MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [installer] Update after Kali Linux fix

pull/5914/head
Steve Clement 2020-05-17 02:04:33 +09:00
parent ccb9f1fdf3
commit 6ce35e2ece
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
6 changed files with 190 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

340
INSTALL/INSTALL.sh
View File

@ -276,7 +276,7 @@ checkFlavour () {
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
fi
case "$FLAVOUR" in
case "${FLAVOUR}" in
ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
@ -301,7 +301,7 @@ checkFlavour () {
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
dist_version=${dist_version:0:1}
fi
echo "$FLAVOUR support is experimental at the moment"
echo "${FLAVOUR} support is experimental at the moment"
;;
rhel|ol|sles)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
@ -309,7 +309,7 @@ checkFlavour () {
dist_version=${dist_version:0:1} # Only interested about major version
fi
# Only tested for RHEL 7 so far
echo "$FLAVOUR support is experimental at the moment"
echo "${FLAVOUR} support is experimental at the moment"
;;
*)
if command_exists lsb_release; then
@ -322,7 +322,7 @@ checkFlavour () {
esac
# FIXME: The below want to be refactored
if [ "$FLAVOUR" == "ubuntu" ]; then
if [ "${FLAVOUR}" == "ubuntu" ]; then
RELEASE=$(lsb_release -s -r)
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
else
@ -345,7 +345,7 @@ check_forked () {
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$FLAVOUR' version '$dist_version'.
You're using '${FLAVOUR}' version '${dist_version}'.
EOF
# Get the upstream release info
FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
@ -353,10 +353,10 @@ EOF
# Print info about upstream distro
cat <<-EOF
Upstream release is '$FLAVOUR' version '$dist_version'.
Upstream release is '${FLAVOUR}' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$FLAVOUR" != "ubuntu" ] && [ "$FLAVOUR" != "raspbian" ]; then
if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then
# We're Debian and don't even know it!
FLAVOUR=debian
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
@ -378,7 +378,7 @@ EOF
checkInstaller () {
# Workaround: shasum is not available on RHEL, only checking sha512
if [[ $FLAVOUR == "rhel" ]] || [[ $FLAVOUR == "centos" ]]; then
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
INSTsum=$(sha512sum ${0} | cut -f1 -d\ )
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512
chsum=$(cat /tmp/INSTALL.sh.sha512)
@ -390,8 +390,8 @@ checkInstaller () {
fi
else
# TODO: Implement $FLAVOUR checks and install depending on the platform we are on
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) != 0 ]]; then
sudo apt update
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then
checkAptLock
sudo apt install libdigest-sha-perl -qyy
fi
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
@ -414,12 +414,12 @@ checkInstaller () {
# Extract manufacturer
checkManufacturer () {
if [ -z $(which dmidecode) ]; then
if [[ -z $(which dmidecode) ]]; then
checkAptLock
sudo apt install dmidecode -qy
fi
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
echo $MANUFACTURER
debug ${MANUFACTURER}
}
# Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static.
@ -481,7 +481,7 @@ progress () {
checkLocale () {
debug "Checking Locale"
# If locale is missing, generate and install a common UTF-8
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) == "1" ]]; then
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then
checkAptLock
sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy
sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
@ -492,6 +492,7 @@ checkLocale () {
# Simple function to check command exit code
checkFail () {
# '-ne' checks for numerical differences, '==' used for strings
if [[ $2 -ne 0 ]]; then
echo "iAmError: $1"
echo "The last command exited with error code: $2"
@ -528,7 +529,7 @@ clean () {
# Check if misp user is present and if run as root
checkID () {
debug "Checking if run as root and $MISP_USER is present"
if [[ $EUID == 0 ]]; then
if [[ $EUID -eq 0 ]]; then
echo "This script cannot be run as a root"
clean > /dev/null 2>&1
exit 1
@ -658,12 +659,23 @@ kaliSpaceSaver () {
# Because Kali is l33t we make sure we DO NOT run as root
kaliOnTheR0ckz () {
