MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into eventFiltering

pull/4076/head
mokaddem 2019-02-15 15:22:46 +01:00
parent 198f726f01 4b71eced00
commit 7e64a9d1c4
53 changed files with 6656 additions and 1684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2032
INSTALL/INSTALL.debian.sh
View File

File diff suppressed because it is too large Load Diff

695
INSTALL/INSTALL.debian.tpl.sh Executable file
View File

@ -0,0 +1,695 @@
#!/usr/bin/env bash
############################################################
###### #
##### Please AutoGenerated... ##
#### Do NOT was ###
### Manually It ####
## Change this Script... #####
# ######
############################################################
############################################################
#INSTALLATION INSTRUCTIONS #
##########################################################
#------------------------- for Debian Flavored Linux Distributions
#
#-------------------------------------------------------|
# 0/ Quick MISP Instance on Debian Based Linux - Status |
#-------------------------------------------------------|
#
# 20190208: Kali Linux tested and working.
#
#
#-------------------------------------------------------|
# 1/ For Kali, download and run Installer Script |
#-------------------------------------------------------|
#
# To install MISP on Kali copy paste the following to your r00t shell:
# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
# /!\ Please read the installer script before randomly doing the above.
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
#
#
#---------------------------------------------------------------------------------------------|
# 2/ For other Debian based Linux distributions, download script and run as unprivileged user |
#---------------------------------------------------------------------------------------------|
#
# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C
#
#
#----------------------------------------------------------|
# 3/ The following script has been partially autogenerated |
#----------------------------------------------------------|
#
# To generate this script yourself, the following steps need to be taken.
# $ git clone https://github.com/SteveClement/xsnippet.git
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
# $ git clone https://github.com/MISP/MISP.git
# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh
#
##
###
####----------------\
## Developer Note |
####--------------------------------------------------------------------------------------------------|
## In theory the order does not matter as everything is a self-contained function. |
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
#-----------------------------------------------------------------------------------------------------|
#
# ToC #
#
#### BEGIN AUTOMATED SECTION ####
#
## 0_global-vars.sh ##
## 0_support-functions.sh ##
## 0_apt-upgrade.sh ##
## 0_sudoKeeper.sh ##
## 0_installCoreDeps.sh ##
## 0_installDepsPhp73.sh ##
## 0_installDepsPhp72.sh ##
## 1_prepareDB.sh ##
## 1_apacheConfig.sh ##
## 1_mispCoreInstall.sh ##
## 1_installCake.sh ##
## 2_permissions.sh ##
## 2_configMISP.sh ##
## 2_core-cake.sh ##
## 2_gnupg.sh ##
## 2_logRotation.sh ##
## 2_backgroundWorkers.sh ##
## 3_misp-modules.sh ##
## 4_misp-dashboard.sh ##
## 4_misp-dashboard-cake.sh ##
## 5_mail_to_misp.sh ##
## 6_ssdeep.sh ##
## 6_viper.sh ##
# No functions scripts:
## apt-upgrade.sh ##
## postfix.sh ##
## interfaces.sh ##
#
### END AUTOMATED SECTION ###
# This function will generate the main installer.
# It is a helper function for the maintainers for the installer.
colors () {
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
RED='\033[0;31m'
GREEN='\033[0;32m'
LBLUE='\033[1;34m'
YELLOW='\033[0;33m'
HIDDEN='\e[8m'
NC='\033[0m'
}
generateInstaller () {
if [ ! -f $(which xsnippet) ]; then
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
echo "git clone https://github.com/SteveClement/xsnippet.git"
exit 1
fi
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then
echo -e "${RED}iAmError!${NC}"
echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break."
echo -e "You called: ${RED}$0${NC}"
exit 1
fi
mkdir installer ; cd installer
cp ../INSTALL.debian.tpl.sh .
# Pull code snippets out of Main Install Documents
for f in `echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do
xsnippet . ../../docs/${f}
done
# Pull out code snippets from generic Install Documents
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
xsnippet . ../../docs/generic/${f}
done
# TODO: Fix the below.
# $ for f in `echo ls [0-9]_*`; do
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh
# $ done
#
# Temporary copy/paste holder
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh
cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh
cd ..
rm -rf installer
echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}"
exit 0
}
# Simple debug function with message
# Make sure no alias exists
if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi
debug () {
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
if [ ! -z $DEBUG ]; then
NO_PROGRESS=1
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
exec 3>&1
read
else
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
#exec 3>&1 &>/dev/null
:
fi
}
installMISPubuntuSupported () {
space
echo "Proceeding with the installation of MISP core"
space
# Set locale if not set - functionLocation('generic/supportFunctions.md')
debug "Checking Locale"
checkLocale
# Set Base URL - functionLocation('generic/supportFunctions.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
progress 4
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
progress 4
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
progress 4
# TODO: Double check how the user is added and subsequently used during the install.
# TODO: Work on possibility to install as user X and install MISP for user Y
# TODO: Check if logout needed. (run SUDO_USER in installer)
# <snippet-begin add-user.sh>
# TODO: Double check how to properly handle postfix
# <snippet-begin postfix.sh>
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
progress 4
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
checkID
progress 4
# Starting friendly UI spinner
#spin &
#SPIN_PID=$!
#disown
#trap "kill -9 $SPIN_PID" `seq 0 15`
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps 2> /dev/null > /dev/null
progress 4
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 2> /dev/null > /dev/null
progress 4
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
progress 4
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
progress 4
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
progress 4
# TODO: Mysql install functions, make it upgrade safe, double check
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
progress 4
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
progress 4
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
progress 4
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
progress 4
# Generate GnuPG key - functionLocation('generic/gnupg.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
progress 4
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
progress 4
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
progress 4
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
progress 4
# Disable spinner
#(kill $SPIN_PID 2>&1) >/dev/null
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
progress 4
## Resume spinner
#spin &
#SPIN_PID=$!
#disown
#trap "kill -9 $SPIN_PID" `seq 0 15`
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
progress 4
# Install Viper - functionLocation('generic/viper-debian.md')
[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
progress 4
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
progress 4
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
progress 4
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
progress 100
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
theEnd
}
# Main Kalin Install function
installMISPonKali () {
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
kaliUpgrade 2> /dev/null > /dev/null
# Set locale if not set - functionLocation('generic/supportFunctions.md')
checkLocale
# Set Base URL - functionLocation('generic/supportFunctions.md')
setBaseURL
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
installDepsPhp73 2> /dev/null > /dev/null
# Set custom Kali only variables and tweaks
space
# The following disables sleep on kali/gnome
### FIXME: Disabling for now, maybe source of some issues.
##disableSleep 2> /dev/null > /dev/null
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
##sleep 3
debug "Installing dependencies"
installDeps 2> /dev/null > /dev/null
installCoreDeps 2> /dev/null > /dev/null
debug "Enabling redis and gnupg modules"
phpenmod -v 7.3 redis
phpenmod -v 7.3 gnupg
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
a2dismod status 2> /dev/null > /dev/null
a2dismod php7.2 2> /dev/null > /dev/null
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
a2dissite 000-default 2> /dev/null > /dev/null
a2ensite default-ssl 2> /dev/null > /dev/null
debug "Restarting mysql.service"
systemctl restart mysql.service 2> /dev/null > /dev/null
debug "Fixing redis rc script on Kali"
apt install redis-server
fixRedis 2> /dev/null > /dev/null
debug "git clone, submodule update everything"
mkdir $PATH_TO_MISP
chown www-data:www-data $PATH_TO_MISP
cd $PATH_TO_MISP
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
$SUDO_WWW git config core.filemode false
cd $PATH_TO_MISP
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
# Make git ignore filesystem permission differences for submodules
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
mkdir /var/www/.cache/
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
mkdir $MISP_USER_HOME/.cache
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
chown www-data:www-data /var/www/.cache
debug "Generating rc.local"
genRCLOCAL
debug "Setting up main MISP virtualenv"
# Needs virtualenv
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
debug "Installing MISP dashboard"
mispDashboard
debug "Installing python-cybox"
cd $PATH_TO_MISP/app/files/scripts/python-cybox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
debug "Installing python-stix"
cd $PATH_TO_MISP/app/files/scripts/python-stix
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
debug "Install maec"
cd $PATH_TO_MISP/app/files/scripts/python-maec
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
# install STIX2.0 library to support STIX 2.0 export
debug "Installing cti-python-stix2"
cd ${PATH_TO_MISP}/cti-python-stix2
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
debug "Installing mixbox"
cd $PATH_TO_MISP/app/files/scripts/mixbox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
# install PyMISP
debug "Installing PyMISP"
cd $PATH_TO_MISP/PyMISP
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
# install pydeep
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
# install lief
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null
# install python-magic
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
# Install Crypt_GPG and Console_CommandLine
debug "Installing pear Console_CommandLine"
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
debug "Installing pear Crypt_GPG"
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
debug "Installing composer with php 7.3 updates"
composer73
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
debug "Setting up database"
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
echo "
set timeout 10
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send -- \"\r\"
expect \"Set root password?\"
send -- \"y\r\"
expect \"New password:\"
send -- \"${DBPASSWORD_ADMIN}\r\"
expect \"Re-enter new password:\"
send -- \"${DBPASSWORD_ADMIN}\r\"
expect \"Remove anonymous users?\"
send -- \"y\r\"
expect \"Disallow root login remotely?\"
send -- \"y\r\"
expect \"Remove test database and access to it?\"
send -- \"y\r\"
expect \"Reload privilege tables now?\"
send -- \"y\r\"
expect eof" | expect -f -
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
enableServices
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
else
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
echo "Skipping any creations…"
sleep 3
fi
debug "Generating Certificate"
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
debug "Generating Apache Conf"
genApacheConf
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
debug "Disabling site default-ssl, enabling misp-ssl"
a2dissite default-ssl
a2ensite misp-ssl
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
debug "Restarting Apache2"
systemctl restart apache2
debug "Setting up logrotate"
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
chmod 0640 /etc/logrotate.d/misp
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
chown -R www-data:www-data $PATH_TO_MISP/app/Config
chmod -R 750 $PATH_TO_MISP/app/Config
debug "Setting up GnuPG"
setupGnuPG 2> /dev/null > /dev/null
debug "Starting workers"
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
$SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh
debug "Running Core Cake commands"
coreCAKE 2> /dev/null > /dev/null
dashboardCAKE 2> /dev/null > /dev/null
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
updateGOWNT 2> /dev/null > /dev/null
gitPullAllRCLOCAL
checkUsrLocalSrc
debug "Installing misp-modules"
mispmodules
debug "Installing Viper"
viper
debug "Installing ssdeep"
ssdeep
phpenmod -v 7.3 ssdeep
debug "Setting permissions"
permissions
debug "Running Then End!"
theEnd
}
# End installMISPonKali ()
## End Function Section ##
colors
debug "Checking if we are run as the installer template"
if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then
generateInstaller
fi
space
debug "Setting MISP variables"
MISPvars
debug "Checking Linux distribution and flavour..."
checkFlavour
debug "Checking for parameters or Unattended Kali Install"
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
usage
exit
else
debug "Setting install options with given parameters."
# The setOpt/checkOpt function lives in generic/supportFunctions.md
setOpt $@
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
checkOpt viper && echo "${GREEN}Viper${NC} selected"
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
checkOpt all && echo "${GREEN}All options${NC} selected"
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
checkOpt force && echo "${GREEN}force${NC} install selected"
# Check if at least core is selected if no other options that do not require core are set
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
space
usage
echo "You need to at least select core, or -A to install everything."
echo "$0 -c # Is the minima for install options"
exit 1
fi
fi
# Add upgrade option to do upgrade pre flight
[[ -n $PRE ]] && preInstall
[[ -n $UPGRADE ]] && upgrade
# If Ubuntu is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "ubuntu" ]; then
RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z])
if [ "${RELEASE}" == "18.04" ]; then
echo "Install on Ubuntu 18.04 LTS fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installMISPubuntuSupported && exit || exit
fi
if [ "${RELEASE}" == "18.10" ]; then
echo "Install on Ubuntu 18.10 partially supported, bye."
installMISPubuntuSupported && exit || exit
fi
if [ "${RELEASE}" == "19.04" ]; then
echo "Install on Ubuntu 19.04 not supported, bye"
exit 1
fi
if [ "${RELEASE}" == "19.10" ]; then
echo "Install on Ubuntu 19.10 not supported, bye"
exit 1
fi
echo "Installation done!"
exit
fi
# If Debian is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "debian" ]; then
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
if [ "${CODE}" == "buster" ]; then
echo "Install on Debian testing fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installDepsPhp73
fi
if [ "${CODE}" == "sid" ]; then
echo "Install on Debian unstable not fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installDepsPhp73
fi
if [ "${CODE}" == "stretch" ]; then
echo "Install on Debian stable fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installDepsPhp72
fi
echo "Installation done!"
exit 0
fi
# If Tsurugi is detected, figure out which release it is and run the according scripts
if [ "${FLAVOUR}" == "tsurugi" ]; then
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
if [ "${CODE}" == "bamboo" ]; then
echo "Install on Tsurugi Lab partially supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
if [ "${CODE}" == "soy sauce" ]; then
echo "Install on Tsurugi Acquire partially supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
fi
echo "Installation done!"
exit 0
fi
# If Kali Linux is detected, run the acccording scripts
if [ "${FLAVOUR}" == "kali" ]; then
KALI=1
kaliOnRootR0ckz
installMISPonKali
echo "Installation done!"
exit
fi

15
app/Controller/AppController.php
View File

@ -103,6 +103,21 @@ class AppController extends Controller
public function beforeFilter()
{
if (Configure::read('Security.allow_cors')) {
// Add CORS headers
$this->response->cors($this->request,
explode(',', Configure::read('Security.cors_origins')),
['*'],
['Origin', 'Content-Type', 'Authorization', 'Accept']);
if ($this->request->is('options')) {
// Stop here!
// CORS only needs the headers
$this->response->send();
$this->_stop();
}
}
if (!empty($this->params['named']['sql'])) {
$this->sql_dump = 1;
}

2
app/Controller/Component/ACLComponent.php
View File

@ -148,7 +148,7 @@ class ACLComponent extends Component
'viewEventAttributes' => array('*'),
'viewEventGraph' => array('*'),
'viewGraph' => array('*'),
'viewMitreAttackMatrix' => array('*'),
'viewGalaxyMatrix' => array('*'),
'xml' => array('*')
),
'favouriteTags' => array(

9
app/Controller/Component/RestResponseComponent.php
View File

@ -423,14 +423,23 @@ class RestResponseComponent extends Component
$type = 'json';
}
$cakeResponse = new CakeResponse(array('body'=> $response, 'status' => $code, 'type' => $type));
if (Configure::read('Security.allow_cors')) {
$headers["Access-Control-Allow-Headers"] = "Origin, Content-Type, Authorization, Accept";
$headers["Access-Control-Allow-Methods"] = "*";
$headers["Access-Control-Allow-Origin"] = explode(',', Configure::read('Security.cors_origins'));
}
if (!empty($headers)) {
foreach ($headers as $key => $value) {
$cakeResponse->header($key, $value);
}
}
if ($download) {
$cakeResponse->download($download);
}
return $cakeResponse;
}

