);
$this->__stix_file->write($this->__framing['header']);
$this->__initialize_misp_file();
@ -93,7 +93,7 @@ class StixExport
$this->__stix_file->close();
$this->__stix_file->delete();
$sep_len = strlen($this->__framing['separator']);
$stix_event = substr($stix_event, 0, -$sep_len) . $this->__framing['footer'];
$stix_event = (empty($this->__filenames) ? $stix_event : substr($stix_event, 0, -$sep_len)) . $this->__framing['footer'];
return $stix_event;
}

81
app/Lib/Tools/ComplexTypeTool.php
View File

@ -3,20 +3,73 @@
class ComplexTypeTool
{
private $__refangRegexTable = array(
'/^hxxp/i' => 'http',
'/^meow/i' => 'http',
'/^h\[tt\]p/i' => 'http',
'/\[\.\]/' => '.',
'/\[dot\]/' => '.',
'/\(dot\)/' => '.',
'/\\\\\./' => '.',
'/\.+/' => '.',
'/\[hxxp:\/\/\]/' => 'http://',
'/\\\/' => '',
'/[\@]/' => '@',
'/\[:\]/' => ':'
array(
'from' => '/^hxxp/i',
'to' => 'http',
'types' => array('link', 'url')
),
array(
'from' => '/^meow/i',
'to' => 'http',
'types' => array('link', 'url')
),
array(
'from' => '/^h\[tt\]p/i',
'to' => 'http',
'types' => array('link', 'url')
),
array(
'from' => '/\[\.\]/',
'to' => '.',
'types' => array('link', 'url', 'ip-dst', 'ip-src', 'domain|ip', 'domain', 'hostname')
),
array(
'from' => '/\[dot\]/',
'to' => '.',
'types' => array('link', 'url', 'ip-dst', 'ip-src', 'domain|ip', 'domain', 'hostname')
),
array(
'from' => '/\(dot\)/',
'to' => '.',
'types' => array('link', 'url', 'ip-dst', 'ip-src', 'domain|ip', 'domain', 'hostname')
),
array(
'from' => '/\\\\\./',
'to' => '.',
'types' => array('link', 'url', 'ip-dst', 'ip-src', 'domain|ip', 'domain', 'hostname')
),
array(
'from' => '/\.+/',
'to' => '.',
'types' => array('link', 'url', 'ip-dst', 'ip-src', 'domain|ip', 'domain', 'hostname')
),
array(
'from' => '/\[hxxp:\/\/\]/',
'to' => 'http://',
'types' => array('link', 'url')
),
array(
'from' => '/[\@]/',
'to' => '@',
'types' => array('email-src', 'email-dst')
),
array(
'from' => '/\[:\]/',
'to' => ':',
'types' => array('url', 'link')
)
);
public function refangValue($value, $type)
{
foreach ($this->__refangRegexTable as $regex) {
if (!isset($regex['types']) || in_array($type, $regex['types'])) {
$value = preg_replace($regex['from'], $regex['to'], $value);
}
}
return $value;
}
private $__tlds = array();
public function setTLDs($tlds = array())
@ -329,8 +382,8 @@ class ComplexTypeTool
private function __refangInput($input)
{
$input['refanged'] = $input['raw'];
foreach ($this->__refangRegexTable as $regex => $replacement) {
$input['refanged'] = preg_replace($regex, $replacement, $input['refanged']);
foreach ($this->__refangRegexTable as $regex) {
$input['refanged'] = preg_replace($regex['from'], $regex['to'], $input['refanged']);
}
$input['refanged'] = rtrim($input['refanged'], ".");
$input['refanged'] = preg_replace_callback(

97
app/Model/Attribute.php
View File

@ -774,6 +774,10 @@ class Attribute extends AppModel
if (is_array($this->data['Attribute']['value'])) {
return false;
}
App::uses('ComplexTypeTool', 'Tools');
$this->complexTypeTool = new ComplexTypeTool();
$this->data['Attribute']['value'] = $this->complexTypeTool->refangValue($this->data['Attribute']['value'], $this->data['Attribute']['type']);
if (!empty($this->data['Attribute']['object_id']) && empty($this->data['Attribute']['object_relation'])) {
return false;
@ -1585,7 +1589,7 @@ class Attribute extends AppModel
}
}
public function base64EncodeAttachment($attribute)
public function getAttachment($attribute, $path_suffix='')
{
$attachments_dir = Configure::read('MISP.attachments_dir');
if (empty($attachments_dir)) {
@ -1596,21 +1600,20 @@ class Attribute extends AppModel
// S3 - we have to first get the object then we can encode it
$s3 = $this->getS3Client();
// This will return the content of the object
$content = $s3->download($attribute['event_id'] . DS . $attribute['id']);
$content = $s3->download($attribute['event_id'] . DS . $attribute['id'] . $path_suffix);
} else {
// Standard filesystem
$filepath = $attachments_dir . DS . $attribute['event_id'] . DS . $attribute['id'];
$filepath = $attachments_dir . DS . $attribute['event_id'] . DS . $attribute['id'] . $path_suffix;
$file = new File($filepath);
if (!$file->readable()) {
return '';
}
$content = $file->read();
}
return base64_encode($content);
return $content;
}
public function saveBase64EncodedAttachment($attribute)
public function saveAttachment($attribute, $path_suffix='')
{
$attachments_dir = Configure::read('MISP.attachments_dir');
if (empty($attachments_dir)) {
@ -1622,17 +1625,17 @@ class Attribute extends AppModel
// We don't need your fancy directory structures and
// PEE AICH PEE meddling
$s3 = $this->getS3Client();
$data = base64_decode($attribute['data']);
$key = $attribute['event_id'] . DS . $attribute['id'];
$data = $attribute['data'];
$key = $attribute['event_id'] . DS . $attribute['id'] . $path_suffix;
$s3->upload($key, $data);
return true;
} else {
// Plebian filesystem operations
$rootDir = $attachments_dir . DS . $attribute['event_id'];
$dir = new Folder($rootDir, true); // create directory structure
$destpath = $rootDir . DS . $attribute['id'];
$destpath = $rootDir . DS . $attribute['id'] . $path_suffix;
$file = new File($destpath, true); // create the file
$decodedData = base64_decode($attribute['data']); // decode
$decodedData = $attribute['data']; // decode
if ($file->write($decodedData)) { // save the data
return true;
} else {
@ -1642,6 +1645,73 @@ class Attribute extends AppModel
}
}
public function base64EncodeAttachment($attribute)
{
return base64_encode($this->getAttachment($attribute));
}
public function saveBase64EncodedAttachment($attribute)
{
$attribute['data'] = base64_decode($attribute['data']);
return $this->saveAttachment($attribute);
}
public function getPictureData($attribute, $thumbnail=false, $width=200, $height=200)
{
$extension = explode('.', $attribute['Attribute']['value']);
$extension = end($extension);
if (extension_loaded('gd')) {
if (!$thumbnail) {
$data = $this->getAttachment($attribute['Attribute']);
$image = ImageCreateFromString($data);
ob_start ();
switch ($extension) {
case 'gif':
// php-gd doesn't support animated gif. Skipping...
break;
case 'jpg':
case 'jpeg':
imagejpeg($image);
break;
case 'png':
imagepng($image);
break;
default:
break;
}
$image_data = $extension != 'gif' ? ob_get_contents() : $data;
ob_end_clean ();
} else { // thumbnail requested, resample picture with desired dimension and save result
$thumbnail_exists = $this->getAttachment($attribute['Attribute'], $path_suffix='_thumbnail');
if ($width == 200 && $height == 200 && $thumbnail_exists !== '') { // check if thumbnail already exists
$image_data = $thumbnail_exists;
} else {
$data = $this->getAttachment($attribute['Attribute']);
if ($extension == 'gif') {
$image_data = $data;
} else {
$image = ImageCreateFromString($data);
$extension = 'jpg';
$imageTC = ImageCreateTrueColor($width, $height);
ImageCopyResampled($imageTC, $image, 0, 0, 0, 0, $width, $height, ImageSX($image), ImageSY($image));
ob_start ();
imagejpeg ($imageTC);
$image_data = ob_get_contents();
ob_end_clean ();
imagedestroy($image);
imagedestroy($imageTC);
}
// save thumbnail for later reuse
$attribute['Attribute']['data'] = $image_data;
$this->saveAttachment($attribute['Attribute'], '_thumbnail');
}
}
} else {
$image_data = $this->getAttachment($attribute['Attribute']);
}
return $image_data;
}
public function __beforeSaveCorrelation($a)
{
// (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
@ -3527,13 +3597,6 @@ class Attribute extends AppModel
if ($attribute['value'] == $tmpfile->name) {
$result['Object'][$k]['Attribute'][$k2]['value'] = $filename;
}
if (!empty($attribute['encrypt'])) {
if (!empty($attribute['encrypt']) && $attribute['encrypt']) {
$encrypted = $this->handleMaliciousBase64($event_id, $filename, $attribute['data'], array('md5'));
$result['Object'][$k]['Attribute'][$k2]['data'] = $encrypted['data'];
$result['Object'][$k]['Attribute'][$k2]['value'] = $filename . '|' . $encrypted['md5'];
}
}
}
}
}

3
app/Model/Event.php
View File

@ -1647,7 +1647,6 @@ class Event extends AppModel
'last',
'to_ids',
'includeAllTags',
'withAttachments',
'includeAttachments',
'event_uuid',
'distribution',
@ -3841,7 +3840,7 @@ class Event extends AppModel
}
}
private function __getPrioWorkerIfPossible()
public function __getPrioWorkerIfPossible()
{
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
$workers = $this->ResqueStatus->getWorkers();