if [[ $EUID == 0 ]]; then
echo "This script must NOT be run as root"
exit 1
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
totalRoot=$(df -k | grep /$ |awk '{ print $2 }')
totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}')
overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present
if [[ ${totalRoot} -lt 3059034 ]]; then
echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space."
echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough."
echo "6-8Gb should be fine. (need >3Gb overlayFS)"
exit 1
fi
if [[ ${EUID} -eq 0 ]]; then
echo "This script must NOT be run as root"
exit 1
elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER}
echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd
else
# TODO: Make sure we consider this further down the road
echo "User ${MISP_USER} exists, skipping creation"
@ -672,20 +684,25 @@ kaliOnTheR0ckz () {
setBaseURL () {
debug "Setting Base URL"
CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP")
IFACE=`echo $CONN |awk {'print $1'}`
IP=`echo $CONN |awk {'print $2'}| cut -f1 -d/`
if [[ "$(checkManufacturer)" != "innotek GmbH" ]] && [[ "$(checkManufacturer)" != "VMware, Inc." ]] && [[ "$(checkManufacturer)" != "QEMU" ]]; then
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
if [[ "$UNATTENDED" != "1" ]]; then
IFACE=$(echo $CONN |awk {'print $1'})
IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/)
[[ -n ${MANUFACTURER} ]] || checkManufacturer
if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then
debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be."
if [[ "${UNATTENDED}" != "1" ]]; then
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
echo "Do you want to change it now? (y/n) "
read ANSWER
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
if [[ "$ANSWER" == "y" ]]; then
if [[ ! -z $IP ]]; then
echo "It seems you have an interface called $IFACE UP with the following IP: $IP - FYI"
echo "Thus your Base URL could be: https://$IP"
ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]')
if [[ "${ANSWER}" == "y" ]]; then
if [[ ! -z ${IP} ]]; then
echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI"
echo "Thus your Base URL could be: https://${IP}"
fi
echo "Please enter the Base URL, e.g: 'https://example.org'"
echo ""
@ -699,17 +716,17 @@ setBaseURL () {
# Webserver configuration
FQDN='misp.local'
fi
elif [[ $KALI == "1" ]]; then
elif [[ "${KALI}" == "1" ]]; then
MISP_BASEURL="https://misp.local"
# Webserver configuration
FQDN='misp.local'
elif [[ "$(checkManufacturer)" == "innotek GmbH" ]]; then
elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then
MISP_BASEURL='https://localhost:8443'
IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1)
sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443
# Webserver configuration
FQDN='localhost.localdomain'
elif [[ "$(checkManufacturer)" == "VMware, Inc." ]]; then
elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then
MISP_BASEURL='""'
# Webserver configuration
FQDN='misp.local'
@ -740,7 +757,6 @@ installRNG () {
# Kali upgrade
kaliUpgrade () {
debug "Running various Kali upgrade tasks"
sudo apt update
checkAptLock
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
@ -770,6 +786,9 @@ if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
# Simple function to make sure APT is not locked
checkAptLock () {
SLEEP=3
if [[ -n ${APT_UPDATED} ]]; then
sudo apt update && APT_UPDATED=1
fi
while [ "$DONE" != "0" ]; do
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
@ -784,7 +803,7 @@ installDepsPhp70 () {
debug "Installing PHP 7.0 dependencies"
PHP_ETC_BASE=/etc/php/7.0
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
@ -804,22 +823,36 @@ installDepsPhp73 () {
debug "Installing PHP 7.3 dependencies"
PHP_ETC_BASE=/etc/php/7.3
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-redis php-gnupg \
php-gd
if [[ ! -n ${KALI} ]]; then
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-redis php-gnupg \
php-gd
else
sudo apt install -qy \
libapache2-mod-php7.3 \
libgpgme-dev \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php7.3-gd
sudo pecl channel-update pecl.php.net
#sudo pear config-set php_ini ${PHP_INI}
echo "" |sudo pecl install redis
sudo pecl install gnupg