42
app/Controller/EventsController.php
View File

@ -4799,15 +4799,16 @@ class EventsController extends AppController
return new CakeResponse(array('body' => json_encode($json), 'status' => 200, 'type' => 'json'));
}
public function viewMitreAttackMatrix($scope_id, $scope='event', $disable_picking=false)
public function viewGalaxyMatrix($scope_id, $galaxy_id, $scope='event', $disable_picking=false)
{
$this->loadModel('Galaxy');
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
$matrixData = $this->Galaxy->getMatrix($galaxy_id);
$attackTacticData = $this->Galaxy->getMitreAttackMatrix();
$attackTactic = $attackTacticData['attackTactic'];
$attackTags = $attackTacticData['attackTags'];
$killChainOrders = $attackTacticData['killChain'];
$instanceUUID = $attackTacticData['instance-uuid'];
$tabs = $matrixData['tabs'];
$matrixTags = $matrixData['matrixTags'];
$killChainOrders = $matrixData['killChain'];
$instanceUUID = $matrixData['instance-uuid'];
if ($scope == 'event') {
$eventId = $scope_id;
@ -4828,17 +4829,20 @@ class EventsController extends AppController
throw new Exception("Invalid options.");
}
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $attackTags);
$scoresDataEvent = $this->Event->EventTag->getTagScores($eventId, $attackTags);
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $matrixTags);
$scoresDataEvent = $this->Event->EventTag->getTagScores($eventId, $matrixTags);
$maxScore = 0;
$scoresData = array();
foreach (array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
$sum = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
$scoresData[$key] = $sum;
$maxScore = max($maxScore, $sum);
}
$maxScore = max($scoresDataAttr['maxScore'], $scoresDataEvent['maxScore']);
$scores = $scoresData;
if ($this->_isRest()) {
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
$json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
$this->response->type('json');
return new CakeResponse(array('body' => json_encode($json), 'status' => 200, 'type' => 'json'));
} else {
@ -4852,14 +4856,22 @@ class EventsController extends AppController
$this->set('eventId', $eventId);
$this->set('target_type', $scope);
$this->set('killChainOrders', $killChainOrders);
$this->set('attackTactic', $attackTactic);
$this->set('columnOrders', $killChainOrders);
$this->set('tabs', $tabs);
$this->set('scores', $scores);
$this->set('maxScore', $maxScore);
$this->set('colours', $colours);
if (!empty($colours)) {
$this->set('colours', $colours['mapping']);
$this->set('interpolation', $colours['interpolation']);
}
$this->set('pickingMode', !$disable_picking);
$this->set('target_id', $scope_id);
$this->render('/Elements/view_mitre_attack_matrix');
if ($matrixData['galaxy']['id'] == $mitreAttackGalaxyId) {
$this->set('defaultTabName', 'mitre-attack');
$this->set('removeTrailling', 2);
}
$this->render('/Elements/view_galaxy_matrix');
}
}

36
app/Controller/GalaxiesController.php
View File

@ -79,33 +79,13 @@ class GalaxiesController extends AppController
public function selectGalaxy($target_id, $target_type='event', $namespace='misp')
{
$expectedDescription = 'ATT&CK Tactic';
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
$conditions = $namespace == '0' ? array() : array('namespace' => $namespace);
if ($namespace == 'mitre-attack' || $namespace == '0') {
$conditions[] = array('description !=' => $expectedDescription);
$conditions2 = array('namespace' => 'mitre-attack');
$conditions2[] = array('description' => $expectedDescription);
$tacticGalaxies = $this->Galaxy->find('all', array(
'recursive' => -1,
'conditions' => $conditions2,
));
}
$galaxies = $this->Galaxy->find('all', array(
'recursive' => -1,
'conditions' => $conditions,
'order' => array('name asc')
));
if (!empty($tacticGalaxies)) {
array_unshift($galaxies, array('Galaxy' => array(
'id' => '-1',
'uuid' => '-1',
'name' => $expectedDescription,
'type' => '-1',
'icon' => '/img/mitre-attack-icon.ico',
'namespace' => 'mitre-attack'
)));
}
$items = array();
$items[] = array(
@ -113,7 +93,7 @@ class GalaxiesController extends AppController
'value' => "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'
);
foreach ($galaxies as $galaxy) {
if ($galaxy['Galaxy']['id'] != -1) {
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
$items[] = array(
'name' => h($galaxy['Galaxy']['name']),
'value' => "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'],
@ -123,13 +103,17 @@ class GalaxiesController extends AppController
'infoExtra' => $galaxy['Galaxy']['description'],
)
);
} else { // attackMatrix
$items[] = array(
} else { // should use matrix instead
$param = array(
'name' => $galaxy['Galaxy']['name'],
'functionName' => "getMitreMatrixPopup('" . $target_type . "', '" . $target_id . "')",
'functionName' => "getMatrixPopup('" . $target_type . "', '" . $target_id . "', " . $galaxy['Galaxy']['id'] . ")",
'isPill' => true,
'img' => "/img/mitre-attack-icon.ico",
'isMatrix' => true
);
if ($galaxy['Galaxy']['id'] == $mitreAttackGalaxyId) {
$param['img'] = "/img/mitre-attack-icon.ico";
}
$items[] = $param;
}
}

2
app/Controller/GalaxyClustersController.php
View File

@ -143,6 +143,8 @@ class GalaxyClustersController extends AppController
$cluster['GalaxyCluster']['tag_count'] = count($tag['EventTag']);
$cluster['GalaxyCluster']['tag_id'] = $tag['Tag']['id'];
}
} else {
throw new NotFoundException('Cluster not found.');
}
if ($this->_isRest()) {
$cluster['GalaxyCluster']['Galaxy'] = $cluster['Galaxy'];

30
app/Controller/UsersController.php
View File

@ -1859,14 +1859,17 @@ class UsersController extends AppController
{
$this->loadModel('Event');
$this->loadModel('Galaxy');
$attackTacticData = $this->Galaxy->getMitreAttackMatrix();
$attackTactic = $attackTacticData['attackTactic'];
$attackTags = $attackTacticData['attackTags'];
$killChainOrders = $attackTacticData['killChain'];
$instanceUUID = $attackTacticData['instance-uuid'];
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores(0, $attackTags);
$scoresDataEvent = $this->Event->EventTag->getTagScores(0, $attackTags);
$galaxy_id = $this->Galaxy->getMitreAttackGalaxyId();
$matrixData = $this->Galaxy->getMatrix($galaxy_id);
$tabs = $matrixData['tabs'];
$matrixTags = $matrixData['matrixTags'];
$killChainOrders = $matrixData['killChain'];
$instanceUUID = $matrixData['instance-uuid'];
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores(0, $matrixTags);
$scoresDataEvent = $this->Event->EventTag->getTagScores(0, $matrixTags);
$scoresData = array();
foreach (array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
@ -1875,7 +1878,7 @@ class UsersController extends AppController
$scores = $scoresData;
if ($this->_isRest()) {
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
$json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
return $this->RestResponse->viewData($json, $this->response->type());
} else {
App::uses('ColourGradientTool', 'Tools');
@ -1883,12 +1886,17 @@ class UsersController extends AppController
$colours = $gradientTool->createGradientFromValues($scores);
$this->set('target_type', 'attribute');
$this->set('killChainOrders', $killChainOrders);
$this->set('attackTactic', $attackTactic);
$this->set('columnOrders', $killChainOrders);
$this->set('tabs', $tabs);
$this->set('scores', $scores);
$this->set('maxScore', $maxScore);
$this->set('colours', $colours);
if (!empty($colours)) {
$this->set('colours', $colours['mapping']);
$this->set('interpolation', $colours['interpolation']);
}
$this->set('pickingMode', false);
$this->set('defaultTabName', "mitre-attack");
$this->set('removeTrailling', 2);
$this->render('statistics_attackmatrix');
}

118
app/Lib/Tools/ColourGradientTool.php
View File

@ -1,45 +1,113 @@
<?php
class ColourGradientTool
{
public function createGradient($step)
{
$stepHex = dechex($step);
$minHex = 0x0000FF;
$maxHex = 0xFF0000;
$intervalHex = ($maxHex-$minHex) / $stepHex;
$colours = array();
for ($i=$minHex; $i<$maxHex; $i+=$intervalHex) {
$colours[] = $i;
}
return $colours;
}
// source: https://graphicdesign.stackexchange.com/a/83867
// $values of the form array(item1: val1, item2: val2, ...)
public function createGradientFromValues($items)
{
$starColor = '#0000FF';
$endColor = '#FF0000';
if (count($items) == 0) {
return array();
}
$maxColorHex = 0x0000FF;
$minColorHex = 0xE0E0FF;
$vals = array_values($items);
$maxDec = max($vals);
$minDec = min($vals);
if ($maxDec == $minDec) {
$intervalHex = 0x0;
} else {
$intervalHex = ($maxColorHex - $minColorHex)/($maxDec-$minDec);
}
$interpolation = $this->interpolateColors($starColor, $endColor, $maxDec+1, true);
$coloursMapping = array();
foreach ($items as $name => $val) {
$ratio = ($val-$minDec)*($intervalHex);
$colour = $maxDec == $minDec ? $maxColorHex : $ratio + $minColorHex;
$coloursMapping[$name] = '#' . str_pad(dechex($colour), 6, '0', STR_PAD_LEFT);
$color = $interpolation[$val];
$coloursMapping[$name] = '#' . str_pad(dechex($color[0]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($color[1]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($color[2]), 2, '0', STR_PAD_LEFT);
}
return array('mapping' => $coloursMapping, 'interpolation' => $interpolation);
}
private function hue2rgb($p, $q, $t) {
if ($t < 0) $t += 1;
if ($t > 1) $t -= 1;
if ($t < 1/6) return $p + ($q - $p) * 6 * $t;
if ($t < 1/2) return $q;
if ($t < 2/3) return $p + ($q - $p) * (2/3 - $t) * 6;
return $p;
}
private function hsl2rgb($color) {
$l = $color[2];
if ($color[1] == 0) {
$l = round($l*255);
return array($l, $l, $l);
} else {
$s = $color[1];
$q = ($l < 0.5 ? $l * (1 + $s) : $l + $s - $l * $s);
$p = 2 * $l - $q;
$r = $this->hue2rgb($p, $q, $color[0] + 1/3);
$g = $this->hue2rgb($p, $q, $color[0]);
$b = $this->hue2rgb($p, $q, $color[0] - 1/3);
return array(round($r*255), round($g*255), round($b*255));
}
return $coloursMapping;
}
private function rgb2hsl($color) {
$r = $color[0]/255;
$g = $color[1]/255;
$b = $color[2]/255;
$arrRGB = array($r, $g, $b);
$max = max($arrRGB);
$min = min($arrRGB);
$h = ($max - $min) / 2;
$s = $h;
$l = $h;
if ($max == $min) {
$s = 0; // achromatic
$h = 0;
} else {
$d = $max - $min;
$s = ($l > 0.5 ? $d / (2 - $max - $min) : $d / ($max + $min) );
if ($max == $r) {
$h = ($g - $b) / $d + ($g < $b ? 6 : 0);
} elseif ($max == $g) {
$h = ($b - $r) / $d + 2;
} elseif ($max == $b) {
$h = ($r - $g) / $d + 4;
}
$h = $h / 6;
return array($h, $s, $l);
}
}
private function interpolateColor($color1, $color2, $factor, $useHSL=false) {
if ($useHSL) {
$hsl1 = $this->rgb2hsl($color1);
$hsl2 = $this->rgb2hsl($color2);
for ($i=0; $i<3; $i++) {
$hsl1[$i] += $factor*($hsl2[$i] - $hsl1[$i]);
}
$result = $this->hsl2rgb($hsl1);
} else {
$result = $color1;
for ($i = 0; $i < 3; $i++) {
$result[$i] = round($result[$i] + $factor * ($color2[$i] - $color1[$i]));
}
}
return $result;
}
public function interpolateColors($hexColor1, $hexColor2, $steps, $useHSL=false) {
$stepFactor = 1 / ($steps - 1);
$interpolatedColorArray = array();
$color1 = sscanf($hexColor1, "#%02x%02x%02x");
$color2 = sscanf($hexColor2, "#%02x%02x%02x");
for($i = 0; $i < $steps; $i++) {
$interpolatedColorArray[$i] = $this->interpolateColor($color1, $color2, $stepFactor * $i, $useHSL);
}
return $interpolatedColorArray;
}
}

5
app/Model/AppModel.php
View File

@ -72,7 +72,7 @@ class AppModel extends Model
7 => false, 8 => false, 9 => false, 10 => false, 11 => false, 12 => false,
13 => false, 14 => false, 15 => false, 18 => false, 19 => false, 20 => false,
21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
27 => false, 28 => false
27 => false, 28 => false, 29 => false
);
public function afterSave($created, $options = array())
@ -1089,6 +1089,9 @@ class AppModel extends Model
case 28:
$sqlArray[] = "ALTER TABLE `servers` ADD `caching_enabled` tinyint(1) NOT NULL DEFAULT 0;";
break;
case 29:
$sqlArray[] = "ALTER TABLE `galaxies` ADD `kill_chain_order` text NOT NULL;";
break;
case 'fixNonEmptySharingGroupID':
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';

166
app/Model/Galaxy.php
View File

@ -20,6 +20,14 @@ class Galaxy extends AppModel
public function beforeValidate($options = array())
{
parent::beforeValidate();
if (isset($this->data['Galaxy']['kill_chain_order'])) {
$json = json_encode($this->data['Galaxy']['kill_chain_order']);
if ($json !== null) {
$this->data['Galaxy']['kill_chain_order'] = $json;
} else {
unset($this->data['Galaxy']['kill_chain_order']);
}
}
return true;
}
@ -28,6 +36,18 @@ class Galaxy extends AppModel
$this->GalaxyCluster->deleteAll(array('GalaxyCluster.galaxy_id' => $this->id));
}
public function afterFind($results, $primary = false)
{
foreach ($results as $k => $v) {
if (isset($v['Galaxy']['kill_chain_order']) && $v['Galaxy']['kill_chain_order'] !== '') {
$results[$k]['Galaxy']['kill_chain_order'] = json_decode($v['Galaxy']['kill_chain_order'], true);
} else {
unset($results[$k]['Galaxy']['kill_chain_order']);
}
}
return $results;
}
private function __load_galaxies($force = false)
{
$dir = new Folder(APP . 'files' . DS . 'misp-galaxy' . DS . 'galaxies');
@ -39,7 +59,7 @@ class Galaxy extends AppModel
$file->close();
}
$galaxyTypes = array();
foreach ($galaxies as $galaxy) {
foreach ($galaxies as $i => $galaxy) {
$galaxyTypes[$galaxy['type']] = $galaxy['type'];
}
$temp = $this->find('all', array(
@ -353,81 +373,24 @@ class Galaxy extends AppModel
}
}
public function getMitreAttackGalaxyId($type="mitre-enterprise-attack-attack-pattern")
public function getMitreAttackGalaxyId($type="mitre-attack-pattern", $namespace="mitre-attack")
{
$galaxy = $this->find('first', array(
'recursive' => -1,
'fields' => 'id',
'conditions' => array('Galaxy.type' => $type),
'conditions' => array('Galaxy.type' => $type, 'Galaxy.namespace' => $namespace),
));
return empty($galaxy) ? 0 : $galaxy['Galaxy']['id'];
}
public function getMitreAttackMatrix()
public function getMatrix($galaxy_id)
{
$killChainOrderEnterprise = array(
'initial-access',
'execution',
'persistence',
'privilege-escalation',
'defense-evasion',
'credential-access',
'discovery',
'lateral-movement',
'collection',
'exfiltration',
'command-and-control'
);
$killChainOrderMobile = array(
'persistence',
'privilege-escalation',
'defense-evasion',
'credential-access',
'discovery',
'lateral-movement',
'effects', 'collection',
'exfiltration',
'command-and-control',
'general-network-based',
'cellular-network-based',
'could-based'
);
$killChainOrderPre = array(
'priority-definition-planning',
'priority-definition-direction',
'target-selection',
'technical-information-gathering',
'people-information-gathering',
'organizational-information-gathering',
'technical-weakness-identification',
'people-weakness-identification',
'organizational-weakness-identification',
'adversary-opsec',
'establish-&-maintain-infrastructure',
'persona-development',
'build-capabilities',
'test-capabilities',
'stage-capabilities',
'app-delivery-via-authorized-app-store',
'app-delivery-via-other-means',
'exploit-via-cellular-network',
'exploit-via-internet',
);
$killChainOrders = array(
'mitre-enterprise-attack-attack-pattern' => $killChainOrderEnterprise,
'mitre-mobile-attack-attack-pattern' => $killChainOrderMobile,
'mitre-pre-attack-attack-pattern' => $killChainOrderPre,
);
$expectedDescription = 'ATT&CK Tactic';
$expectedNamespace = 'mitre-attack';
$conditions = array('Galaxy.description' => $expectedDescription, 'Galaxy.namespace' => $expectedNamespace);
$conditions = array('Galaxy.id' => $galaxy_id);
$contains = array(
'GalaxyCluster' => array('GalaxyElement'),
);
$galaxies = $this->find('all', array(
$galaxy = $this->find('first', array(
'recursive' => -1,
'contain' => $contains,
'conditions' => $conditions,
@ -435,45 +398,60 @@ class Galaxy extends AppModel
$mispUUID = Configure::read('MISP')['uuid'];
$attackTactic = array(
'killChain' => $killChainOrders,
'attackTactic' => array(),
'attackTags' => array(),
'instance-uuid' => $mispUUID
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
throw new Exception(__("Galaxy cannot be represented as a matrix"));
}
$matrixData = array(
'killChain' => $galaxy['Galaxy']['kill_chain_order'],
'tabs' => array(),
'matrixTags' => array(),
'instance-uuid' => $mispUUID,
'galaxy' => $galaxy['Galaxy']
);
foreach ($galaxies as $galaxy) {
$galaxyType = $galaxy['Galaxy']['type'];
$clusters = $galaxy['GalaxyCluster'];
$attackClusters = array();
// add cluster if kill_chain is present
foreach ($clusters as $cluster) {
if (empty($cluster['GalaxyElement'])) {
continue;
$clusters = $galaxy['GalaxyCluster'];
$cols = array();
foreach ($clusters as $cluster) {
if (empty($cluster['GalaxyElement'])) {
continue;
}
$toBeAdded = false;
$clusterType = $cluster['type'];
$galaxyElements = $cluster['GalaxyElement'];
foreach ($galaxyElements as $element) {
// add cluster if kill_chain is present
if ($element['key'] == 'kill_chain') {
$kc = explode(":", $element['value']);
$galaxyType = $kc[0];
$kc = $kc[1];
$cols[$galaxyType][$kc][] = $cluster;
$toBeAdded = true;
}
$toBeAdded = false;
$clusterType = $cluster['type'];
$galaxyElements = $cluster['GalaxyElement'];
foreach ($galaxyElements as $element) {
if ($element['key'] == 'kill_chain') {
$kc = explode(":", $element['value'])[2];
$attackClusters[$kc][] = $cluster;
$toBeAdded = true;
}
if ($element['key'] == 'external_id') {
$cluster['external_id'] = $element['value'];
}
if ($element['key'] == 'external_id') {
$cluster['external_id'] = $element['value'];
}
if ($toBeAdded) {
array_push($attackTactic['attackTags'], $cluster['tag_name']);
array_push($matrixData['matrixTags'], $cluster['tag_name']);
}
}
$attackTactic['attackTactic'][$galaxyType] = array(
'clusters' => $attackClusters,
'galaxy' => $galaxy['Galaxy'],
);
}
$matrixData['tabs'] = $cols;
foreach ($matrixData['tabs'] as $k => $v) {
foreach ($matrixData['tabs'][$k] as $kc => $v2) {
// sort clusters in the kill chains
usort(
$matrixData['tabs'][$k][$kc],
function($a, $b) {
return strcmp($a['value'], $b['value']);
}
);
}
}
return $attackTactic;
return $matrixData;
}
}

