Merge pull request #4230 from SteveClement/guides

new: [installer] Update installer to make use of systemd service units

INSTALL/INSTALL.debian.sh

@@ -747,7 +747,6 @@ genRCLOCAL () {
   sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
   sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
   sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
-  sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
 }
 
 # Final function to let the user know what happened
@@ -1266,7 +1265,7 @@ backgroundWorkers () {
 # Main MISP Modules install function
 mispmodules () {
   # FIXME:  this is broken, ${PATH_TO_MISP} is litteral
-  sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
+##sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
   cd /usr/local/src/
   ## TODO: checkUsrLocalSrc in main doc
   $SUDO_USER git clone https://github.com/MISP/misp-modules.git
@@ -1284,7 +1283,10 @@ mispmodules () {
 
   # install additional dependencies for extended object generation and extraction
   $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib
-  # Start misp-modules
+  # Start misp-modules as a service
+  sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
+  sudo systemctl daemon-reload
+  sudo systemctl enable --now misp-modules
   $SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
 
   # Sleep 9 seconds to give misp-modules a chance to spawn
@@ -1976,9 +1978,11 @@ installMISPonKali () {
   debug "Setting up GnuPG"
   setupGnuPG 2> /dev/null > /dev/null
 
-  debug "Starting workers"
+  debug "Adding workers to systemd"
   chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-  $SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh
+  sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
+  sudo systemctl daemon-reload
+  sudo systemctl enable --now misp-workers
 
   debug "Running Core Cake commands"
   coreCAKE 2> /dev/null > /dev/null

INSTALL/INSTALL.debian.tpl.sh

@@ -543,9 +543,11 @@ installMISPonKali () {
   debug "Setting up GnuPG"
   setupGnuPG 2> /dev/null > /dev/null
 
-  debug "Starting workers"
+  debug "Adding workers to systemd"
   chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-  $SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh
+  sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
+  sudo systemctl daemon-reload
+  sudo systemctl enable --now misp-workers
 
   debug "Running Core Cake commands"
   coreCAKE 2> /dev/null > /dev/null

docs/INSTALL.kali.md

@@ -1,8 +1,8 @@
 # INSTALLATION INSTRUCTIONS
-## for Kali Linux 2018.4
+## for Kali Linux 2019.1
 # 0/ Quick MISP Instance on Kali Linux - Status
 
-This has been tested by @SteveClement on 20190115
+This has been tested by @SteveClement on 20190221
 
 # 1/ Prepare Kali with a MISP User
 

docs/generic/misp-modules-debian.md

@@ -5,7 +5,7 @@
 # Main MISP Modules install function
 mispmodules () {
   # FIXME:  this is broken, ${PATH_TO_MISP} is litteral
-  sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
+##sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
   cd /usr/local/src/
   ## TODO: checkUsrLocalSrc in main doc
   $SUDO_USER git clone https://github.com/MISP/misp-modules.git
@@ -23,7 +23,10 @@ mispmodules () {
 
   # install additional dependencies for extended object generation and extraction
   $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib
-  # Start misp-modules
+  # Start misp-modules as a service
+  sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
+  sudo systemctl daemon-reload
+  sudo systemctl enable --now misp-modules
   $SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
 
   # Sleep 9 seconds to give misp-modules a chance to spawn

docs/generic/supportFunctions.md

@@ -620,7 +620,6 @@ genRCLOCAL () {
   sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
   sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
   sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
-  sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
 }
 
 # Final function to let the user know what happened

docs/xINSTALL.centos7.md

@@ -334,7 +334,7 @@ sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
 sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
 sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/private/misp.local.key
 sudo rm /tmp/misp.local.key
-sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
+sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
 sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
 sudo ln -s /etc/pki/tls/certs/misp.local.csr /etc/pki/tls/certs/misp-chain.crt
 cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.crt