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
fi
}
# Installing core dependencies
installDeps () {
debug "Installing core dependencies"
checkAptLock
sudo apt update
sudo apt install -qy etckeeper
# Skip dist-upgrade for now, pulls in 500+ updated packages
#sudo apt -y dist-upgrade
@ -951,64 +984,55 @@ genApacheConf () {
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-ssl.conf
}
# Add git pull update mechanism to rc.local - TODO: Make this better
gitPullAllRCLOCAL () {
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
sed -i -e '$i \done\n' /etc/rc.local
sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
sudo sed -i -e '$i \done\n' /etc/rc.local
}
# Main composer function
composer () {
sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
${SUDO_WWW} sh -c 'cd ${PATH_TO_MISP}/app ; php composer.phar install'
}
# Composer on php 7.0 does not need any special treatment the provided phar works well
alias composer70='composer72'
alias composer70=composer
# Composer on php 7.2 does not need any special treatment the provided phar works well
composer72 () {
cd $PATH_TO_MISP/app
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
$SUDO_WWW php composer.phar install
}
alias composer72=composer
# Composer on php 7.3 needs a recent version of composer.phar
composer73 () {
cd $PATH_TO_MISP/app
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
# Update composer.phar
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
# Current Sum for: v1.8.3
SHA384_SUM="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
checkFail "composer.phar checksum failed, please investigate manually. " $?
$SUDO_WWW php composer-setup.php
$SUDO_WWW php -r "unlink('composer-setup.php');"
$SUDO_WWW php composer.phar install
}
# Composer on php 7.3 does not need any special treatment the provided phar works well
alias composer73=composer
# TODO: this is probably a useless function
# Enable various core services
enableServices () {
update-rc.d mysql enable
update-rc.d apache2 enable
update-rc.d redis-server enable
sudo systemctl daemon-reload
sudo systemctl enable --now mysql
sudo systemctl enable --now apache2
sudo systemctl enable --now redis-server
}
# TODO: check if this makes sense
# Generate rc.local
genRCLOCAL () {
if [ ! -e /etc/rc.local ]; then
if [[ ! -e /etc/rc.local ]]; then
echo '#!/bin/sh -e' | tee -a /etc/rc.local
echo 'exit 0' | tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
chmod u+x /etc/rc.local
fi
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
}
# Run PyMISP tests
@ -1017,9 +1041,9 @@ runTests () {
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
}
# Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster
@ -1097,7 +1121,6 @@ theEnd () {
aptUpgrade () {
debug "Upgrading system"
checkAptLock
sudo apt-get update
# If we run in non-interactive mode, make sure we do not stop all of a sudden
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
@ -1152,7 +1175,7 @@ installDepsPhp74 () {
debug "Installing PHP 7.4 dependencies"
PHP_ETC_BASE=/etc/php/7.4
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
@ -1172,15 +1195,30 @@ installDepsPhp73 () {
debug "Installing PHP 7.3 dependencies"
PHP_ETC_BASE=/etc/php/7.3
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-redis php-gnupg \
php-gd
if [[ ! -n ${KALI} ]]; then
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-redis php-gnupg \
php-gd
else
sudo apt install -qy \
libapache2-mod-php7.3 \
libgpgme-dev \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php7.3-gd
sudo pecl channel-update pecl.php.net
#sudo pear config-set php_ini ${PHP_INI}
echo "" |sudo pecl install redis
sudo pecl install gnupg
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
fi
}
# Install Php 7.2 dependencies
@ -1188,7 +1226,7 @@ installDepsPhp72 () {
debug "Installing PHP 7.2 dependencies"
PHP_ETC_BASE=/etc/php/7.2
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
@ -1208,7 +1246,7 @@ installDepsPhp70 () {
debug "Installing PHP 7.0 dependencies"
PHP_ETC_BASE=/etc/php/7.0
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
@ -2559,13 +2597,13 @@ colors () {
}
generateInstaller () {
if [ ! -f $(which xsnippet) ]; then
if [[ ! -f $(which xsnippet) ]]; then
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
