diff --git a/docs/INSTALL.debian9.md b/docs/INSTALL.debian9.md index c45edd299..63743d94e 100644 --- a/docs/INSTALL.debian9.md +++ b/docs/INSTALL.debian9.md @@ -7,51 +7,10 @@ !!! notice Maintained and tested by @SteveClement on 20181023 -#### MISP configuration variables +{!globalVariables.md!} ```bash -# MISP configuration variables -PATH_TO_MISP='/var/www/MISP' -CAKE="$PATH_TO_MISP/app/Console/cake" -MISP_BASEURL='""' -MISP_LIVE='1' - -# Database configuration -DBHOST='localhost' -DBNAME='misp' -DBUSER_ADMIN='root' -DBPASSWORD_ADMIN="$(openssl rand -hex 32)" -DBUSER_MISP='misp' -DBPASSWORD_MISP="$(openssl rand -hex 32)" - -# Webserver configuration -FQDN='localhost' - -# OpenSSL configuration -OPENSSL_CN='Common Name' -OPENSSL_C='LU' -OPENSSL_ST='State' -OPENSSL_L='Location' -OPENSSL_O='Organization' -OPENSSL_OU='Organizational Unit' -OPENSSL_EMAILADDRESS='info@localhost' - -# GPG configuration -GPG_REAL_NAME='Autogenerated Key' -GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' -GPG_EMAIL_ADDRESS='admin@admin.test' -GPG_KEY_LENGTH='2048' -GPG_PASSPHRASE='Password1234' - -# php.ini configuration -upload_max_filesize=50M -post_max_size=50M -max_execution_time=300 -memory_limit=512M PHP_INI=/etc/php/7.0/apache2/php.ini - -echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" -echo "User (misp) DB Password: $DBPASSWORD_MISP" ``` ### 1/ Minimal Debian install @@ -122,7 +81,8 @@ libxml2-dev libxslt1-dev zlib1g-dev # Start rng-tools to get more entropy (optional) # If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled) -sudo apt install rng-tools +# On virtual machines this might fail by default. haveged should work +sudo apt install rng-tools haveged -y sudo service rng-tools start sudo apt install expect -y @@ -154,7 +114,7 @@ expect -f - <<-EOF send -- "y\r" expect eof EOF -sudo apt-get purge -y expect +sudo apt-get purge -y expect ; sudo apt autoremove -y # Enable modules, settings, and default of SSL in Apache sudo a2dismod status @@ -404,6 +364,7 @@ class DATABASE_CONFIG { # and make sure the file permissions are still OK sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config sudo chmod -R 750 $PATH_TO_MISP/app/Config + # Set some MISP directives with the command line tool # Change base url @@ -591,7 +552,8 @@ sudo $CAKE Admin updateGalaxies sudo $CAKE Admin updateTaxonomies # Updating the warning lists… -sudo $CAKE Admin updateWarningLists +##sudo $CAKE Admin updateWarningLists +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update # Updating the notice lists… ## sudo $CAKE Admin updateNoticeLists @@ -611,9 +573,8 @@ sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0. # Start the workers sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh -## /!\ Check wtf is going on with yara. -# Start misp-modules -sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s & +# some misp-modules dependencies +sudo apt-get install -y libpq5 libjpeg-dev libfuzzy-dev sudo chmod 2775 /usr/local/src sudo chown root:staff /usr/local/src @@ -623,20 +584,30 @@ cd misp-modules # pip install sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS sudo -u www-data /var/www/MISP/venv/bin/pip install . -sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara +sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git # install STIX2.0 library to support STIX 2.0 export: sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 -sudo apt install ruby-pygments.rb +sudo apt install ruby-pygments.rb -y sudo gem install asciidoctor-pdf --pre +# Start misp-modules +## /!\ Check wtf is going on with yara. +sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s & + +echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" +echo "User (misp) DB Password: $DBPASSWORD_MISP" +``` + # Once done, have a look at the diagnostics # If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions # you can do this by running the following commands: +``` sudo chmod -R 750 $PATH_TO_MISP/ sudo chown -R www-data:www-data $PATH_TO_MISP/ +``` # Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items @@ -646,10 +617,6 @@ sudo chown -R www-data:www-data $PATH_TO_MISP/ /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local # Enable ZeroMQ for misp-dashboard sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true @@ -804,12 +771,13 @@ git clone https://github.com/viper-framework/viper.git cd viper virtualenv -p python3 venv git submodule update --init --recursive +./venv/bin/pip install scrapy ./venv/bin/pip install -r requirements.txt -./venv/bin/pip uninstall yara -y sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web ## /!\ Check wtf is going on with yara. -sudo pip3 uninstall yara -y +###sudo pip3 uninstall yara -y +###./venv/bin/pip uninstall yara -y /usr/local/src/viper/viper-cli -h /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md index f47373272..c606b6fdc 100644 --- a/docs/xINSTALL.debian_testing.md +++ b/docs/xINSTALL.debian_testing.md @@ -13,51 +13,10 @@ PHP 7.3.0RC2 is not working at the moment. Please us 7.2
