mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
702301565b
|
@ -64,7 +64,7 @@ python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -74,7 +74,7 @@ sudo python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -56,7 +56,7 @@ python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -75,7 +75,7 @@ sudo python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -67,7 +67,7 @@ sudo python3 setup.py install
|
|||
cd /home/misp/public_html/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -165,7 +165,7 @@ sudo python3 setup.py install
|
|||
cd /usr/local/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /usr/local/www/MISP/app/files/scripts/
|
||||
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /usr/local/www/MISP/app/files/scripts/mixbox
|
||||
|
|
|
@ -1399,7 +1399,7 @@ class Server extends AppModel
|
|||
),
|
||||
'ElasticSearch_connection_string' => array(
|
||||
'level' => 2,
|
||||
'description' => __('The URL(s) at which to access ElasticSearch - comma seperate if you want to have more than one.'),
|
||||
'description' => __('The URL(s) at which to access ElasticSearch - comma separate if you want to have more than one.'),
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
<div class="index">
|
||||
<h2><a id="general"></a><?php echo __('General Concepts');?></h2>
|
||||
<h3><?php echo __('Admins and Site Admins');?></h3>
|
||||
<?php echo __('There are two types of admins in MISP: Admins (also refered to as org admins) and Site Admins. Whilst the former can only do some limited administration of users of his/her own organisation, site admins have access to all of the features and data of the system. They are in charge of making sure that the system runs correctly and the maintenance of MISP.');?>
|
||||
<?php echo __('There are two types of admins in MISP: Admins (also referred to as org admins) and Site Admins. Whilst the former can only do some limited administration of users of his/her own organisation, site admins have access to all of the features and data of the system. They are in charge of making sure that the system runs correctly and the maintenance of MISP.');?>
|
||||
<h3><?php echo __('Background Jobs');?></h3>
|
||||
<?php echo __('A lot of the heavier tasks are a burden to users, in that their actions can cause long delays (and in some cases timeouts) while the application logic is executing. To alleviate this, long processes have been (if enabled) moved to background jobs, meaning that their execution happens asynchronously in the background, allowing the user to freely interact with the platform whilst the request is being processed.');?>
|
||||
<h3><?php echo __('MISP Instance');?></h3>
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 7e5ee078a592b2db221508a379cbdac81909341f
|
||||
Subproject commit ecb29af298788148c2fb53f8d4a9c7128c560488
|
|
@ -10054,7 +10054,7 @@ Changes
|
|||
|
||||
Fix
|
||||
---
|
||||
- Some additional changes to accomodate for the automatically enabled
|
||||
- Some additional changes to accommodate for the automatically enabled
|
||||
sightings. [Iglocska]
|
||||
- Tell MISP to run the db update. [Iglocska]
|
||||
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
|
||||
|
@ -12170,7 +12170,7 @@ Fix
|
|||
- This unimaginative patch would not have existed without an uncomfortable British Aerospace ATP
|
||||
- Added the date field to the related attribute popover, fixes #1190.
|
||||
[Iglocska]
|
||||
- Fix to a previous change of the bootstrap.php file to accomodate for
|
||||
- Fix to a previous change of the bootstrap.php file to accommodate for
|
||||
some exotic setups. [Iglocska]
|
||||
- Accidental invalid debug code left in the verifyGPG admin task
|
||||
breaking the script. [Iglocska]
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
!!! notice
|
||||
Maintained and tested by @SteveClement on 20181023
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
PHP_INI=/etc/php/7.0/apache2/php.ini
|
||||
|
@ -18,18 +18,11 @@ PHP_INI=/etc/php/7.0/apache2/php.ini
|
|||
|
||||
#### Install a minimal Debian 9 "stretch" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
- This guide assumes a user name of 'misp' with sudo working
|
||||
|
||||
#### install etckeeper and sudo (optional)
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
|
@ -37,20 +30,6 @@ sudo apt update
|
|||
sudo apt -y dist-upgrade
|
||||
```
|
||||
|
||||
#### Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
#### install postfix, there will be some questions. (optional)
|
||||
```bash
|
||||
# Postfix Configuration: Satellite system
|
||||
|
@ -80,11 +59,9 @@ libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
|||
jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
# On virtual machines this might fail by default. haveged should work
|
||||
sudo apt install rng-tools haveged -y
|
||||
sudo service rng-tools start
|
||||
# Start haveged to get more entropy (optional)
|
||||
sudo apt install haveged -y
|
||||
sudo service havegd start
|
||||
|
||||
sudo apt install expect -y
|