echo "git clone https://github.com/SteveClement/xsnippet.git"
exit 1
fi
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.tpl.sh" ]]; then
if [[ "$(echo $0 |grep -e '^\.\/')" != "./INSTALL.tpl.sh" ]]; then
echo -e "${RED}iAmError!${NC}"
echo -e "To generate the installer call it with './INSTALL.tpl.sh' otherwise things will break."
echo -e "You called: ${RED}$0${NC}"
@ -2649,7 +2687,7 @@ generateInstaller () {
[[ $(type -t debug) == "alias" ]] && unalias debug
debug () {
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
if [ ! -z $DEBUG ]; then
if [[ ! -z ${DEBUG} ]]; then
NO_PROGRESS=1
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
exec 3>&1
@ -2849,9 +2887,8 @@ installMISPonKali () {
sudo phpenmod -v 7.3 redis
sudo phpenmod -v 7.3 gnupg
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
debug "Apache2 ops: dismod: status - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
sudo a2dismod status
sudo a2dismod php7.2
sudo a2enmod ssl rewrite headers php7.3
sudo a2dissite 000-default
sudo a2ensite default-ssl
@ -2866,21 +2903,20 @@ installMISPonKali () {
sudo mkdir $PATH_TO_MISP
sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
cd $PATH_TO_MISP
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP; done
$SUDO_WWW git config core.filemode false
cd $PATH_TO_MISP
$SUDO_WWW git submodule update --init --recursive
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git submodule update --progress --init --recursive; done
# Make git ignore filesystem permission differences for submodules
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git; done
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git; done
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git; done
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MAECProject/python-maec.git; done
sudo mkdir /var/www/.cache/
@ -2889,8 +2925,9 @@ installMISPonKali () {
sudo chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
sudo chown $WWW_USER:$WWW_USER /var/www/.cache
debug "Generating rc.local"
genRCLOCAL
## Not really needed...
## debug "Generating rc.local"
## genRCLOCAL
debug "Setting up main MISP virtualenv"
# Needs virtualenv
@ -2914,9 +2951,9 @@ installMISPonKali () {
# install STIX2.0 library to support STIX 2.0 export
debug "Installing cti-python-stix2"
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I antlr4-python3-runtime==4.7.2
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
debug "Installing mixbox"
cd $PATH_TO_MISP/app/files/scripts/mixbox
@ -2928,7 +2965,7 @@ installMISPonKali () {
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
# install pydeep
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
false; while [[ $? -ne 0 ]]; do $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
# install lief
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
@ -2942,15 +2979,8 @@ installMISPonKali () {
# install zmq needed by mispzmq
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq
# Install Crypt_GPG and Console_CommandLine
debug "Installing pear Console_CommandLine"
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
debug "Installing pear Crypt_GPG"
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
##debug "Installing composer with php 7.3 updates"
##composer73
debug "Installing cake"
composer73
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
@ -2964,7 +2994,7 @@ installMISPonKali () {
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
echo "
set timeout 10
spawn mysql_secure_installation
spawn sudo mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send -- \"\r\"
expect \"Set root password?\"
@ -2983,13 +3013,14 @@ installMISPonKali () {
send -- \"y\r\"
expect eof" | expect -f -
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
enableServices
debug "Populating database"
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
echo "<?php
@ -3051,20 +3082,19 @@ installMISPonKali () {
setupGnuPG
debug "Adding workers to systemd"
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now misp-workers
backgroundWorkers
debug "Running Core Cake commands"
coreCAKE
## FIXME: The current state of misp-dashboard is broken, disabling any use.
##dashboardCAKE
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
updateGOWNT
gitPullAllRCLOCAL
