diff --git a/INSTALL/INSTALL.debian.sh b/INSTALL/INSTALL.debian.sh
new file mode 100755
index 000000000..58024729a
--- /dev/null
+++ b/INSTALL/INSTALL.debian.sh
@@ -0,0 +1,893 @@
+#!/usr/bin/env bash
+#INSTALLATION INSTRUCTIONS
+#------------------------- for Kali Linux
+#
+#0/ Quick MISP Instance on Kali Linux - Status
+#---------------------------------------------
+#
+#1/ Prepare Kali with a MISP User
+#--------------------------------
+# To install MISP on Kali copy paste this in your r00t shell:
+# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
+# /!\ Please read the installer script before randomly doing the above.
+# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
+
+# Leave empty for NO debug messages.
+DEBUG=
+
+checkFlavour () {
+ FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
+}
+
+space () {
+ num=80
+ for i in `seq 1 $num`; do
+ echo -n "-"
+ done
+ echo ""
+}
+
+debug () {
+ echo $1
+ if [ ! -z $DEBUG ]; then
+ echo "Debug Mode, press enter to continue..."
+ read
+ fi
+}
+
+function usage() {
+ echo "Please specify what type of MISP if you want to install."
+ space
+ echo "${0} -c | Install ONLY MISP Core"
+ echo " -V | Core + Viper"
+ echo " -M | Core + MISP modules"
+ echo " -D | Core + MISP dashboard"
+ echo " -m | Core + Mail 2 MISP"
+ echo " -A | Install all of the above"
+ space
+ echo " -C | Only do pre-install checks and exit"
+ space
+ echo "Options can be combined: ${0} -V -D # Will install Core+Viper+Dashboard"
+ space
+}
+
+function checkID() {
+ if [[ $EUID == 0 ]]; then
+ echo "This script cannot be run as a root"
+ exit 1
+ elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
+ echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
+ read ANSWER
+ ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
+ if [[ $ANSWER == "y" ]]; then
+ useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
+ echo $MISP_USER:$MISP_PASSWORD | chpasswd
+ echo "User $MISP_USER added, password is: $MISP_PASSWORD"
+ elif [[ $ANSWER == "n" ]]; then
+ echo "Using $USER as install user, hope that is what you want."
+ MISP_USER=$USER
+ else
+ echo "yes or no was asked, try again."
+ exit 1
+ fi
+ else
+ echo "User ${MISP_USER} exists, skipping creation"
+ fi
+}
+
+function checkSudo() {
+sudo -H -u $MISP_USER ls -la /tmp > /dev/null 2> /dev/null
+if [[ $? -ne 0 ]]; then
+ echo "sudo seems to be not installed or working, please fix this before continuing the installation."
+ echo "apt install sudo # As root should be enough, make sure the $MISP_USER is able to run sudo."
+ exit 1
+fi
+}
+
+function checkUsrLocalSrc() {
+if [[ -e /usr/local/src ]]; then
+ if [[ -w /usr/local/src ]]; then
+ echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
+ else
+ echo -n "/usr/local/src need to be writeable by $MISP_USER, permission to fix? (y/n)"
+ read ANSWER
+ ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
+ fi
+fi
+
+}
+
+function kaliOnRootR0ckz() {
+ if [[ $EUID -ne 0 ]]; then
+ echo "This script must be run as root"
+ exit 1
+ elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
+ useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
+ echo $MISP_USER:$MISP_PASSWORD | chpasswd
+ else
+ echo "User ${MISP_USER} exists, skipping creation"
+ fi
+}
+
+function MISPvars() {
+ # Local non-root MISP user
+ MISP_USER='misp'
+ MISP_PASSWORD='Password1234'
+
+ # MISP configuration variables
+ PATH_TO_MISP='/var/www/MISP'
+ MISP_BASEURL='https://misp.local'
+ MISP_LIVE='1'
+ CAKE="$PATH_TO_MISP/app/Console/cake"
+
+ # Database configuration
+ DBHOST='localhost'
+ DBNAME='misp'
+ DBUSER_ADMIN='root'
+ DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
+ DBUSER_MISP='misp'
+ DBPASSWORD_MISP="$(openssl rand -hex 32)"
+
+ # Webserver configuration
+ FQDN='misp.local'
+
+ # OpenSSL configuration
+ OPENSSL_CN=$FQDN
+ OPENSSL_C='LU'
+ OPENSSL_ST='State'
+ OPENSSL_L='Location'
+ OPENSSL_O='Organization'
+ OPENSSL_OU='Organizational Unit'
+ OPENSSL_EMAILADDRESS='info@localhost'
+
+ # GPG configuration
+ GPG_REAL_NAME='Autogenerated Key'
+ GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
+ GPG_EMAIL_ADDRESS='admin@admin.test'
+ GPG_KEY_LENGTH='2048'
+ GPG_PASSPHRASE='Password1234'
+