6
app/Model/Job.php
View File

@ -42,7 +42,7 @@ class Job extends AppModel
$this->save($data);
$id = $this->id;
$this->Event = ClassRegistry::init('Event');
if (in_array($type, array_keys($this->Event->export_types))) {
if (in_array($type, array_keys($this->Event->export_types)) && $type !== 'bro') {
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
@ -50,13 +50,11 @@ class Job extends AppModel
true
);
} elseif ($type === 'bro') {
$extra = $type;
$type = 'bro';
$extra2 = isset($user['nids_sid']) ? $user['nids_sid'] : 0;
$process_id = CakeResque::enqueue(
'cache',
$shell . 'Shell',
array('cachebro' . $type, $user['id'], $id, $extra, $extra2),
array('cachebro', $user['id'], $id),
true
);
} else {

13
app/Model/ObjectTemplate.php
View File

@ -47,7 +47,7 @@ class ObjectTemplate extends AppModel
return true;
}
public function update($user, $type = false, $force = false)
public function update($user = false, $type = false, $force = false)
{
$objectsDir = APP . 'files/misp-objects/objects';
$directories = glob($objectsDir . '/*', GLOB_ONLYDIR);
@ -94,7 +94,7 @@ class ObjectTemplate extends AppModel
return $updated;
}
private function __updateObjectTemplate($template, $current, $user)
private function __updateObjectTemplate($template, $current, $user = false)
{
$success = false;
$template['requirements'] = array();
@ -104,8 +104,13 @@ class ObjectTemplate extends AppModel
$template['requirements'][$field] = $template[$field];
}
}
$template['user_id'] = $user['id'];
$template['org_id'] = $user['org_id'];
if (!empty($user)) {
$template['user_id'] = $user['id'];
$template['org_id'] = $user['org_id'];
} else {
$template['user_id'] = 0;
$template['org_id'] = 0;
}
$template['fixed'] = 1;
$this->create();
$result = $this->save($template);

160
app/Model/Server.php
View File

@ -105,33 +105,44 @@ class Server extends AppModel
$this->command_line_functions = array(
'console_admin_tasks' => array(
'data' => array(
'getSettings' => 'MISP/app/Console/cake Admin getSetting [setting]',
'setSettings' => 'MISP/app/Console/cake Admin setSetting [setting] [value]',
'getAuthkey' => 'MISP/app/Console/cake Admin getAuthkey [email]',
'setBaseurl' => 'MISP/app/Console/cake Baseurl [baseurl]',
'changePassword' => 'MISP/app/Console/cake Password [email] [new_password] [--override_password_change]',
'clearBruteforce' => 'MISP/app/Console/cake Admin clearBruteforce [user_email]',
'updateDatabase' => 'MISP/app/Console/cake Admin updateDatabase',
'updateGalaxies' => 'MISP/app/Console/cake Admin updateGalaxies',
'updateTaxonomies' => 'MISP/app/Console/cake Admin updateTaxonomies',
'updateObjectTemplates' => 'MISP/app/Console/cake Admin updateObjectTemplates',
'updateWarningLists' => 'MISP/app/Console/cake Admin updateWarningLists',
'updateNoticeLists' => 'MISP/app/Console/cake Admin updateNoticeLists',
'setDefaultRole' => 'MISP/app/Console/cake Admin setDefaultRole [role_id]'
'Get setting' => 'MISP/app/Console/cake Admin getSetting [setting]',
'Set setting' => 'MISP/app/Console/cake Admin setSetting [setting] [value]',
'Get authkey' => 'MISP/app/Console/cake Admin getAuthkey [email]',
'Set baseurl' => 'MISP/app/Console/cake Baseurl [baseurl]',
'Change password' => 'MISP/app/Console/cake Password [email] [new_password] [--override_password_change]',
'Clear Bruteforce Entries' => 'MISP/app/Console/cake Admin clearBruteforce [user_email]',
'Run database update' => 'MISP/app/Console/cake Admin updateDatabase',
'Update all JSON structures' => 'MISP/app/Console/cake Admin updateJSON',
'Update Galaxy definitions' => 'MISP/app/Console/cake Admin updateGalaxies',
'Update taxonomy definitions' => 'MISP/app/Console/cake Admin updateTaxonomies',
'Update object templates' => 'MISP/app/Console/cake Admin updateObjectTemplates',
'Update Warninglists' => 'MISP/app/Console/cake Admin updateWarningLists',
'Update Noticelists' => 'MISP/app/Console/cake Admin updateNoticeLists',
'Set default role' => 'MISP/app/Console/cake Admin setDefaultRole [role_id]'
),
'description' => __('Certain administrative tasks are exposed to the API, these help with maintaining and configuring MISP in an automated way / via external tools.'),
'header' => __('Administering MISP via the CLI')
),
'console_automation_tasks' => array(
'data' => array(
'pull' => 'MISP/app/Console/cake Server pull [user_id] [server_id] [full|update]',
'push' => 'MISP/app/Console/cake Server push [user_id] [server_id]',
'cacheFeed' => 'MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp]',
'fetchFeed' => 'MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp]',
'enrichment' => 'MISP/app/Console/cake Event enrichEvent [user_id] [event_id] [json_encoded_module_list]'
'Pull' => 'MISP/app/Console/cake Server pull [user_id] [server_id] [full|update]',
'Push' => 'MISP/app/Console/cake Server push [user_id] [server_id]',
'Cache feeds for quick lookups' => 'MISP/app/Console/cake Server cacheFeed [user_id] [feed_id|all|csv|text|misp]',
'Fetch feeds as local data' => 'MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp]',
'Run enrichment' => 'MISP/app/Console/cake Event enrichEvent [user_id] [event_id] [json_encoded_module_list]'
),
'description' => __('If you would like to automate tasks such as caching feeds or pulling from server instances, you can do it using the following command line tools. Simply execute the given commands via the command line / create cron jobs easily out of them.'),
'header' => __('Automating certain console tasks')
),
'worker_management_tasks' => array(
'data' => array(
'Get list of workers' => 'MISP/app/Console/cake Admin getWorkers [all|dead]',
'Start a worker' => 'MISP/app/Console/cake Admin startWorker [queue_name]',
'Restart a worker' => 'MISP/app/Console/cake Admin restartWorker [worker_pid]',
'Kill a worker' => 'MISP/app/Console/cake Admin killWorker [worker_pid]',
),
'description' => __('The background workers can be managed via the CLI in addition to the UI / API management tools'),
'header' => __('Managing the background workers')
)
);
@ -4637,24 +4648,90 @@ class Server extends AppModel
return $status;
}
public function updateSubmodule($submodule_name=false) {
public function updateSubmodule($user, $submodule_name=false) {
$path = APP . '../';
if ($submodule_name == false) {
$command = sprintf('cd %s; git submodule update 2>&1', $path);
exec($command, $output, $return_code);
$output = implode("\n", $output);
$res = array('status' => ($return_code==0 ? true : false), 'output' => $output);
if ($return_code == 0) { // update all DB
$res = array_merge($res, $this->updateDatabaseAfterPullRouter($submodule_name, $user));
}
} else if ($this->_isAcceptedSubmodule($submodule_name)) {
$command = sprintf('cd %s; git submodule update -- %s 2>&1', $path, $submodule_name);
exec($command, $output, $return_code);
$output = implode("\n", $output);
$res = array('status' => ($return_code==0 ? true : false), 'output' => $output);
if ($return_code == 0) { // update DB if necessary
$res = array_merge($res, $this->updateDatabaseAfterPullRouter($submodule_name, $user));
}
} else {
$res = array('status' => false, 'output' => __('Invalid submodule.'));
$res = array('status' => false, 'output' => __('Invalid submodule.'), 'job_sent' => false, 'sync_result' => __('unknown'));
}
return $res;
}
public function updateDatabaseAfterPullRouter($submodule_name, $user) {
if (Configure::read('MISP.background_jobs')) {
$job = ClassRegistry::init('Job');
$job->create();
$eventModel = ClassRegistry::init('Event');
$data = array(
'worker' => $eventModel->__getPrioWorkerIfPossible(),
'job_type' => __('update_after_pull'),
'job_input' => __('Updating: ' . $submodule_name),
'status' => 0,
'retries' => 0,
'org_id' => $user['org_id'],
'org' => $user['Organisation']['name'],
'message' => 'Update database after PULL.',
);
$job->save($data);
$jobId = $job->id;
$process_id = CakeResque::enqueue(
'prio',
'AdminShell',
array('updateAfterPull', $submodule_name, $jobId, $user['id']),
true
);
$job->saveField('process_id', $process_id);
return array('job_sent' => true, 'sync_result' => __('unknown'));
} else {
$result = $this->updateAfterPull($submodule_name, $user['id']);
return array('job_sent' => false, 'sync_result' => $result);
}
}
public function updateAfterPull($submodule_name, $userId) {
$user = $this->User->getAuthUser($userId);
$result = array();
if ($user['Role']['perm_site_admin']) {
$updateAll = empty($submodule_name);
if ($submodule_name == 'app/files/misp-galaxy' || $updateAll) {
$this->Galaxy = ClassRegistry::init('Galaxy');
$result[] = ($this->Galaxy->update() ? 'Update `' . h($submodule_name) . '` Sucessful.' : 'Update `'. h($submodule_name) . '` failed.') . PHP_EOL;
}
if ($submodule_name == 'app/files/misp-objects' || $updateAll) {
$this->ObjectTemplate = ClassRegistry::init('ObjectTemplate');
$result[] = ($this->ObjectTemplate->update($user, false, false) ? 'Update `' . h($submodule_name) . '` Sucessful.' : 'Update `'. h($submodule_name) . '` failed.') . PHP_EOL;
}
if ($submodule_name == 'app/files/noticelists' || $updateAll) {
$this->Noticelist = ClassRegistry::init('Noticelist');
$result[] = ($this->Noticelist->update() ? 'Update `' . h($submodule_name) . '` Sucessful.' : 'Update `'. h($submodule_name) . '` failed.') . PHP_EOL;
}
if ($submodule_name == 'app/files/taxonomies' || $updateAll) {
$this->Taxonomy = ClassRegistry::init('Taxonomy');
$result[] = ($this->Taxonomy->update() ? 'Update `' . h($submodule_name) . '` Sucessful.' : 'Update `'. h($submodule_name) . '` failed.') . PHP_EOL;
}
if ($submodule_name == 'app/files/warninglists' || $updateAll) {
$this->Warninglist = ClassRegistry::init('Warninglist');
$result[] = ($this->Warninglist->update() ? 'Update `' . h($submodule_name) . '` Sucessful.' : 'Update `'. h($submodule_name) . '` failed.') . PHP_EOL;
}
}
return implode('\n', $result);
}
public function update($status)
{
$final = '';
@ -4709,6 +4786,37 @@ class Server extends AppModel
return true;
}
public function restartWorker($pid)
{
if (Configure::read('MISP.background_jobs')) {
$this->ResqueStatus = new ResqueStatus\ResqueStatus(Resque::redis());
$workers = $this->ResqueStatus->getWorkers();
$pid = intval($pid);
if (!isset($workers[$pid])) {
return __('Invalid worker.');
}
$currentWorker = $workers[$pid];
$this->killWorker($pid, false);
$this->startWorker($currentWorker['queue']);
return true;
}
return __('Background workers not enabled.');
}
public function startWorker($queue)
{
$validTypes = array('default', 'email', 'scheduler', 'cache', 'prio');
if (!in_array($queue, $validTypes)) {
return __('Invalid worker type.');
}
if ($queue != 'scheduler') {
shell_exec(APP . 'Console' . DS . 'cake CakeResque.CakeResque start --interval 5 --queue ' . $queue .' > /dev/null 2>&1 &');
} else {
shell_exec(APP . 'Console' . DS . 'cake CakeResque.CakeResque startscheduler -i 5 > /dev/null 2>&1 &');
}
return true;
}
public function cacheServerInitiator($user, $id = 'all', $jobId = false)
{
$params = array(
@ -4810,4 +4918,16 @@ class Server extends AppModel
}
return $data;
}
public function updateJSON()
{
$toUpdate = array('Galaxy', 'Noticelist', 'Warninglist', 'Taxonomy', 'ObjectTemplate');
$results = array();
foreach ($toUpdate as $target) {
$this->$target = ClassRegistry::init($target);
$result = $this->$target->update();
$results[$target] = $result === false ? false : true;
}
return $results;
}
}

