mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into eventFiltering
commit
7e64a9d1c4
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,695 @@
|
|||
#!/usr/bin/env bash
|
||||
############################################################
|
||||
###### #
|
||||
##### Please AutoGenerated... ##
|
||||
#### Do NOT was ###
|
||||
### Manually It ####
|
||||
## Change this Script... #####
|
||||
# ######
|
||||
############################################################
|
||||
############################################################
|
||||
#INSTALLATION INSTRUCTIONS #
|
||||
##########################################################
|
||||
#------------------------- for Debian Flavored Linux Distributions
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# 20190208: Kali Linux tested and working.
|
||||
#
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 1/ For Kali, download and run Installer Script |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# To install MISP on Kali copy paste the following to your r00t shell:
|
||||
# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
#
|
||||
#
|
||||
#---------------------------------------------------------------------------------------------|
|
||||
# 2/ For other Debian based Linux distributions, download script and run as unprivileged user |
|
||||
#---------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C
|
||||
#
|
||||
#
|
||||
#----------------------------------------------------------|
|
||||
# 3/ The following script has been partially autogenerated |
|
||||
#----------------------------------------------------------|
|
||||
#
|
||||
# To generate this script yourself, the following steps need to be taken.
|
||||
# $ git clone https://github.com/SteveClement/xsnippet.git
|
||||
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
|
||||
# $ git clone https://github.com/MISP/MISP.git
|
||||
# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh
|
||||
#
|
||||
##
|
||||
###
|
||||
####----------------\
|
||||
## Developer Note |
|
||||
####--------------------------------------------------------------------------------------------------|
|
||||
## In theory the order does not matter as everything is a self-contained function. |
|
||||
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
|
||||
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
|
||||
#-----------------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# ToC #
|
||||
#
|
||||
#### BEGIN AUTOMATED SECTION ####
|
||||
#
|
||||
## 0_global-vars.sh ##
|
||||
## 0_support-functions.sh ##
|
||||
## 0_apt-upgrade.sh ##
|
||||
## 0_sudoKeeper.sh ##
|
||||
## 0_installCoreDeps.sh ##
|
||||
## 0_installDepsPhp73.sh ##
|
||||
## 0_installDepsPhp72.sh ##
|
||||
## 1_prepareDB.sh ##
|
||||
## 1_apacheConfig.sh ##
|
||||
## 1_mispCoreInstall.sh ##
|
||||
## 1_installCake.sh ##
|
||||
## 2_permissions.sh ##
|
||||
## 2_configMISP.sh ##
|
||||
## 2_core-cake.sh ##
|
||||
## 2_gnupg.sh ##
|
||||
## 2_logRotation.sh ##
|
||||
## 2_backgroundWorkers.sh ##
|
||||
## 3_misp-modules.sh ##
|
||||
## 4_misp-dashboard.sh ##
|
||||
## 4_misp-dashboard-cake.sh ##
|
||||
## 5_mail_to_misp.sh ##
|
||||
## 6_ssdeep.sh ##
|
||||
## 6_viper.sh ##
|
||||
|
||||
# No functions scripts:
|
||||
## apt-upgrade.sh ##
|
||||
## postfix.sh ##
|
||||
## interfaces.sh ##
|
||||
#
|
||||
### END AUTOMATED SECTION ###
|
||||
|
||||
# This function will generate the main installer.
|
||||
# It is a helper function for the maintainers for the installer.
|
||||
|
||||
colors () {
|
||||
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
LBLUE='\033[1;34m'
|
||||
YELLOW='\033[0;33m'
|
||||
HIDDEN='\e[8m'
|
||||
NC='\033[0m'
|
||||
}
|
||||
|
||||
generateInstaller () {
|
||||
if [ ! -f $(which xsnippet) ]; then
|
||||
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
||||
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then
|
||||
echo -e "${RED}iAmError!${NC}"
|
||||
echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break."
|
||||
echo -e "You called: ${RED}$0${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir installer ; cd installer
|
||||
cp ../INSTALL.debian.tpl.sh .
|
||||
|
||||
# Pull code snippets out of Main Install Documents
|
||||
for f in `echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do
|
||||
xsnippet . ../../docs/${f}
|
||||
done
|
||||
|
||||
# Pull out code snippets from generic Install Documents
|
||||
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
|
||||
xsnippet . ../../docs/generic/${f}
|
||||
done
|
||||
|
||||
# TODO: Fix the below.
|
||||
# $ for f in `echo ls [0-9]_*`; do
|
||||
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh
|
||||
# $ done
|
||||
#
|
||||
# Temporary copy/paste holder
|
||||
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
|
||||
cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh
|
||||
cd ..
|
||||
rm -rf installer
|
||||
echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# Simple debug function with message
|
||||
|
||||
# Make sure no alias exists
|
||||
if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi
|
||||
debug () {
|
||||
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
||||
if [ ! -z $DEBUG ]; then
|
||||
NO_PROGRESS=1
|
||||
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
||||
exec 3>&1
|
||||
read
|
||||
else
|
||||
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
|
||||
#exec 3>&1 &>/dev/null
|
||||
:
|
||||
fi
|
||||
}
|
||||
|
||||
installMISPubuntuSupported () {
|
||||
space
|
||||
echo "Proceeding with the installation of MISP core"
|
||||
space
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
debug "Checking Locale"
|
||||
checkLocale
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
||||
progress 4
|
||||
|
||||
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
# TODO: Work on possibility to install as user X and install MISP for user Y
|
||||
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
||||
# <snippet-begin add-user.sh>
|
||||
# TODO: Double check how to properly handle postfix
|
||||
# <snippet-begin postfix.sh>
|
||||
|
||||
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
|
||||
progress 4
|
||||
|
||||
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
|
||||
checkID
|
||||
progress 4
|
||||
|
||||
# Starting friendly UI spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
|
||||
progress 4
|
||||
|
||||
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
|
||||
progress 4
|
||||
|
||||
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Mysql install functions, make it upgrade safe, double check
|
||||
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Disable spinner
|
||||
#(kill $SPIN_PID 2>&1) >/dev/null
|
||||
|
||||
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
|
||||
progress 4
|
||||
|
||||
## Resume spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
|
||||
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
|
||||
progress 4
|
||||
|
||||
# Install Viper - functionLocation('generic/viper-debian.md')
|
||||
[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
|
||||
progress 4
|
||||
|
||||
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
|
||||
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
|
||||
progress 4
|
||||
|
||||
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
||||
[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
||||
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
|
||||
progress 100
|
||||
|
||||
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
|
||||
theEnd
|
||||
}
|
||||
|
||||
# Main Kalin Install function
|
||||
installMISPonKali () {
|
||||
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
||||
kaliUpgrade 2> /dev/null > /dev/null
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
setBaseURL
|
||||
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
installDepsPhp73 2> /dev/null > /dev/null
|
||||
|
||||
# Set custom Kali only variables and tweaks
|
||||
space
|
||||
# The following disables sleep on kali/gnome
|
||||
### FIXME: Disabling for now, maybe source of some issues.
|
||||
##disableSleep 2> /dev/null > /dev/null
|
||||
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
||||
##sleep 3
|
||||
|
||||
debug "Installing dependencies"
|
||||
installDeps 2> /dev/null > /dev/null
|
||||
|
||||
installCoreDeps 2> /dev/null > /dev/null
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status 2> /dev/null > /dev/null
|
||||
a2dismod php7.2 2> /dev/null > /dev/null
|
||||
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
||||
a2dissite 000-default 2> /dev/null > /dev/null
|
||||
a2ensite default-ssl 2> /dev/null > /dev/null
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service 2> /dev/null > /dev/null
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
apt install redis-server
|
||||
fixRedis 2> /dev/null > /dev/null
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
||||
|
||||
|
||||
mkdir /var/www/.cache/
|
||||
|
||||
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
||||
mkdir $MISP_USER_HOME/.cache
|
||||
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
chown www-data:www-data /var/www/.cache
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
|
||||
debug "Setting up main MISP virtualenv"
|
||||
# Needs virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
debug "Installing MISP dashboard"
|
||||
mispDashboard
|
||||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Install maec"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export
|
||||
debug "Installing cti-python-stix2"
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
enableServices
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG 2> /dev/null > /dev/null
|
||||
|
||||
debug "Starting workers"
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
$SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE 2> /dev/null > /dev/null
|
||||
dashboardCAKE 2> /dev/null > /dev/null
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT 2> /dev/null > /dev/null
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
|
||||
checkUsrLocalSrc
|
||||
|
||||
debug "Installing misp-modules"
|
||||
mispmodules
|
||||
|
||||
debug "Installing Viper"
|
||||
viper
|
||||
|
||||
debug "Installing ssdeep"
|
||||
ssdeep
|
||||
phpenmod -v 7.3 ssdeep
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
||||
debug "Running Then End!"
|
||||
theEnd
|
||||
}
|
||||
# End installMISPonKali ()
|
||||
|
||||
## End Function Section ##
|
||||
|
||||
colors
|
||||
debug "Checking if we are run as the installer template"
|
||||
if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then
|
||||
generateInstaller
|
||||
fi
|
||||
|
||||
space
|
||||
debug "Setting MISP variables"
|
||||
MISPvars
|
||||
debug "Checking Linux distribution and flavour..."
|
||||
checkFlavour
|
||||
|
||||
debug "Checking for parameters or Unattended Kali Install"
|
||||
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
else
|
||||
debug "Setting install options with given parameters."
|
||||
# The setOpt/checkOpt function lives in generic/supportFunctions.md
|
||||
setOpt $@
|
||||
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
|
||||
checkOpt viper && echo "${GREEN}Viper${NC} selected"
|
||||
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
|
||||
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
|
||||
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
|
||||
checkOpt all && echo "${GREEN}All options${NC} selected"
|
||||
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
|
||||
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
|
||||
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
|
||||
checkOpt force && echo "${GREEN}force${NC} install selected"
|
||||
|
||||
# Check if at least core is selected if no other options that do not require core are set
|
||||
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
|
||||
space
|
||||
usage
|
||||
echo "You need to at least select core, or -A to install everything."
|
||||
echo "$0 -c # Is the minima for install options"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add upgrade option to do upgrade pre flight
|
||||
[[ -n $PRE ]] && preInstall
|
||||
|
||||
[[ -n $UPGRADE ]] && upgrade
|
||||
|
||||
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z])
|
||||
if [ "${RELEASE}" == "18.04" ]; then
|
||||
echo "Install on Ubuntu 18.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installMISPubuntuSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "18.10" ]; then
|
||||
echo "Install on Ubuntu 18.10 partially supported, bye."
|
||||
installMISPubuntuSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.04" ]; then
|
||||
echo "Install on Ubuntu 19.04 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.10" ]; then
|
||||
echo "Install on Ubuntu 19.10 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
||||
|
||||
# If Debian is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "debian" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "buster" ]; then
|
||||
echo "Install on Debian testing fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp73
|
||||
fi
|
||||
if [ "${CODE}" == "sid" ]; then
|
||||
echo "Install on Debian unstable not fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp73
|
||||
fi
|
||||
if [ "${CODE}" == "stretch" ]; then
|
||||
echo "Install on Debian stable fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp72
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "bamboo" ]; then
|
||||
echo "Install on Tsurugi Lab partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
if [ "${CODE}" == "soy sauce" ]; then
|
||||
echo "Install on Tsurugi Acquire partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Kali Linux is detected, run the acccording scripts
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
KALI=1
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
|
@ -103,6 +103,21 @@ class AppController extends Controller
|
|||
|
||||
public function beforeFilter()
|
||||
{
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
// Add CORS headers
|
||||
$this->response->cors($this->request,
|
||||
explode(',', Configure::read('Security.cors_origins')),
|
||||
['*'],
|
||||
['Origin', 'Content-Type', 'Authorization', 'Accept']);
|
||||
|
||||
if ($this->request->is('options')) {
|
||||
// Stop here!