||||
|
||||
|
@ -149,12 +126,13 @@ sudo chown www-data:www-data $PATH_TO_MISP
|
|||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
#### Make git ignore filesystem permission differences
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
#### Create a python3 virtualenv
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
|
||||
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
|
@ -169,7 +147,7 @@ sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
|||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
|
@ -270,7 +248,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
|
@ -282,7 +260,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
@ -366,19 +344,6 @@ class DATABASE_CONFIG {
|
|||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Set some MISP directives with the command line tool
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
|
@ -410,159 +375,16 @@ then
|
|||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
```
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
@ -578,13 +400,16 @@ cd misp-modules
|
|||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
@ -593,52 +418,9 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Now log in using the webinterface:<br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
!!! notice
|
||||
Start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
!!! notice
|
||||
Once done, have a look at the diagnostics
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
you can do this by running the following commands:
|
||||
```
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
```
|
||||
|
||||
!!! warning
|
||||
If you have install a python virtualenv to the recommended place of */var/www/MISP/venv* set the following MISP configurable
|
||||
```bash
|
||||
sudo $CAKE Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||
```
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
### Optional features
|
||||
-------------------
|
||||
|
@ -691,130 +473,10 @@ In case you are using a virtualenv make sure pyzmq is installed therein.
|
|||
sudo -u www-data /var/www/MISP/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
{!generic/misp-dashboard-debian.md!}
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
{!generic/viper-debian.md!}
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
{!generic/ssdeep-debian.md!}
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
||||
|
||||
|
||||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
###sudo pip3 uninstall yara -y
|
||||
###./venv/bin/pip uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
#### Install mail to misp
|
||||
--------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
||||
{!generic/mail_to_misp-debian.md!}
|
||||
|
|
|
@ -176,7 +176,7 @@ git config core.filemode false
|
|||
scl enable rh-python36 'python3 setup.py install'
|
||||
```
|
||||
|
||||
## 3.04/ Install mixbox to accomodate the new STIX dependencies
|
||||
## 3.04/ Install mixbox to accommodate the new STIX dependencies
|
||||
```bash
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
@ -424,33 +424,9 @@ su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www
|
|||
chmod +x /etc/rc.local
|
||||
```
|
||||
|
||||
!!! note
|
||||
Now log in using the webinterface: http://misp/users/login<br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
!!! note
|
||||
Once done, have a look at the diagnostics<br />
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions<br />
|
||||
you can do this by running the following commands:<br />
|
||||
```
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
!!! note
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
```
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
# 10/ Post Install
|
||||
|
||||
|
|
|
@ -1,19 +1,29 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Ubuntu 18.04-server
|
||||
## for Ubuntu 18.04.1-server
|
||||
|
||||
### 0/ MISP Ubuntu 18.04-server install - status
|
||||
-------------------------
|
||||
!!! notice
|
||||
Maintained and tested by the community.
|
||||
It is also partially the basis of the [bootstrap.sh](https://github.com/MISP/misp-packer/blob/18.04/scripts/bootstrap.sh) script of misp-packer.
|
||||
Tested working by @SteveClement on 20181025 (works with **Ubuntu 18.10** too)
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/community.md!}
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
```
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
||||
#### Install a minimal Ubuntu 18.04-server system with the software:
|
||||
- OpenSSH server
|
||||
- This guide assumes a user name of 'misp' with sudo working
|
||||
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
|
@ -23,7 +33,7 @@ sudo apt-get upgrade
|
|||
|
||||
#### install postfix, there will be some questions.
|
||||
```bash
|
||||
sudo apt-get install postfix
|
||||
sudo apt-get install postfix -y
|
||||
```
|
||||
!!! notice
|
||||
Postfix Configuration: Satellite system<br />
|
||||
|
@ -42,16 +52,44 @@ Once the system is installed you can perform the following steps.