18
app/Model/Server.php
View File

@ -1105,6 +1105,24 @@ class Server extends AppModel
'test' => 'testBoolFalse',
'type' => 'boolean',
'null' => true
),
'allow_cors' => array(
'level' => 1,
'description' => __('Allow cross-origin requests to this instance, matching origins given in Security.cors_origins. Set to false to totally disable'),
'value' => false,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => true
),
'cors_origins' => array(
'level' => 1,
'description' => __('Set the origins from which MISP will allow cross-origin requests. Useful for external integration. Comma seperate if you need more than one.'),
'value' => '',
'errorMessage' => '',
'test' => 'testForEmpty',
'type' => 'string',
'null' => true
)
),
'SecureAuth' => array(

0
app/View/Elements/genericElements/GlobalMenu/global_menu_group.ctp Normal file
View File

45
app/View/Elements/genericElements/GlobalMenu/global_menu_root.ctp Normal file
View File

@ -0,0 +1,45 @@
<?php
/*
* This template creates a root element in the menu and serves as the composition engine for its contents
* Passed elements can either be a dropdown element (if it has children) or a simple button (if not)
* the format is as described:
* array(
* 'url' => 'url, if the root itself should be clickable',
* 'text' => 'The text displayed on the button (sanitised here)',
* 'html' => 'directly pass HTML (such as an image) as the display for the button (has to be sanitised elsewhere).
* The HTML option always prepends the text and both are displayed if set.',
* 'requirement' => 'the conditions under which this element should be displayed',
* 'children' => 'A list containing one array for each element. Element can be either a single element or an expandable group
The format of the arrays is described in global_menu_single and global_menu_group.'
* )
*/
if (!isset($data['requirement']) || $data['requirement']) {
if (empty($data['url'])) {
$data['url'] = '#';
} else if (strpos($data['url'], '://') !== null) {
$data['url'] = h($data['url']);
} else {
$data['url'] = $baseurl . h($data['url']);
}
$children = '';
if (!empty($data['children'])) {
$child_data = '';
foreach ($data['children'] as $child) {
$child_data .= $this->element('/genericElements/GlobalMenu/global_menu_' . (empty($child['type']) ? 'single' : $child['type']), array('data' => $child));
}
$children = sprintf(
'<ul class="dropdown-menu">%s</ul>',
$child_data
);
}
echo (sprintf(
'<li %s><a href="%s" %s>%s%s</a>%s</li>',
(empty($data['children']) ? '' : 'class="dropdown"'),
(empty($data['url']) ? '#' : h($data['url'])),
(empty($data['children']) ? '' : 'class="dropdown-toggle" data-toggle="dropdown"'),
(empty($data['html']) ? '' : $data['html']),
(empty($data['text']) ? '' : h($data['text'])),
$children
));
}
?>

1
app/View/Elements/genericElements/GlobalMenu/global_menu_separator.ctp Normal file
View File

@ -0,0 +1 @@
<li class="divider"></li>

28
app/View/Elements/genericElements/GlobalMenu/global_menu_single.ctp Normal file
View File

@ -0,0 +1,28 @@
<?php
/*
* This template creates a single entry within a menu group
* The accepted objects are as follows:
* array(
* 'url' => 'url, if the root itself should be clickable',
* 'text' => 'The text displayed on the button (sanitised here)',
* 'requirement' => 'the conditions under which this element should be displayed',
* 'html' => 'directly pass HTML (such as an image) as the display for the button (has to be sanitised elsewhere).
* The HTML option always prepends the text and both are displayed if set.'
* )
*/
if (!isset($data['requirement']) || $data['requirement']) {
if (empty($data['url'])) {
$data['url'] = '#';
} else if (strpos($data['url'], '://') !== null) {
$data['url'] = h($data['url']);
} else {
$data['url'] = $baseurl . h($data['url']);
}
echo sprintf(
'<li><a href="%s">%s%s</a></li>',
$data['url'],
(empty($data['html']) ? '' : h($data['html'])),
(empty($data['text']) ? '' : h($data['text']))
);
}
?>

18
app/View/Elements/genericElements/GlobalMenu/global_menu_status.ctp Normal file
View File

@ -0,0 +1,18 @@
<li>
<a href="<?php echo $baseurl;?>/" id="smallLogo" style="font-weight:bold;">
<span class="logoBlueStatic">MISP</span>
</a>
</li>
<li>
<a href="<?php echo $baseurl;?>/users/view/me" class="white" style="padding-left:0px;padding-right:5px;" title="<?php echo h($me['email']);?>"><?php echo $loggedInUserName;?></a>
</li>
<li>
<a href="<?php echo $baseurl;?>/users/dashboard" style="padding-left:0px;padding-right:0px;">
<span class="notification-<?php echo ($notifications['total'] > 0) ? 'active' : 'passive';?>"><span style="float:left;margin-top:3px;margin-right:3px;margin-left:3px;" class="icon-envelope icon-white" title="<?php echo __('Dashboard');?>" role="button" tabindex="0" aria-label="<?php echo __('Dashboard');?>"></span></span>
</a>
</li>
<?php if (!$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')): ?>
<li><a href="<?php echo $baseurl;?>/users/logout"><?php echo __('Log out');?></a></li>
<?php elseif (Configure::read('Plugin.CustomAuth_custom_logout')): ?>
<li><a href="<?php echo h(Configure::read('Plugin.CustomAuth_custom_logout'));?>"><?php echo __('Log out');?></a></li>
<?php endif; ?>

10
app/View/Elements/genericElements/SideMenu/side_menu_post_link.ctp
View File

@ -11,11 +11,11 @@
}
}
if (empty($url)) {
$a = 'href="#"';
$a = '';
} else if (strpos($url, '://') !== null) {
$a = 'href="' . h($url) . '"';
$a = h($url);
} else {
$a = 'href="' . $baseurl . h($url) . '"';
$a = $baseurl . h($url);
}
if (!empty($class)) {
$class = 'class="' . h($class) . '"';
@ -24,9 +24,9 @@
}
$post_link = $this->Form->postLink(
__($text),
$a,
$url,
null,
empty($message) ? $message : null
empty($message) ? null : $message
);
echo sprintf('<li %s %s>%s</li>', $element_id, $class, $post_link);
?>