|
||||
// CORS only needs the headers
|
||||
$this->response->send();
|
||||
$this->_stop();
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($this->params['named']['sql'])) {
|
||||
$this->sql_dump = 1;
|
||||
}
|
||||
|
|
|
@ -148,7 +148,7 @@ class ACLComponent extends Component
|
|||
'viewEventAttributes' => array('*'),
|
||||
'viewEventGraph' => array('*'),
|
||||
'viewGraph' => array('*'),
|
||||
'viewMitreAttackMatrix' => array('*'),
|
||||
'viewGalaxyMatrix' => array('*'),
|
||||
'xml' => array('*')
|
||||
),
|
||||
'favouriteTags' => array(
|
||||
|
|
|
@ -423,14 +423,23 @@ class RestResponseComponent extends Component
|
|||
$type = 'json';
|
||||
}
|
||||
$cakeResponse = new CakeResponse(array('body'=> $response, 'status' => $code, 'type' => $type));
|
||||
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
$headers["Access-Control-Allow-Headers"] = "Origin, Content-Type, Authorization, Accept";
|
||||
$headers["Access-Control-Allow-Methods"] = "*";
|
||||
$headers["Access-Control-Allow-Origin"] = explode(',', Configure::read('Security.cors_origins'));
|
||||
}
|
||||
|
||||
if (!empty($headers)) {
|
||||
foreach ($headers as $key => $value) {
|
||||
$cakeResponse->header($key, $value);
|
||||
}
|
||||
}
|
||||
|
||||
if ($download) {
|
||||
$cakeResponse->download($download);
|
||||
}
|
||||
|
||||
return $cakeResponse;
|
||||
}
|
||||
|
||||
|
|
|
@ -4799,15 +4799,16 @@ class EventsController extends AppController
|
|||
return new CakeResponse(array('body' => json_encode($json), 'status' => 200, 'type' => 'json'));
|
||||
}
|
||||
|
||||
public function viewMitreAttackMatrix($scope_id, $scope='event', $disable_picking=false)
|
||||
public function viewGalaxyMatrix($scope_id, $galaxy_id, $scope='event', $disable_picking=false)
|
||||
{
|
||||
$this->loadModel('Galaxy');
|
||||
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
|
||||
$matrixData = $this->Galaxy->getMatrix($galaxy_id);
|
||||
|
||||
$attackTacticData = $this->Galaxy->getMitreAttackMatrix();
|
||||
$attackTactic = $attackTacticData['attackTactic'];
|
||||
$attackTags = $attackTacticData['attackTags'];
|
||||
$killChainOrders = $attackTacticData['killChain'];
|
||||
$instanceUUID = $attackTacticData['instance-uuid'];
|
||||
$tabs = $matrixData['tabs'];
|
||||
$matrixTags = $matrixData['matrixTags'];
|
||||
$killChainOrders = $matrixData['killChain'];
|
||||
$instanceUUID = $matrixData['instance-uuid'];
|
||||
|
||||
if ($scope == 'event') {
|
||||
$eventId = $scope_id;
|
||||
|
@ -4828,17 +4829,20 @@ class EventsController extends AppController
|
|||
throw new Exception("Invalid options.");
|
||||
}
|
||||
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $attackTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores($eventId, $attackTags);
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $matrixTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores($eventId, $matrixTags);
|
||||
$maxScore = 0;
|
||||
$scoresData = array();
|
||||
foreach (array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
|
||||
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
|
||||
$sum = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
|
||||
$scoresData[$key] = $sum;
|
||||
$maxScore = max($maxScore, $sum);
|
||||
}
|
||||
$maxScore = max($scoresDataAttr['maxScore'], $scoresDataEvent['maxScore']);
|
||||
|
||||
$scores = $scoresData;
|
||||
|
||||
if ($this->_isRest()) {
|
||||
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
$json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
$this->response->type('json');
|
||||
return new CakeResponse(array('body' => json_encode($json), 'status' => 200, 'type' => 'json'));
|
||||
} else {
|
||||
|
@ -4852,14 +4856,22 @@ class EventsController extends AppController
|
|||
|
||||
$this->set('eventId', $eventId);
|
||||
$this->set('target_type', $scope);
|
||||
$this->set('killChainOrders', $killChainOrders);
|
||||
$this->set('attackTactic', $attackTactic);
|
||||
$this->set('columnOrders', $killChainOrders);
|
||||
$this->set('tabs', $tabs);
|
||||
$this->set('scores', $scores);
|
||||
$this->set('maxScore', $maxScore);
|
||||
$this->set('colours', $colours);
|
||||
if (!empty($colours)) {
|
||||
$this->set('colours', $colours['mapping']);
|
||||
$this->set('interpolation', $colours['interpolation']);
|
||||
}
|
||||
$this->set('pickingMode', !$disable_picking);
|
||||
$this->set('target_id', $scope_id);
|
||||
$this->render('/Elements/view_mitre_attack_matrix');
|
||||
if ($matrixData['galaxy']['id'] == $mitreAttackGalaxyId) {
|
||||
$this->set('defaultTabName', 'mitre-attack');
|
||||
$this->set('removeTrailling', 2);
|
||||
}
|
||||
|
||||
$this->render('/Elements/view_galaxy_matrix');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -79,33 +79,13 @@ class GalaxiesController extends AppController
|
|||
|
||||
public function selectGalaxy($target_id, $target_type='event', $namespace='misp')
|
||||
{
|
||||
$expectedDescription = 'ATT&CK Tactic';
|
||||
$mitreAttackGalaxyId = $this->Galaxy->getMitreAttackGalaxyId();
|
||||
$conditions = $namespace == '0' ? array() : array('namespace' => $namespace);
|
||||
if ($namespace == 'mitre-attack' || $namespace == '0') {
|
||||
$conditions[] = array('description !=' => $expectedDescription);
|
||||
$conditions2 = array('namespace' => 'mitre-attack');
|
||||
$conditions2[] = array('description' => $expectedDescription);
|
||||
|
||||
$tacticGalaxies = $this->Galaxy->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => $conditions2,
|
||||
));
|
||||
}
|
||||
$galaxies = $this->Galaxy->find('all', array(
|
||||
'recursive' => -1,
|
||||
'conditions' => $conditions,
|
||||
'order' => array('name asc')
|
||||
));
|
||||
if (!empty($tacticGalaxies)) {
|
||||
array_unshift($galaxies, array('Galaxy' => array(
|
||||
'id' => '-1',
|
||||
'uuid' => '-1',
|
||||
'name' => $expectedDescription,
|
||||
'type' => '-1',
|
||||
'icon' => '/img/mitre-attack-icon.ico',
|
||||
'namespace' => 'mitre-attack'
|
||||
)));
|
||||
}
|
||||
|
||||
$items = array();
|
||||
$items[] = array(
|
||||
|
@ -113,7 +93,7 @@ class GalaxiesController extends AppController
|
|||
'value' => "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'
|
||||
);
|
||||
foreach ($galaxies as $galaxy) {
|
||||
if ($galaxy['Galaxy']['id'] != -1) {
|
||||
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
|
||||
$items[] = array(
|
||||
'name' => h($galaxy['Galaxy']['name']),
|
||||
'value' => "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'],
|
||||
|
@ -123,13 +103,17 @@ class GalaxiesController extends AppController
|
|||
'infoExtra' => $galaxy['Galaxy']['description'],
|
||||
)
|
||||
);
|
||||
} else { // attackMatrix
|
||||
$items[] = array(
|
||||
} else { // should use matrix instead
|
||||
$param = array(
|
||||
'name' => $galaxy['Galaxy']['name'],
|
||||
'functionName' => "getMitreMatrixPopup('" . $target_type . "', '" . $target_id . "')",
|
||||
'functionName' => "getMatrixPopup('" . $target_type . "', '" . $target_id . "', " . $galaxy['Galaxy']['id'] . ")",
|
||||
'isPill' => true,
|
||||
'img' => "/img/mitre-attack-icon.ico",
|
||||
'isMatrix' => true
|
||||
);
|
||||
if ($galaxy['Galaxy']['id'] == $mitreAttackGalaxyId) {
|
||||
$param['img'] = "/img/mitre-attack-icon.ico";
|
||||
}
|
||||
$items[] = $param;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -143,6 +143,8 @@ class GalaxyClustersController extends AppController
|
|||
$cluster['GalaxyCluster']['tag_count'] = count($tag['EventTag']);
|
||||
$cluster['GalaxyCluster']['tag_id'] = $tag['Tag']['id'];
|
||||
}
|
||||
} else {
|
||||
throw new NotFoundException('Cluster not found.');
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
$cluster['GalaxyCluster']['Galaxy'] = $cluster['Galaxy'];
|
||||
|
|
|
@ -1859,14 +1859,17 @@ class UsersController extends AppController
|
|||
{
|
||||
$this->loadModel('Event');
|
||||
$this->loadModel('Galaxy');
|
||||
$attackTacticData = $this->Galaxy->getMitreAttackMatrix();
|
||||
$attackTactic = $attackTacticData['attackTactic'];
|
||||
$attackTags = $attackTacticData['attackTags'];
|
||||
$killChainOrders = $attackTacticData['killChain'];
|
||||
$instanceUUID = $attackTacticData['instance-uuid'];
|
||||
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores(0, $attackTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores(0, $attackTags);
|
||||
$galaxy_id = $this->Galaxy->getMitreAttackGalaxyId();
|
||||
$matrixData = $this->Galaxy->getMatrix($galaxy_id);
|
||||
|
||||
$tabs = $matrixData['tabs'];
|
||||
$matrixTags = $matrixData['matrixTags'];
|
||||
$killChainOrders = $matrixData['killChain'];
|
||||
$instanceUUID = $matrixData['instance-uuid'];
|
||||
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores(0, $matrixTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores(0, $matrixTags);
|
||||
$scoresData = array();
|
||||
foreach (array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
|
||||
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
|
||||
|
@ -1875,7 +1878,7 @@ class UsersController extends AppController
|
|||
$scores = $scoresData;
|
||||
|
||||
if ($this->_isRest()) {
|
||||
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
$json = array('matrix' => $tabs, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
return $this->RestResponse->viewData($json, $this->response->type());
|
||||
} else {
|
||||
App::uses('ColourGradientTool', 'Tools');
|
||||
|
@ -1883,12 +1886,17 @@ class UsersController extends AppController
|
|||
$colours = $gradientTool->createGradientFromValues($scores);
|
||||
|
||||
$this->set('target_type', 'attribute');
|
||||
$this->set('killChainOrders', $killChainOrders);
|
||||
$this->set('attackTactic', $attackTactic);
|
||||
$this->set('columnOrders', $killChainOrders);
|
||||
$this->set('tabs', $tabs);
|
||||
$this->set('scores', $scores);
|
||||
$this->set('maxScore', $maxScore);
|
||||
$this->set('colours', $colours);
|
||||
if (!empty($colours)) {
|
||||
$this->set('colours', $colours['mapping']);
|
||||
$this->set('interpolation', $colours['interpolation']);
|
||||
}
|
||||
$this->set('pickingMode', false);
|
||||
$this->set('defaultTabName', "mitre-attack");
|
||||
$this->set('removeTrailling', 2);
|
||||
|
||||
$this->render('statistics_attackmatrix');
|
||||
}
|
||||
|
|
|
@ -1,45 +1,113 @@
|
|||
<?php
|
||||
class ColourGradientTool
|
||||
{
|
||||
public function createGradient($step)
|
||||
{
|
||||
$stepHex = dechex($step);
|
||||
$minHex = 0x0000FF;
|
||||
$maxHex = 0xFF0000;
|
||||
$intervalHex = ($maxHex-$minHex) / $stepHex;
|
||||
$colours = array();
|
||||
for ($i=$minHex; $i<$maxHex; $i+=$intervalHex) {
|
||||
$colours[] = $i;
|
||||
}
|
||||
return $colours;
|
||||
}
|
||||
|
||||
// source: https://graphicdesign.stackexchange.com/a/83867
|
||||
// $values of the form array(item1: val1, item2: val2, ...)
|
||||
public function createGradientFromValues($items)
|
||||
{
|
||||
$starColor = '#0000FF';
|
||||
$endColor = '#FF0000';
|
||||
|
||||
if (count($items) == 0) {
|
||||
return array();
|
||||
}
|
||||
|
||||
$maxColorHex = 0x0000FF;
|
||||
$minColorHex = 0xE0E0FF;
|
||||
|
||||
$vals = array_values($items);
|
||||
$maxDec = max($vals);
|
||||
$minDec = min($vals);
|
||||
|
||||
if ($maxDec == $minDec) {
|
||||
$intervalHex = 0x0;
|
||||
} else {
|
||||
$intervalHex = ($maxColorHex - $minColorHex)/($maxDec-$minDec);
|
||||
}
|
||||
|
||||
$interpolation = $this->interpolateColors($starColor, $endColor, $maxDec+1, true);
|
||||
$coloursMapping = array();
|
||||
foreach ($items as $name => $val) {
|
||||
$ratio = ($val-$minDec)*($intervalHex);
|
||||
$colour = $maxDec == $minDec ? $maxColorHex : $ratio + $minColorHex;
|
||||
$coloursMapping[$name] = '#' . str_pad(dechex($colour), 6, '0', STR_PAD_LEFT);
|
||||
$color = $interpolation[$val];
|
||||
$coloursMapping[$name] = '#' . str_pad(dechex($color[0]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($color[1]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($color[2]), 2, '0', STR_PAD_LEFT);
|
||||
}
|
||||
return array('mapping' => $coloursMapping, 'interpolation' => $interpolation);
|
||||
}
|
||||
|
||||
private function hue2rgb($p, $q, $t) {
|
||||
if ($t < 0) $t += 1;
|
||||
if ($t > 1) $t -= 1;
|
||||
if ($t < 1/6) return $p + ($q - $p) * 6 * $t;
|
||||
if ($t < 1/2) return $q;
|
||||
if ($t < 2/3) return $p + ($q - $p) * (2/3 - $t) * 6;
|
||||
return $p;
|
||||
}
|
||||
|
||||
private function hsl2rgb($color) {
|
||||
$l = $color[2];
|
||||
if ($color[1] == 0) {
|
||||
$l = round($l*255);
|
||||
return array($l, $l, $l);
|
||||
} else {
|
||||
$s = $color[1];
|
||||
$q = ($l < 0.5 ? $l * (1 + $s) : $l + $s - $l * $s);
|
||||
$p = 2 * $l - $q;
|
||||
$r = $this->hue2rgb($p, $q, $color[0] + 1/3);
|
||||
$g = $this->hue2rgb($p, $q, $color[0]);
|
||||
$b = $this->hue2rgb($p, $q, $color[0] - 1/3);
|
||||
return array(round($r*255), round($g*255), round($b*255));
|
||||
}
|
||||
return $coloursMapping;
|
||||
}
|
||||
|
||||
private function rgb2hsl($color) {
|
||||
$r = $color[0]/255;
|
||||
$g = $color[1]/255;
|
||||
$b = $color[2]/255;
|
||||
$arrRGB = array($r, $g, $b);
|
||||
|
||||
$max = max($arrRGB);
|
||||
$min = min($arrRGB);
|
||||
$h = ($max - $min) / 2;
|
||||
$s = $h;
|
||||
$l = $h;
|
||||
|
||||
if ($max == $min) {
|
||||
$s = 0; // achromatic
|
||||
$h = 0;
|
||||