+ # php.ini configuration
+ upload_max_filesize=50M
+ post_max_size=50M
+ max_execution_time=300
+ memory_limit=512M
+ PHP_INI=/etc/php/7.3/apache2/php.ini
+
+ # apt config
+ export DEBIAN_FRONTEND=noninteractive
+
+ # sudo config to run $LUSER commands
+ SUDO="sudo -u ${MISP_USER}"
+ SUDO_WWW="sudo -u www-data"
+
+ echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
+ echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
+}
+
+installDeps () {
+ apt update
+ apt install -qy etckeeper
+ # Skip dist-upgrade for now, pulls in 500+ updated packages
+ #sudo apt -y dist-upgrade
+ git config --global user.email "root@kali.lan"
+ git config --global user.name "Root User"
+
+ apt install -qy postfix
+
+ apt install -qy \
+ curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
+ mariadb-client \
+ mariadb-server \
+ apache2 apache2-doc apache2-utils \
+ libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
+ python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
+ libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
+
+ installRNG
+
+}
+
+installRNG () {
+ modprobe tpm-rng 2> /dev/null
+ if [ "$?" -eq "0" ]; then
+ echo tpm-rng >> /etc/modules
+ fi
+ apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
+ service rng-tools start
+
+ if [ "$?" -eq "1" ]; then
+ apt purge -qy rng-tools
+ apt install -qy haveged
+ /etc/init.d/haveged start
+ fi
+}
+
+fixRedis () {
+ # As of 20190124 redis-server init.d scripts are broken and need to be replaced
+ mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
+
+ echo '#! /bin/sh
+### BEGIN INIT INFO
+# Provides: redis-server
+# Required-Start: $syslog
+# Required-Stop: $syslog
+# Should-Start: $local_fs
+# Should-Stop: $local_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: redis-server - Persistent key-value db
+# Description: redis-server - Persistent key-value db
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/redis-server
+DAEMON_ARGS=/etc/redis/redis.conf
+NAME=redis-server
+DESC=redis-server
+PIDFILE=/var/run/redis.pid
+
+test -x $DAEMON || exit 0
+test -x $DAEMONBOOTSTRAP || exit 0
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ touch $PIDFILE
+ chown redis:redis $PIDFILE
+ if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
+ then
+ echo "$NAME."
+ else
+ echo "failed"
+ fi
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
+ then
+ echo "$NAME."
+ else
+ echo "failed"
+ fi
+ rm -f $PIDFILE
+ ;;
+
+ restart|force-reload)
+ ${0} stop
+ ${0} start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0' | tee /etc/init.d/redis-server
+ chmod 755 /etc/init.d/redis-server
+ /etc/init.d/redis-server start
+}
+
+function installMISPonKali() {
+ space
+ debug "Disabling sleep etc…"
+ gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
+ gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
+ gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 2> /dev/null
+ xset s 0 0 2> /dev/null
+ xset dpms 0 0 2> /dev/null
+ xset s off 2> /dev/null
+
+ debug "Installing dependencies"
+ installDeps
+
+ debug "Enabling redis and gnupg modules"
+ phpenmod -v 7.3 redis
+ phpenmod -v 7.3 gnupg
+
+ debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
+ a2dismod status
+ a2dismod php7.2
+ a2enmod ssl rewrite headers php7.3
+ a2dissite 000-default
+ a2ensite default-ssl
+
+ debug "Restarting mysql.service"
+ systemctl restart mysql.service
+
+ debug "Fixing redis rc script on Kali"
+ fixRedis
+
+ debug "git clone, submodule update everything"
+ mkdir $PATH_TO_MISP
+ chown www-data:www-data $PATH_TO_MISP
+ cd $PATH_TO_MISP
+ $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+
+ $SUDO_WWW git config core.filemode false
+
+ cd $PATH_TO_MISP
+ $SUDO_WWW git submodule update --init --recursive
+ # Make git ignore filesystem permission differences for submodules
+ $SUDO_WWW git submodule foreach --recursive git config core.filemode false
+
+ cd $PATH_TO_MISP/app/files/scripts
+ $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
+ $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
+ $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
+
+ debug "Installing python-cybox"
+ cd $PATH_TO_MISP/app/files/scripts/python-cybox
+ pip3 install .