612
app/View/Elements/global_menu.ctp
View File

@ -1,221 +1,395 @@
<div id="topBar" class="navbar-wrapper header <?php echo $debugMode;?>">
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<?php if ($me != false ):?>
<div class="nav-collapse collapse">
<ul class="nav">
<?php
$logo = 'Home';
if (Configure::read('MISP.home_logo')) $logo = '<img src="' . $baseurl . '/img/custom/' . Configure::read('MISP.home_logo') . '" style="height:24px;">';
?>
<li><a href="<?php echo !empty($baseurl) ? $baseurl : '/';?>" style="color:white"><?php echo $logo; ?></a></li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Event Actions');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="<?php echo $baseurl;?>/events/index"><?php echo __('List Events');?></a></li>
<?php if ($isAclAdd): ?>
<li><a href="<?php echo $baseurl;?>/events/add"><?php echo __('Add Event');?></a></li>
<?php endif; ?>
<li><a href="<?php echo $baseurl;?>/attributes/index"><?php echo __('List Attributes');?></a></li>
<li><a href="<?php echo $baseurl;?>/attributes/search"><?php echo __('Search Attributes');?></a></li>
<li><a href="<?php echo $baseurl;?>/servers/rest"><?php echo __('REST client');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/shadow_attributes/index"><?php echo __('View Proposals');?></a></li>
<li><a href="<?php echo $baseurl;?>/events/proposalEventIndex"><?php echo __('Events with proposals');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/tags/index"><?php echo __('List Tags');?></a></li>
<li><a href="<?php echo $baseurl;?>/tag_collections/index"><?php echo __('List Tag Collections');?></a></li>
<?php if ($isAclTagEditor): ?>
<li><a href="<?php echo $baseurl;?>/tags/add"><?php echo __('Add Tag');?></a></li>
<?php endif; ?>
<li><a href="<?php echo $baseurl;?>/taxonomies/index"><?php echo __('List Taxonomies');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/templates/index"><?php echo __('List Templates');?></a></li>
<?php if ($isAclTemplate): ?>
<li><a href="<?php echo $baseurl;?>/templates/add"><?php echo __('Add Template');?></a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/events/export"><?php echo __('Export');?></a></li>
<?php if ($isAclAuth): ?>
<li><a href="<?php echo $baseurl;?>/events/automation"><?php echo __('Automation');?></a></li>
<?php endif;?>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Galaxies');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="<?php echo $baseurl;?>/galaxies/index"><?php echo __('List Galaxies');?></a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Input Filters');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<?php if ($isAclRegexp): ?>
<li><a href="<?php echo $baseurl;?>/admin/regexp/index"><?php echo __('Import Regexp');?></a></li>
<li><a href="<?php echo $baseurl;?>/admin/whitelists/index"><?php echo __('Signature Whitelist');?></a></li>
<?php endif;?>
<?php if (!$isAclRegexp): ?>
<li><a href="<?php echo $baseurl;?>/regexp/index"><?php echo __('Import Regexp');?></a></li>
<li><a href="<?php echo $baseurl;?>/whitelists/index"><?php echo __('Signature Whitelist');?></a></li>
<?php endif;?>
<li><a href="<?php echo $baseurl;?>/warninglists/index"><?php echo __('List Warninglists');?></a></li>
<li><a href="<?php echo $baseurl;?>/noticelists/index"><?php echo __('List Noticelists');?></a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Global Actions');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="<?php echo $baseurl;?>/news"><?php echo __('News');?></a></li>
<li><a href="<?php echo $baseurl;?>/users/view/me"><?php echo __('My Profile');?></a></li>
<li><a href="<?php echo $baseurl;?>/users/dashboard"><?php echo __('Dashboard');?></a></li>
<?php
if ($isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))):
?>
<li><a href="<?php echo $baseurl;?>/organisations/index"><?php echo __('Organisations');?></a></li>
<?php
endif;
?>
<li><a href="<?php echo $baseurl;?>/roles/index"><?php echo __('Role Permissions');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/objectTemplates/index"><?php echo __('List Object Templates');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/sharing_groups/index"><?php echo __('List Sharing Groups');?></a></li>
<?php if ($isAclSharingGroup): ?>
<li><a href="<?php echo $baseurl;?>/sharing_groups/add"><?php echo __('Add Sharing Group');?></a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="https://www.circl.lu/doc/misp/" target="_blank"><?php echo __('User Guide');?></a></li>
<li><a href="<?php echo $baseurl;?>/pages/display/doc/categories_and_types"><?php echo __('Categories & Types');?></a></li>
<li><a href="<?php echo $baseurl;?>/users/terms"><?php echo __('Terms &amp; Conditions');?></a></li>
<li><a href="<?php echo $baseurl;?>/users/statistics"><?php echo __('Statistics');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/threads/index"><?php echo __('List Discussions');?></a></li>
<li><a href="<?php echo $baseurl;?>/posts/add"><?php echo __('Start Discussion');?></a></li>
</ul>
</li>
<?php if ($isAclSync || $isAdmin || $hostOrgUser): ?>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Sync Actions');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<?php if ($isAclSync || $isAdmin): ?>
<li><a href="<?php echo $baseurl;?>/servers/index"><?php echo __('List Servers');?></a></li>
<?php endif; ?>
<?php if ($isSiteAdmin || $hostOrgUser): ?>
<li><a href="<?php echo $baseurl;?>/feeds/index"><?php echo __('List Feeds');?></a></li>
<?php endif;?>
</ul>
</li>
<?php endif;?>
<?php if ($isAdmin || $isSiteAdmin): ?>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Administration');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="<?php echo $baseurl;?>/admin/users/index"><?php echo __('List Users');?></a></li>
<li><a href="<?php echo $baseurl;?>/admin/users/add"><?php echo __('Add User');?></a></li>
<li><a href="<?php echo $baseurl;?>/admin/users/email"><?php echo __('Contact Users');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/organisations/index"><?php echo __('List Organisations');?></a></li>
<?php if ($isSiteAdmin): ?>
<li><a href="<?php echo $baseurl;?>/admin/organisations/add"><?php echo __('Add Organisation');?></a></li>
<?php endif;?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/admin/roles/index"><?php echo __('List Roles');?></a></li>
<?php if ($isSiteAdmin): ?>
<li><a href="<?php echo $baseurl;?>/admin/roles/add"><?php echo __('Add Role');?></a></li>
<?php endif; ?>
<?php if ($isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/servers/serverSettings"><?php echo __('Server Settings');?> &<br /><?php echo __('Maintenance');?></a></li>
<?php if (Configure::read('MISP.background_jobs')): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/jobs/index"><?php echo __('Jobs');?></a></li>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/tasks"><?php echo __('Scheduled Tasks');?></a></li>
<?php endif; ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/eventBlacklists/add"><?php echo __('Blacklist Event');?></a></li>
<li><a href="<?php echo $baseurl;?>/eventBlacklists"><?php echo __('Manage Event Blacklists');?></a></li>
<?php endif; ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/orgBlacklists/add"><?php echo __('Blacklist Organisation');?></a></li>
<li><a href="<?php echo $baseurl;?>/orgBlacklists"><?php echo __('Manage Org Blacklists');?></a></li>
<?php endif; ?>
<?php endif; ?>
</ul>
</li>
<?php endif; ?>
<?php if ($isAclAudit): ?>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<?php echo __('Audit');?>
<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="<?php echo $baseurl;?>/admin/logs/index"><?php echo __('List Logs');?></a></li>
<li><a href="<?php echo $baseurl;?>/admin/logs/search"><?php echo __('Search Logs');?></a></li>
</ul>
</li>
<?php endif;?>
</ul>
</div>
<div class="nav-collapse collapse pull-right">
<ul class="nav">
<li>
<a href="<?php echo $baseurl;?>/" id="smallLogo" style="font-weight:bold;">
<span class="logoBlueStatic">MISP</span>
</a>
</li>
<li>
<a href="<?php echo $baseurl;?>/users/view/me" class="white" style="padding-left:0px;padding-right:5px;" title="<?php echo h($me['email']);?>"><?php echo $loggedInUserName;?></a>
</li>
<li>
<a href="<?php echo $baseurl;?>/users/dashboard" style="padding-left:0px;padding-right:0px;">
<span class="notification-<?php echo ($notifications['total'] > 0) ? 'active' : 'passive';?>"><span style="float:left;margin-top:3px;margin-right:3px;margin-left:3px;" class="icon-envelope icon-white" title="<?php echo __('Dashboard');?>" role="button" tabindex="0" aria-label="<?php echo __('Dashboard');?>"></span></span>
</a>
</li>
<?php if (!$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')): ?>
<li><a href="<?php echo $baseurl;?>/users/logout"><?php echo __('Log out');?></a></li>
<?php elseif (Configure::read('Plugin.CustomAuth_custom_logout')): ?>
<li><a href="<?php echo h(Configure::read('Plugin.CustomAuth_custom_logout'));?>"><?php echo __('Log out');?></a></li>
<?php endif; ?>
</ul>
</div>
<?php endif;?>
</div>
</div>
<?php
if (!empty($me)) {
$menu = array(
array(
'type' => 'root',
'url' => $baseurl . '/',
'html' => (Configure::read('MISP.home_logo') ? $logo = '<img src="' . $baseurl . '/img/custom/' . Configure::read('MISP.home_logo') . '" style="height:24px;">' : 'Home')
),
array(
'type' => 'root',
'text' => __('Event Actions'),
'children' => array(
array(
'text' => __('List Events'),
'url' => '/events/index'
),
array(
'text' => __('Add Event'),
'url' => '/events/add',
'requirement' => $isAclAdd
),
array(
'text' => __('List Attributes'),
'url' => '/attributes/index'
),
array(
'text' => __('Search Attributes'),
'url' => '/attributes/search'
),
array(
'text' => __('REST client'),
'url' => '/servers/rest'
),
array(
'type' => 'separator'
),
array(
'text' => __('View Proposals'),
'url' => '/shadow_attributes/index'
),
array(
'text' => __('Events with proposals'),
'url' => '/events/proposalEventIndex'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Tags'),
'url' => 'tags/index'
),
array(
'text' => __('List Tag Collections'),
'url' => '/tag_collections/index'
),
array(
'text' => __('Add Tag'),
'url' => '/tags/add',
'requirement' => $isAclTagEditor
),
array(
'text' => __('List Taxonomies'),
'url' => '/taxonomies/index'
),
array(
'text' => __('List Templates'),
'url' => '/templates/index'
),
array(
'text' => __('Add Template'),
'url' => '/templates/add',
'requirement' => $isAclTemplate
),
array(
'type' => 'separator'
),
array(
'text' => __('Export'),
'url' => '/events/export'
),
array(
'text' => __('Automation'),
'url' => '/events/automation',
'requirement' => $isAclAuth
)
)
),
array(
'type' => 'root',
'text' => __('Galaxies'),
'url' => '/galaxies/index',
'children' => array(
array(
'text' => __('List Galaxies'),
'url' => '/galaxies/index'
)
)
),
array(
'type' => 'root',
'text' => __('Input Filters'),
'children' => array(
array(
'text' => __('Import Regexp'),
'url' => '/admin/regexp/index',
'requirement' => $isAclRegexp
),
array(
'text' => __('Import Regexp'),
'url' => '/regexp/index',
'requirement' => !$isAclRegexp
),
array(
'text' => __('Signature Whitelist'),
'url' => '/admin/whitelists/index',
'requirement' => $isAclRegexp
),
array(
'text' => __('Signature Whitelist'),
'url' => '/whitelists/index',
'requirement' => !$isAclRegexp
),
array(
'text' => __('List Warninglists'),
'url' => '/warninglists/index'
),
array(
'text' => __('List Noticelists'),
'url' => '/noticelists/index'
)
)
),
array(
'type' => 'root',
'text' => __('Global Actions'),
'url' => '/users/dashboard',
'children' => array(
array(
'text' => __('News'),
'url' => '/news'
),
array(
'text' => __('My Profile'),
'url' => '/users/view/me'
),
array(
'text' => __('Dashboard'),
'url' => '/users/dashboard'
),
array(
'text' => __('Organisations'),
'url' => '/organisations/index',
'requirement' => $isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))
),
array(
'text' => __('Role Permissions'),
'url' => '/roles/index'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Object Templates'),
'url' => '/objectTemplates/index'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Sharing Groups'),
'url' => '/sharing_groups/index'
),
array(
'text' => __('Add Sharing Group'),
'url' => '/sharing_groups/add',
'requirement' => $isAclSharingGroup
),
array(
'type' => 'separator'
),
array(
'text' => __('User Guide'),
'url' => 'https://www.circl.lu/doc/misp/'
),
array(
'text' => __('Categories & Types'),
'url' => '/pages/display/doc/categories_and_types'
),
array(
'text' => __('Terms &amp; Conditions'),
'url' => '/users/terms'
),
array(
'text' => __('Statistics'),
'url' => '/users/statistics'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Discussions'),
'url' => '/threads/index'
),
array(
'text' => __('Start Discussion'),
'url' => '/posts/add'
)
)
),
array(
'type' => 'root',
'text' => __('Sync Actions'),
'requirement' => ($isAclSync || $isAdmin || $hostOrgUser),
'children' => array(
array(
'text' => __('List Servers'),
'url' => '/servers/index',
'requirement' => ($isAclSync || $isAdmin)
),
array(
'text' => __('List Feeds'),
'url' => '/feeds/index',
'requirement' => ($isSiteAdmin || $hostOrgUser)
)
)
),
array(
'type' => 'root',
'text' => __('Administration'),
'url' => '/servers/serverSettings',
'requirement' => ($isAdmin),
'children' => array(
array(
'text' => __('List Users'),
'url' => '/admin/users/index'
),
array(
'text' => __('Add User'),
'url' => '/admin/users/add'
),
array(
'text' => __('Contact Users'),
'url' => '/admin/users/email'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Organisations'),
'url' => '/organisations/index'
),
array(
'text' => __('Add Organisations'),
'url' => '/admin/organisations/add'
),
array(
'type' => 'separator'
),
array(
'text' => __('List Roles'),
'url' => '/admin/roles/index'
),
array(
'text' => __('Add Roles'),
'url' => '/admin/roles/add',
'requirement' => $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => $isSiteAdmin
),
array(
'text' => __('Server Settings & Maintenance'),
'url' => '/servers/serverSettings',
'requirement' => $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
),
array(
'text' => __('Jobs'),
'url' => '/jobs/index',
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
),
array(
'text' => __('Scheduled Tasks'),
'url' => '/tasks',
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
),
array(
'text' => __('Blacklist Event'),
'url' => '/eventBlacklists/add',
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
),
array(
'text' => __('Manage Event Blacklists'),
'url' => '/eventBlacklists',
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
),
array(
'text' => __('Blacklist Organisation'),
'url' => '/orgBlacklists/add',
'requirement' => Configure::read('MISP.enableOrgBlacklisting') !== false && $isSiteAdmin
),
array(
'text' => __('Manage Org Blacklists'),
'url' => '/orgBlacklists',
'requirement' => Configure::read('MISP.enableOrgBlacklisting') !== false && $isSiteAdmin
),
)
),
array(
'type' => 'root',
'text' => __('Audit'),
'requirement' => ($isAclAudit),
'children' => array(
array(
'text' => __('List Logs'),
'url' => '/admin/logs/index'
),
array(
'text' => __('Search Logs'),
'url' => '/admin/logs/search'
)
)
)
);
$menu_right = array(
array(
'type' => 'root',
'url' => $baseurl . '/',
'html' => '<span class="logoBlueStatic bold" id="smallLogo">MISP</span>'
),
array(
'type' => 'root',
'url' => '/users/dashboard',
'html' => sprintf(
'<span class="white" title="%s">%s&nbsp;&nbsp;&nbsp;%s</span>',
h($me['email']),
h($loggedInUserName),
sprintf(
'<i class="fa fa-envelope %s"></i>',
(($notifications['total'] == 0) ? 'white' : 'red')
)
)
),
array(
'url' => h(Configure::read('Plugin.CustomAuth_custom_logout')),
'text' => __('Log out'),
'requirement' => !$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')
),
array(
'url' => '/users/logout',
'text' => __('Log out'),
'requirement' => (Configure::read('Plugin.CustomAuth_custom_logout'))
)
);
}
?>
<div id="topBar" class="navbar navbar-inverse <?php echo $debugMode;?>">
<div class="navbar-inner">
<ul class="nav">
<?php
if (!empty($menu)) {
foreach ($menu as $root_element) {
echo $this->element('/genericElements/GlobalMenu/global_menu_root', array('data' => $root_element));
}
}
?>
</ul>
<ul class="nav pull-right">
<?php
if (!empty($menu_right)) {
foreach ($menu_right as $root_element) {
echo $this->element('/genericElements/GlobalMenu/global_menu_root', array('data' => $root_element));
}
}
?>
</ul>
</div>
</div>
<input type="hidden" class="keyboardShortcutsConfig" value="/shortcuts/global_menu.json" />

198
app/View/Elements/view_galaxy_matrix.ctp Normal file
View File

@ -0,0 +1,198 @@
<?php
/*
* Matrix Generator
* Params:
Required
--------
- $tabs: Contains the matrix data. Has the format:
{
tab1: {
col1: [
{rowData1}, {rowData2}, ...
],
col2: [
{rowData1}, {rowData2}, ...
]
},
tab2: {}
}
Optional
--------
- $defaultTabName: Set the default active tab. Default value is first tab
- $columnOrders: Defined the order of the column in each tabs. Has the format:
{
tab1: [col1, col2],
tab2: [col1, col2]
}
- $interpolation: The color associated to each value. Has the format: { val1: [r, g, b], val2: [r, g, b] }
- $maxScore:
- $pickingMode: Interactive picking mode, add a form and the chosen input
- $scores: The score associate with either the value or the tag name (if provided)
- $removeTrailling: How much part of the name of the cell should be remove: e.g. $removeTrailling=2 => "abc def ghi", will be: "abc"
- $colours: The colour associated with the tag name (if provided)
*
*
*
*/
?>
<?php
echo $this->Html->script('attack_matrix');
echo $this->Html->css('attack_matrix');
?>
<?php
$clusetersNamesMapping = array(); // used to map name with id for the chosen select
if (isset($interpolation) && !empty($interpolation)) {
foreach ($interpolation as $k => $colArr) {
$col = str_pad(dechex($colArr[0]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($colArr[1]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($colArr[2]), 2, '0', STR_PAD_LEFT);
$interpolation[$k] = '#' . $col;
if ($k == 0) { // force small area on white
$interpolation[$k] .= ' 3%';
}
}
$colorScale = implode($interpolation, ', ');
} else {
$colorScale = 'black';
}
?>
<div class="attack-matrix-options" style="right: initial; background: transparent;">
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
<?php
if (!isset($defaultTabName)) {
reset($tabs);
$defaultTabName = key($tabs); // get first key
}
foreach($tabs as $tabName => $column):
?>
<li class="tactic <?php echo $tabName==$defaultTabName ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($tabName); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($tabName); ?></span></li>
<?php endforeach; ?>
</ul>
</div>
<div class="attack-matrix-options matrix-div-submit">
<span class="btn btn-inverse btn-matrix-submit" role="button" style="padding: 1px 5px !important;font-size: 12px !important;font-weight: bold;"><?php echo __('Submit'); ?></span>
</div>
<div class="attack-matrix-options">
<?php if (isset($interpolation)): ?>
<span id="matrix-heatmap-legend-caret">
<span id="matrix-heatmap-legend-caret-value">0</span>
<span class="fa fa-caret-down"></span>
</span>
<div>
<span>0</span>
<div id="matrix-heatmap-legend" style="background: linear-gradient(to right, white 0%, <?php echo h($colorScale); ?>);"></div>
<span id="matrix-heatmap-maxval"><?php echo h($maxScore); ?></span>
</div>
<?php endif; ?>
<label style="display: inline-block; margin-left: 30px;"><input type="checkbox" id="checkbox_attackMatrix_showAll" checked><span class="fa fa-filter"><?php echo __('Show all');?></span></input></label>
</div>
<?php if (isset($eventId)): ?>
<div class="hidden">
<?php
echo $this->Form->create('Galaxy', array('url' => '/galaxies/attachMultipleClusters/' . (empty($target_id) ? $eventId : $target_id ) . '/' . (empty($target_type) ? 'event' : $target_type), 'style' => 'margin:0px;'));
echo $this->Form->input('target_ids', array('type' => 'text'));
echo $this->Form->end();
?>
</div>
<?php endif; ?>
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
<div class="tab-content">
<?php foreach($tabs as $tabName => $column): ?>
<div class="tab-pane <?php echo $tabName==$defaultTabName ? "active" : ""; ?>" id="tabMatrix-<?php echo h($tabName); ?>">
<div class="header-background"></div>
<div class="fixed-table-container-inner" style="max-height: 670px;">
<table class="table table-condensed matrix-table">
<thead>
<tr>
<?php
foreach($columnOrders[$tabName] as $co):
$name = str_replace("-", " ", $co);
?>
<th>
<?php echo h(ucfirst($name)); ?>
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
</th>
<?php endforeach; ?>
</tr>
</thead>
<tbody style="overflow-y: scroll;">
<?php
$body = '';
$added = false;
$i = 0;
do {
$tr = '<tr>';
$added = false;
foreach($columnOrders[$tabName] as $co) {
if (isset($column[$co][$i])) {
$added = true;
$td = '<td';
$cell = $column[$co][$i];
if (!is_array($cell)) {
$cell = array('value' => $cell);
}
$value = isset($cell['value']) ? $cell['value'] : 0;
if (isset($removeTrailling) && $removeTrailling > 0) {
$name = explode(" ", $value);
$name = join(" ", array_slice($name, 0, -$removeTrailling)); // remove " - external_id"
} else {
$name = $value;
}
$tagName = isset($cell['tag_name']) ? $cell['tag_name'] : $name;
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
$clusterId = isset($cell['id']) ? $cell['id'] : $name;
$externalId = isset($cell['external_id']) ? $cell['external_id'] : '';
$clusetersNamesMapping[$clusterId] = $name . ($externalId !== '' ? ' (' . $externalId. ')' : '');
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
$td .= ' data-score="'.h($score).'"';
$td .= ' data-tag_name="'.h($tagName).'"';
$td .= ' data-cluster-id="'.h($clusterId).'"';
if ($pickingMode) {
$td .= ' data-target-type="attribute"';
$td .= ' data-target-id="'.h($target_id).'"';
}
$td .= ' title="'.h($externalId).'"';
$td .= '>' . h($name);
} else { // empty cell
$td = '<td style="border: none;">';
}
$td .= '</td>';
$tr .= $td;
}
$tr .= '</tr>';
$body .= $tr;
$i++;
} while($added);
echo $body;
?>
</tbody>
</table>
</div>
</div>
<?php endforeach; ?>
</div>
</div>
<?php if($pickingMode): ?>
<div style="padding: 5px;">
<select id="attack-matrix-chosen-select" style="width: 100%; margin: 0px;" multiple>
<?php
foreach ($clusetersNamesMapping as $clusterId => $clusterName) {
echo '<option value=' . h($clusterId) .'>' . h($clusterName) . '</option>';
}
?>
</select>
</div>
<div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm('#popover_form_large');"><?php echo __('Cancel'); ?></div>
<?php endif; ?>

