mirror of https://github.com/MISP/MISP
Merge pull request #4071 from SteveClement/guides
chg: [kali] Major update to Kali Install scriptpull/4075/head
commit
80d06494aa
|
@ -0,0 +1,893 @@
|
|||
#!/usr/bin/env bash
|
||||
#INSTALLATION INSTRUCTIONS
|
||||
#------------------------- for Kali Linux
|
||||
#
|
||||
#0/ Quick MISP Instance on Kali Linux - Status
|
||||
#---------------------------------------------
|
||||
#
|
||||
#1/ Prepare Kali with a MISP User
|
||||
#--------------------------------
|
||||
# To install MISP on Kali copy paste this in your r00t shell:
|
||||
# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
|
||||
# Leave empty for NO debug messages.
|
||||
DEBUG=
|
||||
|
||||
checkFlavour () {
|
||||
FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
|
||||
}
|
||||
|
||||
space () {
|
||||
num=80
|
||||
for i in `seq 1 $num`; do
|
||||
echo -n "-"
|
||||
done
|
||||
echo ""
|
||||
}
|
||||
|
||||
debug () {
|
||||
echo $1
|
||||
if [ ! -z $DEBUG ]; then
|
||||
echo "Debug Mode, press enter to continue..."
|
||||
read
|
||||
fi
|
||||
}
|
||||
|
||||
function usage() {
|
||||
echo "Please specify what type of MISP if you want to install."
|
||||
space
|
||||
echo "${0} -c | Install ONLY MISP Core"
|
||||
echo " -V | Core + Viper"
|
||||
echo " -M | Core + MISP modules"
|
||||
echo " -D | Core + MISP dashboard"
|
||||
echo " -m | Core + Mail 2 MISP"
|
||||
echo " -A | Install all of the above"
|
||||
space
|
||||
echo " -C | Only do pre-install checks and exit"
|
||||
space
|
||||
echo "Options can be combined: ${0} -V -D # Will install Core+Viper+Dashboard"
|
||||
space
|
||||
}
|
||||
|
||||
function checkID() {
|
||||
if [[ $EUID == 0 ]]; then
|
||||
echo "This script cannot be run as a root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
if [[ $ANSWER == "y" ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
|
||||
elif [[ $ANSWER == "n" ]]; then
|
||||
echo "Using $USER as install user, hope that is what you want."
|
||||
MISP_USER=$USER
|
||||
else
|
||||
echo "yes or no was asked, try again."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
function checkSudo() {
|
||||
sudo -H -u $MISP_USER ls -la /tmp > /dev/null 2> /dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "sudo seems to be not installed or working, please fix this before continuing the installation."
|
||||
echo "apt install sudo # As root should be enough, make sure the $MISP_USER is able to run sudo."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
function checkUsrLocalSrc() {
|
||||
if [[ -e /usr/local/src ]]; then
|
||||
if [[ -w /usr/local/src ]]; then
|
||||
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
|
||||
else
|
||||
echo -n "/usr/local/src need to be writeable by $MISP_USER, permission to fix? (y/n)"
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
fi
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function kaliOnRootR0ckz() {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
function MISPvars() {
|
||||
# Local non-root MISP user
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
MISP_BASEURL='https://misp.local'
|
||||
MISP_LIVE='1'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.3/apache2/php.ini
|
||||
|
||||
# apt config
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO="sudo -u ${MISP_USER}"
|
||||
SUDO_WWW="sudo -u www-data"
|
||||
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
}
|
||||
|
||||
installDeps () {
|
||||
apt update
|
||||
apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
git config --global user.email "root@kali.lan"
|
||||
git config --global user.name "Root User"
|
||||
|
||||
apt install -qy postfix
|
||||
|
||||
apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
installRNG
|
||||
|
||||
}
|
||||
|
||||
installRNG () {
|
||||
modprobe tpm-rng 2> /dev/null
|
||||
if [ "$?" -eq "0" ]; then
|
||||
echo tpm-rng >> /etc/modules
|
||||
fi
|
||||
apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
||||
service rng-tools start
|
||||
|
||||
if [ "$?" -eq "1" ]; then
|
||||
apt purge -qy rng-tools
|
||||
apt install -qy haveged
|
||||
/etc/init.d/haveged start
|
||||
fi
|
||||
}
|
||||
|
||||
fixRedis () {
|
||||
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
||||
mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
||||
|
||||
echo '#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: redis-server
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Should-Start: $local_fs
|
||||
# Should-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: redis-server - Persistent key-value db
|
||||
# Description: redis-server - Persistent key-value db
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/bin/redis-server
|
||||
DAEMON_ARGS=/etc/redis/redis.conf
|
||||
NAME=redis-server
|
||||
DESC=redis-server
|
||||
PIDFILE=/var/run/redis.pid