|
|||
# sudo add-apt-repository universe
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip
|
||||
sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip -y
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server
|
||||
sudo apt-get install mariadb-client mariadb-server -y
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
sudo apt install expect -y
|
||||
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect ; sudo apt autoremove -y
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -y
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
|
@ -62,7 +100,7 @@ sudo a2dissite 000-default
|
|||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
@ -83,12 +121,21 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
|
|||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
|
@ -96,12 +143,6 @@ sudo python3 setup.py install
|
|||
cd /var/www/MISP/app/files/scripts/python-maec
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo python3 setup.py install
|
||||
|
@ -117,12 +158,16 @@ sudo pip3 install stix2
|
|||
# Once done, install CakeResque along with its dependencies
|
||||
# if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
@ -158,12 +203,19 @@ MariaDB [(none)]> flush privileges;
|
|||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
#### copy/paste:
|
||||
```bash
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you've set in line 129 when prompted
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
#### Import the empty MISP database from MYSQL.sql
|
||||
```bash
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
```
|
||||
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
|
@ -188,7 +240,7 @@ sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/mi
|
|||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
```
|
||||
|
||||
|
@ -240,6 +292,11 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
@ -263,23 +320,22 @@ sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MI
|
|||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www-data vim /var/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
|
@ -287,77 +343,98 @@ sudo -u www-data vim /var/www/MISP/app/Config/database.php
|
|||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
/var/www/MISP/app/Console/cake Baseurl https://<your.FQDN.here>
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
sudo chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www-data mkdir /var/www/MISP/.gnupg
|
||||
sudo chmod 700 /var/www/MISP/.gnupg
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
```
|
||||
|
||||
!!! notice
|
||||
If entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly<br />
|
||||
In case rng-tools gives you troubles, haveged is an alternative.
|
||||
If entropy is not high enough, you can install havegd and then start the service
|
||||
```bash
|
||||
sudo apt install haveged -y
|
||||
sudo service havegd start
|
||||
```
|
||||
|
||||
```bash
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
```
|
||||
!!! notice
|
||||
Now log in using the webinterface. <br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
!!! notice
|
||||
Start the workers by navigating to the workers tab and clicking restart all workers
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
!!! notice
|
||||
Once done, have a look at the diagnostics
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
you can do this by running the following commands:
|
||||
```
|
||||
sudo chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
||||
```
|
||||
```bash
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
```
|
||||
# some misp-modules dependencies
|
||||
sudo apt-get install -y libpq5 libjpeg-dev libfuzzy-dev
|
||||
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install .
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo pip3 install maec lief python-magic pathlib
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo -u www-data misp-modules -l 127.0.0.1 -s &
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
### Optional features
|
||||
-----------------
|
||||
|
@ -368,27 +445,15 @@ sudo pip3 install pyzmq
|
|||
sudo pip3 install redis
|
||||
```
|
||||
|
||||
#### Experimental ssdeep correlations
|
||||
```bash
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
cd ssdeep-2.13
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
ssdeep -h # test
|
||||
{!generic/misp-dashboard-debian.md!}
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
{!generic/viper-debian.md!}
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
||||
{!generic/ssdeep-debian.md!}
|
||||
|
||||
#### misp-modules
|
||||
{!generic/mail_to_misp-debian.md!}
|
||||
|
||||
#### misp-modules (section deprecated)
|
||||
-------------------------------
|
||||
!!! notice
|
||||
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
|
||||
|
|
|
@ -1,15 +1,20 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
# INSTALLATION INSTRUCTIONS
|
||||
## for Ubuntu 18.04.1-server with Webmin
|
||||
|
||||
### 0/ MISP Ubuntu 18.04-server install - status
|
||||
-------------------------
|
||||
# For Ubuntu 18.04.1 server with Webmin
|
||||
# Why Webmin/Virtualmin?
|
||||
# Some may not be full time sysadmin and prefer a platform that once it has been setup works and is decently easy to manage.
|
||||
{!generic/community.md!}
|
||||
|
||||
# Assuming you created the subdomanin misp.yourserver.tld to where MISP will be installed
|
||||
# and that the user "misp" is in the sudoers group
|
||||
# and that you have already configured SSL with Lets Encrypt on the subdomain
|
||||
#### Why Webmin/Virtualmin?
|
||||
Some may not be full time sysadmin and prefer a platform that once it has been setup works and is decently easy to manage.