2
app/Plugin/ShibbAuth/README.md
View File

@ -44,7 +44,7 @@ in the list given by apache.
If used with Apache as webserver it might be useful to make a distinction to filter out API/Syncs from SSO login. It can be added to the vhost as follows:
```Apache
<If "-T reqenv('HTTP_AUTHORIZATION')">
<If "-T req('Authorization')">
Require all granted
AuthType None
</If>

2
app/View/Attributes/index.ctp
View File

@ -169,7 +169,7 @@ $(document).ready(function () {
object_id = selected.join('|');
}
url = "<?php echo $baseurl; ?>" + "/sightings/advanced/" + object_id + "/" + object_context;
genericPopup(url, '#screenshot_box');
genericPopup(url, '#popover_box');
});
$('.correlation-toggle').click(function() {
var attribute_id = $(this).data('attribute-id');

2
app/View/Elements/eventattribute.ctp
View File

@ -317,7 +317,7 @@ attributes or the appropriate distribution level. If you think there is a mistak
object_id = selected.join('|');
}
url = "<?php echo $baseurl; ?>" + "/sightings/advanced/" + object_id + "/" + object_context;
genericPopup(url, '#screenshot_box');
genericPopup(url, '#popover_box');
});
});
$('#attributesFilterField').bind("keydown", function(e) {

2
app/View/Elements/genericElements/SideMenu/side_menu.ctp
View File

@ -594,7 +594,7 @@
));
echo $this->element('/genericElements/SideMenu/side_menu_post_link', array(
'event_id' => 'deleteUser',
'url' => '/admin/delete/' . h($id),
'url' => '/admin/users/delete/' . h($id),
'text' => __('Delete User'),
'message' => __('Are you sure you want to delete # %s? It is highly recommended to never delete users but to disable them instead.', h($id))
));

6
app/View/Elements/generic_picker.ctp
View File

@ -3,7 +3,6 @@
* Generic select picker
*/
/** Config **/
$select_threshold = 7; // threshold above which pills will be replace by a select (unused if multiple is > 1)
$defaults_options = array(
'select_options' => array(
// 'multiple' => '', // set to add possibility to pick multiple options in the select
@ -19,6 +18,7 @@
'allow_single_deselect' => true,
),
'multiple' => 0,
'select_threshold' => 7, // threshold above which pills will be replace by a select (unused if multiple is > 1)
'functionName' => '', // function to be called on submit
'submitButtonText' => 'Submit',
'disabledSubmitButton' => false, // wether to not draw the submit button
@ -45,9 +45,9 @@
} else { // multiple enabled
$defaults['chosen_options']['max_selected_options'] = $defaults['multiple'] == -1 ? 'Infinity' : $defaults['multiple'];
$defaults['select_options']['multiple'] = '';
$select_threshold = 0;
$defaults['select_threshold'] = 0;
}
$use_select = count($items) > $select_threshold;
$use_select = count($items) > $defaults['select_threshold'];
$countThresholdReached = count($items) > 1000;
$option_templates = array();
$options_additionalData = array();

43
app/View/Elements/healthElements/diagnostics.ctp
View File

@ -61,7 +61,10 @@
<pre class="hidden green bold" id="gitResult"></pre>
<button title="<?php echo __('Pull the latest MISP version from github');?>" class="btn btn-inverse" style="padding-top:1px;padding-bottom:1px;" onClick = "updateMISP();"><?php echo __('Update MISP');?></button>
</div>
<h3><?php echo __('Submodules version');?><it id="refreshSubmoduleStatus" class="fas fa-sync useCursorPointer" style="font-size: small; margin-left: 5px;"></it></h3>
<h3><?php echo __('Submodules version');?>
<it id="refreshSubmoduleStatus" class="fas fa-sync useCursorPointer" style="font-size: small; margin-left: 5px;" title="<?php echo __('Refresh submodules version.'); ?>"></it>
<it id="updateAllJson" class="fas fa-file-upload useCursorPointer" style="font-size: small; margin-left: 5px;" title="<?php echo __('Load all JSON into the database.'); ?>"></it>
</h3>
<div id="divSubmoduleVersions" style="background-color:#f7f7f9;">
</div>
@ -365,16 +368,50 @@
<script>
$(document).ready(function() {
updateSubModulesStatus();
$('#refreshSubmoduleStatus').click(function() { updateSubModulesStatus(); });
$('#updateAllJson').click(function() { updateAllJson(); });
});
$('#refreshSubmoduleStatus').click(function() { updateSubModulesStatus(); });
function updateSubModulesStatus(message) {
function updateSubModulesStatus(message, job_sent, sync_result) {
job_sent = job_sent === undefined ? false : job_sent;
sync_result = sync_result === undefined ? '' : sync_result;
$('#divSubmoduleVersions').empty().append('<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>');
$.get('<?php echo $baseurl . '/servers/getSubmodulesStatus/'; ?>', function(html){
$('#divSubmoduleVersions').html(html);
if (message !== undefined) {
$('#submoduleGitResultDiv').show();
$('#submoduleGitResult').text(message);
var $clone = $('#submoduleGitResultDiv').clone();
$clone.find('strong').text('Synchronization result:');
if (job_sent) {
$clone.find('#submoduleGitResult')
.html('> Synchronizing DB with <a href="/jobs/index/" target="_blank">workers</a>...');
} else {
$clone.find('#submoduleGitResult')
.text(sync_result);
}
$clone.appendTo($('#submoduleGitResultDiv').parent());
}
});
}
function updateAllJson() {
$.ajax({
url: '<?php echo $baseurl . '/servers/updateJSON/'; ?>',
type: "get",
beforeSend: function() {
$('#submoduleGitResultDiv').show();
$('#submoduleGitResult').append('<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>');
},
success: function(data, statusText, xhr) {
Object.keys(data).forEach(function(k) {
var val = data[k];
data[k] = val ? 'Updated' : 'Update failed';
});
$('#submoduleGitResult').html(syntaxHighlightJson(data));
},
complete: function() {
$('#submoduleGitResult').find('fa-spinner').remove();
}
});
}

2
app/View/Elements/healthElements/settings_row.ctp
View File

@ -22,6 +22,8 @@
'setting' => array(
'html' => h($setting['setting']),
'class' => 'short live_filter_target',
'ondblclick' => 'serverSettingsActivateField',
'ondblclickParams' => array(h($setting['setting']), h($k))
),
'value_passive' => array(
'html' => nl2br(h($setting['value'])),

20
app/View/Elements/histogram.ctp
View File

@ -9,19 +9,21 @@
<?php
$cnt = 0;
foreach ($typeDb as $type => $colour):
if (isset($data[0]['data'][$type])):
?>
<div class="attributehistogram-legend-line">
<div class="attributehistogram-legend-box" style="display: block;float: left;margin: 4px 6px 0 0;background-color:<?php echo $colour; ?>">&nbsp;</div>
<div style="display: inline-block;cursor: pointer;<?php if (in_array($type, $selectedTypes)) echo 'font-weight:bold';?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle histogram');?>" tite="<?php echo __('Toggle histogram');?>" onClick='toggleHistogramType("<?php echo h($type); ?>", [<?php foreach ($selectedTypes as $t) echo '"' . $t . '", ' ?>]);'><?php echo h($type);?></div>
</div>
<div class="attributehistogram-legend-line">
<div class="attributehistogram-legend-box" style="display: block;float: left;margin: 4px 6px 0 0;background-color:<?php echo $colour; ?>">&nbsp;</div>
<div style="display: inline-block;cursor: pointer;<?php if (in_array($type, $selectedTypes)) echo 'font-weight:bold';?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle histogram');?>" tite="<?php echo __('Toggle histogram');?>" onClick='toggleHistogramType("<?php echo h($type); ?>", [<?php foreach ($selectedTypes as $t) echo '"' . $t . '", ' ?>]);'><?php echo h($type);?></div>
</div>
<?php
if ($cnt % 12 == 11):
$cnt++;
endif;
if ($cnt % 12 == 0):
?>
</div>
<div class="attributehistogram-legend-line col">
</div>
<div class="attributehistogram-legend-line col">
<?php
endif;
$cnt++;
endif;
endforeach;
?>
</div>

9
app/View/Jobs/index.ctp
View File

@ -88,16 +88,9 @@
)
)
);
echo $this->element('/genericElements/ListTopBar/scaffold', array('data' => $data));
?>
<div id="attributeList" class="attributeListContainer">
<div class="tabMenu tabMenuFiltersBlock noPrint" style="padding-right:0px !important;">
<span id="filter_header" class="attribute_filter_header"><?php echo __('Filters');?>: </span>
<div id="filter_all" title="<?php echo __('Show all queues');?>" role="button" tabindex="0" aria-label="<?php echo __('Show all queues');?>" class="attribute_filter_text<?php if (!$queue) echo '_active';?>" onClick="window.location='/jobs/index';"><?php echo __('All');?></div>
<div id="filter_default" title="<?php echo __('Show default queue');?>" role="button" tabindex="0" aria-label="<?php echo __('Show default queue');?>" class="attribute_filter_text<?php if ($queue === 'default') echo '_active';?>" onClick="window.location='/jobs/index/default';"><?php echo __('Default');?></div>
<div id="filter_email" title="<?php echo __('Show email queue');?>" role="button" tabindex="0" aria-label="<?php echo __('Show email queue');?>" class="attribute_filter_text<?php if ($queue === 'email') echo '_active';?>" onClick="window.location='/jobs/index/email';"><?php echo __('Email');?></div>
<div id="filter_cache" title="<?php echo __('Show cache queue');?>" role="button" tabindex="0" aria-label="<?php echo __('Show cache queue');?>" class="attribute_filter_text<?php if ($queue === 'cache') echo '_active';?>" onClick="window.location='/jobs/index/cache';"><?php echo __('Cache');?></div>
</div>
<?php echo $this->element('/genericElements/ListTopBar/scaffold', array('data' => $data)); ?>
<table class="table table-striped table-hover table-condensed">
<tr>
<th><?php echo $this->Paginator->sort('id');?></th>

1
app/View/Layouts/default.ctp
View File

@ -40,6 +40,7 @@
<body>
<div id="popover_form" class="ajax_popover_form"></div>
<div id="popover_form_large" class="ajax_popover_form ajax_popover_form_large"></div>
<div id="popover_box" class="popover_box"></div>
<div id="screenshot_box" class="screenshot_box"></div>
<div id="confirmation_box" class="confirmation_box"></div>
<div id="gray_out" class="gray_out"></div>

1
app/View/ObjectReferences/ajax/add.ctp
View File

@ -109,6 +109,7 @@
}
$options = array(
'functionName' => 'changeObjectReferenceSelectOption',
'select_threshold' => 0,
'chosen_options' => array('width' => '334px'),
'select_options' => array('data-targetselect' => 'targetSelect')
);

4
app/View/Users/admin_view.ctp
View File

@ -87,6 +87,10 @@ $buttonModifyStatus = $mayModify ? 'button_on':'button_off';
'class' => empty($user['User']['disabled']) ? '' : 'background-red',
'boolean' => $user['User']['disabled']
);
echo $this->element('genericElements/assetLoader', array(
'css' => array('vis', 'distribution-graph'),
'js' => array('vis', 'network-distribution-graph')
));
echo sprintf(
'<div class="users view row-fluid"><div class="span8" style="margin:0px;">%s%s</div>%s</div>%s',
sprintf(

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit ac6276a906d0658ff3e021208db7f0d25316c65d
Subproject commit e0a5224bbb37608bd3f20c6ee992254f02b2c794

2
app/files/misp-objects

@ -1 +1 @@
Subproject commit bfcfe7aae9a13db637281c8ccd10f9d89d33b593
Subproject commit 81924c519f2d5899023da427cc2d5f8cf29e076b

2
app/files/scripts/stix2/misp2stix2.py
View File

@ -70,7 +70,7 @@ class StixBuilder():
'created_by_ref': self.identity_id, 'created': self.misp_event['date'],
'published': self.get_datetime_from_timestamp(self.misp_event['publish_timestamp']),
'interoperability': True}
labels = _MISP_event_tags