} else {
|
||||
$d = $max - $min;
|
||||
$s = ($l > 0.5 ? $d / (2 - $max - $min) : $d / ($max + $min) );
|
||||
if ($max == $r) {
|
||||
$h = ($g - $b) / $d + ($g < $b ? 6 : 0);
|
||||
} elseif ($max == $g) {
|
||||
$h = ($b - $r) / $d + 2;
|
||||
} elseif ($max == $b) {
|
||||
$h = ($r - $g) / $d + 4;
|
||||
}
|
||||
$h = $h / 6;
|
||||
return array($h, $s, $l);
|
||||
}
|
||||
}
|
||||
|
||||
private function interpolateColor($color1, $color2, $factor, $useHSL=false) {
|
||||
if ($useHSL) {
|
||||
$hsl1 = $this->rgb2hsl($color1);
|
||||
$hsl2 = $this->rgb2hsl($color2);
|
||||
for ($i=0; $i<3; $i++) {
|
||||
$hsl1[$i] += $factor*($hsl2[$i] - $hsl1[$i]);
|
||||
}
|
||||
$result = $this->hsl2rgb($hsl1);
|
||||
} else {
|
||||
$result = $color1;
|
||||
for ($i = 0; $i < 3; $i++) {
|
||||
$result[$i] = round($result[$i] + $factor * ($color2[$i] - $color1[$i]));
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function interpolateColors($hexColor1, $hexColor2, $steps, $useHSL=false) {
|
||||
$stepFactor = 1 / ($steps - 1);
|
||||
$interpolatedColorArray = array();
|
||||
$color1 = sscanf($hexColor1, "#%02x%02x%02x");
|
||||
$color2 = sscanf($hexColor2, "#%02x%02x%02x");
|
||||
|
||||
for($i = 0; $i < $steps; $i++) {
|
||||
$interpolatedColorArray[$i] = $this->interpolateColor($color1, $color2, $stepFactor * $i, $useHSL);
|
||||
}
|
||||
|
||||
return $interpolatedColorArray;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@ class AppModel extends Model
|
|||
7 => false, 8 => false, 9 => false, 10 => false, 11 => false, 12 => false,
|
||||
13 => false, 14 => false, 15 => false, 18 => false, 19 => false, 20 => false,
|
||||
21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
|
||||
27 => false, 28 => false
|
||||
27 => false, 28 => false, 29 => false
|
||||
);
|
||||
|
||||
public function afterSave($created, $options = array())
|
||||
|
@ -1089,6 +1089,9 @@ class AppModel extends Model
|
|||
case 28:
|
||||
$sqlArray[] = "ALTER TABLE `servers` ADD `caching_enabled` tinyint(1) NOT NULL DEFAULT 0;";
|
||||
break;
|
||||
case 29:
|
||||
$sqlArray[] = "ALTER TABLE `galaxies` ADD `kill_chain_order` text NOT NULL;";
|
||||
break;
|
||||
case 'fixNonEmptySharingGroupID':
|
||||
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||
|
|
|
@ -20,6 +20,14 @@ class Galaxy extends AppModel
|
|||
public function beforeValidate($options = array())
|
||||
{
|
||||
parent::beforeValidate();
|
||||
if (isset($this->data['Galaxy']['kill_chain_order'])) {
|
||||
$json = json_encode($this->data['Galaxy']['kill_chain_order']);
|
||||
if ($json !== null) {
|
||||
$this->data['Galaxy']['kill_chain_order'] = $json;
|
||||
} else {
|
||||
unset($this->data['Galaxy']['kill_chain_order']);
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -28,6 +36,18 @@ class Galaxy extends AppModel
|
|||
$this->GalaxyCluster->deleteAll(array('GalaxyCluster.galaxy_id' => $this->id));
|
||||
}
|
||||
|
||||
public function afterFind($results, $primary = false)
|
||||
{
|
||||
foreach ($results as $k => $v) {
|
||||
if (isset($v['Galaxy']['kill_chain_order']) && $v['Galaxy']['kill_chain_order'] !== '') {
|
||||
$results[$k]['Galaxy']['kill_chain_order'] = json_decode($v['Galaxy']['kill_chain_order'], true);
|
||||
} else {
|
||||
unset($results[$k]['Galaxy']['kill_chain_order']);
|
||||
}
|
||||
}
|
||||
return $results;
|
||||
}
|
||||
|
||||
private function __load_galaxies($force = false)
|
||||
{
|
||||
$dir = new Folder(APP . 'files' . DS . 'misp-galaxy' . DS . 'galaxies');
|
||||
|
@ -39,7 +59,7 @@ class Galaxy extends AppModel
|
|||
$file->close();
|
||||
}
|
||||
$galaxyTypes = array();
|
||||
foreach ($galaxies as $galaxy) {
|
||||
foreach ($galaxies as $i => $galaxy) {
|
||||
$galaxyTypes[$galaxy['type']] = $galaxy['type'];
|
||||
}
|
||||
$temp = $this->find('all', array(
|
||||
|
@ -353,81 +373,24 @@ class Galaxy extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
public function getMitreAttackGalaxyId($type="mitre-enterprise-attack-attack-pattern")
|
||||
public function getMitreAttackGalaxyId($type="mitre-attack-pattern", $namespace="mitre-attack")
|
||||
{
|
||||
$galaxy = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'fields' => 'id',
|
||||
'conditions' => array('Galaxy.type' => $type),
|
||||
'conditions' => array('Galaxy.type' => $type, 'Galaxy.namespace' => $namespace),
|
||||
));
|
||||
return empty($galaxy) ? 0 : $galaxy['Galaxy']['id'];
|
||||
}
|
||||
|
||||
public function getMitreAttackMatrix()
|
||||
public function getMatrix($galaxy_id)
|
||||
{
|
||||
$killChainOrderEnterprise = array(
|
||||
'initial-access',
|
||||
'execution',
|
||||
'persistence',
|
||||
'privilege-escalation',
|
||||
'defense-evasion',
|
||||
'credential-access',
|
||||
'discovery',
|
||||
'lateral-movement',
|
||||
'collection',
|
||||
'exfiltration',
|
||||
'command-and-control'
|
||||
);
|
||||
$killChainOrderMobile = array(
|
||||
'persistence',
|
||||
'privilege-escalation',
|
||||
'defense-evasion',
|
||||
'credential-access',
|
||||
'discovery',
|
||||
'lateral-movement',
|
||||
'effects', 'collection',
|
||||
'exfiltration',
|
||||
'command-and-control',
|
||||
'general-network-based',
|
||||
'cellular-network-based',
|
||||
'could-based'
|
||||
);
|
||||
$killChainOrderPre = array(
|
||||
'priority-definition-planning',
|
||||
'priority-definition-direction',
|
||||
'target-selection',
|
||||
'technical-information-gathering',
|
||||
'people-information-gathering',
|
||||
'organizational-information-gathering',
|
||||
'technical-weakness-identification',
|
||||
'people-weakness-identification',
|
||||
'organizational-weakness-identification',
|
||||
'adversary-opsec',
|
||||
'establish-&-maintain-infrastructure',
|
||||
'persona-development',
|
||||
'build-capabilities',
|
||||
'test-capabilities',
|
||||
'stage-capabilities',
|
||||
'app-delivery-via-authorized-app-store',
|
||||
'app-delivery-via-other-means',
|
||||
'exploit-via-cellular-network',
|
||||
'exploit-via-internet',
|
||||
);
|
||||
|
||||
$killChainOrders = array(
|
||||
'mitre-enterprise-attack-attack-pattern' => $killChainOrderEnterprise,
|
||||
'mitre-mobile-attack-attack-pattern' => $killChainOrderMobile,
|
||||
'mitre-pre-attack-attack-pattern' => $killChainOrderPre,
|
||||
);
|
||||
|
||||
$expectedDescription = 'ATT&CK Tactic';
|
||||
$expectedNamespace = 'mitre-attack';
|
||||
$conditions = array('Galaxy.description' => $expectedDescription, 'Galaxy.namespace' => $expectedNamespace);
|
||||
$conditions = array('Galaxy.id' => $galaxy_id);
|
||||
$contains = array(
|
||||
'GalaxyCluster' => array('GalaxyElement'),
|
||||
);
|
||||
|
||||
$galaxies = $this->find('all', array(
|
||||
$galaxy = $this->find('first', array(
|
||||
'recursive' => -1,
|
||||
'contain' => $contains,
|
||||
'conditions' => $conditions,
|
||||
|
@ -435,45 +398,60 @@ class Galaxy extends AppModel
|
|||
|
||||
$mispUUID = Configure::read('MISP')['uuid'];
|
||||
|
||||
$attackTactic = array(
|
||||
'killChain' => $killChainOrders,
|
||||
'attackTactic' => array(),
|
||||
'attackTags' => array(),
|
||||
'instance-uuid' => $mispUUID
|
||||
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
|
||||
throw new Exception(__("Galaxy cannot be represented as a matrix"));
|
||||
|
||||
}
|
||||
$matrixData = array(
|
||||
'killChain' => $galaxy['Galaxy']['kill_chain_order'],
|
||||
'tabs' => array(),
|
||||
'matrixTags' => array(),
|
||||
'instance-uuid' => $mispUUID,
|
||||
'galaxy' => $galaxy['Galaxy']
|
||||
);
|
||||
|
||||
foreach ($galaxies as $galaxy) {
|
||||
$galaxyType = $galaxy['Galaxy']['type'];
|
||||
$clusters = $galaxy['GalaxyCluster'];
|
||||
$attackClusters = array();
|
||||
// add cluster if kill_chain is present
|
||||
foreach ($clusters as $cluster) {
|
||||
if (empty($cluster['GalaxyElement'])) {
|
||||
continue;
|
||||
$clusters = $galaxy['GalaxyCluster'];
|
||||
$cols = array();
|
||||
|
||||
foreach ($clusters as $cluster) {
|
||||
if (empty($cluster['GalaxyElement'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$toBeAdded = false;
|
||||
$clusterType = $cluster['type'];
|
||||
$galaxyElements = $cluster['GalaxyElement'];
|
||||
foreach ($galaxyElements as $element) {
|
||||
// add cluster if kill_chain is present
|
||||
if ($element['key'] == 'kill_chain') {
|
||||
$kc = explode(":", $element['value']);
|
||||
$galaxyType = $kc[0];
|
||||
$kc = $kc[1];
|
||||
$cols[$galaxyType][$kc][] = $cluster;
|
||||
$toBeAdded = true;
|
||||
}
|
||||
$toBeAdded = false;
|
||||
$clusterType = $cluster['type'];
|
||||
$galaxyElements = $cluster['GalaxyElement'];
|
||||
foreach ($galaxyElements as $element) {
|
||||
if ($element['key'] == 'kill_chain') {
|
||||
$kc = explode(":", $element['value'])[2];
|
||||
$attackClusters[$kc][] = $cluster;
|
||||
$toBeAdded = true;
|
||||
}
|
||||
if ($element['key'] == 'external_id') {
|
||||
$cluster['external_id'] = $element['value'];
|
||||
}
|
||||
if ($element['key'] == 'external_id') {
|
||||
$cluster['external_id'] = $element['value'];
|
||||
}
|
||||
if ($toBeAdded) {
|
||||
array_push($attackTactic['attackTags'], $cluster['tag_name']);
|
||||
array_push($matrixData['matrixTags'], $cluster['tag_name']);
|
||||
}
|
||||
}
|
||||
$attackTactic['attackTactic'][$galaxyType] = array(
|
||||
'clusters' => $attackClusters,
|
||||
'galaxy' => $galaxy['Galaxy'],
|
||||
);
|
||||
}
|
||||
$matrixData['tabs'] = $cols;
|
||||
|
||||
foreach ($matrixData['tabs'] as $k => $v) {
|
||||
foreach ($matrixData['tabs'][$k] as $kc => $v2) {
|
||||
// sort clusters in the kill chains
|
||||
usort(
|
||||
$matrixData['tabs'][$k][$kc],
|
||||
function($a, $b) {
|
||||
return strcmp($a['value'], $b['value']);
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return $attackTactic;
|
||||
return $matrixData;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1105,6 +1105,24 @@ class Server extends AppModel
|
|||
'test' => 'testBoolFalse',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'allow_cors' => array(
|
||||
'level' => 1,
|
||||
'description' => __('Allow cross-origin requests to this instance, matching origins given in Security.cors_origins. Set to false to totally disable'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'cors_origins' => array(
|
||||
'level' => 1,
|
||||
'description' => __('Set the origins from which MISP will allow cross-origin requests. Useful for external integration. Comma seperate if you need more than one.'),
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
'null' => true
|
||||
)
|
||||
),
|
||||
'SecureAuth' => array(
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
/*
|
||||
* This template creates a root element in the menu and serves as the composition engine for its contents
|
||||
* Passed elements can either be a dropdown element (if it has children) or a simple button (if not)
|
||||
* the format is as described:
|
||||
* array(
|
||||
* 'url' => 'url, if the root itself should be clickable',
|
||||
* 'text' => 'The text displayed on the button (sanitised here)',
|
||||
* 'html' => 'directly pass HTML (such as an image) as the display for the button (has to be sanitised elsewhere).
|
||||
* The HTML option always prepends the text and both are displayed if set.',
|
||||
* 'requirement' => 'the conditions under which this element should be displayed',
|
||||
* 'children' => 'A list containing one array for each element. Element can be either a single element or an expandable group
|
||||
The format of the arrays is described in global_menu_single and global_menu_group.'
|
||||
* )
|
||||
*/
|
||||
if (!isset($data['requirement']) || $data['requirement']) {
|
||||
if (empty($data['url'])) {
|
||||
$data['url'] = '#';
|
||||
} else if (strpos($data['url'], '://') !== null) {
|
||||
$data['url'] = h($data['url']);
|
||||
} else {
|
||||
$data['url'] = $baseurl . h($data['url']);
|
||||
}
|
||||
$children = '';
|
||||
if (!empty($data['children'])) {
|
||||
$child_data = '';
|
||||
foreach ($data['children'] as $child) {
|
||||
$child_data .= $this->element('/genericElements/GlobalMenu/global_menu_' . (empty($child['type']) ? 'single' : $child['type']), array('data' => $child));
|
||||
}
|
||||
$children = sprintf(
|
||||
'<ul class="dropdown-menu">%s</ul>',
|
||||
$child_data
|
||||
);
|
||||
}
|
||||
echo (sprintf(
|
||||
'<li %s><a href="%s" %s>%s%s</a>%s</li>',
|
||||
(empty($data['children']) ? '' : 'class="dropdown"'),
|
||||
(empty($data['url']) ? '#' : h($data['url'])),
|
||||
(empty($data['children']) ? '' : 'class="dropdown-toggle" data-toggle="dropdown"'),
|
||||
(empty($data['html']) ? '' : $data['html']),
|
||||
(empty($data['text']) ? '' : h($data['text'])),
|
||||
$children
|
||||
));
|
||||
}
|
||||
?>
|
|
@ -0,0 +1 @@
|
|||
<li class="divider"></li>
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
/*
|
||||
* This template creates a single entry within a menu group
|
||||
* The accepted objects are as follows:
|
||||
* array(
|
||||
* 'url' => 'url, if the root itself should be clickable',
|
||||
* 'text' => 'The text displayed on the button (sanitised here)',
|
||||
* 'requirement' => 'the conditions under which this element should be displayed',
|
||||
* 'html' => 'directly pass HTML (such as an image) as the display for the button (has to be sanitised elsewhere).
|
||||
* The HTML option always prepends the text and both are displayed if set.'