|
||||
|
||||
#### Assumptions
|
||||
Assuming you created the subdomanin misp.yourserver.tld to where MISP will be installed and that the user "misp" is in the sudoers group and that you have already configured SSL with Lets Encrypt on the subdomain
|
||||
|
||||
|
||||
1/ Minimal Ubuntu install
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
# Make sure your system is up2date:
|
||||
sudo apt-get update
|
||||
|
@ -64,7 +69,7 @@ sudo pear install Crypt_GPG
|
|||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
3/ MISP code
|
||||
### 3/ MISP code
|
||||
------------
|
||||
# Assuming you created the subdomanin misp.yourserver.tld
|
||||
# Download MISP using git in the /home/misp/public_html/ as misp
|
||||
|
@ -95,7 +100,7 @@ sudo python3 setup.py install
|
|||
cd /home/misp/public_html/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /home/misp/public_html/MISP/app/files/scripts/mixbox
|
||||
|
@ -296,51 +301,39 @@ sudo systemctl enable rc-local
|
|||
sudo systemctl start rc-local.service
|
||||
sudo systemctl status rc-local.service
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
!!! notice
|
||||
Once done, have a look at the diagnostics
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
you can do this by running the following commands:
|
||||
```
|
||||
sudo chmod -R 770 /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R misp:www-data /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
```
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 770 /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R misp:www-data /home/misp/public_html/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /home/misp/public_html/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
### Optional features
|
||||
-----------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pip install pyzmq
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
```bash
|
||||
sudo pip3 install pyzmq
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip install redis
|
||||
sudo pip3 install redis
|
||||
```
|
||||
|
||||
# For the experimental ssdeep correlations, run the following installation:
|
||||
#### Experimental ssdeep correlations
|
||||
```bash
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
|
@ -357,9 +350,11 @@ sudo pecl install ssdeep
|
|||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
||||
|
||||
Optional features: misp-modules
|
||||
#### misp-modules
|
||||
-------------------------------
|
||||
# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
|
||||
# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
|
||||
# Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
||||
!!! notice
|
||||
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
|
||||
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
|
||||
Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
||||
|
|
|
@ -60,7 +60,7 @@ cd /var/www/MISP/app/files/scripts/python-stix
|
|||
python3 setup.py install
|
||||
```
|
||||
|
||||
# 4. Update mixbox to accomodate the new STIX dependencies:
|
||||
# 4. Update mixbox to accommodate the new STIX dependencies:
|
||||
```bash
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
rm -rf mixbox
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
!!! warning
|
||||
If you have installed the recommended Python 3 virtualenv to the recommended place of **${PATH_TO_MISP}/venv** set the following MISP configurable
|
||||
```bash
|
||||
sudo $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to the relevant sections in the install guide you are currently reading.
|
||||
|
||||
!!! notice
|
||||
Now log in using the webinterface: http://misp/users/login<br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference.<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation.<br />
|
||||
Once done, have a look at the diagnostics.
|
||||
|
||||
!!! notice
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions<br />
|
||||
you can do this by running the following commands:
|
||||
```bash
|
||||
chmod -R 750 ${PATH_TO_MISP}/<directory path with an indicated issue>
|
||||
# /!\ Depending on your OS replace www-data with apache or www or whatever user is the web server user.
|
||||
chown -R www-data:www-data ${PATH_TO_MISP}/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# ${PATH_TO_MISP}/app/tmp/logs/error.log
|
||||
# ${PATH_TO_MISP}/app/tmp/logs/resque-worker-error.log
|
||||
# ${PATH_TO_MISP}/app/tmp/logs/resque-scheduler-error.log
|
||||
# ${PATH_TO_MISP}/app/tmp/logs/resque-2018-10-25.log //where the actual date is the current date
|
||||
```
|
|
@ -0,0 +1,152 @@
|
|||
#### Initialize MISP configuration and set some defaults
|
||||
```bash
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
```
|
|
@ -0,0 +1,153 @@
|
|||
#### Initialize MISP configuration and set some defaults
|
||||
```bash
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $RUN_PHP "$CAKE userInit -q"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
sudo $RUN_PHP "$CAKE Baseurl $MISP_BASEURL"
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_authkey" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns_alt" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
|
||||
|
||||
## Redis block
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_password" """
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
|
||||
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert_age" """
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidleft" "This is an initial install""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings""
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'"
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $RUN_PHP "$CAKE Admin updateGalaxies"
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $RUN_PHP "$CAKE Admin updateTaxonomies"
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $RUN_PHP "$CAKE Admin updateWarningLists"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $RUN_PHP "$CAKE Admin updateNoticeLists"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
|
||||
```
|
|
@ -0,0 +1,3 @@
|
|||
!!! notice
|
||||
Maintained and tested by the community.<br />
|
||||
Parts of the installation procedures can also be found in the automatic VM generator script [bootstrap.sh](https://github.com/MISP/misp-packer/blob/18.04/scripts/bootstrap.sh) of misp-packer.