labels = [tag for tag in _MISP_event_tags]
if self.misp_event.get('Tag'):
markings = []
for tag in self.misp_event['Tag']:

2
app/files/taxonomies

@ -1 +1 @@
Subproject commit 7697111df5285a537a217bcc205d614355dc2127
Subproject commit 4092752c2ef60eba1df4a8bfdd55dbc68db10b73

2
app/files/warninglists

@ -1 +1 @@
Subproject commit 3ededf3ddf92573e1037305859857418f73fdf25
Subproject commit 945b151b0b6258458fc0a8c3eb42f7401a30e5e8

10
app/webroot/css/main.css
View File

@ -846,6 +846,16 @@ a.proposal_link_red:hover {
left: calc(50% - 700px);
}
.popover_box {
display:none;
position: fixed;
top:150px;
background-color:#f4f4f4;
border-radius: 11px 11px 10px 10px;
box-shadow: 4px 4px 4px #333;
z-index:5;
}
.screenshot_box {
display:none;
position: absolute;

4638
app/webroot/js/event-graph.js
View File

File diff suppressed because it is too large Load Diff

237
app/webroot/js/misp.js
View File

@ -1265,6 +1265,7 @@ function cancelPopoverForm(id) {
$("#popover_form").fadeOut();
$("#popover_form_large").fadeOut();
$("#screenshot_box").fadeOut();
$("#popover_box").fadeOut();
$("#confirmation_box").fadeOut();
$('#gray_out').fadeOut();
$('#popover_form').fadeOut();
@ -1912,16 +1913,6 @@ function quickFilterRemoteEvents(passedArgs, id) {
window.location.href=url;
}
$('#quickFilterField').bind("enterKey",function(e){
$('#quickFilterButton').trigger("click");
});
$('#quickFilterField').keyup(function(e){
if(e.keyCode == 13)
{
$('#quickFilterButton').trigger("click");
}
});
function remoteIndexApplyFilters() {
var url = actionUrl + '/' + $("#EventFilter").val();
window.location.href = url;
@ -3272,7 +3263,7 @@ $(".cortex-json").click(function() {
// add the same as below for click popup
$(document).on( "click", ".eventViewAttributePopup", function() {
$('#screenshot_box').empty();
$('#popover_box').empty();
type = $(this).attr('data-object-type');
id = $(this).attr('data-object-id');
if (!(type + "_" + id in ajaxResults["persistent"])) {
@ -3288,16 +3279,16 @@ $(document).on( "click", ".eventViewAttributePopup", function() {
if (type + "_" + id in ajaxResults["persistent"]) {
var enrichment_popover = ajaxResults["persistent"][type + "_" + id];
enrichment_popover += '<div class="close-icon useCursorPointer popup-close-icon" onClick="closeScreenshot();"></div>';
$('#screenshot_box').html('<div class="screenshot_content">' + enrichment_popover + '</div>');
$('#screenshot_box').show();
$('#popover_box').html('<div class="screenshot_content">' + enrichment_popover + '</div>');
$('#popover_box').show();
$("#gray_out").fadeIn();
$('#screenshot_box').css({'padding': '5px'});
$('#screenshot_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
$('#screenshot_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" );
$('#screenshot_box').css( "overflow-y", "auto");
$('#popover_box').css({'padding': '5px'});
$('#popover_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
$('#popover_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" );
$('#popover_box').css( "overflow-y", "auto");
var left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2);
$('#screenshot_box').css({'left': left + 'px'});
var left = ($(window).width() / 2) - ($('#popover_box').width() / 2);
$('#popover_box').css({'left': left + 'px'});
}
$('#' + currentPopover).popover('destroy');
});
@ -3311,33 +3302,6 @@ function flashErrorPopover() {
$("#gray_out").fadeIn();
}
$(".eventViewAttributeHover").mouseenter(function() {
$('#' + currentPopover).popover('destroy');
var type = $(this).attr('data-object-type');
var id = $(this).attr('data-object-id');
if (type + "_" + id in ajaxResults["hover"]) {
var element = $('#' + type + '_' + id + '_container');
element.popover({
title: attributeHoverTitle(id, type),
content: ajaxResults["hover"][type + "_" + id],
placement: attributeHoverPlacement(element),
html: true,
trigger: 'manual',
container: 'body'
}).popover('show');
currentPopover = type + '_' + id + '_container';
} else {
timer = setTimeout(function () {
runHoverLookup(type, id)
},
500
);
}
}).mouseout(function() {
clearTimeout(timer);
});
function attributeHoverTitle(id, type) {
return `<span>Lookup results:</span>
<i class="fa fa-search-plus useCursorPointer eventViewAttributePopup"
@ -3378,15 +3342,6 @@ $('body').on('click', function (e) {
});
});
$(".queryPopover").click(function() {
url = $(this).data('url');
id = $(this).data('id');
$.get(url + '/' + id, function(data) {
$('#popover_form').html(data);
openPopup('#popover_form');
});
});
function serverOwnerOrganisationChange(host_org_id) {
if ($('#ServerOrganisationType').val() == "0" && $('#ServerLocal').val() == host_org_id) {
$('#InternalDiv').show();
@ -3488,26 +3443,6 @@ function feedFormUpdate() {
}
}
$('.servers_default_role_checkbox').click(function() {
var id = $(this).data("id");
var state = $(this).is(":checked");
$(".servers_default_role_checkbox").not(this).attr('checked', false);
$.ajax({
beforeSend: function (XMLHttpRequest) {
$(".loading").show();
},
success:function (data, textStatus) {
handleGenericAjaxResponse(data);
},
complete:function() {
$(".loading").hide();
},
type:"get",
cache: false,
url: '/admin/roles/set_default/' + (state ? id : ""),
});
});
function setContextFields() {
if (showContext) {
$('.context').show();
@ -3736,6 +3671,7 @@ $(document).keyup(function(e){
$("#popover_form").fadeOut();
$("#popover_form_large").fadeOut();
$("#screenshot_box").fadeOut();
$("#popover_box").fadeOut();
$("#confirmation_box").fadeOut();
$(".loading").hide();
resetForms();
@ -3766,16 +3702,6 @@ function checkRolePerms() {
}
}
// clicking on an element with this class will select all of its contents in a
// single click
$('.quickSelect').click(function() {
var range = document.createRange();
var selection = window.getSelection();
range.selectNodeContents(this);
selection.removeAllRanges();
selection.addRange(range);
});
function updateMISP() {
$.get( "/servers/update", function(data) {
$("#confirmation_box").html(data);
@ -3822,7 +3748,9 @@ function submitSubmoduleUpdate(clicked) {
data: formData,
success:function (data, textStatus) {
if (data.status) {
updateSubModulesStatus(data.output);
var job_sent = data.job_sent !== undefined ? data.job_sent : false;
var sync_result = data.sync_result !== undefined ? data.sync_result : '';
updateSubModulesStatus(data.output, job_sent, sync_result);
} else {
showMessage('error', 'Something went wrong');
$('#submoduleGitResultDiv').show();
@ -3847,24 +3775,6 @@ function submitSubmoduleUpdate(clicked) {
});
}
$(".cortex-json").click(function() {
var cortex_data = $(this).data('cortex-json');
cortex_data = htmlEncode(JSON.stringify(cortex_data, null, 2));
var popupHtml = '<pre class="simplepre">' + cortex_data + '</pre>';
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
$('#screenshot_box').html(popupHtml);
$('#screenshot_box').show();
$('#screenshot_box').css({'padding': '5px'});
left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2);
if (($('#screenshot_box').height() + 250) > $(window).height()) {
$('#screenshot_box').height($(window).height() - 250);
$('#screenshot_box').css("overflow-y", "scroll");
$('#screenshot_box').css("overflow-x", "hidden");
}
$('#screenshot_box').css({'left': left + 'px'});
$("#gray_out").fadeIn();
});
// Show $(id) if the enable parameter evaluates to true. Hide it otherwise
function checkAndEnable(id, enable) {
if (enable) {
@ -4005,22 +3915,6 @@ function previewEventBasedOnUuids() {
}
}
$('.add_object_attribute_row').click(function() {
var template_id = $(this).data('template-id');
var object_relation = $(this).data('object-relation');
var k = $('#last-row').data('last-row');
var k = k+1;
$('#last-row').data('last-row', k);
url = "/objects/get_row/" + template_id + "/" + object_relation + "/" + k;
$.get(url, function(data) {
$('#row_' + object_relation + '_expand').before($(data).fadeIn()).html();
});
});
$('.quickToggleCheckbox').toggle(function() {
var url = $(this).data('checkbox-url');
});
function checkNoticeList(type) {
var fields_to_check = {
"attribute": ["category", "type"]
@ -4049,6 +3943,108 @@ function checkNoticeList(type) {
}
$(document).ready(function() {
$('#quickFilterField').bind("enterKey",function(e){
$('#quickFilterButton').trigger("click");
});
$('#quickFilterField').keyup(function(e){
if(e.keyCode == 13)
{
$('#quickFilterButton').trigger("click");
}
});
$(".eventViewAttributeHover").mouseenter(function() {
$('#' + currentPopover).popover('destroy');
var type = $(this).attr('data-object-type');
var id = $(this).attr('data-object-id');
if (type + "_" + id in ajaxResults["hover"]) {
var element = $('#' + type + '_' + id + '_container');
element.popover({
title: attributeHoverTitle(id, type),
content: ajaxResults["hover"][type + "_" + id],
placement: attributeHoverPlacement(element),
html: true,
trigger: 'manual',
container: 'body'
}).popover('show');
currentPopover = type + '_' + id + '_container';
} else {
timer = setTimeout(function () {
runHoverLookup(type, id)
},
500
);
}
}).mouseout(function() {
clearTimeout(timer);
});
$(".queryPopover").click(function() {
url = $(this).data('url');
id = $(this).data('id');
$.get(url + '/' + id, function(data) {
$('#popover_form').html(data);
openPopup('#popover_form');
});
});
$('.servers_default_role_checkbox').click(function() {
var id = $(this).data("id");
var state = $(this).is(":checked");
$(".servers_default_role_checkbox").not(this).attr('checked', false);
$.ajax({
beforeSend: function (XMLHttpRequest) {
$(".loading").show();
},
success:function (data, textStatus) {
handleGenericAjaxResponse(data);
},
complete:function() {
$(".loading").hide();
},
type:"get",
cache: false,
url: '/admin/roles/set_default/' + (state ? id : ""),
});
});
// clicking on an element with this class will select all of its contents in a
// single click
$('.quickSelect').click(function() {
var range = document.createRange();
var selection = window.getSelection();
range.selectNodeContents(this);
selection.removeAllRanges();
selection.addRange(range);
});
$(".cortex-json").click(function() {
var cortex_data = $(this).data('cortex-json');
cortex_data = htmlEncode(JSON.stringify(cortex_data, null, 2));
var popupHtml = '<pre class="simplepre">' + cortex_data + '</pre>';
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
$('#popover_box').html(popupHtml);
$('#popover_box').show();
$('#popover_box').css({'padding': '5px'});
left = ($(window).width() / 2) - ($('#popover_box').width() / 2);
if (($('#popover_box').height() + 250) > $(window).height()) {
$('#popover_box').height($(window).height() - 250);
$('#popover_box').css("overflow-y", "scroll");
$('#popover_box').css("overflow-x", "hidden");
}
$('#popover_box').css({'left': left + 'px'});
$("#gray_out").fadeIn();
});
$('.add_object_attribute_row').click(function() {
var template_id = $(this).data('template-id');
var object_relation = $(this).data('object-relation');
var k = $('#last-row').data('last-row');
var k = k+1;
$('#last-row').data('last-row', k);
url = "/objects/get_row/" + template_id + "/" + object_relation + "/" + k;
$.get(url, function(data) {
$('#row_' + object_relation + '_expand').before($(data).fadeIn()).html();
});
});