+ debug "Installing python-stix"
+ cd $PATH_TO_MISP/app/files/scripts/python-stix
+ pip3 install .
+ # install STIX2.0 library to support STIX 2.0 export:
+ debug "Installing cti-python-stix2"
+ cd ${PATH_TO_MISP}/cti-python-stix2
+ pip3 install -I .
+ debug "Installing mixbox"
+ cd $PATH_TO_MISP/app/files/scripts/mixbox
+ pip3 install .
+ # install PyMISP
+ debug "Installing PyMISP"
+ cd $PATH_TO_MISP/PyMISP
+ pip3 install .
+
+ # Install Crypt_GPG and Console_CommandLine
+ debug "Installing pear Console_CommandLine"
+ pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
+ debug "Installing pear Crypt_GPG"
+ pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
+
+ debug "Installing composer with php 7.3 updates"
+ composer73
+
+ $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+
+ chown -R www-data:www-data $PATH_TO_MISP
+ chmod -R 750 $PATH_TO_MISP
+ chmod -R g+ws $PATH_TO_MISP/app/tmp
+ chmod -R g+ws $PATH_TO_MISP/app/files
+ chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+
+ debug "Setting up database"
+ if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
+ echo "
+ set timeout 10
+ spawn mysql_secure_installation
+ expect \"Enter current password for root (enter for none):\"
+ send -- \"\r\"
+ expect \"Set root password?\"
+ send -- \"y\r\"
+ expect \"New password:\"
+ send -- \"${DBPASSWORD_ADMIN}\r\"
+ expect \"Re-enter new password:\"
+ send -- \"${DBPASSWORD_ADMIN}\r\"
+ expect \"Remove anonymous users?\"
+ send -- \"y\r\"
+ expect \"Disallow root login remotely?\"
+ send -- \"y\r\"
+ expect \"Remove test database and access to it?\"
+ send -- \"y\r\"
+ expect \"Reload privilege tables now?\"
+ send -- \"y\r\"
+ expect eof" | expect -f -
+
+ mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
+ mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
+ mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
+ mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
+
+ enableServices
+
+ $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
+
+ echo " 'Database/Mysql',
+ //'datasource' => 'Database/Postgres',
+ 'persistent' => false,
+ 'host' => '$DBHOST',
+ 'login' => '$DBUSER_MISP',
+ 'port' => 3306, // MySQL & MariaDB
+ //'port' => 5432, // PostgreSQL
+ 'password' => '$DBPASSWORD_MISP',
+ 'database' => '$DBNAME',
+ 'prefix' => '',
+ 'encoding' => 'utf8',
+ );
+ }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
+ else
+ echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
+ echo "Skipping any creations…"
+ sleep 3
+ fi
+
+ debug "Generating Certificate"
+ openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
+ -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
+ -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
+
+ debug "Generating Apache Conf"
+ genApacheConf
+
+ echo "127.0.0.1 misp.local" | tee -a /etc/hosts
+
+ debug "Installing MISP dashboard"
+ mispDashboard
+
+ debug "Disabling site default-ssl, enabling misp-ssl"
+ a2dissite default-ssl
+ a2ensite misp-ssl
+
+ for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
+ do
+ sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
+ done
+
+ debug "Restarting Apache2"
+ systemctl restart apache2
+
+ debug "Setting up logrotate"
+ cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+ chmod 0640 /etc/logrotate.d/misp
+
+ $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
+ $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
+ $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
+
+ chown -R www-data:www-data $PATH_TO_MISP/app/Config
+ chmod -R 750 $PATH_TO_MISP/app/Config
+
+ debug "Setting up GnuPG"
+ setupGnuPG
+
+ chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
+
+ debug "Running Core Cake commands"
+ coreCAKE
+
+ debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
+ updateGOWNT
+
+ debug "Generating rc.local"
+ genRCLOCAL
+
+ gitPullAllRCLOCAL
+
+ debug "Installing misp-modules"
+ mispmodules
+
+ debug "Installing Viper"
+ viper
+
+ debug "Setting permissions"
+ permissions
+
+ debug "Running Then End!"
