MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [installer] Deploy latest installer with automation fixes.

pull/6662/head
Steve Clement 2020-11-27 19:56:17 +09:00
parent 01432f88a9
commit 6f50e8ddfa
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
6 changed files with 53 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
INSTALL/INSTALL.sh
View File

@ -1266,59 +1266,40 @@ installDepsPhp70 () {
}
prepareDB () {
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
if sudo test ! -e "/var/lib/mysql/mysql/"; then
#Make sure initial tables are created in MySQL
debug "Install mysql tables"
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
sudo service mysql start
fi
if sudo test ! -e "/var/lib/mysql/misp/"; then
debug "Start mysql"
sudo service mysql start
debug "Setting up database"
# FIXME: If user 'misp' exists, and has a different password, the below WILL fail. Partially fixed with the Env-Var check in the beginning. (Need to implement pre-flight checks to exit gracefully if not set)
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
if [[ "${PACKER}" == "1" ]]; then
pw="Password1234"
else
pw=${MISP_PASSWORD}
fi
# Kill the anonymous users
sudo mysql -e "DROP USER IF EXISTS ''@'localhost'"
# Because our hostname varies we'll use some Bash magic here.
sudo mysql -e "DROP USER IF EXISTS ''@'$(hostname)'"
# Kill off the demo database
sudo mysql -e "DROP DATABASE IF EXISTS test"
# No root remote logins
sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
# Make sure that NOBODY can access the server without a password
sudo mysqladmin -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}"
# Make our changes take effect
sudo mysql -e "FLUSH PRIVILEGES"
if [[ ! -z ${INSTALL_USER} ]]; then
SUDO_EXPECT="sudo mysql_secure_installation"
echo "Making sure sudo session is buffered"
sudo ls -la /tmp > /dev/null 2> /dev/null
else
SUDO_EXPECT="sudo -k mysql_secure_installation"
fi
expect -f - <<-EOF
set timeout 10
spawn ${SUDO_EXPECT}
expect "*?assword*"
send -- "${pw}\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo apt-get purge -y expect ; sudo apt autoremove -qy
fi
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE DATABASE ${DBNAME};"
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT USAGE ON *.* to ${DBUSER_MISP}@localhost;"
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "FLUSH PRIVILEGES;"
# Import the empty MISP database from MYSQL.sql
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u ${DBUSER_MISP} -p${DBPASSWORD_MISP} ${DBNAME}
sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};"
sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT USAGE ON *.* to '${DBUSER_MISP}'@'localhost';"
sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES;"
# Import the empty MISP database from MYSQL.sql
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME}
}
apacheConfig () {
@ -1370,11 +1351,11 @@ installCore () {
$SUDO_WWW git config core.filemode false
# Create a python3 virtualenv
$SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
# make pip happy
sudo mkdir /var/www/.cache/
sudo chown $WWW_USER:$WWW_USER /var/www/.cache
sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
cd ${PATH_TO_MISP}/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
@ -1384,20 +1365,20 @@ installCore () {
# install mixbox to accommodate the new STIX dependencies:
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/python-maec
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-maec
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd ${PATH_TO_MISP}/PyMISP
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# FIXME: Remove libfaup etc once the egg has the library baked-in
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
cd /tmp
@ -1405,14 +1386,14 @@ installCore () {
[[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
cd gtcaca
$SUDO_CMD mkdir -p build
${SUDO_CMD} mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
sudo make install
cd ../../faup
$SUDO_CMD mkdir -p build
${SUDO_CMD} mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
sudo make install
sudo ldconfig
@ -1439,15 +1420,15 @@ installCake () {
cd ${PATH_TO_MISP}/app
# Make composer cache happy
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
$SUDO_WWW php composer.phar install
sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
${SUDO_WWW} php composer.phar install
# Enable CakeResque with php-redis
sudo phpenmod redis
sudo phpenmod gnupg
# To use the scheduler worker for scheduled tasks, do the following:
$SUDO_WWW cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php

6
INSTALL/INSTALL.sh.sfv
View File

@ -1,5 +1,5 @@
; Generated by RHash v1.3.9 on 2020-11-27 at 17:41.49
; Generated by RHash v1.3.9 on 2020-11-27 at 19:55.55
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
;
; 134715 17:41.49 2020-11-27 INSTALL.sh
INSTALL.sh D1DA7C4045EB88F05236ACB72DF96CF5671C9EB8 156E96E2AA2F3F4D7EF6342B2355EEF445A7020F6E826D8C167B85965847A540 CEA44E962B4162F2388170CB304FF6C37DEE5189FA70AE9AF6AB9911A8A39EB74CD67A0827F90A72AC1C94EC5A291748 0CF6D3CEEE4CE78A85C617A8993A49D8966367EF29966B70048C7C172F51684BA1128B9578367ED05B8312E397FCEB65DD0395DCCB5C1CDBBB5E131F06E42232
; 134323 19:55.55 2020-11-27 INSTALL.sh
INSTALL.sh EB109DE2C5E46B039D05BB334A6E34A5D3DC7D1C B2C1FAAF52D5AD8F33B16A845CCDE2C6F60285DE496DA7F4414B36169BA023A4 0AE91EDE2DBF2913A8D25D34C7610D7B157AE18F7E1B506ED1E07C71470A91F91508C02308DFB004D885864B01150BFB 4D86ECA8FC20278A5DA69F91DFE415F4DE5A6448CEB68E85FF29F06D0D48FAD422C1E89F3FB5555FBF8B33655B40B55EDAB0B00C97AD6B3FFDF9B1E3D9926ADF

2
INSTALL/INSTALL.sh.sha1
View File

@ -1 +1 @@
d1da7c4045eb88f05236acb72df96cf5671c9eb8 INSTALL.sh
eb109de2c5e46b039d05bb334a6e34a5d3dc7d1c INSTALL.sh

2
INSTALL/INSTALL.sh.sha256
View File

@ -1 +1 @@
156e96e2aa2f3f4d7ef6342b2355eef445a7020f6e826d8c167b85965847a540 INSTALL.sh
b2c1faaf52d5ad8f33b16a845ccde2c6f60285de496da7f4414b36169ba023a4 INSTALL.sh

2
INSTALL/INSTALL.sh.sha384
View File

@ -1 +1 @@
cea44e962b4162f2388170cb304ff6c37dee5189fa70ae9af6ab9911a8a39eb74cd67a0827f90a72ac1c94ec5a291748 INSTALL.sh
0ae91ede2dbf2913a8d25d34c7610d7b157ae18f7e1b506ed1e07c71470a91f91508c02308dfb004d885864b01150bfb INSTALL.sh

2
INSTALL/INSTALL.sh.sha512
View File

@ -1 +1 @@
0cf6d3ceee4ce78a85c617a8993a49d8966367ef29966b70048c7c172f51684ba1128b9578367ed05b8312e397fceb65dd0395dccb5c1cdbbb5e131f06e42232 INSTALL.sh
4d86eca8fc20278a5da69f91dfe415f4de5a6448ceb68e85ff29f06d0d48fad422c1e89f3fb5555fbf8b33655b40b55edab0b00c97ad6b3ffdf9b1e3d9926adf INSTALL.sh