$('.quickToggleCheckbox').toggle(function() {
var url = $(this).data('checkbox-url');
});
$(".correlation-expand-button").on("click", function() {
$(this).parent().children(".correlation-expanded-area").show();
$(this).parent().children(".correlation-collapse-button").show();
@ -4105,7 +4101,6 @@ function insertHTMLRestResponse() {
function insertJSONRestResponse() {
$('#rest-response-container').append('<p id="json-response-container" style="border: 1px solid blue; padding:5px;" />');
var parsedJson = syntaxHighlightJson($('#rest-response-hidden-container').text());
console.log(parsedJson);
$('#json-response-container').html(parsedJson);
}

146
docs/INSTALL.rhel7.md
View File

@ -9,8 +9,7 @@
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.
This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x). At time of this writing it
was tested on version 7.6.
This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x). At time of this writing it was tested on version 7.6.
The following assumptions with regard to this installation have been made.
@ -19,13 +18,24 @@ The following assumptions with regard to this installation have been made.
### 0.3/ This system will have direct or proxy access to the Internet for updates. Or connected to a Red Hat Satellite Server
### 0.4/ This document is to get a MISP instance up and running over HTTP. I haven't done a full test of all features
{!generic/globalVariables.md!}
```bash
# RHEL/CentOS Specific
RUN_PHP='/usr/bin/scl enable rh-php72'
RUN_PYTHON='/usr/bin/scl enable rh-python36'
SUDO_WWW='sudo -H -u apache'
PHP_INI=/etc/opt/rh/rh-php72/php.ini
```
# 1/ OS Install and additional repositories
## 1.1/ Complete a minimal RHEL installation, configure IP address to connect automatically.
## 1.2/ Configure system hostname
```bash
sudo hostnamectl set-hostname misp # Your choice, in a production environment, it's best to use a FQDN
sudo hostnamectl set-hostname misp.local # Your choice, in a production environment, it's best to use a FQDN
```
## 1.3/ Register the system for updates with Red Hat Subscription Manager
@ -48,19 +58,12 @@ sudo yum install deltarpm -y
## 1.5/ Update the system and reboot
```bash
yum update -y
sudo yum update -y
```
!!! note
As time of writing performing a yum update results in the rhel-7-server-rt-beta-rpms being forbidden.<br />
The repo can be disabled using the following command
```bash
subscription-manager repos --disable rhel-7-server-rt-beta-rpms
```
## 1.6/ Install the EPEL repo
```bash
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
```
# 2/ Install Dependencies
@ -68,21 +71,20 @@ Once the system is installed and updated, the following steps can be performed a
## 2.01/ Install some base system dependencies
```bash
yum install gcc git httpd zip python-devel libxslt-devel zlib-devel python-pip ssdeep-devel
sudo yum install gcc git httpd zip python-devel libxslt-devel zlib-devel python-pip ssdeep-devel
```
## 2.02/ Install MariaDB 10.2 from SCL
```bash
yum install rh-mariadb102
sudo yum install rh-mariadb102
```
## 2.03/ Start the MariaDB service and enable it to start on boot
```bash
systemctl enable --now rh-mariadb102-mariadb.service
sudo systemctl enable --now rh-mariadb102-mariadb.service
```
!!! note
MISP 2.4 requires PHP 5.6 as a minimum, so we need a higher version than base RHEL provides.<br />
This guide installs PHP 7.2 from SCL
!!! warning
@ -90,7 +92,7 @@ systemctl enable --now rh-mariadb102-mariadb.service
## 2.04/ Install PHP 7.2 from SCL
```bash
yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd
sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd
```
!!! note
@ -98,80 +100,86 @@ yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh
## 2.05/ Start the PHP FPM service and enable to start on boot
```bash
systemctl enable --now rh-php72-php-fpm.service
sudo systemctl enable --now rh-php72-php-fpm.service
```
## 2.06/ Install redis 3.2 from SCL
```bash
yum install rh-redis32
sudo yum install rh-redis32
```
## 2.07/ Start redis service and enable to start on boot
```bash
systemctl enable --now rh-redis32-redis.service
sudo systemctl enable --now rh-redis32-redis.service
```
## 2.08/ Secure the MariaDB installation
```bash
scl enable rh-mariadb102 'mysql_secure_installation'
sudo scl enable rh-mariadb102 'mysql_secure_installation'
```
## 2.09/ Update the PHP extension repository and install required package
```bash
scl enable rh-php72 rh-redis32 bash
pear channel-update pear.php.net
pear install Crypt_GPG
sudo scl enable rh-php72 rh-redis32 bash
sudo pear channel-update pear.php.net
sudo pear install Crypt_GPG
exit
```
## 2.10/ Install haveged and enable to start on boot to provide entropy for GPG
```bash
yum install haveged
systemctl enable --now haveged
sudo yum install haveged
sudo systemctl enable --now haveged
```
Only do this if you're not running rngd to provide randomness and your kernel randomness is not sufficient.
## 2.10/ Install Python 3.6 from SCL
```bash
sudo yum install rh-python36
```
## 2.11/ Install Python 3.6 from SCL
## 2.11/ Install Git 2.18 from SCL
```bash
yum install rh-python36
sudo yum install rh-git218
```
# 3/ MISP Download
## 3.01/ Download MISP code using git in /var/www/ directory
```bash
cd /var/www
git clone https://github.com/MISP/MISP.git
cd MISP
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
sudo mkdir $PATH_TO_MISP
sudo chown apache:apache $PATH_TO_MISP
sudo -u apache git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
# if the last shortcut doesn't work, specify the latest version manually
# example: git checkout tags/v2.4.XY
# the message regarding a "detached HEAD state" is expected behaviour
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
git submodule update --init --recursive
sudo -u apache git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
git submodule foreach --recursive git config core.filemode false
sudo -u apache git submodule foreach --recursive git config core.filemode false
```
## 3.02/ Make git ignore filesystem permission differences
```bash
git config core.filemode false
sudo -u apache git config core.filemode false
```
## 3.03/ Install Mitre's STIX, STIX2 and their dependencies by running the following commands
```bash
yum install python-six
cd /var/www/MISP/app/files/scripts
git clone https://github.com/CybOXProject/python-cybox.git
git clone https://github.com/STIXProject/python-stix.git
sudo -u apache git clone https://github.com/CybOXProject/python-cybox.git
sudo -u apache git clone https://github.com/STIXProject/python-stix.git
cd /var/www/MISP/app/files/scripts/python-cybox
git config core.filemode false
sudo -u apache git config core.filemode false
# If your umask has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
UMASK=$(umask)
umask 0022
scl enable rh-python36 'python3 setup.py install'
sudo scl enable rh-python36 'python3 setup.py install'
cd /var/www/MISP/app/files/scripts/python-stix
git config core.filemode false
scl enable rh-python36 'python3 setup.py install'
sudo -u www-data git config core.filemode false
sudo scl enable rh-python36 'python3 setup.py install'
cd /var/www/MISP/cti-python-stix2
scl enable rh-python36 'python3 setup.py install'
sudo scl enable rh-python36 'python3 setup.py install'
```
@ -188,17 +196,18 @@ umask $UMASK
## 3.05/ Enable python3 for php-fpm
```bash
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php72/sysconfig/php-fpm
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
systemctl restart rh-php72-php-fpm.service
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
sudo systemctl restart rh-php72-php-fpm.service
```
## 3.06/ Enable dependencies detection in the diagnostics page
Add the following content to `/etc/opt/rh/rh-php72/php-fpm.d/www.conf` :
```
env[PATH] =/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin
env[PATH]=/opt/rh/rh-git218/root/usr/bin:/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin
env[LD_LIBRARY_PATH]=/opt/rh/httpd24/root/usr/lib64/
```
Then run `systemctl restart rh-php72-php-fpm.service`.
This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings. The LD_LIBRARY_PATH setting is needed for rh-git218 to work, one might think to install httpd24 and not just httpd ...
# 4/ CakePHP
## 4.01/ Install CakeResque along with its dependencies if you intend to use the built in background jobs
@ -254,8 +263,6 @@ chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
```
# 6/ Create database and user
## 6.01/ Set database to listen on localhost only
```bash
@ -290,14 +297,10 @@ cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
## 7.02/ Since SELinux is enabled, we need to allow httpd to write to certain directories
```bash
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/MISP(/.*)?"
restorecon -R /var/www/MISP/
```
We're providing write access to the whole MISP tree, otherwise updates via the web interface won't work.
## 7.03/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
```bash
@ -329,13 +332,7 @@ cp INSTALL/misp.logrotate /etc/logrotate.d/misp
chmod 0640 /etc/logrotate.d/misp
```
## 8.02/ Allow logrotate to work under SELinux and modify the log files
```bash
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
```
## 8.03/ Allow logrotate to read /var/www
## 8.02/ Allow logrotate to read /var/www
```bash
checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te
semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
@ -381,17 +378,13 @@ cp -a config.default.php config.php
```
## 9.03/ If you want to be able to change configuration parameters from the webinterface:
```
chown apache:apache /var/www/MISP/app/Config/config.php
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
```
Handled by 7.02
## 9.04/ Generate an encryption key
```bash
gpg --gen-key
mv ~/.gnupg /var/www/MISP/
chown -R apache:apache /var/www/MISP/.gnupg
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.gnupg
restorecon -R /var/www/MISP
```
!!! note
@ -443,16 +436,7 @@ systemctl enable --now misp-workers.service
{!generic/recommended.actions.md!}
# 10/ Post Install
## 10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs
If the result from the diagnostic page is that the directory is not writable, try the following.
```
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs/
```
!!! note
This may mean that logrotate cannot access the logs directory, will require further investigation
## 10.02/ Change php.ini settings to suggested limits from diagnostic page.
## 10.01/ Change php.ini settings to suggested limits from diagnostic page.
```bash
# Edit /etc/opt/rh/rh-php72/php.ini and set the following settings
max_execution_time = 300
@ -461,12 +445,12 @@ upload_max_filesize = 50M
post_max_size = 50M
```
## 10.03/ Restart rh-php72 for settings to take effect
## 10.02/ Restart rh-php72 for settings to take effect
```bash
systemctl restart rh-php72-php-fpm
```
## 10.04/ Install pydeep and pymisp
## 10.03/ Install pydeep and pymisp
```bash
scl enable rh-python36 'python3 -m pip install pymisp git+https://github.com/kbandla/pydeep.git'
```

2
docs/generic/INSTALL.done.md
View File

@ -5,7 +5,7 @@
```
or on CentOS
```bash
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python""
```
!!! warning