|
|
@ -0,0 +1,19 @@
|
|||
#### Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
!!! notice
|
||||
On recent Ubuntu install Netplan is default and you need to change the Network name.
|
||||
```
|
||||
sudo sed -i "s/enp0s3/eth0/" /etc/netplan/50-cloud-init.yaml
|
||||
```
|
|
@ -0,0 +1,22 @@
|
|||
#### Install mail to misp
|
||||
--------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
|
@ -0,0 +1,76 @@
|
|||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
|
@ -0,0 +1,9 @@
|
|||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
|
@ -0,0 +1,19 @@
|
|||
#### Experimental ssdeep correlations
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
```
|
|
@ -0,0 +1,9 @@
|
|||
#### install etckeeper and sudo (optional)
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
|
@ -0,0 +1,26 @@
|
|||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
###sudo pip3 uninstall yara -y
|
||||
###./venv/bin/pip uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
|
@ -21,6 +21,13 @@
|
|||
!!! notice
|
||||
As of OpenBSD 6.4 the native httpd has rewrite rules and php 5.6 is gone too.
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
export AUTOMAKE_VERSION=1.16
|
||||
export AUTOCONF_VERSION=2.69
|
||||
```
|
||||
|
||||
### 1/ Minimal OpenBSD install
|
||||
------------
|
||||
|
||||
|
@ -30,16 +37,6 @@
|
|||
|
||||
- TBD
|
||||
|
||||
#### MISP configuration variables
|
||||
```bash
|
||||
export PATH_TO_MISP='/var/www/htdocs/MISP'
|
||||
export MISP_BASEURL='https://misp.local'
|
||||
export MISP_LIVE='1'
|
||||
export CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
export AUTOMAKE_VERSION=1.16
|
||||
export AUTOCONF_VERSION=2.69
|
||||
```
|
||||
|
||||
#### doas & pkg (as root)
|
||||
```bash
|
||||
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
|
||||
|
@ -339,7 +336,7 @@ doas /usr/local/virtualenvs/MISP/bin/python setup.py install
|
|||
cd /var/www/htdocs/MISP/app/files/scripts/python-stix
|
||||
doas /usr/local/virtualenvs/MISP/bin/python setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/
|
||||
doas -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/mixbox
|
||||
|
@ -577,25 +574,12 @@ doas chmod +x /var/www/htdocs/MISP/app/Console/worker/start.sh
|
|||
doas vi /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
|
||||
doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
doas chmod -R 750 /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
doas chown -R www:www /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
#### MISP Modules
|
||||
```
|
||||
doas pkg_add -v jpeg yara
|
||||
|
|
|
@ -1,7 +1,22 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for CentOS 6.x
|
||||
# INSTALLATION INSTRUCTIONS
|
||||
## for CentOS 6.x
|
||||
|
||||
1/ Minimal CentOS install
|
||||
### 0/ MISP CentOS 6 Minimal NetInstall - Status
|
||||
--------------------------------------------
|
||||
|
||||
CentOS 6.10 [NetInstallURL](http://mirrors.sonic.net/centos/6.10/os/x86_64/)
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php56 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
|
||||
PHP_INI=/etc/opt/rh/rh-php56/php.ini
|
||||
```
|
||||
|
||||
### 1/ Minimal CentOS install
|
||||
-------------------------
|
||||
|
||||
Install a minimal CentOS 6.x system with the software:
|
||||
|
@ -10,151 +25,186 @@ Install a minimal CentOS 6.x system with the software:
|
|||
- LAMP server (actually, this is done below)
|
||||
- Mail server
|
||||
|
||||
|
||||
```bash
|
||||
# Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname)
|
||||
hostnamectl set-hostname misp.local # or whatever you want it to be
|
||||
|
||||
# Make sure your system is up2date:
|
||||
yum update
|
||||
sudo yum update -y
|
||||
```
|
||||
|
||||
|
||||
2/ Dependencies *
|
||||
### 2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root:
|
||||
Once the system is installed you can perform the following steps as root or with sudo.