134
app/View/Elements/view_mitre_attack_matrix.ctp
View File

@ -1,134 +0,0 @@
<?php
$clusetersNamesMapping = array(); // used to map name with id for the chosen select
?>
<div class="attack-matrix-options" style="right: initial; background: transparent;">
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
<?php
$enterpriseTag = "mitre-enterprise-attack-attack-pattern";
foreach($attackTactic as $tactic):
$galaxy = $tactic['galaxy'];
?>
<li class="tactic <?php echo $galaxy['type']==$enterpriseTag ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($galaxy['type']); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($galaxy['name']); ?></span></li>
<?php endforeach; ?>
</ul>
</div>
<div class="attack-matrix-options matrix-div-submit">
<span class="btn btn-inverse btn-matrix-submit" role="button" style="padding: 1px 5px !important;font-size: 12px !important;font-weight: bold;"><?php echo __('Submit'); ?></span>
</div>
<div class="attack-matrix-options">
<span id="matrix-heatmap-legend-caret">
<span id="matrix-heatmap-legend-caret-value">0</span>
<span class="fa fa-caret-down"></span>
</span>
<div>
<span>0</span>
<div id="matrix-heatmap-legend"></div>
<span id="matrix-heatmap-maxval"><?php echo h($maxScore); ?></span>
</div>
<label style="display: inline-block; margin-left: 30px;"><input type="checkbox" id="checkbox_attackMatrix_showAll" checked><span class="fa fa-filter"><?php echo __('Show all');?></span></input></label>
</div>
<div class="hidden">
<?php
echo $this->Form->create('Galaxy', array('url' => '/galaxies/attachMultipleClusters/' . (empty($target_id) ? $eventId : $target_id ) . '/' . (empty($target_type) ? 'event' : $target_type), 'style' => 'margin:0px;'));
echo $this->Form->input('target_ids', array('type' => 'text'));
echo $this->Form->end();
?>
</div>
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
<div class="tab-content">
<?php foreach($attackTactic as $galaxy):
$galaxyType = $galaxy['galaxy']['type'];
?>
<div class="tab-pane <?php echo $galaxyType==$enterpriseTag ? "active" : ""; ?>" id="tabMatrix-<?php echo h($galaxyType); ?>">
<div class="header-background"></div>
<div class="fixed-table-container-inner" style="max-height: 670px;">
<table class="table table-condensed matrix-table">
<thead>
<tr>
<?php
foreach($killChainOrders[$galaxyType] as $kc):
$name = str_replace("-", " ", $kc);
?>
<th>
<?php echo h(ucfirst($name)); ?>
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
</th>
<?php endforeach; ?>
</tr>
</thead>
<tbody style="overflow-y: scroll;">
<?php
$added = false;
$i = 0;
do {
$added = false;
echo '<tr>';
$killChainOrder = $killChainOrders[$galaxyType];
$attackClusters = $galaxy['clusters'];
foreach($killChainOrder as $kc) {
if(!isset($attackClusters[$kc])) { // undefined index
$td = '<td class="">';
} else {
$clusters = $attackClusters[$kc];
$td = '<td ';
if ($i < count($clusters)) {
$clusterId = $clusters[$i]['id'];
$tagName = $clusters[$i]['tag_name'];
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
$name = join(" ", array_slice(explode(" ", $clusters[$i]['value']), 0, -2)); // remove " - external_id"
$clusetersNamesMapping[$clusterId] = $name;
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
$td .= ' data-score="'.h($score).'"';
$td .= ' data-tag_name="'.h($tagName).'"';
$td .= ' data-cluster-id="'.h($clusterId).'"';
if ($pickingMode) {
$td .= ' data-target-type="attribute"';
$td .= ' data-target-id="'.h($target_id).'"';
}
$td .= ' title="'.h($clusters[$i]['external_id']).'"';
$td .= '>' . h($name);
$added = true;
} else {
$td .= 'class="">';
}
}
$td .= '</td>';
echo $td;
}
echo '</tr>';
$i++;
} while($added);
?>
</tbody>
</table>
</div>
</div>
<?php endforeach; ?>
</div>
</div>
<?php if($pickingMode): ?>
<div style="padding: 5px;">
<select id="attack-matrix-chosen-select" style="width: 100%; margin: 0px;" multiple>
<?php
foreach ($clusetersNamesMapping as $clusterId => $clusterName) {
echo '<option value=' . h($clusterId) .'>' . h($clusterName) . '</option>';
}
?>
</select>
</div>
<div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm('#popover_form_large');"><?php echo __('Cancel'); ?></div>
<?php endif; ?>
<?php
echo $this->Html->script('bootstrap-typeahead');
echo $this->Html->script('attack_matrix');
echo $this->Html->css('attack_matrix');
?>

5
app/View/Events/view.ctp
View File

@ -38,6 +38,7 @@
echo $this->Html->script('moment-with-locales');
echo $this->Html->css('query-builder.default');
echo $this->Html->script('query-builder');
echo $this->Html->css('attack_matrix');
?>
<div class="events view">
<?php
@ -217,7 +218,7 @@
'<a href="%s/events/view/%s%s"><span class="icon-refresh"></span></a>',
$baseurl,
$event['Event']['id'],
$extended ? '' : '/extended:1'
($extended ? '' : '/extended:1')
)
)
);
@ -500,7 +501,7 @@ function enable_correlation_graph() {
}
function enable_attack_matrix() {
$.get("/events/viewMitreAttackMatrix/<?php echo h($event['Event']['id']); ?>/event/1", function(data) {
$.get("/events/viewGalaxyMatrix/<?php echo h($event['Event']['id']); ?>/<?php echo h($mitreAttackGalaxyId); ?>/event/1", function(data) {
$("#attackmatrix_div").html(data);
});
}

12
app/View/Galaxies/view.ctp
View File

@ -23,6 +23,14 @@
<dd><?php echo h($galaxy['Galaxy']['version']); ?></dd>
</dl>
<?php
$kco = '';
if (isset($galaxy['Galaxy']['kill_chain_order'])) {
$kco = '<strong>' . __('Kill chain order') . '</strong> <span class="useCursorPointer fa fa-expand" onclick="$(\'#killChainOrder\').toggle(\'blind\')"></span>';
$kco .= '<div id="killChainOrder" class="hidden" style="border: 1px solid #000; border-radius: 5px; padding: 3px; background: #f4f4f4; margin-left: 20px;">' . json_encode($galaxy['Galaxy']['kill_chain_order']) . '</div>';
}
echo $kco;
?>
</div>
</div>
<div id="clusters_div"></div>
@ -36,5 +44,9 @@ $(document).ready(function () {
$.get("<?php echo $uri;?>", function(data) {
$("#clusters_div").html(data);
});
var $kco = $('#killChainOrder');
var j = syntaxHighlightJson($kco.text(), 8)
$kco.html(j);
});
</script>

4
app/View/Helper/GenericPickerHelper.php
View File

@ -86,6 +86,10 @@ class GenericPickerHelper extends AppHelper {
if (isset($param['template']['infoExtra'])) {
$pill_html .= $this->_View->element('genericPickerElements/info_extra', array('infoExtra' => $param['template']['infoExtra'], 'forceIcon' => true));
}
if (isset($param['isMatrix']) && $param['isMatrix']) {
$span = '<span style="position: absolute; font-size: 8px; top: 2px;" class="fa fa-th" title="' . __('Start the galaxy matrix picker') . '"></span>';
$pill_html .= $span;
}
$pill_html .= '</a>';
$pill_html .= '</li>';
return $pill_html;

6
app/View/SharingGroups/index.ctp
View File

@ -42,8 +42,10 @@ foreach ($sharingGroups as $k => $sharingGroup):
$combined .= "Organisations:";
if (count($sharingGroup['SharingGroupOrg']) == 0) $combined .= "<br />N/A";
foreach ($sharingGroup['SharingGroupOrg'] as $k2 => $sge) {
$combined .= "<br /><a href='/Organisation/view/" . h($sge['Organisation']['id']) . "'>" . h($sge['Organisation']['name']) . "</a>";
if ($sge['extend']) $combined .= (' (can extend)');
if (!empty($sge['Organisation'])) {
$combined .= "<br /><a href='/Organisation/view/" . h($sge['Organisation']['id']) . "'>" . h($sge['Organisation']['name']) . "</a>";
if ($sge['extend']) $combined .= (' (can extend)');
}
}
$combined .= "<hr style='margin:5px 0;'><br />Instances:";
if (count($sharingGroup['SharingGroupServer']) == 0) $combined .= "<br />N/A";

4
app/View/Users/statistics_attackmatrix.ctp
View File

@ -7,10 +7,10 @@
<div id="attackmatrix_div" style="position: relative; border: solid 1px;" class="statistics_attack_matrix">
<?php
echo $this->element('view_mitre_attack_matrix');
echo $this->element('view_galaxy_matrix');
?>
</div>
</div>
<?php

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit b9f13179412b0a6d944ef33493f36c2a49a63706
Subproject commit 9ad8a76a38f8f111b856058759714caf559573cc

2
app/files/misp-objects

@ -1 +1 @@
Subproject commit f9bb8bfa9bfe0eb3813df4dc5efa355bece53ce7
Subproject commit 08798f12623f5291f6743856c221a8c2c13cc778

8
app/webroot/css/attack_matrix.css
View File

@ -1,11 +1,11 @@
.matrix-table td {
border-top: none;
border: 1px solid #e2e2e2;
}
.matrix-table th {
padding: 0px 5px;
color: transparent;
line-height: 12px;
line-height: 0px;
}
.matrix-table thead > tr {
@ -17,6 +17,9 @@
.matrix-table tbody {
/*height: 670px;*/
overflow-y: scroll;
/* display: inline-block;
position: relative; */
top: -23px;
}
table.matrix-table {
@ -102,7 +105,6 @@ div.th-inner {
#matrix-heatmap-legend {
width: 300px;
height: 10px;
background: linear-gradient(to right, white, #0000FF);
}
.attack-matrix-options div {

16
app/webroot/css/main.css
View File

@ -907,6 +907,7 @@ a.pill-pre-picker {
background-color: #fcfcfc;
font-weight: bold;
border: 1px #65737ec8 solid;
position: relative;
}
.nav-pills > .active > a.pill-pre-picker {
background-color: #65737e32;
@ -1747,21 +1748,6 @@ a.discrete {
border-left: 1px solid grey;
}
.notification-active {
float:left;
background-color:red;
color:white;
border-radius: 50%;
width:20px;
height:20px;
}
.notification-passive {
float:left;
width:20px;
height:20px;
}
.dashboard_element{
background-color: white;
border: 1px solid #0088cc;

2
app/webroot/js/attack_matrix.js
View File

@ -265,7 +265,7 @@
function makeTagging(tagIds) {
$('#GalaxyTargetIds').val(JSON.stringify(tagIds));
$('#GalaxyViewMitreAttackMatrixForm').submit();
$('#GalaxyViewGalaxyMatrixForm').submit();
}
function filterEvent(tagName, tagId) {

9
app/webroot/js/misp.js
View File

@ -1478,9 +1478,9 @@ function openPopover(clicked, data, hover, placement) {
}
}
function getMitreMatrixPopup(scope_id, scope) {
function getMatrixPopup(scope, scope_id, galaxy_id) {
cancelPopoverForm();
getPopup(scope + '/' + scope_id, 'events', 'viewMitreAttackMatrix', '', '#popover_form_large');
getPopup(scope_id + '/' + galaxy_id + '/' + scope, 'events', 'viewGalaxyMatrix', '', '#popover_form_large');
}
function getPopup(id, context, target, admin, popupType) {
@ -3881,7 +3881,10 @@ function insertJSONRestResponse() {
$('#json-response-container').html(parsedJson);
}
function syntaxHighlightJson(json) {
function syntaxHighlightJson(json, indent) {
if (indent === undefined) {
indent = 2;
}
if (typeof json == 'string') {
json = JSON.parse(json);
}