193
docs/generic/MISP_CAKE_init_centos.md
View File

@ -1,7 +1,7 @@
#### Initialize MISP configuration and set some defaults
```bash
# Initialize user and fetch Auth Key
sudo -E $RUN_PHP "$CAKE userInit -q"
sudo -u apache -E $RUN_PHP "$CAKE userInit -q"
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# A small sleep to make sure all the db migrations are done, in case of copy-pasta
@ -10,149 +10,142 @@ sleep 30
# Setup some more MISP default via cake CLI
# Change base url, either with this CLI command or in the UI
sudo $RUN_PHP "$CAKE Baseurl $MISP_BASEURL"
sudo -u apache $RUN_PHP "$CAKE Baseurl $MISP_BASEURL"
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# Tune global time outs
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Session.cookieTimeout" 3600"
# Enable GnuPG
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
# Enable Enrichment set better timeouts
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
# Enable Import modules set better timout
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
# Enable Export modules set better timout
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
# Enable installer org and tune some configurables
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_tag_collection" 0"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_tag_collection" 0"
# Provisional Cortex tunes
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_authkey" """
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
# Various plugin sightings settings
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
# Plugin CustomAuth tuneable
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
# RPZ Plugin settings
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns_alt" """
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
# Force defaults to make MISP Server Settings less RED
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
## Redis block
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_password" """
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_password" ""
# Force defaults to make MISP Server Settings less YELLOW
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
##sudo $RUN_PHP '$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"'
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert_age" """
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false"
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidleft" "This is an initial install""
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly""
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure""
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings""
# TODO: Fix substitions
##sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
##sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
# Force defaults to make MISP Server Settings less GREEN
sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
##sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'"
# Tune global time outs
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
sudo -u apache $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
# Update the galaxies…
##sudo $RUN_PHP "$CAKE Admin updateGalaxies"
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
sudo -u apache $RUN_PHP "$CAKE Admin updateGalaxies"
# Updating the taxonomies…
sudo $RUN_PHP "$CAKE Admin updateTaxonomies"
sudo -u apache $RUN_PHP "$CAKE Admin updateTaxonomies"
# Updating the warning lists…
##sudo $RUN_PHP "$CAKE Admin updateWarningLists"
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
sudo -u apache $RUN_PHP "$CAKE Admin updateWarningLists"
# Updating the notice lists…
## sudo $RUN_PHP "$CAKE Admin updateNoticeLists"
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
sudo -u apache $RUN_PHP "$CAKE Admin updateNoticeLists"
# Updating the object templates…
##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates"
##sudo -u apache $RUN_PHP "$CAKE Admin updateObjectTemplates"
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
# Set MISP Live
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
sudo -u apache $RUN_PHP "$CAKE Live $MISP_LIVE"
```

2
docs/generic/globalVariables.md
View File

@ -2,6 +2,8 @@
```bash
# <snippet-begin 0_global-vars.sh>
# $ eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | grep -v \`\`\`)"
# $ MISPvars
MISPvars () {
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours"
# Local non-root MISP user

42
docs/generic/misp-dashboard-centos.md
View File

@ -1,10 +1,14 @@
#### MISP Dashboard on CentOS
--------------
!!! warning
Currently defunct.
```bash
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
sudo chown apache:apache misp-dashboard
sudo -u apache git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
@ -53,23 +57,23 @@ sudo a2ensite misp-dashboard
sudo systemctl reload apache2
# Add misp-dashboard to rc.local to start on boot.
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u apache bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
# Enable ZeroMQ for misp-dashboard
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost""
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq""
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false"
$SUDO_WWW $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false"
```

6
docs/xINSTALL.centos6.md
View File

@ -1,5 +1,5 @@
# INSTALLATION INSTRUCTIONS
## for CentOS 6.x
## for CentOS 6.10
### 0/ MISP CentOS 6 Minimal NetInstall - Status
--------------------------------------------
@ -12,6 +12,8 @@
Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20181025<br />
It is still considered experimental as not everything works seemlessly.
!!! notice
Maintenance will end on: November 30th, 2020 [Source[0]](https://wiki.centos.org/About/Product) [Source[1]](https://linuxlifecycle.com/)
CentOS 6.10 [NetInstallURL](http://mirrors.sonic.net/centos/6.10/os/x86_64/)
@ -37,7 +39,7 @@ Install a minimal CentOS 6.x system with the software:
```bash
# Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname)
sudo hostnamectl set-hostname misp.local # or whatever you want it to be
sudo hostnamectl set-hostname misp.local # Your choice, in a production environment, it's best to use a FQDN
# Make sure your system is up2date:
sudo yum update -y