|
||||
|
||||
```bash
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
curl -o epel.rpm http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
|
||||
rpm -Uvh epel.rpm
|
||||
curl -o /tmp/epel.rpm http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
|
||||
sudo rpm -Uvh /tmp/epel.rpm
|
||||
|
||||
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
||||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
yum install centos-release-scl
|
||||
sudo yum install centos-release-scl
|
||||
|
||||
# Because vim is just so practical
|
||||
yum install vim
|
||||
sudo yum install vim
|
||||
|
||||
# Install the dependencies:
|
||||
yum install gcc git httpd zip redis mysql-server python-devel python-pip libxslt-devel zlib-devel
|
||||
sudo yum install gcc git httpd zip redis mysql-server python-devel python-pip libxslt-devel zlib-devel
|
||||
|
||||
# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/
|
||||
yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath
|
||||
sudo yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath
|
||||
|
||||
# Install Python 3.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
yum install rh-python36
|
||||
sudo yum install rh-python36
|
||||
|
||||
# rh-php56-php only provided mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead
|
||||
chkconfig rh-php56-php-fpm on
|
||||
service rh-php56-php-fpm start
|
||||
sudo chkconfig rh-php56-php-fpm on
|
||||
sudo service rh-php56-php-fpm start
|
||||
|
||||
# php-fpm is accessed using the fcgi interface
|
||||
yum install mod_fcgid mod_proxy_fcgi
|
||||
sudo yum install mod_fcgid mod_proxy_fcgi
|
||||
|
||||
# Start a new shell with rh-php56 enabled
|
||||
scl enable rh-php56 bash
|
||||
sudo scl enable rh-php56 bash
|
||||
|
||||
pear channel-update pear.php.net
|
||||
sudo pear channel-update pear.php.net
|
||||
|
||||
pear install Crypt_GPG # we need version >1.3.0
|
||||
sudo pear install Crypt_GPG # we need version >1.3.0
|
||||
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
yum install haveged
|
||||
chkconfig haveged on
|
||||
service haveged start
|
||||
sudo yum install haveged
|
||||
sudo chkconfig haveged on
|
||||
sudo service haveged start
|
||||
|
||||
# Enable and start redis
|
||||
chkconfig redis on
|
||||
service redis start
|
||||
sudo chkconfig redis on
|
||||
sudo service redis start
|
||||
```
|
||||
|
||||
3/ MISP code
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```bash
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
sudo git clone https://github.com/MISP/MISP.git
|
||||
cd /var/www/MISP
|
||||
sudo git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
cd /var/www/MISP
|
||||
git config core.filemode false
|
||||
sudo git config core.filemode false
|
||||
|
||||
# Start new shell with python 3 enabled
|
||||
scl enable rh-python36 bash
|
||||
# Fetch submodules
|
||||
cd /var/www/MISP
|
||||
sudo git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
yum install python-importlib python-lxml python-dateutil python-six
|
||||
sudo yum install python-importlib python-lxml python-dateutil python-six -y
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
sudo git config core.filemode false
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
python3 setup.py install
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install maec
|
||||
sudo $RUN_PYTHON "pip install maec"
|
||||
|
||||
# install zmq
|
||||
sudo $RUN_PYTHON "pip install zmq"
|
||||
|
||||
# install redis
|
||||
sudo $RUN_PYTHON "pip install redis"
|
||||
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
sudo git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
service rh-php56-php-fpm restart
|
||||
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
sudo service rh-php56-php-fpm restart
|
||||
|
||||
umask $UMASK
|
||||
```
|
||||
|
||||
4/ CakePHP
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it
|
||||
# ignore this message:
|
||||
# No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
#### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
|
||||
#### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
|
||||
```bash
|
||||
sudo chown -R apache:apache /var/www/MISP
|
||||
sudo mkdir /usr/share/httpd/.composer
|
||||
sudo chown apache:apache /usr/share/httpd/.composer
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
|
||||
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
|
||||
sudo -u apache $RUN_PHP "php composer.phar install"
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis
|
||||
pecl install redis
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
service rh-php56-php-fpm restart
|
||||
sudo $RUN_PHP "pecl install redis-2.2.8"
|
||||
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
sudo service rh-php56-php-fpm restart
|
||||
|
||||
# If you have not yet set a timezone in php.ini
|
||||
echo 'date.timezone = "Europe/Amsterdam"' > /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php56/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
```
|
||||
|
||||
5/ Set the permissions
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```bash
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
sudo chown -R root:apache /var/www/MISP
|
||||
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
sudo chmod -R g+r,o= /var/www/MISP
|
||||
sudo chown apache:apache /var/www/MISP/app/files