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
test -x $DAEMONBOOTSTRAP || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
touch $PIDFILE
|
||||
chown redis:redis $PIDFILE
|
||||
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
rm -f $PIDFILE
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
${0} stop
|
||||
${0} start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0' | tee /etc/init.d/redis-server
|
||||
chmod 755 /etc/init.d/redis-server
|
||||
/etc/init.d/redis-server start
|
||||
}
|
||||
|
||||
function installMISPonKali() {
|
||||
space
|
||||
debug "Disabling sleep etc…"
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 2> /dev/null
|
||||
xset s 0 0 2> /dev/null
|
||||
xset dpms 0 0 2> /dev/null
|
||||
xset s off 2> /dev/null
|
||||
|
||||
debug "Installing dependencies"
|
||||
installDeps
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status
|
||||
a2dismod php7.2
|
||||
a2enmod ssl rewrite headers php7.3
|
||||
a2dissite 000-default
|
||||
a2ensite default-ssl
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
fixRedis
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
pip3 install .
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
pip3 install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
debug "Installing cti-python-stix2"
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
pip3 install -I .
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
pip3 install .
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
pip3 install .
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
enableServices
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
debug "Installing MISP dashboard"
|
||||
mispDashboard
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG
|
||||
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
|
||||
debug "Installing misp-modules"
|
||||
mispmodules
|
||||
|
||||
debug "Installing Viper"
|
||||
viper
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
||||
debug "Running Then End!"
|
||||
theEnd
|
||||
}
|
||||
|
||||
## start func
|
||||
|
||||
genApacheConf () {
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
}
|
||||
|
||||
gitPullAllRCLOCAL () {
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
}
|
||||
|
||||
composer72 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
composer73 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
# Update composer.phar
|
||||
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
sudo -H -u www-data php composer-setup.php
|
||||
sudo -H -u www-data php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
enableServices () {
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
}
|
||||
|
||||
mispDashboard () {
|
||||
cd /var/www
|
||||
mkdir misp-dashboard
|
||||
chown www-data:www-data misp-dashboard
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
/var/www/misp-dashboard/install_dependencies.sh
|
||||
sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
apt install libapache2-mod-wsgi-py3 -y
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
a2ensite misp-dashboard
|
||||
}
|
||||
|
||||
coreCAKE () {
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
$CAKE userInit -q
|
||||
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
$CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
|
||||
$CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
$CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disable_emailing" false
|
||||
$CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
$CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
$CAKE Admin setSetting "MISP.language" "eng"
|
||||
$CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$CAKE Admin setSetting "MISP.redis_password" ""
|
||||
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$CAKE Admin setSetting "MISP.log_auth" false
|
||||
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
|
||||
$CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
|
||||
$CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
$CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$CAKE Admin setSetting "Session.timeout" 600
|
||||
$CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
$CAKE Live $MISP_LIVE
|
||||
}
|
||||
|
||||
setupGnuPG () {
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
}
|
||||
|
||||
updateGOWNT () {
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# TODO: Fix updateGalaxies
|
||||
#$CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
$CAKE Admin updateTaxonomies
|
||||
# TODO: Fix updateWarningLists
|
||||
#$CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
}
|
||||
|
||||
genRCLOCAL () {
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
}
|
||||
|
||||
mispmodules () {
|
||||
sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
pip3 install -I -r REQUIREMENTS
|
||||
pip3 install -I .