|
||||
* )
|
||||
*/
|
||||
if (!isset($data['requirement']) || $data['requirement']) {
|
||||
if (empty($data['url'])) {
|
||||
$data['url'] = '#';
|
||||
} else if (strpos($data['url'], '://') !== null) {
|
||||
$data['url'] = h($data['url']);
|
||||
} else {
|
||||
$data['url'] = $baseurl . h($data['url']);
|
||||
}
|
||||
echo sprintf(
|
||||
'<li><a href="%s">%s%s</a></li>',
|
||||
$data['url'],
|
||||
(empty($data['html']) ? '' : h($data['html'])),
|
||||
(empty($data['text']) ? '' : h($data['text']))
|
||||
);
|
||||
}
|
||||
?>
|
|
@ -0,0 +1,18 @@
|
|||
<li>
|
||||
<a href="<?php echo $baseurl;?>/" id="smallLogo" style="font-weight:bold;">
|
||||
<span class="logoBlueStatic">MISP</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="<?php echo $baseurl;?>/users/view/me" class="white" style="padding-left:0px;padding-right:5px;" title="<?php echo h($me['email']);?>"><?php echo $loggedInUserName;?></a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="<?php echo $baseurl;?>/users/dashboard" style="padding-left:0px;padding-right:0px;">
|
||||
<span class="notification-<?php echo ($notifications['total'] > 0) ? 'active' : 'passive';?>"><span style="float:left;margin-top:3px;margin-right:3px;margin-left:3px;" class="icon-envelope icon-white" title="<?php echo __('Dashboard');?>" role="button" tabindex="0" aria-label="<?php echo __('Dashboard');?>"></span></span>
|
||||
</a>
|
||||
</li>
|
||||
<?php if (!$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/users/logout"><?php echo __('Log out');?></a></li>
|
||||
<?php elseif (Configure::read('Plugin.CustomAuth_custom_logout')): ?>
|
||||
<li><a href="<?php echo h(Configure::read('Plugin.CustomAuth_custom_logout'));?>"><?php echo __('Log out');?></a></li>
|
||||
<?php endif; ?>
|
|
@ -11,11 +11,11 @@
|
|||
}
|
||||
}
|
||||
if (empty($url)) {
|
||||
$a = 'href="#"';
|
||||
$a = '';
|
||||
} else if (strpos($url, '://') !== null) {
|
||||
$a = 'href="' . h($url) . '"';
|
||||
$a = h($url);
|
||||
} else {
|
||||
$a = 'href="' . $baseurl . h($url) . '"';
|
||||
$a = $baseurl . h($url);
|
||||
}
|
||||
if (!empty($class)) {
|
||||
$class = 'class="' . h($class) . '"';
|
||||
|
@ -24,9 +24,9 @@
|
|||
}
|
||||
$post_link = $this->Form->postLink(
|
||||
__($text),
|
||||
$a,
|
||||
$url,
|
||||
null,
|
||||
empty($message) ? $message : null
|
||||
empty($message) ? null : $message
|
||||
);
|
||||
echo sprintf('<li %s %s>%s</li>', $element_id, $class, $post_link);
|
||||
?>
|
||||
|
|
|
@ -1,221 +1,395 @@
|
|||
<div id="topBar" class="navbar-wrapper header <?php echo $debugMode;?>">
|
||||
<div class="navbar navbar-inverse">
|
||||
<div class="navbar-inner">
|
||||
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
|
||||
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</a>
|
||||
<?php if ($me != false ):?>
|
||||
<div class="nav-collapse collapse">
|
||||
<ul class="nav">
|
||||
<?php
|
||||
$logo = 'Home';
|
||||
if (Configure::read('MISP.home_logo')) $logo = '<img src="' . $baseurl . '/img/custom/' . Configure::read('MISP.home_logo') . '" style="height:24px;">';
|
||||
?>
|
||||
<li><a href="<?php echo !empty($baseurl) ? $baseurl : '/';?>" style="color:white"><?php echo $logo; ?></a></li>
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Event Actions');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="<?php echo $baseurl;?>/events/index"><?php echo __('List Events');?></a></li>
|
||||
<?php if ($isAclAdd): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/events/add"><?php echo __('Add Event');?></a></li>
|
||||
<?php endif; ?>
|
||||
<li><a href="<?php echo $baseurl;?>/attributes/index"><?php echo __('List Attributes');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/attributes/search"><?php echo __('Search Attributes');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/servers/rest"><?php echo __('REST client');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/shadow_attributes/index"><?php echo __('View Proposals');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/events/proposalEventIndex"><?php echo __('Events with proposals');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/tags/index"><?php echo __('List Tags');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/tag_collections/index"><?php echo __('List Tag Collections');?></a></li>
|
||||
<?php if ($isAclTagEditor): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/tags/add"><?php echo __('Add Tag');?></a></li>
|
||||
<?php endif; ?>
|
||||
<li><a href="<?php echo $baseurl;?>/taxonomies/index"><?php echo __('List Taxonomies');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/templates/index"><?php echo __('List Templates');?></a></li>
|
||||
<?php if ($isAclTemplate): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/templates/add"><?php echo __('Add Template');?></a></li>
|
||||
<?php endif; ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/events/export"><?php echo __('Export');?></a></li>
|
||||
<?php if ($isAclAuth): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/events/automation"><?php echo __('Automation');?></a></li>
|
||||
<?php endif;?>
|
||||
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Galaxies');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="<?php echo $baseurl;?>/galaxies/index"><?php echo __('List Galaxies');?></a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Input Filters');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<?php if ($isAclRegexp): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/regexp/index"><?php echo __('Import Regexp');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/whitelists/index"><?php echo __('Signature Whitelist');?></a></li>
|
||||
<?php endif;?>
|
||||
<?php if (!$isAclRegexp): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/regexp/index"><?php echo __('Import Regexp');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/whitelists/index"><?php echo __('Signature Whitelist');?></a></li>
|
||||
<?php endif;?>
|
||||
<li><a href="<?php echo $baseurl;?>/warninglists/index"><?php echo __('List Warninglists');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/noticelists/index"><?php echo __('List Noticelists');?></a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Global Actions');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="<?php echo $baseurl;?>/news"><?php echo __('News');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/users/view/me"><?php echo __('My Profile');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/users/dashboard"><?php echo __('Dashboard');?></a></li>
|
||||
<?php
|
||||
if ($isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))):
|
||||
?>
|
||||
<li><a href="<?php echo $baseurl;?>/organisations/index"><?php echo __('Organisations');?></a></li>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<li><a href="<?php echo $baseurl;?>/roles/index"><?php echo __('Role Permissions');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/objectTemplates/index"><?php echo __('List Object Templates');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/sharing_groups/index"><?php echo __('List Sharing Groups');?></a></li>
|
||||
<?php if ($isAclSharingGroup): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/sharing_groups/add"><?php echo __('Add Sharing Group');?></a></li>
|
||||
<?php endif; ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="https://www.circl.lu/doc/misp/" target="_blank"><?php echo __('User Guide');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/pages/display/doc/categories_and_types"><?php echo __('Categories & Types');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/users/terms"><?php echo __('Terms & Conditions');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/users/statistics"><?php echo __('Statistics');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/threads/index"><?php echo __('List Discussions');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/posts/add"><?php echo __('Start Discussion');?></a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<?php if ($isAclSync || $isAdmin || $hostOrgUser): ?>
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Sync Actions');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<?php if ($isAclSync || $isAdmin): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/servers/index"><?php echo __('List Servers');?></a></li>
|
||||
<?php endif; ?>
|
||||
<?php if ($isSiteAdmin || $hostOrgUser): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/feeds/index"><?php echo __('List Feeds');?></a></li>
|
||||
<?php endif;?>
|
||||
</ul>
|
||||
</li>
|
||||
<?php endif;?>
|
||||
|
||||
<?php if ($isAdmin || $isSiteAdmin): ?>
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Administration');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="<?php echo $baseurl;?>/admin/users/index"><?php echo __('List Users');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/users/add"><?php echo __('Add User');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/users/email"><?php echo __('Contact Users');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/organisations/index"><?php echo __('List Organisations');?></a></li>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/organisations/add"><?php echo __('Add Organisation');?></a></li>
|
||||
<?php endif;?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/roles/index"><?php echo __('List Roles');?></a></li>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/roles/add"><?php echo __('Add Role');?></a></li>
|
||||
<?php endif; ?>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/servers/serverSettings"><?php echo __('Server Settings');?> &<br /><?php echo __('Maintenance');?></a></li>
|
||||
<?php if (Configure::read('MISP.background_jobs')): ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/jobs/index"><?php echo __('Jobs');?></a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/tasks"><?php echo __('Scheduled Tasks');?></a></li>
|
||||
<?php endif; ?>
|
||||
<?php if (Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin): ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/eventBlacklists/add"><?php echo __('Blacklist Event');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/eventBlacklists"><?php echo __('Manage Event Blacklists');?></a></li>
|
||||
<?php endif; ?>
|
||||
<?php if (Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin): ?>
|
||||
<li class="divider"></li>
|
||||
<li><a href="<?php echo $baseurl;?>/orgBlacklists/add"><?php echo __('Blacklist Organisation');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/orgBlacklists"><?php echo __('Manage Org Blacklists');?></a></li>
|
||||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</ul>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($isAclAudit): ?>
|
||||
<li class="dropdown">
|
||||
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
|
||||
<?php echo __('Audit');?>
|
||||
<b class="caret"></b>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li><a href="<?php echo $baseurl;?>/admin/logs/index"><?php echo __('List Logs');?></a></li>
|
||||
<li><a href="<?php echo $baseurl;?>/admin/logs/search"><?php echo __('Search Logs');?></a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<?php endif;?>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="nav-collapse collapse pull-right">
|
||||
<ul class="nav">
|
||||
<li>
|
||||
<a href="<?php echo $baseurl;?>/" id="smallLogo" style="font-weight:bold;">
|
||||
<span class="logoBlueStatic">MISP</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="<?php echo $baseurl;?>/users/view/me" class="white" style="padding-left:0px;padding-right:5px;" title="<?php echo h($me['email']);?>"><?php echo $loggedInUserName;?></a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="<?php echo $baseurl;?>/users/dashboard" style="padding-left:0px;padding-right:0px;">
|
||||
<span class="notification-<?php echo ($notifications['total'] > 0) ? 'active' : 'passive';?>"><span style="float:left;margin-top:3px;margin-right:3px;margin-left:3px;" class="icon-envelope icon-white" title="<?php echo __('Dashboard');?>" role="button" tabindex="0" aria-label="<?php echo __('Dashboard');?>"></span></span>
|
||||
</a>
|
||||
</li>
|
||||
<?php if (!$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')): ?>
|
||||
<li><a href="<?php echo $baseurl;?>/users/logout"><?php echo __('Log out');?></a></li>
|
||||
<?php elseif (Configure::read('Plugin.CustomAuth_custom_logout')): ?>
|
||||
<li><a href="<?php echo h(Configure::read('Plugin.CustomAuth_custom_logout'));?>"><?php echo __('Log out');?></a></li>
|
||||
<?php endif; ?>
|
||||
</ul>
|
||||
</div>
|
||||
<?php endif;?>
|
||||
</div>
|
||||
</div>
|
||||
<?php
|
||||
if (!empty($me)) {
|
||||
$menu = array(
|
||||
array(
|
||||
'type' => 'root',
|
||||
'url' => $baseurl . '/',
|
||||
'html' => (Configure::read('MISP.home_logo') ? $logo = '<img src="' . $baseurl . '/img/custom/' . Configure::read('MISP.home_logo') . '" style="height:24px;">' : 'Home')
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Event Actions'),
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('List Events'),
|
||||
'url' => '/events/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Event'),
|
||||
'url' => '/events/add',
|
||||
'requirement' => $isAclAdd
|
||||
),
|
||||
array(
|
||||
'text' => __('List Attributes'),
|
||||
'url' => '/attributes/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Search Attributes'),
|
||||
'url' => '/attributes/search'
|
||||
),
|
||||
array(
|
||||
'text' => __('REST client'),
|
||||
'url' => '/servers/rest'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('View Proposals'),
|
||||
'url' => '/shadow_attributes/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Events with proposals'),
|
||||
'url' => '/events/proposalEventIndex'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Tags'),
|
||||
'url' => 'tags/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Tag Collections'),
|
||||
'url' => '/tag_collections/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Tag'),
|
||||
'url' => '/tags/add',
|
||||
'requirement' => $isAclTagEditor
|
||||
),
|
||||
array(
|
||||
'text' => __('List Taxonomies'),
|
||||
'url' => '/taxonomies/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Templates'),
|
||||
'url' => '/templates/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Template'),
|
||||
'url' => '/templates/add',
|
||||
'requirement' => $isAclTemplate
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('Export'),
|
||||
'url' => '/events/export'
|
||||
),
|
||||
array(
|
||||
'text' => __('Automation'),
|
||||
'url' => '/events/automation',
|
||||
'requirement' => $isAclAuth
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Galaxies'),
|
||||
'url' => '/galaxies/index',
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('List Galaxies'),
|
||||
'url' => '/galaxies/index'
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Input Filters'),
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('Import Regexp'),
|
||||
'url' => '/admin/regexp/index',
|
||||
'requirement' => $isAclRegexp
|
||||
),
|
||||
array(
|
||||
'text' => __('Import Regexp'),
|
||||
'url' => '/regexp/index',
|
||||
'requirement' => !$isAclRegexp
|
||||
),
|
||||
array(
|
||||
'text' => __('Signature Whitelist'),
|
||||
'url' => '/admin/whitelists/index',
|
||||
'requirement' => $isAclRegexp
|
||||
),
|
||||
array(
|
||||
'text' => __('Signature Whitelist'),
|
||||
'url' => '/whitelists/index',
|
||||
'requirement' => !$isAclRegexp
|
||||
),
|
||||
array(
|
||||
'text' => __('List Warninglists'),
|
||||
'url' => '/warninglists/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Noticelists'),
|
||||
'url' => '/noticelists/index'
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Global Actions'),
|
||||
'url' => '/users/dashboard',
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('News'),
|
||||
'url' => '/news'
|
||||
),
|
||||
array(
|
||||
'text' => __('My Profile'),
|
||||
'url' => '/users/view/me'
|
||||
),
|
||||
array(
|
||||
'text' => __('Dashboard'),
|
||||
'url' => '/users/dashboard'
|
||||
),
|
||||
array(
|
||||
'text' => __('Organisations'),
|
||||
'url' => '/organisations/index',
|
||||
'requirement' => $isAclSharingGroup || empty(Configure::read('Security.hide_organisation_index_from_users'))
|
||||
),
|
||||
array(
|
||||
'text' => __('Role Permissions'),
|
||||
'url' => '/roles/index'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Object Templates'),
|
||||
'url' => '/objectTemplates/index'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Sharing Groups'),
|
||||
'url' => '/sharing_groups/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Sharing Group'),
|
||||
'url' => '/sharing_groups/add',
|
||||
'requirement' => $isAclSharingGroup
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('User Guide'),
|
||||
'url' => 'https://www.circl.lu/doc/misp/'
|
||||
),
|
||||
array(
|
||||
'text' => __('Categories & Types'),
|
||||
'url' => '/pages/display/doc/categories_and_types'
|
||||
),
|
||||
array(
|
||||
'text' => __('Terms & Conditions'),
|
||||
'url' => '/users/terms'
|
||||
),
|
||||
array(
|
||||
'text' => __('Statistics'),
|
||||
'url' => '/users/statistics'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Discussions'),
|
||||
'url' => '/threads/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Start Discussion'),
|
||||
'url' => '/posts/add'
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Sync Actions'),
|
||||
'requirement' => ($isAclSync || $isAdmin || $hostOrgUser),
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('List Servers'),
|
||||
'url' => '/servers/index',
|
||||
'requirement' => ($isAclSync || $isAdmin)
|
||||
),
|
||||
array(
|
||||
'text' => __('List Feeds'),
|
||||
'url' => '/feeds/index',
|
||||
'requirement' => ($isSiteAdmin || $hostOrgUser)
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Administration'),
|
||||
'url' => '/servers/serverSettings',
|
||||
'requirement' => ($isAdmin),
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('List Users'),
|
||||
'url' => '/admin/users/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add User'),
|
||||
'url' => '/admin/users/add'
|
||||
),
|
||||
array(
|
||||
'text' => __('Contact Users'),
|
||||
'url' => '/admin/users/email'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Organisations'),
|
||||
'url' => '/organisations/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Organisations'),
|
||||
'url' => '/admin/organisations/add'
|
||||
),
|
||||
array(
|
||||
'type' => 'separator'
|
||||
),
|
||||
array(
|
||||
'text' => __('List Roles'),
|
||||
'url' => '/admin/roles/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Add Roles'),
|
||||
'url' => '/admin/roles/add',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Server Settings & Maintenance'),
|
||||
'url' => '/servers/serverSettings',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Jobs'),
|
||||
'url' => '/jobs/index',
|
||||
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Scheduled Tasks'),
|
||||
'url' => '/tasks',
|
||||
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Blacklist Event'),
|
||||
'url' => '/eventBlacklists/add',
|
||||
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Manage Event Blacklists'),
|
||||
'url' => '/eventBlacklists',
|
||||
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Blacklist Organisation'),
|
||||
'url' => '/orgBlacklists/add',
|
||||
'requirement' => Configure::read('MISP.enableOrgBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Manage Org Blacklists'),
|
||||
'url' => '/orgBlacklists',
|
||||
'requirement' => Configure::read('MISP.enableOrgBlacklisting') !== false && $isSiteAdmin
|
||||
),
|
||||
)
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'text' => __('Audit'),
|
||||
'requirement' => ($isAclAudit),
|
||||
'children' => array(
|
||||
array(
|
||||
'text' => __('List Logs'),
|
||||
'url' => '/admin/logs/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Search Logs'),
|
||||
'url' => '/admin/logs/search'
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
$menu_right = array(
|
||||
array(
|
||||
'type' => 'root',
|
||||
'url' => $baseurl . '/',
|
||||
'html' => '<span class="logoBlueStatic bold" id="smallLogo">MISP</span>'
|
||||
),
|
||||
array(
|
||||
'type' => 'root',
|
||||
'url' => '/users/dashboard',
|
||||
'html' => sprintf(
|
||||
'<span class="white" title="%s">%s %s</span>',
|
||||
h($me['email']),
|
||||
h($loggedInUserName),
|
||||
sprintf(
|
||||
'<i class="fa fa-envelope %s"></i>',
|
||||
(($notifications['total'] == 0) ? 'white' : 'red')
|
||||
)
|
||||
)
|
||||
),
|
||||
array(
|
||||
'url' => h(Configure::read('Plugin.CustomAuth_custom_logout')),
|
||||
'text' => __('Log out'),
|
||||
'requirement' => !$externalAuthUser && !Configure::read('Plugin.CustomAuth_disable_logout')
|
||||
),
|
||||
array(
|
||||
'url' => '/users/logout',
|
||||
'text' => __('Log out'),
|
||||
'requirement' => (Configure::read('Plugin.CustomAuth_custom_logout'))
|
||||
)
|
||||
);
|
||||
}
|
||||
?>
|
||||
<div id="topBar" class="navbar navbar-inverse <?php echo $debugMode;?>">
|
||||
<div class="navbar-inner">
|
||||
<ul class="nav">
|
||||
<?php
|
||||
if (!empty($menu)) {
|
||||
foreach ($menu as $root_element) {
|
||||
echo $this->element('/genericElements/GlobalMenu/global_menu_root', array('data' => $root_element));
|
||||
}
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
<ul class="nav pull-right">
|
||||
<?php
|
||||
if (!empty($menu_right)) {
|
||||
foreach ($menu_right as $root_element) {
|
||||
echo $this->element('/genericElements/GlobalMenu/global_menu_root', array('data' => $root_element));
|
||||
}
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<input type="hidden" class="keyboardShortcutsConfig" value="/shortcuts/global_menu.json" />
|
||||
|
|
|
@ -0,0 +1,198 @@
|
|||
<?php
|
||||
/*
|
||||
* Matrix Generator
|
||||
* Params:
|
||||
Required
|
||||
--------
|
||||
|
||||
- $tabs: Contains the matrix data. Has the format:
|
||||
{
|
||||
tab1: {
|
||||
col1: [
|
||||
{rowData1}, {rowData2}, ...