# This is not needed atm...
##gitPullAllRCLOCAL
checkUsrLocalSrc
@ -3096,17 +3126,17 @@ installMISPRHEL () {
if [[ -n $CORE ]] || [[ -n $ALL ]]; then
space
echo "Proceeding with MISP core installation on RHEL $dist_version"
echo "Proceeding with MISP core installation on RHEL ${dist_version}"
space
id -u "$MISP_USER" > /dev/null
if [ $? -eq 1 ]; then
id -u "${MISP_USER}" > /dev/null
if [[ $? -eq 1 ]]; then
debug "Creating MISP user"
sudo useradd -r "$MISP_USER"
sudo useradd -r "${MISP_USER}"
fi
debug "Enabling Extras Repos (SCL)"
if [[ $FLAVOUR == "rhel" ]]; then
if [[ "${FLAVOUR}" == "rhel" ]]; then
sudo subscription-manager register --auto-attach
enableReposRHEL
enableEPEL
@ -3187,7 +3217,7 @@ debug "Setting MISP variables"
MISPvars
debug "Checking for parameters or Unattended Kali Install"
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
if [[ $# -eq 0 && "$0" != "/tmp/misp-kali.sh" ]]; then
usage
exit
else
@ -3232,10 +3262,6 @@ x86_64-debian-stretch
x86_64-debian-buster
x86_64-ubuntu-bionic
x86_64-ubuntu-focal
x86_64-kali-2019.1
x86_64-kali-2019.2
x86_64-kali-2019.3
x86_64-kali-2019.4
x86_64-kali-2020.1
x86_64-kali-2020.2
x86_64-kali-2020.3
@ -3261,30 +3287,30 @@ EOF
fi
# If Ubuntu is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "ubuntu" ]; then
if [[ "${FLAVOUR}" == "ubuntu" ]]; then
RELEASE=$(lsb_release -s -r| tr '[:upper:]' '[:lower:]')
if [ "${RELEASE}" == "18.04" ]; then
if [[ "${RELEASE}" == "18.04" ]]; then
echo "Install on Ubuntu 18.04 LTS fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported && exit || exit
fi
if [ "${RELEASE}" == "20.04" ]; then
if [[ "${RELEASE}" == "20.04" ]]; then
echo "Install on Ubuntu 20.04 LTS fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported PHP="7.4" && exit || exit
fi
if [ "${RELEASE}" == "18.10" ]; then
if [[ "${RELEASE}" == "18.10" ]]; then
echo "Install on Ubuntu 18.10 partially supported, bye."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported && exit || exit
fi
if [ "${RELEASE}" == "19.04" ]; then
if [[ "${RELEASE}" == "19.04" ]]; then
echo "Install on Ubuntu 19.04 partially supported bye."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported && exit || exit
exit 1
fi
if [ "${RELEASE}" == "19.10" ]; then
if [[ "${RELEASE}" == "19.10" ]]; then
echo "Install on Ubuntu 19.10 not supported, bye"
exit 1
fi
@ -3293,19 +3319,19 @@ if [ "${FLAVOUR}" == "ubuntu" ]; then
fi
# If Debian is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "debian" ]; then
if [[ "${FLAVOUR}" == "debian" ]]; then
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
if [ "${CODE}" == "buster" ]; then
if [[ "${CODE}" == "buster" ]]; then
echo "Install on Debian testing fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported PHP=7.3 && exit || exit
fi
if [ "${CODE}" == "sid" ]; then
if [[ "${CODE}" == "sid" ]]; then
echo "Install on Debian unstable not fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported PHP=7.3 && exit || exit
fi
if [ "${CODE}" == "stretch" ]; then
if [[ "${CODE}" == "stretch" ]]; then
echo "Install on Debian stable fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported PHP=7.0 && exit || exit
@ -3315,13 +3341,13 @@ if [ "${FLAVOUR}" == "debian" ]; then
fi
# If Tsurugi is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "tsurugi" ]; then
if [[ "${FLAVOUR}" == "tsurugi" ]]; then
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
if [ "${CODE}" == "bamboo" ]; then
if [[ "${CODE}" == "bamboo" ]]; then
echo "Install on Tsurugi Lab partially supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ "${CODE}" == "soy sauce" ]; then
if [[ "${CODE}" == "soy sauce" ]]; then
echo "Install on Tsurugi Acquire partially supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
@ -3330,7 +3356,7 @@ if [ "${FLAVOUR}" == "tsurugi" ]; then
fi
# If Kali Linux is detected, run the acccording scripts
if [ "${FLAVOUR}" == "kali" ]; then
if [[ "${FLAVOUR}" == "kali" ]]; then
KALI=1
kaliOnTheR0ckz
installMISPonKali
@ -3339,7 +3365,7 @@ if [ "${FLAVOUR}" == "kali" ]; then
fi
# If RHEL/CentOS is detected, run appropriate script
if [ "${FLAVOUR}" == "rhel" ] || [ "${FLAVOUR}" == "centos" ]; then
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
installMISPRHEL
echo "Installation done !"
exit

