From 6f50e8ddfa44dd8ade3251ed6b7eff4cf82ad536 Mon Sep 17 00:00:00 2001
From: Steve Clement <steve@localhost.lu>
Date: Fri, 27 Nov 2020 19:56:17 +0900
Subject: [PATCH] chg: [installer] Deploy latest installer with automation
 fixes.

---
 INSTALL/INSTALL.sh        | 111 ++++++++++++++++----------------------
 INSTALL/INSTALL.sh.sfv    |   6 +--
 INSTALL/INSTALL.sh.sha1   |   2 +-
 INSTALL/INSTALL.sh.sha256 |   2 +-
 INSTALL/INSTALL.sh.sha384 |   2 +-
 INSTALL/INSTALL.sh.sha512 |   2 +-
 6 files changed, 53 insertions(+), 72 deletions(-)

diff --git a/INSTALL/INSTALL.sh b/INSTALL/INSTALL.sh
index 193cda5c2..911c7041c 100755
--- a/INSTALL/INSTALL.sh
+++ b/INSTALL/INSTALL.sh
@@ -1266,59 +1266,40 @@ installDepsPhp70 () {
 }
 
 prepareDB () {
-  if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
+  if sudo test ! -e "/var/lib/mysql/mysql/"; then
+    #Make sure initial tables are created in MySQL
+    debug "Install mysql tables"
+    sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
+    sudo service mysql start
+  fi
+
+  if sudo test ! -e "/var/lib/mysql/misp/"; then
+    debug "Start mysql"
+    sudo service mysql start
+
     debug "Setting up database"
 
-    # FIXME: If user 'misp' exists, and has a different password, the below WILL fail. Partially fixed with the Env-Var check in the beginning. (Need to implement pre-flight checks to exit gracefully if not set)
-    # Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
-    if [[ "${PACKER}" == "1" ]]; then
-      pw="Password1234"
-    else
-      pw=${MISP_PASSWORD}
-    fi
+    # Kill the anonymous users
+    sudo mysql -e "DROP USER IF EXISTS ''@'localhost'"
+    # Because our hostname varies we'll use some Bash magic here.
+    sudo mysql -e "DROP USER IF EXISTS ''@'$(hostname)'"
+    # Kill off the demo database
+    sudo mysql -e "DROP DATABASE IF EXISTS test"
+    # No root remote logins
+    sudo mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
+    # Make sure that NOBODY can access the server without a password
+    sudo mysqladmin -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}"
+    # Make our changes take effect
+    sudo mysql -e "FLUSH PRIVILEGES"
 
-    if [[ ! -z ${INSTALL_USER} ]]; then
-      SUDO_EXPECT="sudo mysql_secure_installation"
-      echo "Making sure sudo session is buffered"
-      sudo ls -la /tmp > /dev/null 2> /dev/null
-    else
-      SUDO_EXPECT="sudo -k mysql_secure_installation"
-    fi
 
-    expect -f - <<-EOF
-      set timeout 10
-
-      spawn ${SUDO_EXPECT}
-      expect "*?assword*"
-      send -- "${pw}\r"
-      expect "Enter current password for root (enter for none):"
-      send -- "\r"
-      expect "Set root password?"
-      send -- "y\r"
-      expect "New password:"
-      send -- "${DBPASSWORD_ADMIN}\r"
-      expect "Re-enter new password:"
-      send -- "${DBPASSWORD_ADMIN}\r"
-      expect "Remove anonymous users?"
-      send -- "y\r"
-      expect "Disallow root login remotely?"
-      send -- "y\r"
-      expect "Remove test database and access to it?"
-      send -- "y\r"
-      expect "Reload privilege tables now?"
-      send -- "y\r"
-      expect eof
-EOF
-    sudo apt-get purge -y expect ; sudo apt autoremove -qy
-  fi 
-
-  sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE DATABASE ${DBNAME};"
-  sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
-  sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT USAGE ON *.* to ${DBUSER_MISP}@localhost;"
-  sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
-  sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "FLUSH PRIVILEGES;"
-  # Import the empty MISP database from MYSQL.sql
-  ${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u ${DBUSER_MISP} -p${DBPASSWORD_MISP} ${DBNAME}
+    sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};"
+    sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
+    sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT USAGE ON *.* to '${DBUSER_MISP}'@'localhost';"
+    sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
+    sudo mysql -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES;"
+    # Import the empty MISP database from MYSQL.sql
+    ${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME}
 }
 
 apacheConfig () {
@@ -1370,11 +1351,11 @@ installCore () {
   $SUDO_WWW git config core.filemode false
 
   # Create a python3 virtualenv
-  $SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
+  ${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
 
   # make pip happy
   sudo mkdir /var/www/.cache/
-  sudo chown $WWW_USER:$WWW_USER /var/www/.cache
+  sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
 
   cd ${PATH_TO_MISP}/app/files/scripts
   $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
@@ -1384,20 +1365,20 @@ installCore () {
   # install mixbox to accommodate the new STIX dependencies:
   $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
   cd ${PATH_TO_MISP}/app/files/scripts/mixbox
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
   cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
   cd ${PATH_TO_MISP}/app/files/scripts/python-stix
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
-  cd $PATH_TO_MISP/app/files/scripts/python-maec
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
+  cd ${PATH_TO_MISP}/app/files/scripts/python-maec
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
   # install STIX2.0 library to support STIX 2.0 export:
   cd ${PATH_TO_MISP}/cti-python-stix2
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
 