|
||||
pip3 install maec lief python-magic wand yara
|
||||
pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
gem install pygments.rb
|
||||
gem install asciidoctor-pdf --pre
|
||||
$SUDO_WWW misp-modules -l 0.0.0.0 -s &
|
||||
}
|
||||
|
||||
viper () {
|
||||
cd /usr/local/src/
|
||||
debug "Installing Viper dependencies"
|
||||
apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
pip3 install SQLAlchemy PrettyTable python-magic
|
||||
debug "Cloning Viper"
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
debug "Submodule update"
|
||||
$SUDO git submodule update --init --recursive
|
||||
debug "pip install scrapy"
|
||||
pip3 install scrapy
|
||||
debug "pip install reqs"
|
||||
pip3 install -r requirements.txt
|
||||
debug "pip uninstall yara"
|
||||
pip3 uninstall yara -y
|
||||
debug "Launching viper-cli"
|
||||
$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
debug "Launching viper-web"
|
||||
$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
debug "Setting misp_url/misp_key"
|
||||
$SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
$SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
|
||||
debug "Fixing admin.db with default password"
|
||||
while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
|
||||
}
|
||||
|
||||
permissions () {
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
}
|
||||
|
||||
mail2misp () {
|
||||
# TODO: fix faup
|
||||
cd /usr/local/src/
|
||||
apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone git://github.com/stricaud/faup.git faup
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
$SUDO mkdir -p build
|
||||
cd build
|
||||
$SUDO cmake .. && $SUDO make
|
||||
make install
|
||||
ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
pip3 install -r requirements.txt
|
||||
$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
}
|
||||
|
||||
theEnd () {
|
||||
echo ""
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
space
|
||||
echo "MISP Installed, access here: https://misp.local"
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
echo "MISP Dashboard, access here: http://misp.local:8001"
|
||||
space
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
space
|
||||
echo "The LOCAL system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD}"
|
||||
space
|
||||
echo "viper-web installed, access here: http://misp.local:8888"
|
||||
echo "viper-cli configured with your MISP Site Admin Auth Key"
|
||||
echo "User: admin"
|
||||
echo "Password: Password1234"
|
||||
space
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo ""
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
space
|
||||
echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
su - ${MISP_USER}
|
||||
}
|
||||
|
||||
debug "Checking for parameters or Kali Install"
|
||||
if [[ $# -ne 1 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
fi
|
||||
|
||||
debug "Checking flavour"
|
||||
checkFlavour
|
||||
debug "Setting MISP variables"
|
||||
MISPvars
|
||||
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
||||
exit
|
||||
fi
|
|
@ -1,673 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
#INSTALLATION INSTRUCTIONS
|
||||
#------------------------- for Kali Linux
|
||||
#
|
||||
#0/ Quick MISP Instance on Kali Linux - Status
|
||||
#---------------------------------------------
|
||||
#
|
||||
#1/ Prepare Kali with a MISP User
|
||||
#--------------------------------
|
||||
# To install MISP on Kali copy paste this in your r00t shell:
|
||||
# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
|
||||
|
||||
# Bug: /tmp/misp-kali.sh: line 142: pip3: command not found
|
||||
|
||||
|
||||
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
function kaliOnRootR0ckz() {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
function installMISPonKali() {
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
MISP_BASEURL='https://misp.local'
|
||||
MISP_LIVE='1'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.3/apache2/php.ini
|
||||
|
||||
# apt config
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO="sudo -u ${MISP_USER}"
|
||||
SUDO_WWW="sudo -u www-data"
|
||||
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
|
||||
echo "-----------------------------------------------------------------------"
|
||||
echo "Disabling sleep etc…"
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing'
|
||||
xset s 0 0 2> /dev/null
|
||||
xset dpms 0 0 2> /dev/null
|
||||
xset s off 2> /dev/null
|
||||
apt update
|
||||
apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
git config --global user.email "root@kali.lan"
|
||||
git config --global user.name "Root User"
|
||||
apt install -qy postfix
|
||||
|
||||
apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
modprobe tpm-rng 2> /dev/null
|
||||
if [ "$?" -eq "0" ]; then
|
||||
echo tpm-rng >> /etc/modules
|
||||
fi
|
||||
apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
||||
service rng-tools start
|
||||
|
||||
if [ "$?" -eq "1" ]; then
|
||||
apt purge -qy rng-tools
|
||||
apt install -qy haveged
|
||||
/etc/init.d/haveged start
|
||||
fi
|
||||
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
|
||||
a2dismod status
|
||||
a2dismod php7.2
|
||||
a2enmod ssl rewrite headers php7.3
|
||||
a2dissite 000-default
|
||||
a2ensite default-ssl
|
||||
|
||||
systemctl restart mysql.service
|
||||
|
||||
#update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
#update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
|
||||
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
||||
mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
||||
|
||||
echo '#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: redis-server
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Should-Start: $local_fs
|
||||
# Should-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: redis-server - Persistent key-value db
|
||||
# Description: redis-server - Persistent key-value db
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/bin/redis-server
|
||||
DAEMON_ARGS=/etc/redis/redis.conf
|
||||
NAME=redis-server
|
||||
DESC=redis-server
|
||||
PIDFILE=/var/run/redis.pid
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
test -x $DAEMONBOOTSTRAP || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
touch $PIDFILE
|
||||
chown redis:redis $PIDFILE
|
||||
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
rm -f $PIDFILE
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
${0} stop
|
||||
${0} start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0' | tee /etc/init.d/redis-server
|
||||
chmod 755 /etc/init.d/redis-server
|
||||
/etc/init.d/redis-server start
|
||||
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
pip3 install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
pip3 install -I .
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
pip3 install .
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
# Update composer.phar
|
||||
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
|
||||
sudo -H -u www-data php composer-setup.php
|
||||
sudo -H -u www-data php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
cd /var/www
|
||||
mkdir misp-dashboard
|
||||
chown www-data:www-data misp-dashboard
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
/var/www/misp-dashboard/install_dependencies.sh
|
||||
sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
|
||||
apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
a2ensite misp-dashboard
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
systemctl restart apache2
|
||||
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
$CAKE Live $MISP_LIVE
|
||||
$CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
$CAKE userInit -q
|
||||
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
$CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
|
||||
$CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
$CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disable_emailing" false
|
||||
$CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
$CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
$CAKE Admin setSetting "MISP.language" "eng"
|
||||
$CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$CAKE Admin setSetting "MISP.redis_password" ""
|
||||
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$CAKE Admin setSetting "MISP.log_auth" false
|
||||
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
|
||||
$CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
|
||||
$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
|
||||
$CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
$CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$CAKE Admin setSetting "Session.timeout" 600
|
||||
$CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
$CAKE Live $MISP_LIVE
|
||||
#$CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
$CAKE Admin updateTaxonomies
|
||||
#$CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
pip3 install -I -r REQUIREMENTS
|
||||
pip3 install -I .