|
||||
],
|
||||
col2: [
|
||||
{rowData1}, {rowData2}, ...
|
||||
]
|
||||
},
|
||||
tab2: {}
|
||||
}
|
||||
|
||||
Optional
|
||||
--------
|
||||
- $defaultTabName: Set the default active tab. Default value is first tab
|
||||
- $columnOrders: Defined the order of the column in each tabs. Has the format:
|
||||
{
|
||||
tab1: [col1, col2],
|
||||
tab2: [col1, col2]
|
||||
}
|
||||
- $interpolation: The color associated to each value. Has the format: { val1: [r, g, b], val2: [r, g, b] }
|
||||
- $maxScore:
|
||||
- $pickingMode: Interactive picking mode, add a form and the chosen input
|
||||
- $scores: The score associate with either the value or the tag name (if provided)
|
||||
- $removeTrailling: How much part of the name of the cell should be remove: e.g. $removeTrailling=2 => "abc def ghi", will be: "abc"
|
||||
- $colours: The colour associated with the tag name (if provided)
|
||||
*
|
||||
*
|
||||
*
|
||||
*/
|
||||
?>
|
||||
|
||||
<?php
|
||||
echo $this->Html->script('attack_matrix');
|
||||
echo $this->Html->css('attack_matrix');
|
||||
?>
|
||||
<?php
|
||||
$clusetersNamesMapping = array(); // used to map name with id for the chosen select
|
||||
if (isset($interpolation) && !empty($interpolation)) {
|
||||
foreach ($interpolation as $k => $colArr) {
|
||||
$col = str_pad(dechex($colArr[0]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($colArr[1]), 2, '0', STR_PAD_LEFT) . str_pad(dechex($colArr[2]), 2, '0', STR_PAD_LEFT);
|
||||
$interpolation[$k] = '#' . $col;
|
||||
if ($k == 0) { // force small area on white
|
||||
$interpolation[$k] .= ' 3%';
|
||||
}
|
||||
}
|
||||
$colorScale = implode($interpolation, ', ');
|
||||
} else {
|
||||
$colorScale = 'black';
|
||||
}
|
||||
?>
|
||||
<div class="attack-matrix-options" style="right: initial; background: transparent;">
|
||||
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
|
||||
<?php
|
||||
if (!isset($defaultTabName)) {
|
||||
reset($tabs);
|
||||
$defaultTabName = key($tabs); // get first key
|
||||
}
|
||||
|
||||
foreach($tabs as $tabName => $column):
|
||||
?>
|
||||
<li class="tactic <?php echo $tabName==$defaultTabName ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($tabName); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($tabName); ?></span></li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="attack-matrix-options matrix-div-submit">
|
||||
<span class="btn btn-inverse btn-matrix-submit" role="button" style="padding: 1px 5px !important;font-size: 12px !important;font-weight: bold;"><?php echo __('Submit'); ?></span>
|
||||
</div>
|
||||
|
||||
<div class="attack-matrix-options">
|
||||
<?php if (isset($interpolation)): ?>
|
||||
<span id="matrix-heatmap-legend-caret">
|
||||
<span id="matrix-heatmap-legend-caret-value">0</span>
|
||||
<span class="fa fa-caret-down"></span>
|
||||
</span>
|
||||
<div>
|
||||
<span>0</span>
|
||||
<div id="matrix-heatmap-legend" style="background: linear-gradient(to right, white 0%, <?php echo h($colorScale); ?>);"></div>
|
||||
<span id="matrix-heatmap-maxval"><?php echo h($maxScore); ?></span>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<label style="display: inline-block; margin-left: 30px;"><input type="checkbox" id="checkbox_attackMatrix_showAll" checked><span class="fa fa-filter"><?php echo __('Show all');?></span></input></label>
|
||||
</div>
|
||||
|
||||
<?php if (isset($eventId)): ?>
|
||||
<div class="hidden">
|
||||
<?php
|
||||
echo $this->Form->create('Galaxy', array('url' => '/galaxies/attachMultipleClusters/' . (empty($target_id) ? $eventId : $target_id ) . '/' . (empty($target_type) ? 'event' : $target_type), 'style' => 'margin:0px;'));
|
||||
echo $this->Form->input('target_ids', array('type' => 'text'));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
|
||||
<div class="tab-content">
|
||||
<?php foreach($tabs as $tabName => $column): ?>
|
||||
<div class="tab-pane <?php echo $tabName==$defaultTabName ? "active" : ""; ?>" id="tabMatrix-<?php echo h($tabName); ?>">
|
||||
<div class="header-background"></div>
|
||||
<div class="fixed-table-container-inner" style="max-height: 670px;">
|
||||
<table class="table table-condensed matrix-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<?php
|
||||
foreach($columnOrders[$tabName] as $co):
|
||||
$name = str_replace("-", " ", $co);
|
||||
?>
|
||||
<th>
|
||||
<?php echo h(ucfirst($name)); ?>
|
||||
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
|
||||
</th>
|
||||
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody style="overflow-y: scroll;">
|
||||
<?php
|
||||
$body = '';
|
||||
$added = false;
|
||||
$i = 0;
|
||||
do {
|
||||
$tr = '<tr>';
|
||||
$added = false;
|
||||
foreach($columnOrders[$tabName] as $co) {
|
||||
if (isset($column[$co][$i])) {
|
||||
$added = true;
|
||||
$td = '<td';
|
||||
$cell = $column[$co][$i];
|
||||
if (!is_array($cell)) {
|
||||
$cell = array('value' => $cell);
|
||||
}
|
||||
$value = isset($cell['value']) ? $cell['value'] : 0;
|
||||
if (isset($removeTrailling) && $removeTrailling > 0) {
|
||||
$name = explode(" ", $value);
|
||||
$name = join(" ", array_slice($name, 0, -$removeTrailling)); // remove " - external_id"
|
||||
} else {
|
||||
$name = $value;
|
||||
}
|
||||
$tagName = isset($cell['tag_name']) ? $cell['tag_name'] : $name;
|
||||
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
|
||||
$clusterId = isset($cell['id']) ? $cell['id'] : $name;
|
||||
$externalId = isset($cell['external_id']) ? $cell['external_id'] : '';
|
||||
$clusetersNamesMapping[$clusterId] = $name . ($externalId !== '' ? ' (' . $externalId. ')' : '');
|
||||
|
||||
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
|
||||
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
|
||||
$td .= ' data-score="'.h($score).'"';
|
||||
$td .= ' data-tag_name="'.h($tagName).'"';
|
||||
$td .= ' data-cluster-id="'.h($clusterId).'"';
|
||||
if ($pickingMode) {
|
||||
$td .= ' data-target-type="attribute"';
|
||||
$td .= ' data-target-id="'.h($target_id).'"';
|
||||
}
|
||||
$td .= ' title="'.h($externalId).'"';
|
||||
$td .= '>' . h($name);
|
||||
|
||||
} else { // empty cell
|
||||
$td = '<td style="border: none;">';
|
||||
}
|
||||
$td .= '</td>';
|
||||
$tr .= $td;
|
||||
}
|
||||
$tr .= '</tr>';
|
||||
$body .= $tr;
|
||||
$i++;
|
||||
} while($added);
|
||||
echo $body;
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<?php if($pickingMode): ?>
|
||||
<div style="padding: 5px;">
|
||||
<select id="attack-matrix-chosen-select" style="width: 100%; margin: 0px;" multiple>
|
||||
<?php
|
||||
foreach ($clusetersNamesMapping as $clusterId => $clusterName) {
|
||||
echo '<option value=' . h($clusterId) .'>' . h($clusterName) . '</option>';
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
</div>
|
||||
<div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm('#popover_form_large');"><?php echo __('Cancel'); ?></div>
|
||||
<?php endif; ?>
|
|
@ -1,134 +0,0 @@
|
|||
<?php
|
||||
$clusetersNamesMapping = array(); // used to map name with id for the chosen select
|
||||
?>
|
||||
<div class="attack-matrix-options" style="right: initial; background: transparent;">
|
||||
<ul id="attack-matrix-tabscontroller" class="nav nav-tabs" style="margin-bottom: 2px;">
|
||||
<?php
|
||||
$enterpriseTag = "mitre-enterprise-attack-attack-pattern";
|
||||
foreach($attackTactic as $tactic):
|
||||
$galaxy = $tactic['galaxy'];
|
||||
?>
|
||||
<li class="tactic <?php echo $galaxy['type']==$enterpriseTag ? "active" : ""; ?>"><span href="#tabMatrix-<?php echo h($galaxy['type']); ?>" data-toggle="tab" style="padding-top: 3px; padding-bottom: 3px;"><?php echo h($galaxy['name']); ?></span></li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="attack-matrix-options matrix-div-submit">
|
||||
<span class="btn btn-inverse btn-matrix-submit" role="button" style="padding: 1px 5px !important;font-size: 12px !important;font-weight: bold;"><?php echo __('Submit'); ?></span>
|
||||
</div>
|
||||
|
||||
<div class="attack-matrix-options">
|
||||
<span id="matrix-heatmap-legend-caret">
|
||||
<span id="matrix-heatmap-legend-caret-value">0</span>
|
||||
<span class="fa fa-caret-down"></span>
|
||||
</span>
|
||||
<div>
|
||||
<span>0</span>
|
||||
<div id="matrix-heatmap-legend"></div>
|
||||
<span id="matrix-heatmap-maxval"><?php echo h($maxScore); ?></span>
|
||||
</div>
|
||||
<label style="display: inline-block; margin-left: 30px;"><input type="checkbox" id="checkbox_attackMatrix_showAll" checked><span class="fa fa-filter"><?php echo __('Show all');?></span></input></label>
|
||||
</div>
|
||||
|
||||
<div class="hidden">
|
||||
<?php
|
||||
echo $this->Form->create('Galaxy', array('url' => '/galaxies/attachMultipleClusters/' . (empty($target_id) ? $eventId : $target_id ) . '/' . (empty($target_type) ? 'event' : $target_type), 'style' => 'margin:0px;'));
|
||||
echo $this->Form->input('target_ids', array('type' => 'text'));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
|
||||
<div id="matrix_container" class="fixed-table-container-inner" style="max-height: 670px;" data-picking-mode="<?php echo $pickingMode ? 'true' : 'false'; ?>">
|
||||
<div class="tab-content">
|
||||
<?php foreach($attackTactic as $galaxy):
|
||||
$galaxyType = $galaxy['galaxy']['type'];
|
||||
?>
|
||||
<div class="tab-pane <?php echo $galaxyType==$enterpriseTag ? "active" : ""; ?>" id="tabMatrix-<?php echo h($galaxyType); ?>">
|
||||
<div class="header-background"></div>
|
||||
<div class="fixed-table-container-inner" style="max-height: 670px;">
|
||||
<table class="table table-condensed matrix-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<?php
|
||||
foreach($killChainOrders[$galaxyType] as $kc):
|
||||
$name = str_replace("-", " ", $kc);
|
||||
?>
|
||||
<th>
|
||||
<?php echo h(ucfirst($name)); ?>
|
||||
<div class="th-inner"><?php echo h(ucfirst($name)); ?></div>
|
||||
</th>
|
||||
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody style="overflow-y: scroll;">
|
||||
<?php
|
||||
$added = false;
|
||||
$i = 0;
|
||||
do {
|
||||
$added = false;
|
||||
echo '<tr>';
|
||||
$killChainOrder = $killChainOrders[$galaxyType];
|
||||
$attackClusters = $galaxy['clusters'];
|
||||
foreach($killChainOrder as $kc) {
|
||||
if(!isset($attackClusters[$kc])) { // undefined index
|
||||
$td = '<td class="">';
|
||||
} else {
|
||||
$clusters = $attackClusters[$kc];
|
||||
$td = '<td ';
|
||||
if ($i < count($clusters)) {
|
||||
$clusterId = $clusters[$i]['id'];
|
||||
$tagName = $clusters[$i]['tag_name'];
|
||||
$score = empty($scores[$tagName]) ? 0 : $scores[$tagName];
|
||||
$name = join(" ", array_slice(explode(" ", $clusters[$i]['value']), 0, -2)); // remove " - external_id"
|
||||
$clusetersNamesMapping[$clusterId] = $name;
|
||||
$td .= ' class="heatCell matrix-interaction ' . ($pickingMode ? 'cell-picking"' : '"');
|
||||
$td .= isset($colours[$tagName]) ? ' style="background: ' . h($colours[$tagName]) . '; color: ' . h($this->TextColour->getTextColour($colours[$tagName])) . '"' : '' ;
|
||||
$td .= ' data-score="'.h($score).'"';
|
||||
$td .= ' data-tag_name="'.h($tagName).'"';
|
||||
$td .= ' data-cluster-id="'.h($clusterId).'"';
|
||||
if ($pickingMode) {
|
||||
$td .= ' data-target-type="attribute"';
|
||||
$td .= ' data-target-id="'.h($target_id).'"';
|
||||
}
|
||||
$td .= ' title="'.h($clusters[$i]['external_id']).'"';
|
||||
$td .= '>' . h($name);
|
||||
$added = true;
|
||||
} else {
|
||||
$td .= 'class="">';
|
||||
}
|
||||
}
|
||||
$td .= '</td>';
|
||||
echo $td;
|
||||
}
|
||||
echo '</tr>';
|
||||
$i++;
|
||||
} while($added);
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<?php if($pickingMode): ?>
|
||||
<div style="padding: 5px;">
|
||||
<select id="attack-matrix-chosen-select" style="width: 100%; margin: 0px;" multiple>
|
||||
<?php
|
||||
foreach ($clusetersNamesMapping as $clusterId => $clusterName) {
|
||||
echo '<option value=' . h($clusterId) .'>' . h($clusterName) . '</option>';
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
</div>
|
||||
<div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm('#popover_form_large');"><?php echo __('Cancel'); ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php
|
||||
echo $this->Html->script('bootstrap-typeahead');
|
||||
echo $this->Html->script('attack_matrix');
|
||||
echo $this->Html->css('attack_matrix');
|
||||
?>
|
|
@ -38,6 +38,7 @@
|
|||
echo $this->Html->script('moment-with-locales');