   # install PyMISP
   cd ${PATH_TO_MISP}/PyMISP
-  $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
+  ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
   # FIXME: Remove libfaup etc once the egg has the library baked-in
   sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
   cd /tmp
@@ -1405,14 +1386,14 @@ installCore () {
   [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
   sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
   cd gtcaca
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
   cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
   sudo make install
   cd ../../faup
-  $SUDO_CMD mkdir -p build
+  ${SUDO_CMD} mkdir -p build
   cd build
-  $SUDO_CMD cmake .. && $SUDO_CMD make
+  ${SUDO_CMD} cmake .. && ${SUDO_CMD} make
   sudo make install
   sudo ldconfig
 
@@ -1439,15 +1420,15 @@ installCake () {
   cd ${PATH_TO_MISP}/app
   # Make composer cache happy
   # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
-  sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
-  $SUDO_WWW php composer.phar install
+  sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
+  ${SUDO_WWW} php composer.phar install
 
   # Enable CakeResque with php-redis
   sudo phpenmod redis
   sudo phpenmod gnupg
 
   # To use the scheduler worker for scheduled tasks, do the following:
-  $SUDO_WWW cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
+  ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
 
   # If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
   # The default Redis port can be updated in Plugin/CakeResque/Config/config.php
diff --git a/INSTALL/INSTALL.sh.sfv b/INSTALL/INSTALL.sh.sfv
index 11ae9b8bd..56178279d 100644
--- a/INSTALL/INSTALL.sh.sfv
+++ b/INSTALL/INSTALL.sh.sfv
@@ -1,5 +1,5 @@
-; Generated by RHash v1.3.9 on 2020-11-27 at 17:41.49
+; Generated by RHash v1.3.9 on 2020-11-27 at 19:55.55
 ; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
 ;
-;       134715  17:41.49 2020-11-27 INSTALL.sh
-INSTALL.sh D1DA7C4045EB88F05236ACB72DF96CF5671C9EB8 156E96E2AA2F3F4D7EF6342B2355EEF445A7020F6E826D8C167B85965847A540 CEA44E962B4162F2388170CB304FF6C37DEE5189FA70AE9AF6AB9911A8A39EB74CD67A0827F90A72AC1C94EC5A291748 0CF6D3CEEE4CE78A85C617A8993A49D8966367EF29966B70048C7C172F51684BA1128B9578367ED05B8312E397FCEB65DD0395DCCB5C1CDBBB5E131F06E42232
+;       134323  19:55.55 2020-11-27 INSTALL.sh
+INSTALL.sh EB109DE2C5E46B039D05BB334A6E34A5D3DC7D1C B2C1FAAF52D5AD8F33B16A845CCDE2C6F60285DE496DA7F4414B36169BA023A4 0AE91EDE2DBF2913A8D25D34C7610D7B157AE18F7E1B506ED1E07C71470A91F91508C02308DFB004D885864B01150BFB 4D86ECA8FC20278A5DA69F91DFE415F4DE5A6448CEB68E85FF29F06D0D48FAD422C1E89F3FB5555FBF8B33655B40B55EDAB0B00C97AD6B3FFDF9B1E3D9926ADF
diff --git a/INSTALL/INSTALL.sh.sha1 b/INSTALL/INSTALL.sh.sha1
index a02e4f6b2..b8dd0f7eb 100644
--- a/INSTALL/INSTALL.sh.sha1
+++ b/INSTALL/INSTALL.sh.sha1
@@ -1 +1 @@
-d1da7c4045eb88f05236acb72df96cf5671c9eb8  INSTALL.sh
+eb109de2c5e46b039d05bb334a6e34a5d3dc7d1c  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha256 b/INSTALL/INSTALL.sh.sha256
index c4065e7e1..836b46440 100644
--- a/INSTALL/INSTALL.sh.sha256
+++ b/INSTALL/INSTALL.sh.sha256
@@ -1 +1 @@
-156e96e2aa2f3f4d7ef6342b2355eef445a7020f6e826d8c167b85965847a540  INSTALL.sh
+b2c1faaf52d5ad8f33b16a845ccde2c6f60285de496da7f4414b36169ba023a4  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha384 b/INSTALL/INSTALL.sh.sha384
index bf71de3a8..feae1a025 100644
--- a/INSTALL/INSTALL.sh.sha384
+++ b/INSTALL/INSTALL.sh.sha384
@@ -1 +1 @@
-cea44e962b4162f2388170cb304ff6c37dee5189fa70ae9af6ab9911a8a39eb74cd67a0827f90a72ac1c94ec5a291748  INSTALL.sh
+0ae91ede2dbf2913a8d25d34c7610d7b157ae18f7e1b506ed1e07c71470a91f91508c02308dfb004d885864b01150bfb  INSTALL.sh
diff --git a/INSTALL/INSTALL.sh.sha512 b/INSTALL/INSTALL.sh.sha512
index f0982a37a..872c9f67e 100644
--- a/INSTALL/INSTALL.sh.sha512
+++ b/INSTALL/INSTALL.sh.sha512
@@ -1 +1 @@
-0cf6d3ceee4ce78a85c617a8993a49d8966367ef29966b70048c7c172f51684ba1128b9578367ed05b8312e397fceb65dd0395dccb5c1cdbbb5e131f06e42232  INSTALL.sh
+4d86eca8fc20278a5da69f91dfe415f4de5a6448ceb68e85ff29f06d0d48fad422c1e89f3fb5555fbf8b33655b40b55edab0b00c97ad6b3ffdf9b1e3d9926adf  INSTALL.sh