1879
docs/Changelog.md
View File

File diff suppressed because it is too large Load Diff

41
docs/INSTALL.rhel7.md
View File

@ -111,25 +111,25 @@ yum install rh-redis32
systemctl enable --now rh-redis32-redis.service
```
## 2.08/ Secure the MariaDB installation, run the following command and follow the prompts
## 2.08/ Secure the MariaDB installation
```bash
scl enable rh-mariadb102 'mysql_secure_installation'
```
## 2.10/ Update the PHP extension repository and install required package
## 2.09/ Update the PHP extension repository and install required package
```bash
scl enable rh-php72 rh-redis32 bash
pear channel-update pear.php.net
pear install Crypt_GPG
```
## 2.11/ Install haveged and enable to start on boot to provide entropy for GPG
## 2.10/ Install haveged and enable to start on boot to provide entropy for GPG
```bash
yum install haveged
systemctl enable --now haveged
```
## 2.12/ Install Python 3.6 from SCL
## 2.11/ Install Python 3.6 from SCL
```bash
yum install rh-python36
```
@ -193,11 +193,11 @@ systemctl restart rh-php72-php-fpm.service
```
## 3.06/ Enable dependencies detection in the diagnostics page
Add the following content to `/etc/opt/rh/rh-php71/php-fpm.d/www.conf` :
Add the following content to `/etc/opt/rh/rh-php72/php-fpm.d/www.conf` :
```
env[PATH] =/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php71/root/usr/bin:/usr/local/bin:/usr/bin:/bin
env[PATH] =/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin
```
Then run `systemctl restart rh-php71-php-fpm.service`.
Then run `systemctl restart rh-php72-php-fpm.service`.
This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
# 4/ CakePHP
@ -230,17 +230,31 @@ cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResqu
## 4.05/ Install Crypt_GPG and Console_CommandLine
```bash
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
sudo -H -u apache scl enable rh-php72 'pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml'
sudo -H -u apache scl enable rh-php72 'pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml'
```
# 5/ Set file permissions
## 5.01/ Make sure the permissions are set correctly using the following commands as root:
```bash
chown -R apache:apache /var/www/MISP
find /var/www/MISP -type d -exec chmod g=rx {} \;
chmod -R g+r,o= /var/www/MISP
```
**Note :** For updates through the web interface to work, apache must own the /var/www/MISP folder and its subfolders as shown above, which can lead to security issues. If you do not require updates through the web interface to work, you can use the following more restrictive permissions :
```bash
chown -R root:apache /var/www/MISP
find /var/www/MISP -type d -exec chmod g=rx {} \;
chmod -R g+r,o= /var/www/MISP
chown apache:apache /var/www/MISP/app/files
chown apache:apache /var/www/MISP/app/files/terms
chown apache:apache /var/www/MISP/app/files/scripts/tmp
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
chown -R apache:apache /var/www/MISP/app/tmp
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
```
# 6/ Create database and user
## 6.01/ Set database to listen on localhost only
@ -285,17 +299,17 @@ chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
```
## 7.02/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
## 7.03/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
```bash
setsebool -P httpd_can_network_connect on
```
## 7.03/ Enable and start the httpd service
## 7.04/ Enable and start the httpd service
```bash
systemctl enable --now httpd.service
```
## 7.04/ Open a hole in the firewalld service
## 7.05/ Open a hole in the firewalld service
```bash
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
@ -429,7 +443,6 @@ systemctl enable --now misp-workers.service
{!generic/recommended.actions.md!}
# 10/ Post Install
## 10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs
If the result from the diagnostic page is that the directory is not writable, try the following.
```

580
docs/INSTALL.ubuntu1804.md
View File

@ -1,21 +1,34 @@
# INSTALLATION INSTRUCTIONS
## for Ubuntu 18.04.1-server
### -1/ Installer and Manual install instructions
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
To install MISP on a fresh Ubuntu install all you need to do is:
```bash
# Please check the installer options first to make the best choice for your install
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s
# This will install MISP Core and misp-modules (recommended)
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c -M
```
### 0/ MISP Ubuntu 18.04-server install - status
-------------------------
!!! notice
Tested working by @SteveClement on 20190118 (works with **Ubuntu 18.10** too)
As of 20190118 on **Ubuntu 19.04** you need to use Python 3.6 as LIEF with 3.7 is not "eggED" yet.
You will need to **sudo apt install python3.6-dev** to make everything work according to this guide.
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20190212 (works with **Ubuntu 18.10** too)
{!generic/community.md!}
!!! notice
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.debian.sh) script.
Which explains why you will see the use of shell *functions* in various steps.
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
{!generic/globalVariables.md!}
!!! notice
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
```bash
PHP_ETC_BASE=/etc/php/7.2
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
```
{!generic/core.md!}
### 1/ Minimal Ubuntu install
-------------------------
@ -24,19 +37,27 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
- OpenSSH server
- This guide assumes a user name of 'misp' with sudo working
#### Make sure your system is up2date
```bash
# <snippet-begin 0_apt-upgrade.sh>
aptUpgrade () {
debug "Upgrading system"
checkAptLock
sudo apt-get update
sudo apt-get upgrade -y
}
# <snippet-end 0_apt-upgrade.sh>
```
{!generic/sudo_etckeeper.md!}
{!generic/ethX.md!}
#### Make sure your system is up2date
```bash
sudo apt-get update
sudo apt-get upgrade
```
#### install postfix, there will be some questions.
```bash
sudo apt-get install postfix -y
# <snippet-begin postfix.sh>
sudo apt-get install postfix dialog -y
# <snippet-end postfix.sh>
```
!!! notice
@ -47,187 +68,210 @@ sudo apt-get install postfix -y
sudo postfix reload
```
{!generic/globalVariables.md!}
### 2/ Install LAMP & dependencies
------------------------------
Once the system is installed you can perform the following steps.
```bash
# Make sure you have enabled the Universe repository
# (ie. for redis-server), enable it with:
# sudo add-apt-repository universe
# <snippet-begin 0_installCoreDeps.sh>
installCoreDeps () {
debug "Installing core dependencies"
# Install the dependencies: (some might already be installed)
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv libfuzzy-dev -y
# Install the dependencies: (some might already be installed)
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv -y
# Install MariaDB (a MySQL fork/alternative)
sudo apt-get install mariadb-client mariadb-server -y
# Install MariaDB (a MySQL fork/alternative)
sudo apt-get install mariadb-client mariadb-server -y
# Install Apache2
sudo apt-get install apache2 apache2-doc apache2-utils -y
sudo apt install expect -y
# install Mitre's STIX and its dependencies by running the following commands:
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
sudo apt-get install python3-pip -y
sudo apt install expect -y
}
# <snippet-end 0_installCoreDeps.sh>
expect -f - <<-EOF
set timeout 10
# <snippet-begin 0_installDepsPhp72.sh>
# Install Php 7.2 dependencies
installDepsPhp72 () {
debug "Installing PHP 7.2 dependencies"
PHP_ETC_BASE=/etc/php/7.2
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
php-dev \
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
php-redis php-gnupg
spawn sudo -k mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo apt-get purge -y expect ; sudo apt autoremove -y
# Install Apache2
sudo apt-get install apache2 apache2-doc apache2-utils -y
# Enable modules, settings, and default of SSL in Apache
sudo a2dismod status
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2dissite 000-default
sudo a2ensite default-ssl
# Install PHP and dependencies
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
# Apply all changes
sudo systemctl restart apache2
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
}
# <snippet-end 0_installDepsPhp72.sh>
```
### 3/ MISP code
------------
```bash
# Download MISP using git in the /var/www/ directory.
sudo mkdir ${PATH_TO_MISP}
sudo chown www-data:www-data ${PATH_TO_MISP}
cd ${PATH_TO_MISP}
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
sudo -u www-data git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www-data git submodule foreach --recursive git config core.filemode false
# <snippet-begin 1_mispCoreInstall.sh>
installCore () {
debug "Installing ${LBLUE}MISP${NC} core"
# Download MISP using git in the /var/www/ directory.
sudo mkdir ${PATH_TO_MISP}
sudo chown www-data:www-data ${PATH_TO_MISP}
cd ${PATH_TO_MISP}
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
sudo -u www-data git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www-data git submodule foreach --recursive git config core.filemode false
# Make git ignore filesystem permission differences
sudo -u www-data git config core.filemode false
# Make git ignore filesystem permission differences
sudo -u www-data git config core.filemode false
# Create a python3 virtualenv
sudo apt-get install python3-pip -y
pip3 install virtualenv
sudo -u www-data virtualenv -p python3.6 ${PATH_TO_MISP}/venv
# Create a python3 virtualenv
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
# make pip happy
sudo mkdir /var/www/.cache/
sudo chown www-data:www-data /var/www/.cache
# make pip happy
sudo mkdir /var/www/.cache/
sudo chown www-data:www-data /var/www/.cache
# install Mitre's STIX and its dependencies by running the following commands:
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
cd ${PATH_TO_MISP}/app/files/scripts
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
# install mixbox to accommodate the new STIX dependencies:
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/python-maec
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts
sudo -H -u www-data git clone https://github.com/CybOXProject/python-cybox.git
sudo -H -u www-data git clone https://github.com/STIXProject/python-stix.git
sudo -H -u www-data git clone https://github.com/MAECProject/python-maec.git
# install mixbox to accommodate the new STIX dependencies:
sudo -H -u www-data git clone https://github.com/CybOXProject/mixbox.git
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
cd $PATH_TO_MISP/app/files/scripts/python-maec
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd ${PATH_TO_MISP}/PyMISP
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd ${PATH_TO_MISP}/PyMISP
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# Install Crypt_GPG and Console_CommandLine
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
# install pydeep
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# install lief
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
# install python-magic
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
# Install Crypt_GPG and Console_CommandLine
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
}
# <snippet-end 1_mispCoreInstall.sh>
```
### 4/ CakePHP
-----------
```bash
# Once done, install CakeResque along with its dependencies
# if you intend to use the built in background jobs:
cd ${PATH_TO_MISP}/app
# Make composer cache happy
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
sudo -H -u www-data php composer.phar config vendor-dir Vendor
sudo -H -u www-data php composer.phar install
# <snippet-begin 1_installCake.sh>
installCake () {
debug "Installing CakePHP"
# Once done, install CakeResque along with its dependencies
# if you intend to use the built in background jobs:
cd ${PATH_TO_MISP}/app
# Make composer cache happy
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
sudo -H -u www-data php composer.phar config vendor-dir Vendor
sudo -H -u www-data php composer.phar install
# Enable CakeResque with php-redis
sudo phpenmod redis
sudo phpenmod gnupg
# Enable CakeResque with php-redis
sudo phpenmod redis
sudo phpenmod gnupg
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
}
# <snippet-end 1_installCake.sh>
```
### 5/ Set the permissions
----------------------
```bash
# Check if the permissions are set correctly using the following commands:
sudo chown -R www-data:www-data ${PATH_TO_MISP}
sudo chmod -R 750 ${PATH_TO_MISP}
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
# <snippet-begin 2_permissions.sh>
# Main function to fix permissions to something sane
permissions () {
debug "Setting permissions"
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
sudo chmod -R 750 ${PATH_TO_MISP}
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
}
# <snippet-end 2_permissions.sh>
```
### 6/ Create a database and user
-----------------------------
#### Manual procedure:
```bash
# Enter the mysql shell
sudo mysql -u root -p
```
#### Set-up DB, User and import empty MISP DB
```
MariaDB [(none)]> create database misp;
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
```
#### Same as Manual but for copy/paste foo:
```bash
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
# <snippet-begin 1_prepareDB.sh>
prepareDB () {
debug "Setting up database"
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw=$MISP_PASSWORD
#### Import the empty MISP database from MYSQL.sql
```bash
# Import the empty MISP database from MYSQL.sql
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
expect -f - <<-EOF
set timeout 10
spawn sudo -k mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo apt-get purge -y expect ; sudo apt autoremove -y
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
# Import the empty MISP database from MYSQL.sql
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
}
# <snippet-end 1_prepareDB.sh>
```
### 7/ Apache configuration
@ -235,9 +279,6 @@ sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$
Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
#### Apache version 2.4 config:
```bash
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
```
!!! notice
Be aware that the configuration files for apache 2.4 and up have changed.
@ -245,11 +286,35 @@ sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
```bash
# If a valid SSL certificate is not already created for the server,
# create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
# <snippet-begin 1_apacheConfig.sh>
apacheConfig () {
debug "Generating Apache config"
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
# If a valid SSL certificate is not already created for the server,
# create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
# Enable modules, settings, and default of SSL in Apache
sudo a2dismod status
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2dissite 000-default
sudo a2ensite default-ssl
# Apply all changes
sudo systemctl restart apache2
# activate new vhost
sudo a2dissite default-ssl
sudo a2ensite misp-ssl
# Restart apache
sudo systemctl restart apache2
}
# <snippet-end 1_apacheConfig.sh>
```
!!! notice
@ -295,90 +360,63 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
============================================= End sample working SSL config for MISP
```
```bash
# activate new vhost
sudo a2dissite default-ssl
sudo a2ensite misp-ssl
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
# Restart apache
sudo systemctl restart apache2
```
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
sudo chmod 0640 /etc/logrotate.d/misp
# <snippet-begin 2_logRotation.sh>
logRotation () {
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
sudo chmod 0640 /etc/logrotate.d/misp
}
# <snippet-end 2_logRotation.sh>
```
### 9/ MISP configuration
---------------------
```bash
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
# <snippet-begin 2_configMISP.sh>
configMISP () {
debug "Generating ${LBLUE}MISP${NC} config files"
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
# The salt key must be a string at least 32 bytes long.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
# The salt key must be a string at least 32 bytes long.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# and make sure the file permissions are still OK
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
# Generate a GPG encryption key.
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
# And export the public key to the webroot
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
# and make sure the file permissions are still OK
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
}
# <snippet-end 2_configMISP.sh>
```
{!generic/gnupg.md!}
!!! notice
If entropy is not high enough, you can install havegd and then start the service
```bash
@ -387,54 +425,38 @@ sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG
```
```bash
# <snippet-begin 2_backgroundWorkers.sh>
backgroundWorkers () {
debug "Setting up background workers"
# To make the background workers start on boot
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
# To make the background workers start on boot
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
# Start the workers
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
}
# <snippet-end 2_backgroundWorkers.sh>
```
```bash
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
{!generic/MISP_CAKE_init.md!}
```bash
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
# Start the workers
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
# some misp-modules dependencies
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
sudo apt install ruby-pygments.rb -y
sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
{!generic/misp-modules-debian.md!}
{!generic/INSTALL.done.md!}
@ -463,3 +485,11 @@ sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install pyzmq
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
Then the enrichment, export and import modules can be enabled in MISP via the settings.
# INSTALL.debian.sh
!!! notice
The following section is an administrative section that is used by the "[INSTALL.debian.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh)" script.
Please ignore.
{!generic/supportFunctions.md!}

254
docs/generic/MISP_CAKE_init.md
View File

@ -1,156 +1,140 @@
#### Initialize MISP configuration and set some defaults
```bash
# Default Cake path
export CAKE="$PATH_TO_MISP/app/Console/cake"
# Initialize user and fetch Auth Key
sudo -H -u www-data -E $CAKE userInit -q
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# <snippet-begin 2_core-cake.sh>
# Core cake commands
coreCAKE () {
debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}"
$SUDO_WWW -E $CAKE userInit -q
# Setup some more MISP default via cake CLI
# This makes sure all Database upgrades are done, without logging in.
$SUDO_WWW $CAKE Admin updateDatabase
# Change base url, either with this CLI command or in the UI
sudo -H -u www-data $CAKE Baseurl $MISP_BASEURL
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# Setup some more MISP default via cake CLI
# Tune global time outs
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
# The default install is Python in a virtualenv, setting accordingly
$SUDO_WWW $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
# Enable GnuPG
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.password" "Password1234"
# Tune global time outs
$SUDO_WWW $CAKE Admin setSetting "Session.autoRegenerate" 0
$SUDO_WWW $CAKE Admin setSetting "Session.timeout" 600
$SUDO_WWW $CAKE Admin setSetting "Session.cookieTimeout" 3600
# Enable Enrichment set better timeouts
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