6
INSTALL/INSTALL.sh.sfv
View File

@ -1,5 +1,5 @@
; Generated by RHash v1.3.9 on 2020-05-16 at 16:40.58
; Generated by RHash v1.3.9 on 2020-05-17 at 02:04.11
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
;
; 131812 16:40.58 2020-05-16 INSTALL.sh
INSTALL.sh FD9F33342F562CF3DE992F9644082FB29AC1C3F0 DDE780A19C655717B609AF8D45EA315AC4555CA4F88DB3BCE518FC76ADCA9349 CA90F94284E897AA3E943DB1FBBBF0CB273F963AE5A48BA5D4D45ED06E3217460B47FEB46641C56E544517111519E161 A80AE6680717D639DB88F2A15DBA2799F90A346EBC3C40F80E05A96D253D0A0C21B9FE8C28C628090BCCC3236B662B435D9DFFF8699B8EF9960A3146588B6BD6
; 132882 02:04.10 2020-05-17 INSTALL.sh
INSTALL.sh A720322B708A52090C768F463BABAE4355B310B5 93729A8011AD999211C187A7D90482DE1C06DF8594EE39DEE4C2F28F32BCDFD3 0BCB25AEE4856CBA5A801D07A78726E7E4AD047F67C84548F57F750027D36FB99B75ACB8DEDB1D38D4EBEBA415266680 2299E6E4703DFD575390E704F5E2465EFFF593006BA08E00DC6D8D63DADE7B1A475A0C33F17A5AB8CE89037B5BD6E802F066B81DDA6ADE6EF2BC6183F3655A1D

2
INSTALL/INSTALL.sh.sha1
View File

@ -1 +1 @@
fd9f33342f562cf3de992f9644082fb29ac1c3f0 INSTALL.sh
a720322b708a52090c768f463babae4355b310b5 INSTALL.sh

2
INSTALL/INSTALL.sh.sha256
View File

@ -1 +1 @@
dde780a19c655717b609af8d45ea315ac4555ca4f88db3bce518fc76adca9349 INSTALL.sh
93729a8011ad999211c187a7d90482de1c06df8594ee39dee4c2f28f32bcdfd3 INSTALL.sh

2
INSTALL/INSTALL.sh.sha384
View File

@ -1 +1 @@
ca90f94284e897aa3e943db1fbbbf0cb273f963ae5a48ba5d4d45ed06e3217460b47feb46641c56e544517111519e161 INSTALL.sh
0bcb25aee4856cba5a801d07a78726e7e4ad047f67c84548f57f750027d36fb99b75acb8dedb1d38d4ebeba415266680 INSTALL.sh

2
INSTALL/INSTALL.sh.sha512
View File

@ -1 +1 @@
a80ae6680717d639db88f2a15dba2799f90a346ebc3c40f80e05a96d253d0a0c21b9fe8c28c628090bccc3236b662b435d9dfff8699b8ef9960a3146588b6bd6 INSTALL.sh
2299e6e4703dfd575390e704f5e2465efff593006ba08e00dc6d8d63dade7b1a475a0c33f17a5ab8ce89037b5bd6e802f066b81dda6ade6ef2bc6183f3655a1d INSTALL.sh