|
||||
pip3 install maec lief python-magic wand yara
|
||||
pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
gem install pygments.rb
|
||||
gem install asciidoctor-pdf --pre
|
||||
$SUDO_WWW misp-modules -l 0.0.0.0 -s &
|
||||
cd /usr/local/src/
|
||||
apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
pip3 install SQLAlchemy PrettyTable python-magic
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
$SUDO git submodule update --init --recursive
|
||||
pip3 install scrapy
|
||||
pip3 install -r requirements.txt
|
||||
pip3 uninstall yara -y
|
||||
$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
$SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
$SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
|
||||
|
||||
while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
# TODO: fix faup
|
||||
cd /usr/local/src/
|
||||
apt-get install -y cmake
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone git://github.com/stricaud/faup.git faup
|
||||
chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
$SUDO mkdir -p build
|
||||
cd build
|
||||
$SUDO cmake .. && $SUDO make
|
||||
make install
|
||||
ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
pip3 install -r requirements.txt
|
||||
$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
echo ""
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "MISP Installed, access here: https://misp.local"
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
echo "MISP Dashboard, access here: http://misp.local:8001"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "The LOCAL system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD}"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "viper-web installed, access here: http://misp.local:8888"
|
||||
echo "viper-cli configured with your MISP Site Admin Auth Key"
|
||||
echo "User: admin"
|
||||
echo "Password: Password1234"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo ""
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
echo "-------------------------------------------------------------------------"
|
||||
echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
su - misp
|
||||
}
|
||||
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
|
@ -0,0 +1 @@
|
|||
INSTALL.debian.sh
|
|
@ -32,7 +32,7 @@
|
|||
SSLEngine On
|
||||
SSLCertificateFile /etc/pki/tls/certs/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/httpd/misp.local_error.log
|
||||
|
|
|
@ -101,16 +101,6 @@ sudo a2enmod ssl rewrite
|
|||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
sudo a2enmod headers
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
|
||||
```
|
||||
|
||||
To flip between the 2 pythons use *update-alternatives*
|
||||
```bash
|
||||
sudo update-alternatives --config python
|
||||
```
|
||||
|
||||
#### Apply all changes
|
||||
|
|
|
@ -8,7 +8,7 @@ This has been tested by @SteveClement on 20190115
|
|||
|
||||
To install MISP on Kali copy paste this in your r00t shell:
|
||||
```bash
|
||||
wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
|
||||
wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
## 0/ Overview and Assumptions
|
||||
|
||||
{!generic/community.md!}
|
||||
{!generic/rhelVScentos.md!}
|
||||
|
||||
!!! warning
|
||||
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
|
||||
|
|
|
@ -159,8 +159,8 @@ cd ${PATH_TO_MISP}/PyMISP
|
|||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
# Let's encrypt SSL with stock MISP install
|
||||
|
||||
This will explain how to enable [letsencrypt]*(https://letsencrypt.org/) on a stock Ubuntu/Debian MISP install.
|
|
@ -57,6 +57,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
|
|||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_tag_collection" 0"
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
|
||||
|
@ -108,7 +109,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
|
|||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
|
||||
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
##sudo $RUN_PHP '$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"'
|
||||
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
|
||||
|
@ -134,22 +135,23 @@ sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
|||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $RUN_PHP "$CAKE Admin updateGalaxies"
|
||||
##sudo $RUN_PHP "$CAKE Admin updateGalaxies"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $RUN_PHP "$CAKE Admin updateTaxonomies"
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $RUN_PHP "$CAKE Admin updateWarningLists"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/warninglists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $RUN_PHP "$CAKE Admin updateNoticeLists"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/noticelists/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates"
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/objectTemplates/update
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
#### Make some misp-modules available
|
||||
|
||||
```bash
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
```
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
!!! notice
|
||||
There are technically only minor differences between CentOS and RHEL.<br />
|
||||
For more information on what might differ, [this StackExchange](https://unix.stackexchange.com/questions/27323/is-centos-exactly-the-same-as-rhel) question might answer some questions.
|
|
@ -4,6 +4,10 @@
|
|||
### 0/ MISP CentOS 6 Minimal NetInstall - Status
|
||||
--------------------------------------------
|
||||
|
||||
{!generic/community.md!}
|
||||
|
||||
{!generic/rhelVScentos.md!}
|
||||
|
||||
!!! notice
|
||||
Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20181025<br />
|
||||
It is still considered experimental as not everything works seemlessly.
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
### 0/ MISP CentOS 7 Minimal NetInstall - Status
|
||||
--------------------------------------------
|
||||
|
||||
{!generic/community.md!}
|
||||
|
||||
{!generic/rhelVScentos.md!}
|
||||
|
||||
!!! notice
|
||||
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113<br />
|
||||
It is still considered experimental as not everything works seemlessly.