# Change base url, either with this CLI command or in the UI
$SUDO_WWW $CAKE Baseurl $MISP_BASEURL
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# Enable Import modules set better timout
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_port" 6666
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
# Enable GnuPG
$SUDO_WWW $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
$SUDO_WWW $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
$SUDO_WWW $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE"
# Enable Export modules set better timout
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_port" 6666
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_timeout" 300
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
# Enable installer org and tune some configurables
$SUDO_WWW $CAKE Admin setSetting "MISP.host_org_id" 1
$SUDO_WWW $CAKE Admin setSetting "MISP.email" "info@admin.test"
$SUDO_WWW $CAKE Admin setSetting "MISP.disable_emailing" true
$SUDO_WWW $CAKE Admin setSetting "MISP.contact" "info@admin.test"
$SUDO_WWW $CAKE Admin setSetting "MISP.disablerestalert" true
$SUDO_WWW $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
# Enable installer org and tune some configurables
sudo -H -u www-data $CAKE Admin setSetting "MISP.host_org_id" 1
sudo -H -u www-data $CAKE Admin setSetting "MISP.email" "info@admin.test"
sudo -H -u www-data $CAKE Admin setSetting "MISP.disable_emailing" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.contact" "info@admin.test"
sudo -H -u www-data $CAKE Admin setSetting "MISP.disablerestalert" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
# Provisional Cortex tunes
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
# Mysteriously removed?
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
# Mysteriously removed?
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
# Provisional Cortex tunes
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
# Various plugin sightings settings
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_policy" 0
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_range" 365
# Various plugin sightings settings
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_policy" 0
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_range" 365
# Plugin CustomAuth tuneable
$SUDO_WWW $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
# Plugin CustomAuth tuneable
sudo -H -u www-data $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
# RPZ Plugin settings
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
# RPZ Plugin settings
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
# Force defaults to make MISP Server Settings less RED
$SUDO_WWW $CAKE Admin setSetting "MISP.language" "eng"
$SUDO_WWW $CAKE Admin setSetting "MISP.proposals_block_attributes" false
# Force defaults to make MISP Server Settings less RED
sudo -H -u www-data $CAKE Admin setSetting "MISP.language" "eng"
sudo -H -u www-data $CAKE Admin setSetting "MISP.proposals_block_attributes" false
# Redis block
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_port" 6379
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_database" 13
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_password" ""
## Redis block
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_port" 6379
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_database" 13
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_password" ""
# Force defaults to make MISP Server Settings less YELLOW
$SUDO_WWW $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
$SUDO_WWW $CAKE Admin setSetting "MISP.extended_alert_subject" false
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_threat_level" 4
$SUDO_WWW $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
$SUDO_WWW $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
$SUDO_WWW $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
$SUDO_WWW $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
$SUDO_WWW $CAKE Admin setSetting "MISP.log_client_ip" false
$SUDO_WWW $CAKE Admin setSetting "MISP.log_auth" false
$SUDO_WWW $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert" false
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert" false
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
$SUDO_WWW $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
# TODO: Make sure $FLAVOUR is correct
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
# Force defaults to make MISP Server Settings less YELLOW
sudo -H -u www-data $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
sudo -H -u www-data $CAKE Admin setSetting "MISP.extended_alert_subject" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_threat_level" 4
sudo -H -u www-data $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
sudo -H -u www-data $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_client_ip" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_auth" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
sudo -H -u www-data $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
# Force defaults to make MISP Server Settings less GREEN
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_length" 12
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
# Force defaults to make MISP Server Settings less GREEN
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_length" 12
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
# Set MISP Live
$SUDO_WWW $CAKE Live $MISP_LIVE
}
# Tune global time outs
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
updateGOWNT () {
debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates"
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# Update the galaxies…
##sudo -H -u www-data $CAKE Admin updateGalaxies
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
# Updating the taxonomies…
sudo -H -u www-data $CAKE Admin updateTaxonomies
# Updating the warning lists…
##sudo -H -u www-data $CAKE Admin updateWarningLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
# Updating the notice lists…
## sudo -H -u www-data $CAKE Admin updateNoticeLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
# Updating the object templates…
##sudo -H -u www-data $CAKE Admin updateObjectTemplates
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
# Set MISP Live
sudo -H -u www-data $CAKE Live $MISP_LIVE
# Update the galaxies…
# TODO: Fix updateGalaxies
##$SUDO_WWW $CAKE Admin updateGalaxies
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
# Updating the taxonomies…
$SUDO_WWW $CAKE Admin updateTaxonomies
# Updating the warning lists…
# TODO: Fix updateWarningLists
##$SUDO_WWW $CAKE Admin updateWarningLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
# Updating the notice lists…
## $SUDO_WWW $CAKE Admin updateNoticeLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
# Updating the object templates…
##$SUDO_WWW $CAKE Admin updateObjectTemplates
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
}
# <snippet-end 2_core-cake.sh>
```

4
docs/generic/core.md Normal file
View File

@ -0,0 +1,4 @@
!!! notice
Maintained and tested by the MISP core team.<br />
Enjoy installing MISP. For any issues see [here](https://github.com/MISP/MISP/issues)

25
docs/generic/ethX.md
View File

@ -3,13 +3,30 @@
This will bring back 'ethX' e.g: eth0
```bash
# <snippet-end interfaces.sh>
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
DEFAULT_GRUB=/etc/default/grub
for key in GRUB_CMDLINE_LINUX
do
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
done
echo "--- Using old style name (ethX) for interfaces"
#for key in GRUB_CMDLINE_LINUX
#do
# sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
#done
sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null
# install ifupdown since ubuntu 18.04
sudo apt-get update
sudo apt-get install -y ifupdown
# enable eth0
echo "--- Configuring eth0"
echo "# The primary network interface
auto eth0
iface eth0 inet dhcp" | sudo tee /etc/network/interfaces
sudo grub-mkconfig -o /boot/grub/grub.cfg
sudo update-grub > /dev/null 2>&1
# <snippet-end interfaces.sh>
```
!!! notice

98
docs/generic/globalVariables.md
View File

@ -1,46 +1,74 @@
#### MISP configuration variables
```bash
# <snippet-begin 0_global-vars.sh>
MISPvars () {
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours"
# Local non-root MISP user
MISP_USER='misp'
MISP_PASSWORD='Password1234'
# MISP configuration variables
PATH_TO_MISP='/var/www/MISP'
CAKE="$PATH_TO_MISP/app/Console/cake"
MISP_BASEURL='""'
MISP_LIVE='1'
# The web server user
WWW_USER="www-data"
# Database configuration
DBHOST='localhost'
DBNAME='misp'
DBUSER_ADMIN='root'
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
DBUSER_MISP='misp'
DBPASSWORD_MISP="$(openssl rand -hex 32)"
# MISP configuration variables
PATH_TO_MISP='/var/www/MISP'
# Webserver configuration
FQDN='localhost'
if [ -z "$FQDN" ]; then
FQDN="misp.local"
fi
# OpenSSL configuration
OPENSSL_CN='Common Name'
OPENSSL_C='LU'
OPENSSL_ST='State'
OPENSSL_L='Location'
OPENSSL_O='Organization'
OPENSSL_OU='Organizational Unit'
OPENSSL_EMAILADDRESS='info@localhost'
if [ -z "$MISP_BASEURL" ]; then
MISP_BASEURL='""'
fi
# GPG configuration
GPG_REAL_NAME='Autogenerated Key'
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
GPG_EMAIL_ADDRESS='admin@admin.test'
GPG_KEY_LENGTH='2048'
GPG_PASSPHRASE='Password1234'
MISP_LIVE='1'
# php.ini configuration
upload_max_filesize=50M
post_max_size=50M
max_execution_time=300
memory_limit=512M
# Database configuration
DBHOST='localhost'
DBNAME='misp'
DBUSER_ADMIN='root'
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
DBUSER_MISP='misp'
DBPASSWORD_MISP="$(openssl rand -hex 32)"
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
# OpenSSL configuration
OPENSSL_CN=$FQDN
OPENSSL_C='LU'
OPENSSL_ST='State'
OPENSSL_L='Location'
OPENSSL_O='Organization'
OPENSSL_OU='Organizational Unit'
OPENSSL_EMAILADDRESS="info@$FQDN"
# GPG configuration
GPG_REAL_NAME='Autogenerated Key'
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
GPG_EMAIL_ADDRESS='admin@admin.test'
GPG_KEY_LENGTH='2048'
GPG_PASSPHRASE='Password1234'
# debug alias to make sure people are not confused when blindly copy pasting blobs of code
alias debug="echo -e"
# checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code
alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'"
# php.ini configuration
upload_max_filesize=50M
post_max_size=50M
max_execution_time=300
memory_limit=512M
CAKE="$PATH_TO_MISP/app/Console/cake"
# sudo config to run $LUSER commands
SUDO_USER="sudo -H -u ${MISP_USER} "
SUDO_WWW="sudo -H -u ${WWW_USER} "
echo "The following DB Passwords were generated..."
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
}
# <snippet-end 0_global-vars.sh>
```

28
docs/generic/gnupg.md Normal file
View File

@ -0,0 +1,28 @@
```bash
# <snippet-begin 2_gnupg.sh>
# Generate GnuPG key
setupGnuPG () {
if [ ! -d $PATH_TO_MISP/.gnupg ]; then
# The email address should match the one set in the config.php
# set in the configuration menu in the administration menu configuration file
echo "%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done" > /tmp/gen-key-script
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
# Export the public key to the webroot
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
fi
}
# <snippet-end 2_gnupg.sh>
```

52
docs/generic/mail_to_misp-debian.md
View File

@ -1,29 +1,33 @@
#### Install mail to misp
--------------------
!!! warning
mail_to_misp has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
```bash
virtualenv -p python3.6 venv
```
```bash
cd /usr/local/src/
sudo apt-get install cmake -y
git clone https://github.com/MISP/mail_to_misp.git
git clone https://github.com/stricaud/faup.git
cd faup
sudo mkdir -p build
cd build
cmake .. && make
sudo make install
sudo ldconfig
cd ../../mail_to_misp
virtualenv -p python3.6 venv
./venv/bin/pip install -r requirements.txt
cp mail_to_misp_config.py-example mail_to_misp_config.py
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
# <snippet-begin 5_mail_to_misp.sh>
# Main mail2misp install function
mail2misp () {
debug "Installing Mail2${LBLUE}MISP${NC}"
cd /usr/local/src/
sudo apt-get install cmake libcaca-dev -y
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
cd faup
# TODO Check permissions
##$SUDO mkdir -p build
$SUDO_USER mkdir -p build
cd build
$SUDO_USER cmake .. && $SUDO_USER make
##$SUDO cmake .. && $SUDO make
sudo make install
sudo ldconfig
cd ../../mail_to_misp
$SUDO_USER virtualenv -p python3 venv
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
$SUDO_USER ./venv/bin/pip install -r requirements.txt
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
}
# <snippet-end 5_mail_to_misp.sh>
```

75
docs/generic/misp-dashboard-centos.md Normal file
View File

@ -0,0 +1,75 @@
#### MISP Dashboard on CentOS
--------------
```bash
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
sudo apt install libapache2-mod-wsgi-py3 -y
echo "<VirtualHost *:8001>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot /var/www/misp-dashboard
WSGIDaemonProcess misp-dashboard \
user=misp group=misp \
python-home=/var/www/misp-dashboard/DASHENV \
processes=1 \
threads=15 \
maximum-requests=5000 \
listen-backlog=100 \
queue-timeout=45 \
socket-timeout=60 \
connect-timeout=15 \
request-timeout=60 \
inactivity-timeout=0 \
deadlock-timeout=60 \
graceful-timeout=15 \
eviction-timeout=0 \
shutdown-timeout=5 \
send-buffer-size=0 \
receive-buffer-size=0 \
header-buffer-size=0 \
response-buffer-size=0 \
server-metrics=Off
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
<Directory /var/www/misp-dashboard>
WSGIProcessGroup misp-dashboard
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
LogLevel info
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
ServerSignature Off
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
sudo a2ensite misp-dashboard
sudo systemctl reload apache2
# Add misp-dashboard to rc.local to start on boot.
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
# Enable ZeroMQ for misp-dashboard
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq""
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false"
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false"
```

155
docs/generic/misp-dashboard-debian.md
View File

@ -1,75 +1,96 @@
#### MISP Dashboard
--------------
```bash
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
sudo apt install libapache2-mod-wsgi-py3 -y
# <snippet-begin 4_misp-dashboard.sh>
# Main MISP Dashboard install function
mispDashboard () {
debug "Install misp-dashboard"
# Install pyzmq to main MISP venv
debug "Installing PyZMQ"
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
echo "<VirtualHost *:8001>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot /var/www/misp-dashboard
WSGIDaemonProcess misp-dashboard \
user=misp group=misp \
python-home=/var/www/misp-dashboard/DASHENV \
processes=1 \
threads=15 \
maximum-requests=5000 \
listen-backlog=100 \
queue-timeout=45 \
socket-timeout=60 \
connect-timeout=15 \
request-timeout=60 \
inactivity-timeout=0 \
deadlock-timeout=60 \
graceful-timeout=15 \
eviction-timeout=0 \
shutdown-timeout=5 \
send-buffer-size=0 \
receive-buffer-size=0 \
header-buffer-size=0 \
response-buffer-size=0 \
server-metrics=Off
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
<Directory /var/www/misp-dashboard>
WSGIProcessGroup misp-dashboard
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
LogLevel info
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
ServerSignature Off
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
sudo apt install libapache2-mod-wsgi-py3 -y
echo "<VirtualHost *:8001>
ServerAdmin admin@misp.local
ServerName misp.local
sudo a2ensite misp-dashboard
sudo systemctl reload apache2
DocumentRoot /var/www/misp-dashboard
# Add misp-dashboard to rc.local to start on boot.
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
WSGIDaemonProcess misp-dashboard \
user=misp group=misp \
python-home=/var/www/misp-dashboard/DASHENV \
processes=1 \
threads=15 \
maximum-requests=5000 \
listen-backlog=100 \
queue-timeout=45 \
socket-timeout=60 \
connect-timeout=15 \
request-timeout=60 \
inactivity-timeout=0 \
deadlock-timeout=60 \
graceful-timeout=15 \
eviction-timeout=0 \
shutdown-timeout=5 \
send-buffer-size=0 \
receive-buffer-size=0 \
header-buffer-size=0 \
response-buffer-size=0 \
server-metrics=Off
# Enable ZeroMQ for misp-dashboard
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
<Directory /var/www/misp-dashboard>
WSGIProcessGroup misp-dashboard
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
LogLevel info
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
ServerSignature Off
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
# Enable misp-dashboard in apache and reload
sudo a2ensite misp-dashboard
sudo systemctl restart apache2
# Needs to be started after apache2 is reloaded so the port status check works
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
# Add misp-dashboard to rc.local to start on boot.
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
}
# <snippet-end 4_misp-dashboard.sh>
# <snippet-begin 4_misp-dashboard-cake.sh>
dashboardCAKE () {
# Enable ZeroMQ for misp-dashboard
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
}
# <snippet-end 4_misp-dashboard-cake.sh>
```

60
docs/generic/misp-modules-debian.md Normal file
View File

@ -0,0 +1,60 @@
#### Install misp-modules (optional)
```bash
# <snippet-begin 3_misp-modules.sh>
# Main MISP Modules install function
mispmodules () {
# FIXME: this is broken, ${PATH_TO_MISP} is litteral
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
cd /usr/local/src/
## TODO: checkUsrLocalSrc in main doc
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# some misp-modules dependencies
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
# If you build an egg, the user you build it as need write permissions in the CWD
sudo chgrp $WWW_USER .
sudo chmod g+w .
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
sudo chgrp staff .
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
sudo apt install ruby-pygments.rb -y
sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib
# Start misp-modules
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
# Sleep 9 seconds to give misp-modules a chance to spawn
sleep 9
# Enable Enrichment, set better timeouts
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
# TODO:"Investigate why the next one fails"
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
# Enable Import modules, set better timeout
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
# Enable Export modules, set better timeout
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
}
# <snippet-end 3_misp-modules.sh>
```

8
docs/generic/misp-modules.md
View File

@ -1,8 +0,0 @@
#### Make some misp-modules available
```bash
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
```

33
docs/generic/ssdeep-debian.md
View File

@ -1,19 +1,24 @@
#### Experimental ssdeep correlations
##### installing ssdeep
```
cd /usr/local/src
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
tar zxvf ssdeep-2.14.1.tar.gz
cd ssdeep-2.14.1
./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
make
sudo make install
```bash
# <snippet-begin 6_ssdeep.sh>
ssdeep () {
debug "Install ssdeep 2.14.1"
cd /usr/local/src
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
cd ssdeep-2.14.1
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
$SUDO_USER make
sudo make install
#installing ssdeep_php
sudo pecl install ssdeep
#installing ssdeep_php
sudo pecl install ssdeep
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
sudo phpenmod ssdeep
sudo service apache2 restart
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
sudo phpenmod ssdeep
sudo service apache2 restart
}
# <snippet-end 6_ssdeep.sh>
```