|
||||
echo $this->Html->css('query-builder.default');
|
||||
echo $this->Html->script('query-builder');
|
||||
echo $this->Html->css('attack_matrix');
|
||||
?>
|
||||
<div class="events view">
|
||||
<?php
|
||||
|
@ -217,7 +218,7 @@
|
|||
'<a href="%s/events/view/%s%s"><span class="icon-refresh"></span></a>',
|
||||
$baseurl,
|
||||
$event['Event']['id'],
|
||||
$extended ? '' : '/extended:1'
|
||||
($extended ? '' : '/extended:1')
|
||||
)
|
||||
)
|
||||
);
|
||||
|
@ -500,7 +501,7 @@ function enable_correlation_graph() {
|
|||
}
|
||||
|
||||
function enable_attack_matrix() {
|
||||
$.get("/events/viewMitreAttackMatrix/<?php echo h($event['Event']['id']); ?>/event/1", function(data) {
|
||||
$.get("/events/viewGalaxyMatrix/<?php echo h($event['Event']['id']); ?>/<?php echo h($mitreAttackGalaxyId); ?>/event/1", function(data) {
|
||||
$("#attackmatrix_div").html(data);
|
||||
});
|
||||
}
|
||||
|
|
|
@ -23,6 +23,14 @@
|
|||
<dd><?php echo h($galaxy['Galaxy']['version']); ?></dd>
|
||||
|
||||
</dl>
|
||||
<?php
|
||||
$kco = '';
|
||||
if (isset($galaxy['Galaxy']['kill_chain_order'])) {
|
||||
$kco = '<strong>' . __('Kill chain order') . '</strong> <span class="useCursorPointer fa fa-expand" onclick="$(\'#killChainOrder\').toggle(\'blind\')"></span>';
|
||||
$kco .= '<div id="killChainOrder" class="hidden" style="border: 1px solid #000; border-radius: 5px; padding: 3px; background: #f4f4f4; margin-left: 20px;">' . json_encode($galaxy['Galaxy']['kill_chain_order']) . '</div>';
|
||||
}
|
||||
echo $kco;
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<div id="clusters_div"></div>
|
||||
|
@ -36,5 +44,9 @@ $(document).ready(function () {
|
|||
$.get("<?php echo $uri;?>", function(data) {
|
||||
$("#clusters_div").html(data);
|
||||
});
|
||||
|
||||
var $kco = $('#killChainOrder');
|
||||
var j = syntaxHighlightJson($kco.text(), 8)
|
||||
$kco.html(j);
|
||||
});
|
||||
</script>
|
||||
|
|
|
@ -86,6 +86,10 @@ class GenericPickerHelper extends AppHelper {
|
|||
if (isset($param['template']['infoExtra'])) {
|
||||
$pill_html .= $this->_View->element('genericPickerElements/info_extra', array('infoExtra' => $param['template']['infoExtra'], 'forceIcon' => true));
|
||||
}
|
||||
if (isset($param['isMatrix']) && $param['isMatrix']) {
|
||||
$span = '<span style="position: absolute; font-size: 8px; top: 2px;" class="fa fa-th" title="' . __('Start the galaxy matrix picker') . '"></span>';
|
||||
$pill_html .= $span;
|
||||
}
|
||||
$pill_html .= '</a>';
|
||||
$pill_html .= '</li>';
|
||||
return $pill_html;
|
||||
|
|
|
@ -42,8 +42,10 @@ foreach ($sharingGroups as $k => $sharingGroup):
|
|||
$combined .= "Organisations:";
|
||||
if (count($sharingGroup['SharingGroupOrg']) == 0) $combined .= "<br />N/A";
|
||||
foreach ($sharingGroup['SharingGroupOrg'] as $k2 => $sge) {
|
||||
$combined .= "<br /><a href='/Organisation/view/" . h($sge['Organisation']['id']) . "'>" . h($sge['Organisation']['name']) . "</a>";
|
||||
if ($sge['extend']) $combined .= (' (can extend)');
|
||||
if (!empty($sge['Organisation'])) {
|
||||
$combined .= "<br /><a href='/Organisation/view/" . h($sge['Organisation']['id']) . "'>" . h($sge['Organisation']['name']) . "</a>";
|
||||
if ($sge['extend']) $combined .= (' (can extend)');
|
||||
}
|
||||
}
|
||||
$combined .= "<hr style='margin:5px 0;'><br />Instances:";
|
||||
if (count($sharingGroup['SharingGroupServer']) == 0) $combined .= "<br />N/A";
|
||||
|
|
|
@ -7,10 +7,10 @@
|
|||
|
||||
<div id="attackmatrix_div" style="position: relative; border: solid 1px;" class="statistics_attack_matrix">
|
||||
<?php
|
||||
echo $this->element('view_mitre_attack_matrix');
|
||||
echo $this->element('view_galaxy_matrix');
|
||||
?>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
<?php
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit b9f13179412b0a6d944ef33493f36c2a49a63706
|
||||
Subproject commit 9ad8a76a38f8f111b856058759714caf559573cc
|
|
@ -1 +1 @@
|
|||
Subproject commit f9bb8bfa9bfe0eb3813df4dc5efa355bece53ce7
|
||||
Subproject commit 08798f12623f5291f6743856c221a8c2c13cc778
|
|
@ -1,11 +1,11 @@
|
|||
.matrix-table td {
|
||||
border-top: none;
|
||||
border: 1px solid #e2e2e2;
|
||||
}
|
||||
|
||||
.matrix-table th {
|
||||
padding: 0px 5px;
|
||||
color: transparent;
|
||||
line-height: 12px;
|
||||
line-height: 0px;
|
||||
}
|
||||
|
||||
.matrix-table thead > tr {
|
||||
|
@ -17,6 +17,9 @@
|
|||
.matrix-table tbody {
|
||||
/*height: 670px;*/
|
||||
overflow-y: scroll;
|
||||
/* display: inline-block;
|
||||
position: relative; */
|
||||
top: -23px;
|
||||
}
|
||||
|
||||
table.matrix-table {
|
||||
|
@ -102,7 +105,6 @@ div.th-inner {
|
|||
#matrix-heatmap-legend {
|
||||
width: 300px;
|
||||
height: 10px;
|
||||
background: linear-gradient(to right, white, #0000FF);
|
||||
}
|
||||
|
||||
.attack-matrix-options div {
|
||||
|
|
|
@ -907,6 +907,7 @@ a.pill-pre-picker {
|
|||
background-color: #fcfcfc;
|
||||
font-weight: bold;
|
||||
border: 1px #65737ec8 solid;
|
||||
position: relative;
|
||||
}
|
||||
.nav-pills > .active > a.pill-pre-picker {
|
||||
background-color: #65737e32;
|
||||
|
@ -1747,21 +1748,6 @@ a.discrete {
|
|||
border-left: 1px solid grey;
|
||||
}
|
||||
|
||||
.notification-active {
|
||||
float:left;
|
||||
background-color:red;
|
||||
color:white;
|
||||
border-radius: 50%;
|
||||
width:20px;
|
||||
height:20px;
|
||||
}
|
||||
|
||||
.notification-passive {
|
||||
float:left;
|
||||
width:20px;
|
||||
height:20px;
|
||||
}
|
||||
|
||||
.dashboard_element{
|
||||
background-color: white;
|
||||
border: 1px solid #0088cc;
|
||||
|
|
|
@ -265,7 +265,7 @@
|
|||
|
||||
function makeTagging(tagIds) {
|
||||
$('#GalaxyTargetIds').val(JSON.stringify(tagIds));
|
||||
$('#GalaxyViewMitreAttackMatrixForm').submit();
|
||||
$('#GalaxyViewGalaxyMatrixForm').submit();
|
||||
}
|
||||
|
||||
function filterEvent(tagName, tagId) {
|
||||
|
|
|
@ -1478,9 +1478,9 @@ function openPopover(clicked, data, hover, placement) {
|
|||
}
|
||||
}
|
||||
|
||||
function getMitreMatrixPopup(scope_id, scope) {
|
||||
function getMatrixPopup(scope, scope_id, galaxy_id) {
|
||||
cancelPopoverForm();
|
||||
getPopup(scope + '/' + scope_id, 'events', 'viewMitreAttackMatrix', '', '#popover_form_large');
|
||||
getPopup(scope_id + '/' + galaxy_id + '/' + scope, 'events', 'viewGalaxyMatrix', '', '#popover_form_large');
|
||||
}
|
||||
|
||||
function getPopup(id, context, target, admin, popupType) {
|
||||
|
@ -3881,7 +3881,10 @@ function insertJSONRestResponse() {
|
|||
$('#json-response-container').html(parsedJson);
|
||||
}
|
||||
|
||||
function syntaxHighlightJson(json) {
|
||||
function syntaxHighlightJson(json, indent) {
|
||||
if (indent === undefined) {
|
||||
indent = 2;
|
||||
}
|
||||
if (typeof json == 'string') {
|
||||
json = JSON.parse(json);
|
||||
}
|
||||
|
|
1879
docs/Changelog.md
1879
docs/Changelog.md
File diff suppressed because it is too large
Load Diff
|
@ -111,25 +111,25 @@ yum install rh-redis32
|
|||
systemctl enable --now rh-redis32-redis.service
|
||||
```
|
||||
|
||||
## 2.08/ Secure the MariaDB installation, run the following command and follow the prompts
|
||||
## 2.08/ Secure the MariaDB installation
|
||||
```bash
|
||||
scl enable rh-mariadb102 'mysql_secure_installation'
|
||||
```
|
||||
|
||||
## 2.10/ Update the PHP extension repository and install required package
|
||||
## 2.09/ Update the PHP extension repository and install required package
|
||||
```bash
|
||||
scl enable rh-php72 rh-redis32 bash
|
||||
pear channel-update pear.php.net
|
||||
pear install Crypt_GPG
|
||||
```
|
||||
|
||||
## 2.11/ Install haveged and enable to start on boot to provide entropy for GPG
|
||||
## 2.10/ Install haveged and enable to start on boot to provide entropy for GPG
|
||||
```bash
|
||||
yum install haveged
|
||||
systemctl enable --now haveged
|
||||
```
|
||||
|
||||
## 2.12/ Install Python 3.6 from SCL
|
||||
## 2.11/ Install Python 3.6 from SCL
|
||||
```bash
|
||||
yum install rh-python36
|
||||
```
|
||||
|
@ -193,11 +193,11 @@ systemctl restart rh-php72-php-fpm.service
|
|||
```
|
||||
|
||||
## 3.06/ Enable dependencies detection in the diagnostics page
|
||||
Add the following content to `/etc/opt/rh/rh-php71/php-fpm.d/www.conf` :
|
||||
Add the following content to `/etc/opt/rh/rh-php72/php-fpm.d/www.conf` :
|
||||
```
|
||||
env[PATH] =/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php71/root/usr/bin:/usr/local/bin:/usr/bin:/bin
|
||||
env[PATH] =/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin
|
||||
```
|
||||
Then run `systemctl restart rh-php71-php-fpm.service`.
|
||||
Then run `systemctl restart rh-php72-php-fpm.service`.
|
||||
This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
|
||||
|
||||
# 4/ CakePHP
|
||||
|
@ -230,17 +230,31 @@ cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResqu
|
|||
|
||||
## 4.05/ Install Crypt_GPG and Console_CommandLine
|
||||
```bash
|
||||
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
sudo -H -u apache scl enable rh-php72 'pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml'
|
||||
sudo -H -u apache scl enable rh-php72 'pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml'
|
||||
```
|
||||
|
||||
# 5/ Set file permissions
|
||||
## 5.01/ Make sure the permissions are set correctly using the following commands as root:
|
||||
```bash
|
||||
chown -R apache:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
```
|
||||
**Note :** For updates through the web interface to work, apache must own the /var/www/MISP folder and its subfolders as shown above, which can lead to security issues. If you do not require updates through the web interface to work, you can use the following more restrictive permissions :
|
||||
```bash
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
```
|
||||
|
||||
|
||||
|
||||
# 6/ Create database and user
|
||||
## 6.01/ Set database to listen on localhost only
|
||||
|
@ -285,17 +299,17 @@ chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
|||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
```
|
||||
|
||||
## 7.02/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
## 7.03/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
```bash
|
||||
setsebool -P httpd_can_network_connect on
|
||||
```
|
||||
|
||||
## 7.03/ Enable and start the httpd service
|
||||
## 7.04/ Enable and start the httpd service
|
||||
```bash
|
||||
systemctl enable --now httpd.service
|
||||
```
|
||||
|
||||
## 7.04/ Open a hole in the firewalld service
|
||||
## 7.05/ Open a hole in the firewalld service
|
||||
```bash
|
||||
firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
firewall-cmd --reload
|
||||
|
@ -429,7 +443,6 @@ systemctl enable --now misp-workers.service
|
|||
{!generic/recommended.actions.md!}
|
||||
|
||||
# 10/ Post Install
|
||||
|
||||
## 10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs
|
||||
If the result from the diagnostic page is that the directory is not writable, try the following.
|
||||
```
|
||||
|
|
|
@ -1,21 +1,34 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Ubuntu 18.04.1-server
|
||||
|
||||
### -1/ Installer and Manual install instructions
|
||||
|
||||
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
|
||||
|
||||
To install MISP on a fresh Ubuntu install all you need to do is:
|
||||
|
||||
```bash
|
||||
# Please check the installer options first to make the best choice for your install
|
||||
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s
|
||||
|
||||
# This will install MISP Core and misp-modules (recommended)
|
||||
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c -M
|
||||
```
|
||||
|
||||
### 0/ MISP Ubuntu 18.04-server install - status
|
||||
-------------------------
|
||||
!!! notice
|
||||
Tested working by @SteveClement on 20190118 (works with **Ubuntu 18.10** too)
|
||||
As of 20190118 on **Ubuntu 19.04** you need to use Python 3.6 as LIEF with 3.7 is not "eggED" yet.
|
||||
You will need to **sudo apt install python3.6-dev** to make everything work according to this guide.
|
||||
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20190212 (works with **Ubuntu 18.10** too)
|
||||
|
||||
{!generic/community.md!}
|
||||
!!! notice
|
||||
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.debian.sh) script.
|
||||
Which explains why you will see the use of shell *functions* in various steps.