**php-gnupg** and **php-redis** pull in PHP 7.3 thus they are installed with **pecl** -#### MISP configuration variables +{!globalVariables.md!} ```bash -# MISP configuration variables -PATH_TO_MISP='/var/www/MISP' -CAKE="$PATH_TO_MISP/app/Console/cake" -MISP_BASEURL='""' -MISP_LIVE='1' - -# Database configuration -DBHOST='localhost' -DBNAME='misp' -DBUSER_ADMIN='root' -DBPASSWORD_ADMIN="$(openssl rand -hex 32)" -DBUSER_MISP='misp' -DBPASSWORD_MISP="$(openssl rand -hex 32)" - -# Webserver configuration -FQDN='localhost' - -# OpenSSL configuration -OPENSSL_CN='Common Name' -OPENSSL_C='LU' -OPENSSL_ST='State' -OPENSSL_L='Location' -OPENSSL_O='Organization' -OPENSSL_OU='Organizational Unit' -OPENSSL_EMAILADDRESS='info@localhost' - -# GPG configuration -GPG_REAL_NAME='Autogenerated Key' -GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' -GPG_EMAIL_ADDRESS='admin@admin.test' -GPG_KEY_LENGTH='2048' -GPG_PASSPHRASE='Password1234' - -# php.ini configuration -upload_max_filesize=50M -post_max_size=50M -max_execution_time=300 -memory_limit=512M PHP_INI=/etc/php/7.2/apache2/php.ini - -echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" -echo "User (misp) DB Password: $DBPASSWORD_MISP" ``` ### 1/ Minimal Debian install @@ -124,11 +83,13 @@ mariadb-server \ apache2 apache2-doc apache2-utils \ libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \ libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ +jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \ libxml2-dev libxslt1-dev zlib1g-dev # Start rng-tools to get more entropy (optional) # If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled) -sudo apt install rng-tools +# On virtual machines this might fail by default. haveged should work +sudo apt install rng-tools haveged -y sudo service rng-tools start sudo apt install expect -y @@ -160,7 +121,7 @@ expect -f - <<-EOF send -- "y\r" expect eof EOF -sudo apt-get purge -y expect +sudo apt-get purge -y expect ; sudo apt autoremove -y # Enable modules, settings, and default of SSL in Apache sudo a2dismod status @@ -365,7 +326,7 @@ sudo a2ensite misp-ssl sudo pecl channel-update pecl.php.net yes no |sudo pecl install redis # gnupg dependency -sudo apt-get install libgpgme11-dev +sudo apt-get install libgpgme11-dev -y sudo pecl install gnupg echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini @@ -616,7 +577,8 @@ sudo $CAKE Admin updateGalaxies sudo $CAKE Admin updateTaxonomies # Updating the warning lists… -sudo $CAKE Admin updateWarningLists +##sudo $CAKE Admin updateWarningLists +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update # Updating the notice lists… ## sudo $CAKE Admin updateNoticeLists @@ -636,9 +598,8 @@ sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0. # Start the workers sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh -## /!\ Check wtf is going on with yara. -# Start misp-modules -sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s & +# some misp-modules dependencies +sudo apt-get install -y libpq5 libjpeg-dev libfuzzy-dev sudo chmod 2775 /usr/local/src sudo chown root:staff /usr/local/src @@ -648,20 +609,30 @@ cd misp-modules # pip install sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS sudo -u www-data /var/www/MISP/venv/bin/pip install . -sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara +sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git # install STIX2.0 library to support STIX 2.0 export: sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 -sudo apt install ruby-pygments.rb +sudo apt install ruby-pygments.rb -y sudo gem install asciidoctor-pdf --pre +# Start misp-modules +## /!\ Check wtf is going on with yara. +sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s & + +echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" +echo "User (misp) DB Password: $DBPASSWORD_MISP" +``` + # Once done, have a look at the diagnostics # If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions # you can do this by running the following commands: +``` sudo chmod -R 750 $PATH_TO_MISP/ sudo chown -R www-data:www-data $PATH_TO_MISP/ +``` # Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items @@ -671,10 +642,6 @@ sudo chown -R www-data:www-data $PATH_TO_MISP/ /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local # Enable ZeroMQ for misp-dashboard sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true @@ -829,12 +796,13 @@ git clone https://github.com/viper-framework/viper.git cd viper virtualenv -p python3 venv git submodule update --init --recursive +./venv/bin/pip install scrapy ./venv/bin/pip install -r requirements.txt -./venv/bin/pip uninstall yara -y sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web ## /!\ Check wtf is going on with yara. -sudo pip3 uninstall yara -y +###sudo pip3 uninstall yara -y +###./venv/bin/pip uninstall yara -y /usr/local/src/viper/viper-cli -h /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment @@ -843,7 +811,7 @@ sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf # Reset admin password to: admin/Password1234 sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="' # Add viper-web to rc.local to be started on boot -sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local ``` #### Install mail to misp