23
docs/generic/sudo_etckeeper.md
View File

@ -1,16 +1,31 @@
#### install etckeeper and sudo (optional)
```bash
su -
apt install -y etckeeper
apt install -y sudo
adduser misp sudo
# <snippet-begin 0_sudoKeeper.sh>
# check if sudo is installed
checkSudoKeeper () {
echo "Checking for sudo and installing etckeeper"
if [[ ! -f $(which sudo) ]]; then
su -c "apt install etckeeper -y"
su -c "apt install sudo -y"
# TODO: Fix this, user misp might not exist
su -c "adduser misp sudo"
else
sudo apt install etckeeper -y
fi
}
# <snippet-end 0_sudoKeeper.sh>
```
##### add the misp user to staff and www-data (mandatory)
```bash
# <snippet-begin add-user.sh>
# Add the user to the staff group to be able to write to /usr/local/src
# TODO: Fix this, user misp might not exist
sudo adduser misp staff
sudo adduser misp www-data
# <snippet-end add-user.sh>
# Logout and back in to make the group changes take effect.
logout
```

638
docs/generic/supportFunctions.md Normal file
View File

@ -0,0 +1,638 @@
```bash
# <snippet-begin 0_support-functions.sh>
# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default
DEBUG=
case "$-" in
*x*) NO_PROGRESS=1; DEBUG=1 ;;
*) NO_PROGRESS=0 ;;
esac
## Function Section ##
## Usage of this script
usage () {
if [ "$0" == "bash" ]; then
WEB_INSTALL=1
SCRIPT_NAME="Web Installer Command"
else
SCRIPT_NAME=$0
fi
exec &> /dev/tty
space
echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install."
space
echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core
echo -e " -M | ${LBLUE}MISP${NC} modules" # modules
echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard
echo -e " -V | Viper" # viper
echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2
echo -e " -S | Experimental ssdeep correlations" # ssdeep
echo -e " -A | Install ${YELLOW}all${NC} of the above" # all
space
echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre
space
echo -e " -u | Do an unattanded Install, no questions asked" # UNATTENDED
echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE
space
echo -e "${HIDDEN}Some parameters want to be hidden: ${NC}"
echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE
echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard"
space
echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or"
echo -e "MISP + modules - ${SCRIPT_NAME} -c -M"
space
}
# Check if element is contained in array
containsElement () {
local e match="$1"
shift
for e; do [[ "$e" == "$match" ]] && return 0; done
return 1
}
checkOpt () {
# checkOpt feature
containsElement $1 "${options[@]}"
}
setOpt () {
options=()
for o in $@; do
case "$o" in
("-c") echo "core"; CORE=1 ;;
("-V") echo "viper"; VIPER=1 ;;
("-M") echo "modules"; MODULES=1 ;;
("-D") echo "dashboard"; DASHBOARD=1 ;;
("-m") echo "mail2"; MAIL2=1 ;;
("-S") echo "ssdeep"; SSDEEP=1 ;;
("-A") echo "all"; ALL=1 ;;
("-C") echo "pre"; PRE=1 ;;
("-U") echo "upgrade"; UPGRADE=1 ;;
("-u") echo "unattended"; UNATTENDED=1 ;;
("-f") echo "force"; FORCE=1 ;;
(*) echo "$o is not a valid argument"; exit 1 ;;
esac
done
}
# Extract debian flavour
checkFlavour () {
if [ -z $(which lsb_release) ]; then
checkAptLock
sudo apt install lsb-release dialog -y
fi
FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
if [ FLAVOUR == "ubuntu" ]; then
RELEASE=$(lsb_release -s -r)
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
else
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}"
fi
}
# Extract manufacturer
checkManufacturer () {
if [ ! -f $(which dmidecode) ]; then
checkAptLock
sudo apt install dmidecode -y
fi
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
echo $MANUFACTURER
}
# Dynamic horizontal spacer
space () {
if [[ "$NO_PROGRESS" == "1" ]]; then
return
fi
# Check terminal width
num=`tput cols`
for i in `seq 1 $num`; do
echo -n "-"
done
echo ""
}
# Spinner so the user knows something is happening
spin()
{
if [[ "$NO_PROGRESS" == "1" ]]; then
return
fi
spinner="/|\\-/|\\-"
while :
do
for i in `seq 0 7`
do
echo -n "${spinner:$i:1}"
echo -en "\010"
sleep 0.$i
done
done
}
# Progress bar
progress () {
if [[ "$NO_PROGRESS" == "1" ]]; then
return
fi
bar="#"
if [[ $progress -ge 100 ]]; then
echo -ne "##################################################################################################### (100%)\r"
return
fi
progress=$[$progress+$1]
for p in $(seq 1 $progress); do
bar+="#"
echo -ne "$bar ($p%)\r"
done
echo -ne '\n'
}
# Check locale
checkLocale () {
debug "Checking Locale"
# If locale is missing, generate and install a common UTF-8
if [ ! -f /etc/default/locale ]; then
checkAptLock
sudo apt install locales -y
sudo locale-gen en_US.UTF-8
sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
fi
}
# Simple function to check command exit code
checkFail () {
if [[ $2 -ne 0 ]]; then
echo "iAmError: $1"
echo "The last command exited with error code: $2"
exit $2
fi
}
# Check if misp user is present and if run as root
checkID () {
debug "Checking if run as root and $MISP_USER is present"
if [[ $EUID == 0 ]]; then
echo "This script cannot be run as a root"
exit 1
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
if [[ "$UNATTENDED" != "1" ]]; then
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
read ANSWER
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
else
ANSWER="y"
fi
if [[ $ANSWER == "y" ]]; then
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
elif [[ $ANSWER == "n" ]]; then
echo "Using $USER as install user, hope that is what you want."
echo -e "${RED}Adding $USER to groups www-data and staff${NC}"
MISP_USER=$USER
sudo adduser $MISP_USER staff
sudo adduser $MISP_USER www-data
else
echo "yes or no was asked, try again."
sudo adduser $MISP_USER staff
sudo adduser $MISP_USER www-data
exit 1
fi
else
echo "User ${MISP_USER} exists, skipping creation"
echo -e "${RED}Adding $MISP_USER to groups www-data and staff${NC}"
sudo adduser $MISP_USER staff
sudo adduser $MISP_USER www-data
fi
}
# pre-install check to make sure what we will be installing on, is ready and not a half installed system
preInstall () {
echo -e "${RED}Place-holder, not implemented yet.${NC}"
exit
}
# Upgrade function
upgrade () {
echo -e "${RED}Place-holder, not implemented yet.${NC}"
exit
}
# check is /usr/local/src is RW by misp user
checkUsrLocalSrc () {
echo ""
if [[ -e /usr/local/src ]]; then
WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?)
if [[ "$WRITEABLE" == "0" ]]; then
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
else
# TODO: The below might be shorter, more elegant and more modern
#[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it"
if [ "$KALI" == "1" -o "$UNATTENDED" == "1" ]; then
ANSWER="y"
else
space
echo "/usr/local/src need to be writeable by $MISP_USER for misp-modules, viper etc."
echo -n "Permission to fix? (y/n) "
read ANSWER
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
space
fi
if [ "$ANSWER" == "y" ]; then
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
fi
fi
else
echo "/usr/local/src does not exist, creating."
mkdir /usr/local/src
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
fi
}
kaliSpaceSaver () {
# Future function in case Kali overlay on LiveCD is full
echo "${RED}Not implement${NC}"
}
# Because Kali is l33t we make sure we run as root
kaliOnRootR0ckz () {
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
echo $MISP_USER:$MISP_PASSWORD | chpasswd
else
# TODO: Make sure we consider this further down the road
echo "User ${MISP_USER} exists, skipping creation"
fi
}
setBaseURL () {
debug "Setting Base URL"
if [[ $(checkManufacturer) != "innotek GmbH" ]]; then
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
if [[ "$UNATTENDED" != "1" ]]; then
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
echo "Do you want to change it now? (y/n) "
read ANSWER
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
if [[ $ANSWER == "y" ]]; then
echo "Please enter the Base URL, e.g: 'https://example.org'"
echo -n "Enter Base URL: "
read MISP_BASEURL
else
MISP_BASEURL='""'
fi
else
MISP_BASEURL="https://misp.local"
# Webserver configuration
FQDN='misp.local'
fi
elif [[ $KALI == "1" ]]; then
MISP_BASEURL="https://misp.local"
# Webserver configuration
FQDN='misp.local'
else
MISP_BASEURL='https://localhost:8443'
# Webserver configuration
FQDN='localhost.localdomain'
fi
}
# Test and install software RNG
installRNG () {
sudo modprobe tpm-rng 2> /dev/null
if [ "$?" -eq "0" ]; then
echo tpm-rng | sudo tee -a /etc/modules
fi
checkAptLock
sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
sudo service rng-tools start
if [ "$?" -eq "1" ]; then
sudo apt purge -qy rng-tools
sudo apt install -qy haveged
sudo /etc/init.d/haveged start
fi
}
# Kali upgrade
kaliUpgrade () {
debug "Running various Kali upgrade tasks"
sudo apt update
checkAptLock
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
}
# Disables sleep
disableSleep () {
debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null
gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null
gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null
setterm -blank 0 -powersave off -powerdown 0
xset s 0 0 2> /dev/null
xset dpms 0 0 2> /dev/null
xset dpms force off
xset s off 2> /dev/null
service sleepd stop
kill $(lsof | grep 'sleepd' | awk '{print $2}')
checkAptLock
}
# Remove alias if present
if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
# Simple function to make sure APT is not locked
checkAptLock () {
SLEEP=3
while [ "$DONE" != "0" ]; do
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
sleep $SLEEP
SLEEP=$[$SLEEP+3]
done
unset DONE
}
# <snippet-begin 0_installDepsPhp73.sh>
# Install Php 7.3 deps
installDepsPhp73 () {
debug "Installing PHP 7.3 dependencies"
PHP_ETC_BASE=/etc/php/7.3
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
sudo apt update
checkAptLock
sudo apt install -qy \
libapache2-mod-php7.3 \
php7.3 php7.3-cli \
php7.3-dev \
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
php-pear \
php-redis php-gnupg
}
# <snippet-end 0_installDepsPhp73.sh>
# Installing core dependencies
installDeps () {
debug "Installing core dependencies"
checkAptLock
sudo apt update
sudo apt install -qy etckeeper
# Skip dist-upgrade for now, pulls in 500+ updated packages
#sudo apt -y dist-upgrade
gitMail=$(git config --global --get user.email ; echo $?)
if [ "$?" -eq "1" ]; then
git config --global user.email "root@kali.lan"
fi
gitUser=$(git config --global --get user.name ; echo $?)
if [ "$?" -eq "1" ]; then
git config --global user.name "Root User"
fi
[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix
sudo apt install -qy \
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
mariadb-client \
mariadb-server \
apache2 apache2-doc apache2-utils \
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
installRNG
}
# On Kali, the redis start-up script is broken. This tries to fix it.
fixRedis () {
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
echo '#! /bin/sh
### BEGIN INIT INFO
# Provides: redis-server
# Required-Start: $syslog
# Required-Stop: $syslog
# Should-Start: $local_fs
# Should-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: redis-server - Persistent key-value db
# Description: redis-server - Persistent key-value db
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/redis-server
DAEMON_ARGS=/etc/redis/redis.conf
NAME=redis-server
DESC=redis-server
PIDFILE=/var/run/redis.pid
test -x $DAEMON || exit 0
test -x $DAEMONBOOTSTRAP || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
touch $PIDFILE
chown redis:redis $PIDFILE
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
then
echo "$NAME."
else
echo "failed"
fi
;;
stop)
echo -n "Stopping $DESC: "
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
then
echo "$NAME."
else
echo "failed"
fi
rm -f $PIDFILE
;;
restart|force-reload)
${0} stop
${0} start
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0' | sudo tee /etc/init.d/redis-server
sudo chmod 755 /etc/init.d/redis-server
sudo /etc/init.d/redis-server start
}
# generate MISP apache conf
genApacheConf () {
echo "<VirtualHost _default_:80>
ServerAdmin admin@localhost.lu
ServerName misp.local
Redirect permanent / https://misp.local
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin@localhost.lu
ServerName misp.local
DocumentRoot $PATH_TO_MISP/app/webroot
<Directory $PATH_TO_MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
}
# Add git pull update mechanism to rc.local - TODO: Make this better
gitPullAllRCLOCAL () {
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
sed -i -e '$i \done\n' /etc/rc.local
}
# Composer on php 7.2 does not need any special treatment the provided phar works well
composer72 () {
cd $PATH_TO_MISP/app
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
$SUDO_WWW php composer.phar config vendor-dir Vendor
$SUDO_WWW php composer.phar install
}
# Composer on php 7.3 needs a recent version of composer.phar
composer73 () {
cd $PATH_TO_MISP/app
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
# Update composer.phar
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
# Current Sum for: v1.8.3
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
checkFail "composer.phar checksum failed, please investigate manually. " $?
sudo -H -u www-data php composer-setup.php
sudo -H -u www-data php -r "unlink('composer-setup.php');"
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
$SUDO_WWW php composer.phar config vendor-dir Vendor
$SUDO_WWW php composer.phar install
}
# Enable various core services
enableServices () {
update-rc.d mysql enable
update-rc.d apache2 enable
update-rc.d redis-server enable
}
# Generate rc.local
genRCLOCAL () {
if [ ! -e /etc/rc.local ]; then
echo '#!/bin/sh -e' | tee -a /etc/rc.local
echo 'exit 0' | tee -a /etc/rc.local
chmod u+x /etc/rc.local
fi
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
}
# Final function to let the user know what happened
theEnd () {
space
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
clear
space
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
echo
echo "User: admin@admin.test"
echo "Password: admin"
space
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001"
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888"
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}"
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin"
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234"
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space
echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)"
echo "/home/${MISP_USER}/mysql.txt"
echo -e "${RED}Contents:${NC}"
cat /home/${MISP_USER}/mysql.txt
echo "/home/${MISP_USER}/MISP-authkey.txt"
echo -e "${RED}Contents:${NC}"
cat /home/${MISP_USER}/MISP-authkey.txt
space
echo -e "The ${RED}LOCAL${NC} system credentials:"
echo "User: ${MISP_USER}"
echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user"
space
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
echo
echo "sudo postconf -e 'relayhost = example.com'"
echo "sudo postfix reload"
space
echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues"
space
if [ $UNATTENDED == "1" ]; then
echo -e "${RED}Unattended install!${NC}"
echo -e "This means we guessed the Base URL, it might be wrong, please double check."
space
fi
if [[ "$USER" != "$MISP_USER" ]]; then
sudo su - ${MISP_USER}
fi
}
## End Function Section Nothing allowed in .md after this line ##
# <snippet-end 0_support-functions.sh>
```

90
docs/generic/viper-debian.md
View File

@ -1,31 +1,69 @@
#### Install viper framework (with a virtualenv)
-----------------------
!!! warning
Viper has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
```bash
virtualenv -p python3.6 venv
```
```bash
cd /usr/local/src/
sudo apt-get install libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable -y
git clone https://github.com/viper-framework/viper.git
cd viper
virtualenv -p python3.6 venv
git submodule update --init --recursive
./venv/bin/pip install scrapy
./venv/bin/pip install -r requirements.txt
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
/usr/local/src/viper/viper-cli -h
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
sed -i "s/^misp_key\ =/misp_key\ =\ ${AUTH_KEY}/g" ~/.viper/viper.conf
# Reset admin password to: admin/Password1234
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
# Add viper-web to rc.local to be started on boot
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
# <snippet-begin 6_viper.sh>
# Main Viper install function
viper () {
debug "Installing Viper dependencies"
cd /usr/local/src/
sudo apt-get install \
libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \
python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y
echo "Cloning Viper"
$SUDO_USER git clone https://github.com/viper-framework/viper.git
sudo chown -R $MISP_USER:$MISP_USER viper
cd viper
echo "Creating virtualenv"
$SUDO_USER virtualenv -p python3 venv
echo "Submodule update"
# TODO: Check for current user install permissions
$SUDO_USER git submodule update --init --recursive
##$SUDO git submodule update --init --recursive
echo "Pip install deps"
$SUDO_USER ./venv/bin/pip install SQLAlchemy PrettyTable python-magic
echo "pip install scrapy"
$SUDO_USER ./venv/bin/pip install scrapy
echo "install lief"
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
echo "pip install reqs"
$SUDO_USER ./venv/bin/pip install -r requirements.txt
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
echo "pip uninstall yara"
$SUDO_USER ./venv/bin/pip uninstall yara -y
echo "Launching viper-cli"
# TODO: Perms
#$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
/usr/local/src/viper/viper-cli -h > /dev/null
echo "Launching viper-web"
# TODO: Perms
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
#$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
# TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t
if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then
VIPER_HOME="/home/${MISP_USER}/.viper"
else
VIPER_HOME="${HOME}/.viper"
fi
echo "Setting misp_url/misp_key"
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
# Reset admin password to: admin/Password1234
echo "Fixing admin.db with default password"
while [ "$(sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
# FIXME This might lead to a race condition, the while loop is sub-par
sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
sleep 6
done
# Add viper-web to rc.local to be started on boot
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
}
# <snippet-end 6_viper.sh>
```

5
docs/xINSTALL.centos7.md
View File

@ -332,7 +332,7 @@ echo $OPENSSL_CN
sudo systemctl start httpd.service
sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/certs/misp.local.key
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/private/misp.local.key
sudo rm /tmp/misp.local.key
sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
@ -352,6 +352,7 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
sudo chcon -t httpd_sys_script_exec_t /var/www/MISP/app/Console/cake
sudo chcon -R -t usr_t /var/www/MISP/venv
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
@ -535,6 +536,8 @@ sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
```
{!generic/misp-dashboard-centos.md!}
{!generic/MISP_CAKE_init_centos.md!}
{!generic/INSTALL.done.md!}

2
docs/xINSTALL.debian_testing.md
View File

@ -424,7 +424,7 @@ sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kba
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
```
{!generic/misp-modules.md!}
{!generic/misp-modules-debian.md!}
```bash
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"

4
tools/gen_misp_install_docs.sh
View File

@ -12,8 +12,8 @@ else
fi
if [ -z "$VIRTUAL_ENV" ]; then
virtualenv -p python3 mkdocs || echo "You probably having Python running somewhere."
${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material markdown-include python-markdown-comments git+https://github.com/vaab/gitchangelog.git
virtualenv -p python3 mkdocs || echo "You probably have the main Python(3) binary running exclusively somewhere, make sure it is killed."
${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material markdown-include python-markdown-comments gitchangelog
fi
# Fixing ASCII aborration introduced in: https://github.com/MISP/MISP/commit/1b028ee15a3bd2f209102cd6204e6c4bb519be97