|
||||
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
!!! notice
|
||||
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
|
||||
|
||||
```bash
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
```
|
||||
{!generic/core.md!}
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
@ -24,19 +37,27 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|||
- OpenSSH server
|
||||
- This guide assumes a user name of 'misp' with sudo working
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
# <snippet-begin 0_apt-upgrade.sh>
|
||||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade -y
|
||||
}
|
||||
# <snippet-end 0_apt-upgrade.sh>
|
||||
```
|
||||
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
```
|
||||
|
||||
#### install postfix, there will be some questions.
|
||||
```bash
|
||||
sudo apt-get install postfix -y
|
||||
# <snippet-begin postfix.sh>
|
||||
sudo apt-get install postfix dialog -y
|
||||
# <snippet-end postfix.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -47,187 +68,210 @@ sudo apt-get install postfix -y
|
|||
sudo postfix reload
|
||||
```
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
### 2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps.
|
||||
```bash
|
||||
# Make sure you have enabled the Universe repository
|
||||
# (ie. for redis-server), enable it with:
|
||||
# sudo add-apt-repository universe
|
||||
# <snippet-begin 0_installCoreDeps.sh>
|
||||
installCoreDeps () {
|
||||
debug "Installing core dependencies"
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv libfuzzy-dev -y
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv -y
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server -y
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server -y
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -y
|
||||
|
||||
sudo apt install expect -y
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
|
||||
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
sudo apt-get install python3-pip -y
|
||||
sudo apt install expect -y
|
||||
}
|
||||
# <snippet-end 0_installCoreDeps.sh>
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
# <snippet-begin 0_installDepsPhp72.sh>
|
||||
# Install Php 7.2 dependencies
|
||||
installDepsPhp72 () {
|
||||
debug "Installing PHP 7.2 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
php-dev \
|
||||
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
|
||||
php-redis php-gnupg
|
||||
|
||||
spawn sudo -k mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect ; sudo apt autoremove -y
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -y
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp72.sh>
|
||||
```
|
||||
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```bash
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown www-data:www-data ${PATH_TO_MISP}
|
||||
cd ${PATH_TO_MISP}
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
# <snippet-begin 1_mispCoreInstall.sh>
|
||||
installCore () {
|
||||
debug "Installing ${LBLUE}MISP${NC} core"
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown www-data:www-data ${PATH_TO_MISP}
|
||||
cd ${PATH_TO_MISP}
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo apt-get install python3-pip -y
|
||||
pip3 install virtualenv
|
||||
sudo -u www-data virtualenv -p python3.6 ${PATH_TO_MISP}/venv
|
||||
# Create a python3 virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
|
||||
cd ${PATH_TO_MISP}/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts
|
||||
sudo -H -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -H -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -H -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -H -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install PyMISP
|
||||
cd ${PATH_TO_MISP}/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install PyMISP
|
||||
cd ${PATH_TO_MISP}/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
}
|
||||
# <snippet-end 1_mispCoreInstall.sh>
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
|
||||
```bash
|
||||
# Once done, install CakeResque along with its dependencies
|
||||
# if you intend to use the built in background jobs:
|
||||
cd ${PATH_TO_MISP}/app
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -H -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -H -u www-data php composer.phar install
|
||||
# <snippet-begin 1_installCake.sh>
|
||||
installCake () {
|
||||
debug "Installing CakePHP"
|
||||
# Once done, install CakeResque along with its dependencies
|
||||
# if you intend to use the built in background jobs:
|
||||
cd ${PATH_TO_MISP}/app
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -H -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -H -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
}
|
||||
# <snippet-end 1_installCake.sh>
|
||||
```
|
||||
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```bash
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||
# <snippet-begin 2_permissions.sh>
|
||||
# Main function to fix permissions to something sane
|
||||
permissions () {
|
||||
debug "Setting permissions"
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
}
|
||||
# <snippet-end 2_permissions.sh>
|
||||
```
|
||||
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
|
||||
#### Manual procedure:
|
||||
```bash
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
```
|
||||
#### Set-up DB, User and import empty MISP DB
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
#### Same as Manual but for copy/paste foo:
|
||||
```bash
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
# <snippet-begin 1_prepareDB.sh>
|
||||
prepareDB () {
|
||||
debug "Setting up database"
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw=$MISP_PASSWORD
|
||||
|
||||
#### Import the empty MISP database from MYSQL.sql
|
||||
```bash
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo -k mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect ; sudo apt autoremove -y
|
||||
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
}
|
||||
# <snippet-end 1_prepareDB.sh>
|
||||
```
|
||||
|
||||
### 7/ Apache configuration
|
||||
|
@ -235,9 +279,6 @@ sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$
|
|||
Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
|
||||
|
||||
#### Apache version 2.4 config:
|
||||
```bash
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
|
@ -245,11 +286,35 @@ sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/
|
|||
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
```bash
|
||||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
# <snippet-begin 1_apacheConfig.sh>
|
||||
apacheConfig () {
|
||||
debug "Generating Apache config"
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
}
|
||||
# <snippet-end 1_apacheConfig.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -295,90 +360,63 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
```bash
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
# <snippet-begin 2_logRotation.sh>
|
||||
logRotation () {
|
||||
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
}
|
||||
# <snippet-end 2_logRotation.sh>
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```bash
|
||||
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||
# <snippet-begin 2_configMISP.sh>
|
||||
configMISP () {
|
||||
debug "Generating ${LBLUE}MISP${NC} config files"
|
||||
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||
}
|
||||
# <snippet-end 2_configMISP.sh>
|
||||
```
|
||||
|
||||
{!generic/gnupg.md!}
|
||||
|
||||
!!! notice
|
||||
If entropy is not high enough, you can install havegd and then start the service
|
||||
```bash
|
||||
|
@ -387,54 +425,38 @@ sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG
|
|||
```
|
||||
|
||||
```bash
|
||||
# <snippet-begin 2_backgroundWorkers.sh>
|
||||
backgroundWorkers () {
|
||||
debug "Setting up background workers"
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
# Start the workers
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 2_backgroundWorkers.sh>
|
||||
```
|
||||
|
||||
```bash
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
# some misp-modules dependencies
|
||||
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
|
||||
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip install
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
{!generic/misp-modules-debian.md!}
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
|
@ -463,3 +485,11 @@ sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
|||
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
|
||||
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
|
||||
Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
||||
|
||||
# INSTALL.debian.sh
|
||||
|
||||
!!! notice
|
||||
The following section is an administrative section that is used by the "[INSTALL.debian.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh)" script.
|
||||
Please ignore.
|
||||
|
||||
{!generic/supportFunctions.md!}
|
||||
|
|
|
@ -1,156 +1,140 @@
|
|||
#### Initialize MISP configuration and set some defaults
|
||||
```bash
|
||||
# Default Cake path
|
||||
export CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -H -u www-data -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
# <snippet-begin 2_core-cake.sh>
|
||||
# Core cake commands
|
||||
coreCAKE () {
|
||||
debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}"
|
||||
$SUDO_WWW -E $CAKE userInit -q
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
# This makes sure all Database upgrades are done, without logging in.
|
||||
$SUDO_WWW $CAKE Admin updateDatabase
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
sudo -H -u www-data $CAKE Baseurl $MISP_BASEURL
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
# The default install is Python in a virtualenv, setting accordingly
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
||||
|
||||
# Enable GnuPG
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
# Tune global time outs
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.timeout" 600
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.cookieTimeout" 3600
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
$SUDO_WWW $CAKE Baseurl $MISP_BASEURL
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
# Enable GnuPG
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
# Enable installer org and tune some configurables
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
|
||||
# Provisional Cortex tunes
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
|
||||
# Mysteriously removed?
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
# Mysteriously removed?
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
# Various plugin sightings settings
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
# Plugin CustomAuth tuneable
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
# RPZ Plugin settings
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# RPZ Plugin settings
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.language" "eng"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
# Redis block
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
## Redis block
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.log_auth" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
# TODO: Make sure $FLAVOUR is correct
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Set MISP Live
|
||||
$SUDO_WWW $CAKE Live $MISP_LIVE
|
||||
}
|
||||
|
||||
# Tune global time outs
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
|
||||
updateGOWNT () {
|
||||
debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Update the galaxies…
|
||||
##sudo -H -u www-data $CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo -H -u www-data $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo -H -u www-data $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo -H -u www-data $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo -H -u www-data $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo -H -u www-data $CAKE Live $MISP_LIVE
|
||||
# Update the galaxies…
|
||||
# TODO: Fix updateGalaxies
|
||||
##$SUDO_WWW $CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
# Updating the taxonomies…
|
||||
$SUDO_WWW $CAKE Admin updateTaxonomies
|
||||
# Updating the warning lists…
|
||||
# TODO: Fix updateWarningLists
|
||||
##$SUDO_WWW $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
# Updating the notice lists…
|
||||
## $SUDO_WWW $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
# Updating the object templates…
|
||||
##$SUDO_WWW $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
}
|
||||
# <snippet-end 2_core-cake.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
!!! notice
|
||||
Maintained and tested by the MISP core team.<br />
|
||||
Enjoy installing MISP. For any issues see [here](https://github.com/MISP/MISP/issues)
|
||||
|
|
@ -3,13 +3,30 @@
|
|||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
# <snippet-end interfaces.sh>
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
|
||||
echo "--- Using old style name (ethX) for interfaces"
|
||||
#for key in GRUB_CMDLINE_LINUX
|
||||
#do
|
||||
# sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
#done
|
||||
sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null
|
||||
|
||||
# install ifupdown since ubuntu 18.04
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y ifupdown
|
||||
|
||||
# enable eth0
|
||||
echo "--- Configuring eth0"
|
||||
|
||||
echo "# The primary network interface
|
||||
auto eth0
|
||||
iface eth0 inet dhcp" | sudo tee /etc/network/interfaces
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
sudo update-grub > /dev/null 2>&1
|
||||
# <snippet-end interfaces.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
|
|
@ -1,46 +1,74 @@
|
|||
#### MISP configuration variables
|
||||
|
||||
```bash
|
||||
# <snippet-begin 0_global-vars.sh>
|
||||
MISPvars () {
|
||||
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours"
|
||||
# Local non-root MISP user
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL='""'
|
||||
MISP_LIVE='1'
|
||||
# The web server user
|
||||
WWW_USER="www-data"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
if [ -z "$FQDN" ]; then
|
||||
FQDN="misp.local"
|
||||
fi
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
if [ -z "$MISP_BASEURL" ]; then
|
||||
MISP_BASEURL='""'
|
||||
fi
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
MISP_LIVE='1'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS="info@$FQDN"
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# debug alias to make sure people are not confused when blindly copy pasting blobs of code
|
||||
alias debug="echo -e"
|
||||
|
||||
# checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code
|
||||
alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'"
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} "
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
|
||||
echo "The following DB Passwords were generated..."
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
}
|
||||
# <snippet-end 0_global-vars.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
```bash
|
||||
# <snippet-begin 2_gnupg.sh>
|
||||
# Generate GnuPG key
|
||||
setupGnuPG () {
|
||||
if [ ! -d $PATH_TO_MISP/.gnupg ]; then
|
||||
# The email address should match the one set in the config.php
|
||||
# set in the configuration menu in the administration menu configuration file
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
# Export the public key to the webroot
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
fi
|
||||
}
|
||||
# <snippet-end 2_gnupg.sh>
|
||||
```
|
|
@ -1,29 +1,33 @@
|
|||
#### Install mail to misp
|
||||
--------------------
|
||||
|
||||
!!! warning
|
||||
mail_to_misp has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
|
||||
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
|
||||
```bash
|
||||
virtualenv -p python3.6 venv
|
||||
```
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake -y
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
virtualenv -p python3.6 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
# <snippet-begin 5_mail_to_misp.sh>
|
||||
# Main mail2misp install function
|
||||
mail2misp () {
|
||||
debug "Installing Mail2${LBLUE}MISP${NC}"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake libcaca-dev -y
|
||||
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
# TODO Check permissions
|
||||
##$SUDO mkdir -p build
|
||||
$SUDO_USER mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
##$SUDO cmake .. && $SUDO make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
}
|
||||
# <snippet-end 5_mail_to_misp.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
#### MISP Dashboard on CentOS
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false"
|
||||
```
|
|
@ -1,75 +1,96 @@
|
|||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
# <snippet-begin 4_misp-dashboard.sh>
|
||||
# Main MISP Dashboard install function
|
||||
mispDashboard () {
|
||||
debug "Install misp-dashboard"
|
||||
# Install pyzmq to main MISP venv
|
||||
debug "Installing PyZMQ"
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
# Enable misp-dashboard in apache and reload
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl restart apache2
|
||||
|
||||
# Needs to be started after apache2 is reloaded so the port status check works
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 4_misp-dashboard.sh>
|
||||
|
||||
# <snippet-begin 4_misp-dashboard-cake.sh>
|
||||
dashboardCAKE () {
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
}
|
||||
# <snippet-end 4_misp-dashboard-cake.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
#### Install misp-modules (optional)
|
||||
|
||||
```bash
|
||||
# <snippet-begin 3_misp-modules.sh>
|
||||
# Main MISP Modules install function
|
||||
mispmodules () {
|
||||
# FIXME: this is broken, ${PATH_TO_MISP} is litteral
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
cd /usr/local/src/
|
||||
## TODO: checkUsrLocalSrc in main doc
|
||||
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# some misp-modules dependencies
|
||||
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
|
||||
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||
sudo chgrp $WWW_USER .
|
||||
sudo chmod g+w .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo chgrp staff .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib
|
||||
# Start misp-modules
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
|
||||
|
||||
# Sleep 9 seconds to give misp-modules a chance to spawn
|
||||
sleep 9
|
||||
|
||||
# Enable Enrichment, set better timeouts
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
# TODO:"Investigate why the next one fails"
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules, set better timeout
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules, set better timeout
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
}
|
||||
# <snippet-end 3_misp-modules.sh>
|
||||
```
|
|
@ -1,8 +0,0 @@
|
|||
#### Make some misp-modules available
|
||||
|
||||
```bash
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
```
|
||||
|
|
@ -1,19 +1,24 @@
|
|||
#### Experimental ssdeep correlations
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
make
|
||||
sudo make install
|
||||
```bash
|
||||
# <snippet-begin 6_ssdeep.sh>
|
||||
ssdeep () {
|
||||
debug "Install ssdeep 2.14.1"
|
||||
cd /usr/local/src
|
||||
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_USER make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
}
|
||||
# <snippet-end 6_ssdeep.sh>
|
||||
```
|
||||
|
|
|
@ -1,16 +1,31 @@
|
|||
#### install etckeeper and sudo (optional)
|
||||
|
||||
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# <snippet-begin 0_sudoKeeper.sh>
|
||||
# check if sudo is installed
|
||||
checkSudoKeeper () {
|
||||
echo "Checking for sudo and installing etckeeper"
|
||||
if [[ ! -f $(which sudo) ]]; then
|
||||
su -c "apt install etckeeper -y"
|
||||
su -c "apt install sudo -y"
|
||||
# TODO: Fix this, user misp might not exist
|
||||
su -c "adduser misp sudo"
|
||||
else
|
||||
sudo apt install etckeeper -y
|
||||
fi
|
||||
}
|
||||
# <snippet-end 0_sudoKeeper.sh>
|
||||
```
|
||||
|
||||
##### add the misp user to staff and www-data (mandatory)
|
||||
```bash
|
||||
# <snippet-begin add-user.sh>
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
# TODO: Fix this, user misp might not exist
|
||||
sudo adduser misp staff
|
||||
sudo adduser misp www-data
|
||||
# <snippet-end add-user.sh>
|
||||
# Logout and back in to make the group changes take effect.
|
||||
logout
|
||||
```
|
||||
|
|
|
@ -0,0 +1,638 @@
|
|||
```bash
|
||||
# <snippet-begin 0_support-functions.sh>
|
||||
# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default
|
||||
DEBUG=
|
||||
|
||||
case "$-" in
|
||||
*x*) NO_PROGRESS=1; DEBUG=1 ;;
|
||||
*) NO_PROGRESS=0 ;;
|
||||
esac
|
||||
|
||||
## Function Section ##
|
||||
|
||||
## Usage of this script
|
||||
usage () {
|
||||
if [ "$0" == "bash" ]; then
|
||||
WEB_INSTALL=1
|
||||
SCRIPT_NAME="Web Installer Command"
|
||||
else
|
||||
SCRIPT_NAME=$0
|
||||
fi
|
||||
|
||||
exec &> /dev/tty
|
||||
space
|
||||
echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install."