|
||||
|
@ -55,7 +59,13 @@ sudo yum install centos-release-scl -y
|
|||
sudo yum install vim -y
|
||||
|
||||
# Install the dependencies:
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel ssdeep-devel -y
|
||||
sudo yum install gcc git zip \
|
||||
httpd \
|
||||
mod_ssl \
|
||||
redis \
|
||||
mariadb mariadb-server \
|
||||
python-devel python-pip python-zmq \
|
||||
libxslt-devel zlib-devel ssdeep-devel -y
|
||||
|
||||
# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
|
||||
sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
|
||||
|
@ -64,13 +74,8 @@ sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysql
|
|||
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
sudo yum install rh-python36 -y
|
||||
|
||||
# rh-php71-php only provided mod_ssl mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php71-php-fpm instead
|
||||
sudo systemctl enable rh-php71-php-fpm.service
|
||||
sudo systemctl start rh-php71-php-fpm.service
|
||||
|
||||
sudo $RUN_PHP "pear channel-update pear.php.net"
|
||||
sudo $RUN_PHP "pear install Crypt_GPG" # we need version >1.3.0
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -97,7 +102,7 @@ sudo chown apache:apache $PATH_TO_MISP
|
|||
cd /var/www
|
||||
sudo -u apache git clone https://github.com/MISP/MISP.git
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
##sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
|
@ -108,6 +113,10 @@ sudo -u apache git submodule update --init --recursive
|
|||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u apache git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Install packaged pears
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
|
||||
sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
|
||||
sudo mkdir /usr/share/httpd/.cache
|
||||
|
@ -174,7 +183,9 @@ sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
|
|||
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
|
||||
sudo -u apache $RUN_PHP "php composer.phar install"
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy)
|
||||
# fallback connector through Redisent.
|
||||
# It is highly advised to install phpredis using "yum install php-redis"
|
||||
sudo $RUN_PHP "pecl install redis"
|
||||
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
|
||||
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
|
||||
|
@ -207,9 +218,11 @@ sudo chown -R root:apache /var/www/MISP
|
|||
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
sudo chmod -R g+r,o= /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+xws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chmod -R g+rw /var/www/MISP/venv
|
||||
sudo chmod -R g+rw /var/www/MISP/.git
|
||||
sudo chown apache:apache /var/www/MISP/app/files
|
||||
sudo chown apache:apache /var/www/MISP/app/files/terms
|
||||
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
|
@ -263,8 +276,11 @@ sudo yum remove tcl expect -y
|
|||
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
|
||||
sudo systemctl restart mariadb.service
|
||||
```
|
||||
|
||||
|
||||
#### Manual procedure:
|
||||
```bash
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
```
|
||||
|
@ -276,8 +292,7 @@ MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
|||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
#### copy/paste:
|
||||
|
||||
#### Same as Manual but for copy/paste foo:
|
||||
```bash
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
|
@ -310,6 +325,21 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
|
|||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
|
||||
sudo rm /etc/httpd/conf.d/ssl.conf
|
||||
sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
|
||||
sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
|
||||
echo $OPENSSL_CN
|
||||
sudo systemctl start httpd.service
|
||||
sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
|
||||
sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
|
||||
sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/certs/misp.local.key
|
||||
sudo rm /tmp/misp.local.key
|
||||
sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
|
||||
sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
|
||||
sudo ln -s /etc/pki/tls/certs/misp.local.csr /etc/pki/tls/certs/misp-chain.crt
|
||||
cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.crt
|
||||
|
||||
sudo systemctl restart httpd.service
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
|
@ -323,7 +353,9 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
|||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chcon -R -t usr_t /var/www/MISP/venv
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/Config
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
@ -482,17 +514,17 @@ sudo yum install -y openjpeg-devel
|
|||
sudo chmod 2777 /usr/local/src
|
||||
sudo chown root:users /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
sudo -u apache git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip install
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
|
||||
sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install .
|
||||
sudo yum install rubygem-rouge rubygem-asciidoctor -y
|
||||
##sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
|
|
@ -107,15 +107,6 @@ sudo a2enmod ssl rewrite
|
|||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
```
|
||||
|
||||
To flip between the 2 pythons use *update-alternatives*
|
||||
```bash
|
||||
sudo update-alternatives --config python
|
||||
```
|
||||
|
||||
#### Apply all changes
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
|
||||
{!generic/community.md!}
|
||||
|
||||
{!generic/rhelVScentos.md!}
|
||||
|
||||
!!! warning
|
||||
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
|
||||
Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.
|
||||
|
|
Loading…
Reference in New Issue