|
||||
sudo chown apache:apache /var/www/MISP/app/files/terms
|
||||
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
6/ Create a database and user
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
```bash
|
||||
# Enable, start and secure your mysql database server
|
||||
chkconfig mysqld on
|
||||
service mysqld start
|
||||
|
@ -165,50 +215,76 @@ mysql_secure_installation
|
|||
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
```
|
||||
|
||||
```
|
||||
mysql> create database misp;
|
||||
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
mysql> grant all privileges on misp.* to misp@localhost ;
|
||||
mysql> exit
|
||||
```
|
||||
|
||||
cd /var/www/MISP
|
||||
#### copy/paste:
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
```bash
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
#### Import the empty MySQL database from MYSQL.sql
|
||||
```bash
|
||||
sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
```
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
```bash
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos6
|
||||
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
|
||||
sudo cp /var/www/MISP/INSTALL/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
sudo setsebool -P httpd_can_network_connect on
|
||||
|
||||
# Enable and start the httpd service
|
||||
chkconfig httpd on
|
||||
service httpd start
|
||||
sudo chkconfig httpd on
|
||||
sudo service httpd start
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
service iptables save
|
||||
sudo iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
sudo service iptables save
|
||||
|
||||
# We seriously recommend using only SSL !
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
```
|
||||
|
||||
|
||||
8/ Log rotation
|
||||
```bash
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
```
|
||||
|
||||
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
```
|
||||
|
||||
9/ MISP configuration
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
|
@ -224,9 +300,9 @@ cp -a config.default.php config.php
|
|||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
sudo chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
# If the following command gives an error message, try it as root from the console
|
||||
|
@ -241,7 +317,7 @@ chown -R apache:apache /var/www/MISP/.gnupg
|
|||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# To make the background workers start on boot
|
||||
|
@ -249,36 +325,9 @@ vi /etc/rc.local
|
|||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
{!generic/MISP_CAKE_init_centos.md!}
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
|
|
@ -11,55 +11,14 @@
|
|||
|
||||
CentOS 7.5-1804 [NetInstallURL](http://mirror.centos.org/centos/7.5.1804/os/x86_64/)
|
||||
|
||||
#### MISP configuration variables
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php56 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/opt/rh/rh-php56/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
### 1/ Minimal CentOS install
|
||||
|
@ -84,7 +43,7 @@ sudo yum update -y
|
|||
----------------
|
||||
Once the system is installed you can perform the following steps as root or with sudo.
|
||||
|
||||
```
|
||||
```bash
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
sudo yum install epel-release -y
|
||||
|
||||
|
@ -92,6 +51,9 @@ sudo yum install epel-release -y
|
|||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
sudo yum install centos-release-scl -y
|
||||
|
||||
# Because vim is just so practical
|
||||
sudo yum install vim
|
||||
|
||||
# Install the dependencies:
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel -y
|
||||
|
||||
|
@ -171,7 +133,7 @@ sudo $RUN_PYTHON "pip install zmq"
|
|||
# install redis
|
||||
sudo $RUN_PYTHON "pip install redis"
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
|
@ -464,165 +426,9 @@ su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/
|
|||
# and make sure it will execute
|
||||
sudo chmod +x /etc/rc.local
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $RUN_PHP "$CAKE userInit -q"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
{!generic/MISP_CAKE_init_centos.md!}
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_authkey" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns_alt" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
|
||||
|
||||
## Redis block
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_password" """
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
|
||||
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert_age" """
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidleft" "This is an initial install""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings""
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'"
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
```
|
||||
|
||||
|
||||
!!! notice
|
||||
Now log in using the webinterface: http://misp/users/login<br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation<br />
|
||||
Once done, have a look at the diagnostics.<br />
|
||||
|
||||
!!! notice
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions<br />
|
||||
you can do this by running the following commands:
|
||||
```bash
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
```
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