|
||||
space
|
||||
echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core
|
||||
echo -e " -M | ${LBLUE}MISP${NC} modules" # modules
|
||||
echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard
|
||||
echo -e " -V | Viper" # viper
|
||||
echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2
|
||||
echo -e " -S | Experimental ssdeep correlations" # ssdeep
|
||||
echo -e " -A | Install ${YELLOW}all${NC} of the above" # all
|
||||
space
|
||||
echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre
|
||||
space
|
||||
echo -e " -u | Do an unattanded Install, no questions asked" # UNATTENDED
|
||||
echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE
|
||||
space
|
||||
echo -e "${HIDDEN}Some parameters want to be hidden: ${NC}"
|
||||
echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE
|
||||
echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard"
|
||||
space
|
||||
echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or"
|
||||
echo -e "MISP + modules - ${SCRIPT_NAME} -c -M"
|
||||
space
|
||||
}
|
||||
|
||||
# Check if element is contained in array
|
||||
containsElement () {
|
||||
local e match="$1"
|
||||
shift
|
||||
for e; do [[ "$e" == "$match" ]] && return 0; done
|
||||
return 1
|
||||
}
|
||||
|
||||
checkOpt () {
|
||||
# checkOpt feature
|
||||
containsElement $1 "${options[@]}"
|
||||
}
|
||||
|
||||
setOpt () {
|
||||
options=()
|
||||
for o in $@; do
|
||||
case "$o" in
|
||||
("-c") echo "core"; CORE=1 ;;
|
||||
("-V") echo "viper"; VIPER=1 ;;
|
||||
("-M") echo "modules"; MODULES=1 ;;
|
||||
("-D") echo "dashboard"; DASHBOARD=1 ;;
|
||||
("-m") echo "mail2"; MAIL2=1 ;;
|
||||
("-S") echo "ssdeep"; SSDEEP=1 ;;
|
||||
("-A") echo "all"; ALL=1 ;;
|
||||
("-C") echo "pre"; PRE=1 ;;
|
||||
("-U") echo "upgrade"; UPGRADE=1 ;;
|
||||
("-u") echo "unattended"; UNATTENDED=1 ;;
|
||||
("-f") echo "force"; FORCE=1 ;;
|
||||
(*) echo "$o is not a valid argument"; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
# Extract debian flavour
|
||||
checkFlavour () {
|
||||
if [ -z $(which lsb_release) ]; then
|
||||
checkAptLock
|
||||
sudo apt install lsb-release dialog -y
|
||||
fi
|
||||
|
||||
FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
|
||||
if [ FLAVOUR == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r)
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
||||
else
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Extract manufacturer
|
||||
checkManufacturer () {
|
||||
if [ ! -f $(which dmidecode) ]; then
|
||||
checkAptLock
|
||||
sudo apt install dmidecode -y
|
||||
fi
|
||||
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
||||
echo $MANUFACTURER
|
||||
}
|
||||
|
||||
# Dynamic horizontal spacer
|
||||
space () {
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
# Check terminal width
|
||||
num=`tput cols`
|
||||
for i in `seq 1 $num`; do
|
||||
echo -n "-"
|
||||
done
|
||||
echo ""
|
||||
}
|
||||
|
||||
# Spinner so the user knows something is happening
|
||||
spin()
|
||||
{
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
spinner="/|\\-/|\\-"
|
||||
while :
|
||||
do
|
||||
for i in `seq 0 7`
|
||||
do
|
||||
echo -n "${spinner:$i:1}"
|
||||
echo -en "\010"
|
||||
sleep 0.$i
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
# Progress bar
|
||||
progress () {
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
bar="#"
|
||||
if [[ $progress -ge 100 ]]; then
|
||||
echo -ne "##################################################################################################### (100%)\r"
|
||||
return
|
||||
fi
|
||||
progress=$[$progress+$1]
|
||||
for p in $(seq 1 $progress); do
|
||||
bar+="#"
|
||||
echo -ne "$bar ($p%)\r"
|
||||
done
|
||||
echo -ne '\n'
|
||||
}
|
||||
|
||||
# Check locale
|
||||
checkLocale () {
|
||||
debug "Checking Locale"
|
||||
# If locale is missing, generate and install a common UTF-8
|
||||
if [ ! -f /etc/default/locale ]; then
|
||||
checkAptLock
|
||||
sudo apt install locales -y
|
||||
sudo locale-gen en_US.UTF-8
|
||||
sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
|
||||
fi
|
||||
}
|
||||
|
||||
# Simple function to check command exit code
|
||||
checkFail () {
|
||||
if [[ $2 -ne 0 ]]; then
|
||||
echo "iAmError: $1"
|
||||
echo "The last command exited with error code: $2"
|
||||
exit $2
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if misp user is present and if run as root
|
||||
checkID () {
|
||||
debug "Checking if run as root and $MISP_USER is present"
|
||||
if [[ $EUID == 0 ]]; then
|
||||
echo "This script cannot be run as a root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
else
|
||||
ANSWER="y"
|
||||
fi
|
||||
|
||||
if [[ $ANSWER == "y" ]]; then
|
||||
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
|
||||
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
|
||||
elif [[ $ANSWER == "n" ]]; then
|
||||
echo "Using $USER as install user, hope that is what you want."
|
||||
echo -e "${RED}Adding $USER to groups www-data and staff${NC}"
|
||||
MISP_USER=$USER
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
else
|
||||
echo "yes or no was asked, try again."
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
echo -e "${RED}Adding $MISP_USER to groups www-data and staff${NC}"
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
fi
|
||||
}
|
||||
|
||||
# pre-install check to make sure what we will be installing on, is ready and not a half installed system
|
||||
preInstall () {
|
||||
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
||||
exit
|
||||
}
|
||||
|
||||
# Upgrade function
|
||||
upgrade () {
|
||||
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
||||
exit
|
||||
}
|
||||
|
||||
# check is /usr/local/src is RW by misp user
|
||||
checkUsrLocalSrc () {
|
||||
echo ""
|
||||
if [[ -e /usr/local/src ]]; then
|
||||
WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?)
|
||||
if [[ "$WRITEABLE" == "0" ]]; then
|
||||
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
|
||||
else
|
||||
# TODO: The below might be shorter, more elegant and more modern
|
||||
#[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it"
|
||||
if [ "$KALI" == "1" -o "$UNATTENDED" == "1" ]; then
|
||||
ANSWER="y"
|
||||
else
|
||||
space
|
||||
echo "/usr/local/src need to be writeable by $MISP_USER for misp-modules, viper etc."
|
||||
echo -n "Permission to fix? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
space
|
||||
fi
|
||||
if [ "$ANSWER" == "y" ]; then
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "/usr/local/src does not exist, creating."
|
||||
mkdir /usr/local/src
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
fi
|
||||
}
|
||||
|
||||
kaliSpaceSaver () {
|
||||
# Future function in case Kali overlay on LiveCD is full
|
||||
echo "${RED}Not implement${NC}"
|
||||
}
|
||||
|
||||
# Because Kali is l33t we make sure we run as root
|
||||
kaliOnRootR0ckz () {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
# TODO: Make sure we consider this further down the road
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
setBaseURL () {
|
||||
debug "Setting Base URL"
|
||||
if [[ $(checkManufacturer) != "innotek GmbH" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
||||
echo "Do you want to change it now? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
if [[ $ANSWER == "y" ]]; then
|
||||
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
||||
echo -n "Enter Base URL: "
|
||||
read MISP_BASEURL
|
||||
else
|
||||
MISP_BASEURL='""'
|
||||
fi
|
||||
else
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
fi
|
||||
elif [[ $KALI == "1" ]]; then
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
else
|
||||
MISP_BASEURL='https://localhost:8443'
|
||||
# Webserver configuration
|
||||
FQDN='localhost.localdomain'
|
||||
fi
|
||||
}
|
||||
|
||||
# Test and install software RNG
|
||||
installRNG () {
|
||||
sudo modprobe tpm-rng 2> /dev/null
|
||||
if [ "$?" -eq "0" ]; then
|
||||
echo tpm-rng | sudo tee -a /etc/modules
|
||||
fi
|
||||
checkAptLock
|
||||
sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
||||
sudo service rng-tools start
|
||||
|
||||
if [ "$?" -eq "1" ]; then
|
||||
sudo apt purge -qy rng-tools
|
||||
sudo apt install -qy haveged
|
||||
sudo /etc/init.d/haveged start
|
||||
fi
|
||||
}
|
||||
|
||||
# Kali upgrade
|
||||
kaliUpgrade () {
|
||||
debug "Running various Kali upgrade tasks"
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
||||
}
|
||||
|
||||
# Disables sleep
|
||||
disableSleep () {
|
||||
debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null
|
||||
gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null
|
||||
gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null
|
||||
|
||||
setterm -blank 0 -powersave off -powerdown 0
|
||||
xset s 0 0 2> /dev/null
|
||||
xset dpms 0 0 2> /dev/null
|
||||
xset dpms force off
|
||||
xset s off 2> /dev/null
|
||||
service sleepd stop
|
||||
kill $(lsof | grep 'sleepd' | awk '{print $2}')
|
||||
checkAptLock
|
||||
}
|
||||
|
||||
# Remove alias if present
|
||||
if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
||||
# Simple function to make sure APT is not locked
|
||||
checkAptLock () {
|
||||
SLEEP=3
|
||||
while [ "$DONE" != "0" ]; do
|
||||
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
||||
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
||||
sleep $SLEEP
|
||||
SLEEP=$[$SLEEP+3]
|
||||
done
|
||||
unset DONE
|
||||
}
|
||||
|
||||
# <snippet-begin 0_installDepsPhp73.sh>
|
||||
# Install Php 7.3 deps
|
||||
installDepsPhp73 () {
|
||||
debug "Installing PHP 7.3 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.3
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-pear \
|
||||
php-redis php-gnupg
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp73.sh>
|
||||
|
||||
# Installing core dependencies
|
||||
installDeps () {
|
||||
debug "Installing core dependencies"
|
||||
checkAptLock
|
||||
sudo apt update
|
||||
sudo apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
gitMail=$(git config --global --get user.email ; echo $?)
|
||||
if [ "$?" -eq "1" ]; then
|
||||
git config --global user.email "root@kali.lan"
|
||||
fi
|
||||
gitUser=$(git config --global --get user.name ; echo $?)
|
||||
if [ "$?" -eq "1" ]; then
|
||||
git config --global user.name "Root User"
|
||||
fi
|
||||
|
||||
[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix
|
||||
|
||||
sudo apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
installRNG
|
||||
}
|
||||
|
||||
# On Kali, the redis start-up script is broken. This tries to fix it.
|
||||
fixRedis () {
|
||||
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
||||
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
||||
|
||||
echo '#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: redis-server
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Should-Start: $local_fs
|
||||
# Should-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: redis-server - Persistent key-value db
|
||||
# Description: redis-server - Persistent key-value db
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/bin/redis-server
|
||||
DAEMON_ARGS=/etc/redis/redis.conf
|
||||
NAME=redis-server
|
||||
DESC=redis-server
|
||||
PIDFILE=/var/run/redis.pid
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
test -x $DAEMONBOOTSTRAP || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
touch $PIDFILE
|
||||
chown redis:redis $PIDFILE
|
||||
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
rm -f $PIDFILE
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
${0} stop
|
||||
${0} start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0' | sudo tee /etc/init.d/redis-server
|
||||
sudo chmod 755 /etc/init.d/redis-server
|
||||
sudo /etc/init.d/redis-server start
|
||||
}
|
||||
|
||||
# generate MISP apache conf
|
||||
genApacheConf () {
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
}
|
||||
|
||||
# Add git pull update mechanism to rc.local - TODO: Make this better
|
||||
gitPullAllRCLOCAL () {
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
||||
composer72 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Composer on php 7.3 needs a recent version of composer.phar
|
||||
composer73 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
|
||||
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
sudo -H -u www-data php composer-setup.php
|
||||
sudo -H -u www-data php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Enable various core services
|
||||
enableServices () {
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
}
|
||||
|
||||
# Generate rc.local
|
||||
genRCLOCAL () {
|
||||
if [ ! -e /etc/rc.local ]; then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Final function to let the user know what happened
|
||||
theEnd () {
|
||||
space
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
space
|
||||
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
||||
echo
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
space
|
||||
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001"
|
||||
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space
|
||||
echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)"
|
||||
echo "/home/${MISP_USER}/mysql.txt"
|
||||
echo -e "${RED}Contents:${NC}"
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
echo "/home/${MISP_USER}/MISP-authkey.txt"
|
||||
echo -e "${RED}Contents:${NC}"
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
space
|
||||
echo -e "The ${RED}LOCAL${NC} system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user"
|
||||
space
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
space
|
||||
echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
space
|
||||
if [ $UNATTENDED == "1" ]; then
|
||||
echo -e "${RED}Unattended install!${NC}"
|
||||
echo -e "This means we guessed the Base URL, it might be wrong, please double check."
|
||||
space
|
||||
fi
|
||||
|
||||
if [[ "$USER" != "$MISP_USER" ]]; then
|
||||
sudo su - ${MISP_USER}
|
||||
fi
|
||||
}
|
||||
## End Function Section Nothing allowed in .md after this line ##
|
||||
# <snippet-end 0_support-functions.sh>
|
||||
```
|
|
@ -1,31 +1,69 @@
|
|||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
|
||||
!!! warning
|
||||
Viper has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
|
||||
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
|
||||
```bash
|
||||
virtualenv -p python3.6 venv
|
||||
```
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable -y
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3.6 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ ${AUTH_KEY}/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
# <snippet-begin 6_viper.sh>
|
||||
# Main Viper install function
|
||||
viper () {
|
||||
debug "Installing Viper dependencies"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install \
|
||||
libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \
|
||||
python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y
|
||||
echo "Cloning Viper"
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper.git
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
echo "Creating virtualenv"
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
echo "Submodule update"
|
||||
# TODO: Check for current user install permissions
|
||||
$SUDO_USER git submodule update --init --recursive
|
||||
##$SUDO git submodule update --init --recursive
|
||||
echo "Pip install deps"
|
||||
$SUDO_USER ./venv/bin/pip install SQLAlchemy PrettyTable python-magic
|
||||
echo "pip install scrapy"
|
||||
$SUDO_USER ./venv/bin/pip install scrapy
|
||||
echo "install lief"
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
echo "pip install reqs"
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
echo "pip uninstall yara"
|
||||
$SUDO_USER ./venv/bin/pip uninstall yara -y
|
||||
echo "Launching viper-cli"
|
||||
# TODO: Perms
|
||||
#$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
/usr/local/src/viper/viper-cli -h > /dev/null
|
||||
echo "Launching viper-web"
|
||||
# TODO: Perms
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
#$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
|
||||
# TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t
|
||||
if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then
|
||||
VIPER_HOME="/home/${MISP_USER}/.viper"
|
||||
else
|
||||
VIPER_HOME="${HOME}/.viper"
|
||||
fi
|
||||
|
||||
echo "Setting misp_url/misp_key"
|
||||
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
echo "Fixing admin.db with default password"
|
||||
while [ "$(sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 6_viper.sh>
|
||||
```
|
||||
|
|
|
@ -332,7 +332,7 @@ echo $OPENSSL_CN
|
|||
sudo systemctl start httpd.service
|
||||
sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
|
||||
sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
|
||||
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/certs/misp.local.key
|
||||
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/private/misp.local.key
|
||||
sudo rm /tmp/misp.local.key
|
||||
sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
|
||||
sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
|
||||
|
@ -352,6 +352,7 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
|||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chcon -t httpd_sys_script_exec_t /var/www/MISP/app/Console/cake
|
||||
sudo chcon -R -t usr_t /var/www/MISP/venv
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
|
@ -535,6 +536,8 @@ sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
|||
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
{!generic/misp-dashboard-centos.md!}
|
||||
|
||||
{!generic/MISP_CAKE_init_centos.md!}
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
|
|
@ -424,7 +424,7 @@ sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kba
|
|||
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
```
|
||||
|
||||
{!generic/misp-modules.md!}
|
||||
{!generic/misp-modules-debian.md!}
|
||||
|
||||
```bash
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
|
|
|
@ -12,8 +12,8 @@ else
|
|||
fi
|
||||
|
||||
if [ -z "$VIRTUAL_ENV" ]; then
|
||||
virtualenv -p python3 mkdocs || echo "You probably having Python running somewhere."
|
||||
${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material markdown-include python-markdown-comments git+https://github.com/vaab/gitchangelog.git
|
||||
virtualenv -p python3 mkdocs || echo "You probably have the main Python(3) binary running exclusively somewhere, make sure it is killed."
|
||||
${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material markdown-include python-markdown-comments gitchangelog
|
||||
fi
|
||||
|
||||
# Fixing ASCII aborration introduced in: https://github.com/MISP/MISP/commit/1b028ee15a3bd2f209102cd6204e6c4bb519be97
|
||||
|
|
Loading…
Reference in New Issue