294
docs/xINSTALL.centos7.md
View File

@ -9,20 +9,23 @@
{!generic/rhelVScentos.md!}
!!! notice
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113<br />
Semi-maintained and tested by @SteveClement, CentOS 7.6-1804 on 20190410<br />
It is still considered experimental as not everything works seemlessly.
!!! notice
Maintenance will end on: June 30th, 2024 [Source[0]](https://wiki.centos.org/About/Product) [Source[1]](https://linuxlifecycle.com/)
CentOS 7.5-1804 [NetInstallURL](http://mirror.centos.org/centos/7.5.1804/os/x86_64/)
CentOS 7.6-1810 [NetInstallURL](http://mirror.centos.org/centos/7.6.1810/os/x86_64/)
{!generic/globalVariables.md!}
```bash
# CentOS Specific
RUN_PHP='/usr/bin/scl enable rh-php71 '
RUN_PHP='/usr/bin/scl enable rh-php72 '
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
SUDO_WWW='sudo -H -u apache'
PHP_INI=/etc/opt/rh/rh-php71/php.ini
PHP_INI=/etc/opt/rh/rh-php72/php.ini
```
### 1/ Minimal CentOS install
@ -37,7 +40,7 @@ Install a minimal CentOS 7.x system with the software:
```bash
# Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname)
sudo hostnamectl set-hostname misp.local # or whatever you want it to be
sudo hostnamectl set-hostname misp.local # Your choice, in a production environment, it's best to use a FQDN
# Make sure your system is up2date:
sudo yum update -y
@ -67,19 +70,19 @@ sudo yum install gcc git zip \
python-devel python-pip python-zmq \
libxslt-devel zlib-devel ssdeep-devel -y
# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache rh-php71-php-gd -y
# Install PHP 7.2 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php72/
sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysqlnd rh-php72-php-mbstring rh-php72-php-xml rh-php72-php-bcmath rh-php72-php-opcache rh-php72-php-gd -y
# Install Python 3.6 from SCL, see
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
sudo yum install rh-python36 -y
sudo systemctl enable rh-php71-php-fpm.service
sudo systemctl start rh-php71-php-fpm.service
sudo systemctl enable rh-php72-php-fpm.service
sudo systemctl start rh-php72-php-fpm.service
```
!!! notice
$RUN_PHP makes php available for you if using rh-php71. e.g: sudo $RUN_PHP "pear list | grep Crypt_GPG"
$RUN_PHP makes php available for you if using rh-php72. e.g: sudo $RUN_PHP "pear list | grep Crypt_GPG"
```bash
# GPG needs lots of entropy, haveged provides entropy
@ -100,74 +103,102 @@ sudo systemctl start redis.service
sudo mkdir $PATH_TO_MISP
sudo chown apache:apache $PATH_TO_MISP
cd /var/www
sudo -u apache git clone https://github.com/MISP/MISP.git
$SUDO_WWW git clone https://github.com/MISP/MISP.git
cd $PATH_TO_MISP
##sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
# if the last shortcut doesn't work, specify the latest version manually
# example: git checkout tags/v2.4.XY
# the message regarding a "detached HEAD state" is expected behaviour
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
# Fetch submodules
sudo -u apache git submodule update --init --recursive
$SUDO_WWW git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u apache git submodule foreach --recursive git config core.filemode false
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
# Install packaged pears
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
# Create a python3 virtualenv
sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
sudo mkdir /usr/share/httpd/.cache
sudo chown apache:apache /usr/share/httpd/.cache
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
# install Mitre's STIX and its dependencies by running the following commands:
sudo yum install python-importlib python-lxml python-dateutil python-six -y
cd /var/www/MISP/app/files/scripts
sudo -u apache git clone https://github.com/CybOXProject/python-cybox.git
sudo -u apache git clone https://github.com/STIXProject/python-stix.git
cd /var/www/MISP/app/files/scripts/python-cybox
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
cd $PATH_TO_MISP/app/files/scripts/python-cybox
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
UMASK=$(umask)
umask 0022
cd /var/www/MISP/app/files/scripts/python-stix
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/python-stix
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
# install maec
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U maec
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec
# install zmq
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U zmq
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq
# install redis
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U redis
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
# install magic, lief, pydeep
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U python-magic lief git+https://github.com/kbandla/pydeep.git
# lief needs manual compilation
sudo yum install devtoolset-7 cmake3 -y
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
# TODO: Fix static path with PATH_TO_MISP
cd $PATH_TO_MISP/app/files/scripts/lief
$SUDO_WWW mkdir build
cd build
$SUDO_WWW scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
-DLIEF_PYTHON_API=on \
-DLIEF_DOC=off \
-DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
-DCMAKE_BUILD_TYPE=Release \
-DPYTHON_VERSION=3.6 \
-DPYTHON_EXECUTABLE=/var/www/MISP/venv/bin/python \
.."'
$SUDO_WWW make -j3
sudo make install
cd api/python/lief_pybind11-prefix/src/lief_pybind11
$SUDO_WWW $PATH_TO_MISP/venv/bin/python setup.py install
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
# install magic, pydeep
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
# install mixbox to accommodate the new STIX dependencies:
cd /var/www/MISP/app/files/scripts/
sudo -u apache git clone https://github.com/CybOXProject/mixbox.git
cd /var/www/MISP/app/files/scripts/mixbox
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
cd $PATH_TO_MISP/app/files/scripts/mixbox
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd /var/www/MISP/cti-python-stix2
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
cd $PATH_TO_MISP/cti-python-stix2
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
# install PyMISP
cd /var/www/MISP/PyMISP
sudo -u apache $PATH_TO_MISP/venv/bin/pip install enum34
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
cd $PATH_TO_MISP/PyMISP
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
# Enable python3 for php-fpm
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php71/sysconfig/php-fpm
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf
sudo systemctl restart rh-php71-php-fpm.service
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php72/sysconfig/php-fpm
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
sudo systemctl restart rh-php72-php-fpm.service
umask $UMASK
# Enable dependencies detection in the diagnostics page
# This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
echo "env[PATH] =/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf
sudo systemctl restart rh-php72-php-fpm.service
```
### 4/ CakePHP
@ -175,27 +206,32 @@ umask $UMASK
#### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
#### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
```bash
sudo chown -R apache:apache /var/www/MISP
sudo chown -R apache:apache $PATH_TO_MISP
sudo mkdir /usr/share/httpd/.composer
sudo chown apache:apache /usr/share/httpd/.composer
cd /var/www/MISP/app
sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
sudo -u apache $RUN_PHP "php composer.phar install"
cd $PATH_TO_MISP/app
# Update composer.phar (optional)
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
#$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
#$SUDO_WWW $RUN_PHP "php composer-setup.php"
#$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');"
$SUDO_WWW $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
$SUDO_WWW $RUN_PHP "php composer.phar config vendor-dir Vendor"
$SUDO_WWW $RUN_PHP "php composer.phar install"
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy)
# fallback connector through Redisent.
# It is highly advised to install phpredis using "yum install php-redis"
sudo $RUN_PHP "pecl install redis"
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
sudo systemctl restart rh-php71-php-fpm.service
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php72/php-fpm.d/redis.ini
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php72/php.d/99-redis.ini
sudo systemctl restart rh-php72-php-fpm.service
# If you have not yet set a timezone in php.ini
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/timezone.ini
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php71/php.d/99-timezone.ini
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php72/php-fpm.d/timezone.ini
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php72/php.d/99-timezone.ini
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php71/php.ini
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php72/php.ini
# max_execution_time = 300
# memory_limit = 512M
# upload_max_filesize = 50M
@ -204,33 +240,33 @@ for key in upload_max_filesize post_max_size max_execution_time max_input_time m
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
sudo systemctl restart rh-php71-php-fpm.service
sudo systemctl restart rh-php72-php-fpm.service
# To use the scheduler worker for scheduled tasks, do the following:
sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
```
### 5/ Set the permissions
----------------------