{!generic/recommended.actions.md!}
|
|
@ -13,7 +13,8 @@
|
|||
PHP 7.3.0RC2 is not working at the moment. Please us 7.2<br />
|
||||
**php-gnupg** and **php-redis** pull in PHP 7.3 thus they are installed with **pecl**
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
|
||||
```bash
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
|
@ -24,18 +25,11 @@ PHP_INI=/etc/php/7.2/apache2/php.ini
|
|||
|
||||
#### Install a minimal Debian testing "buster" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
- This guide assumes a user name of 'misp' with sudo working
|
||||
|
||||
#### install etckeeper and sudo (optional)
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
adduser misp staff
|
||||
```
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
|
@ -43,20 +37,6 @@ sudo apt update
|
|||
sudo apt -y dist-upgrade
|
||||
```
|
||||
|
||||
#### Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
#### install postfix, there will be some questions. (optional)
|
||||
```bash
|
||||
# Postfix Configuration: Satellite system
|
||||
|
@ -86,11 +66,9 @@ libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
|||
jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
# On virtual machines this might fail by default. haveged should work
|
||||
sudo apt install rng-tools haveged -y
|
||||
sudo service rng-tools start
|
||||
# Start haveged to get more entropy (optional)
|
||||
sudo apt install haveged -y
|
||||
sudo service havegd start
|
||||
|
||||
sudo apt install expect -y
|
||||
|
||||
|
@ -129,8 +107,12 @@ sudo a2enmod ssl rewrite
|
|||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
```bash
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
```
|
||||
|
@ -140,12 +122,6 @@ To flip between the 2 pythons use *update-alternatives*
|
|||
sudo update-alternatives --config python
|
||||
```
|
||||
|
||||
#### Apply all changes
|
||||
```bash
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```bash
|
||||
|
@ -155,11 +131,10 @@ sudo chown www-data:www-data $PATH_TO_MISP
|
|||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
#### Make git ignore filesystem permission differences
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
#### Create a python3 virtualenv
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
@ -175,7 +150,7 @@ sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
|||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
|
@ -390,19 +365,6 @@ class DATABASE_CONFIG {
|
|||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Set some MISP directives with the command line tool
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
|
@ -434,159 +396,16 @@ then
|
|||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
```
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
@ -602,13 +421,16 @@ cd misp-modules
|
|||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
@ -617,52 +439,9 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Now log in using the webinterface:<br />
|
||||
The default user/pass = admin@admin.test/admin<br />
|
||||
Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference<br />
|
||||
It is especially vital that no critical issues remain!<br />
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
!!! notice
|
||||
Start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
!!! notice
|
||||
Once done, have a look at the diagnostics
|
||||
If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
you can do this by running the following commands:
|
||||
```
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
!!! notice
|
||||
If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
```
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
```
|
||||
|
||||
!!! warning
|
||||
If you have install a python virtualenv to the recommended place of */var/www/MISP/venv* set the following MISP configurable
|
||||
```bash
|
||||
sudo $CAKE Admin setSetting "MISP.python_bin" "/var/www/MISP/venv/bin/python"
|
||||
```
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
### Optional features
|
||||
-------------------
|
||||
|
@ -715,130 +494,10 @@ In case you are using a virtualenv make sure pyzmq is installed therein.
|
|||
sudo -u www-data /var/www/MISP/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
{!generic/misp-dashboard-debian.md!}
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
{!generic/viper-debian.md!}
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
{!generic/ssdeep-debian.md!}
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
||||
|
||||
|
||||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
## /!\ Check wtf is going on with yara.
|
||||
###sudo pip3 uninstall yara -y
|
||||
###./venv/bin/pip uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
#### Install mail to misp
|
||||
--------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
virtualenv -p python3 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
```
|
||||
{!generic/mail_to_misp-debian.md!}
|
||||
|
|
|
@ -189,7 +189,7 @@ git config core.filemode false
|
|||
scl enable rh-python36 'python3 setup.py install'
|
||||
```
|
||||
|
||||
## 3.04/ Install mixbox to accomodate the new STIX dependencies
|
||||
## 3.04/ Install mixbox to accommodate the new STIX dependencies
|
||||
```bash
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
|
Loading…
Reference in New Issue