```bash
# Make sure the permissions are set correctly using the following commands as root:
sudo chown -R root:apache /var/www/MISP
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
sudo chmod -R g+r,o= /var/www/MISP
sudo chmod -R 750 /var/www/MISP
sudo chmod -R g+xws /var/www/MISP/app/tmp
sudo chmod -R g+ws /var/www/MISP/app/files
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
sudo chmod -R g+rw /var/www/MISP/venv
sudo chmod -R g+rw /var/www/MISP/.git
sudo chown apache:apache /var/www/MISP/app/files
sudo chown apache:apache /var/www/MISP/app/files/terms
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
sudo chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
sudo chown -R apache:apache /var/www/MISP/app/Config
sudo chown -R apache:apache /var/www/MISP/app/tmp
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom
sudo chown -R apache:apache $PATH_TO_MISP
sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
sudo chmod -R g+r,o= $PATH_TO_MISP
sudo chmod -R 750 $PATH_TO_MISP
sudo chmod -R g+xws $PATH_TO_MISP/app/tmp
sudo chmod -R g+ws $PATH_TO_MISP/app/files
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
sudo chmod -R g+rw $PATH_TO_MISP/venv
sudo chmod -R g+rw $PATH_TO_MISP/.git
sudo chown apache:apache $PATH_TO_MISP/app/files
sudo chown apache:apache $PATH_TO_MISP/app/files/terms
sudo chown apache:apache $PATH_TO_MISP/app/files/scripts/tmp
sudo chown apache:apache $PATH_TO_MISP/app/Plugin/CakeResque/tmp
sudo chown -R apache:apache $PATH_TO_MISP/app/Config
sudo chown -R apache:apache $PATH_TO_MISP/app/tmp
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/orgs
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/custom
```
### 6/ Create a database and user
@ -243,14 +279,14 @@ sudo systemctl start mariadb.service
sudo yum install expect -y
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
#pw="Password1234"
pw="Password1234"
expect -f - <<-EOF
set timeout 10
spawn sudo mysql_secure_installation
#expect "*?assword*"
#send -- "$pw\r"
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
@ -302,7 +338,7 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
#### Import the empty MySQL database from MYSQL.sql
```bash
sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
```
@ -321,15 +357,17 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
This guide only copies a stock **NON-SSL** configuration file.
```bash
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
sudo cp /var/www/MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
sudo cp $PATH_TO_MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
sudo rm /etc/httpd/conf.d/ssl.conf
sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
echo $OPENSSL_CN
sudo systemctl start httpd.service
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
echo "The Common Name used below will be: ${OPENSSL_CN}"
# This will take a rather long time, be ready. (13min on a VM, 8GB Ram, 1 core)
sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/private/misp.local.key
@ -341,34 +379,35 @@ cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.cr
sudo systemctl restart httpd.service
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
# Since SELinux is enabled, we need to allow httpd to write to certain directories
sudo chcon -t usr_t /var/www/MISP/venv
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
sudo chcon -t httpd_sys_script_exec_t /var/www/MISP/app/Console/cake
sudo chcon -R -t usr_t /var/www/MISP/venv
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/Config
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
sudo chcon -t usr_t $PATH_TO_MISP/venv
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/terms
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/tmp
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Plugin/CakeResque/tmp
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/cake
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/worker/start.sh
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/mispzmq/mispzmq.py
sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/mispzmq/mispzmqtest.py
sudo chcon -t httpd_sys_script_exec_t /usr/bin/ps
sudo chcon -t httpd_sys_script_exec_t /usr/bin/grep
sudo chcon -t httpd_sys_script_exec_t /usr/bin/awk
sudo chcon -t httpd_sys_script_exec_t /usr/bin/gpg
sudo chcon -R -t usr_t $PATH_TO_MISP/venv
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.git
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Lib
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/orgs
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
```
!!! warning
Revise all permissions so update in Web UI works.
Todo: Revise all permissions so update in Web UI works.
```bash
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
sudo setsebool -P httpd_can_network_connect on
@ -389,14 +428,10 @@ sudo firewall-cmd --reload
# Check out the apache.misp.ssl file for an example
```
!!! warning
To be fixed - Place holder
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
# MISP saves the stdout and stderr of it's workers in $PATH_TO_MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
@ -404,8 +439,9 @@ sudo chmod 0640 /etc/logrotate.d/misp
# Now make logrotate work under SELinux as well
# Allow logrotate to modify the log files
sudo semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
sudo chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?"
sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp/logs
# Allow logrotate to read /var/www
sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
@ -417,10 +453,10 @@ sudo semodule -i /tmp/misplogrotate.pp
---------------------
```bash
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
sudo -u apache cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
sudo -u apache cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
sudo -u apache cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
sudo -u apache cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
echo "<?php
class DATABASE_CONFIG {
@ -437,7 +473,7 @@ class DATABASE_CONFIG {
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u apache tee $PATH_TO_MISP/app/Config/database.php
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
# Configure the fields in the newly created files:
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
@ -459,14 +495,14 @@ class DATABASE_CONFIG {
# );
#}
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# If you want to be able to change configuration parameters from the webinterface:
sudo chown apache:apache /var/www/MISP/app/Config/config.php
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
sudo chown apache:apache $PATH_TO_MISP/app/Config/config.php
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
# Generate a GPG encryption key.
cat >/tmp/gen-key-script <<EOF
@ -484,17 +520,17 @@ cat >/tmp/gen-key-script <<EOF
%echo done
EOF
sudo gpg --homedir /var/www/MISP/.gnupg --batch --gen-key /tmp/gen-key-script
sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
sudo rm -f /tmp/gen-key-script
sudo chown -R apache:apache /var/www/MISP/.gnupg
sudo chown -R apache:apache $PATH_TO_MISP/.gnupg
# And export the public key to the webroot
sudo gpg --homedir /var/www/MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee /var/www/MISP/app/webroot/gpg.asc
sudo chown apache:apache /var/www/MISP/app/webroot/gpg.asc
sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
sudo chown apache:apache $PATH_TO_MISP/app/webroot/gpg.asc
# Start the workers to enable background jobs
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
sudo -u apache $RUN_PHP /var/www/MISP/app/Console/worker/start.sh
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
$SUDO_WWW $RUN_PHP $PATH_TO_MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
@ -503,7 +539,8 @@ then
sudo chmod u+x /etc/rc.local
fi
sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php71 /var/www/MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
# TODO: Fix static path with PATH_TO_MISP
sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php72 /var/www/MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
# Make sure it will execute
sudo chmod +x /etc/rc.local
@ -518,21 +555,22 @@ sudo yum install -y openjpeg-devel
sudo chmod 2777 /usr/local/src
sudo chown root:users /usr/local/src
cd /usr/local/src/
sudo -u apache git clone https://github.com/MISP/misp-modules.git
$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install .
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
sudo yum install rubygem-rouge rubygem-asciidoctor -y
##sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
# TODO: Fix static path with PATH_TO_MISP
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
```

4
mkdocs.yml
View File

@ -70,7 +70,7 @@ nav:
- Install Guides:
- 'Ubuntu 18.04': 'INSTALL.ubuntu1804.md'
- 'Kali Linux': 'INSTALL.kali.md'
- 'Redhat Enterprise Linux 7': 'INSTALL.rhel7.md'
- 'RHEL7/CentOS7': 'INSTALL.rhel7.md'
- xInstall Guides:
- 'Warning': 'xINSTALL.md'
- 'Centos 6': 'xINSTALL.centos6.md'
@ -81,7 +81,7 @@ nav:
- 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
- 'OpenBSD 6.4': 'xINSTALL.OpenBSD.md'
- 'Redhat Enterprise Linux 7.6 (BETA)': 'xINSTALL.rhel7.md'
- 'RHEL8 (Beta)': 'xINSTALL.rhel8.md'
- Config Guides:
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
- 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'