+ theEnd
+}
+
+## start func
+
+genApacheConf () {
+ echo "
+ ServerAdmin admin@localhost.lu
+ ServerName misp.local
+
+ Redirect permanent / https://misp.local
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/misp.local_error.log
+ CustomLog /var/log/apache2/misp.local_access.log combined
+ ServerSignature Off
+
+
+
+ ServerAdmin admin@localhost.lu
+ ServerName misp.local
+ DocumentRoot $PATH_TO_MISP/app/webroot
+
+
+ Options -Indexes
+ AllowOverride all
+ Require all granted
+ Order allow,deny
+ allow from all
+
+
+ SSLEngine On
+ SSLCertificateFile /etc/ssl/private/misp.local.crt
+ SSLCertificateKeyFile /etc/ssl/private/misp.local.key
+ # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
+
+ LogLevel warn
+ ErrorLog /var/log/apache2/misp.local_error.log
+ CustomLog /var/log/apache2/misp.local_access.log combined
+ ServerSignature Off
+ Header set X-Content-Type-Options nosniff
+ Header set X-Frame-Options DENY
+ " | tee /etc/apache2/sites-available/misp-ssl.conf
+}
+
+gitPullAllRCLOCAL () {
+ sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
+ sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
+ sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
+ sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
+ sed -i -e '$i \done\n' /etc/rc.local
+}
+
+composer72 () {
+ cd $PATH_TO_MISP/app
+ mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
+ $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
+ $SUDO_WWW php composer.phar config vendor-dir Vendor
+ $SUDO_WWW php composer.phar install
+}
+
+composer73 () {
+ cd $PATH_TO_MISP/app
+ mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
+ # Update composer.phar
+ sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+ sudo -H -u www-data php composer-setup.php
+ sudo -H -u www-data php -r "unlink('composer-setup.php');"
+ $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
+ $SUDO_WWW php composer.phar config vendor-dir Vendor
+ $SUDO_WWW php composer.phar install
+}
+enableServices () {
+ update-rc.d mysql enable
+ update-rc.d apache2 enable
+ update-rc.d redis-server enable
+ }
+
+mispDashboard () {
+ cd /var/www
+ mkdir misp-dashboard
+ chown www-data:www-data misp-dashboard
+ $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
+ cd misp-dashboard
+ /var/www/misp-dashboard/install_dependencies.sh
+ sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
+ sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
+ $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
+ apt install libapache2-mod-wsgi-py3 -y
+ echo "
+ ServerAdmin admin@misp.local
+ ServerName misp.local
+
+ DocumentRoot /var/www/misp-dashboard
+
+ WSGIDaemonProcess misp-dashboard \
+ user=misp group=misp \
+ python-home=/var/www/misp-dashboard/DASHENV \
+ processes=1 \
+ threads=15 \
+ maximum-requests=5000 \
+ listen-backlog=100 \
+ queue-timeout=45 \
+ socket-timeout=60 \
+ connect-timeout=15 \
+ request-timeout=60 \
+ inactivity-timeout=0 \
+ deadlock-timeout=60 \
+ graceful-timeout=15 \
+ eviction-timeout=0 \
+ shutdown-timeout=5 \
+ send-buffer-size=0 \
+ receive-buffer-size=0 \
+ header-buffer-size=0 \
+ response-buffer-size=0 \
+ server-metrics=Off
+
+ WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
+
+
+ WSGIProcessGroup misp-dashboard
+ WSGIApplicationGroup %{GLOBAL}
+ Require all granted
+
+
+ LogLevel info
+ ErrorLog /var/log/apache2/misp-dashboard.local_error.log
+ CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
+ ServerSignature Off
+ " | tee /etc/apache2/sites-available/misp-dashboard.conf
+ a2ensite misp-dashboard
+}
+
+coreCAKE () {
+ $CAKE Live $MISP_LIVE
+ $CAKE Baseurl $MISP_BASEURL
+
+ $CAKE userInit -q
+
+ $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
+ $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
+ $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
+ $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
+ $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
+ $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
+ $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
+ $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
+ $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
+ $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
+ $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
+ $CAKE Admin setSetting "GnuPG.password" "Password1234"
+ $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
+ $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
+ $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
+ $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
+ $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
+ $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
+ $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
+ $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
+ $CAKE Admin setSetting "Plugin.Import_services_enable" true
+ $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
+ $CAKE Admin setSetting "Plugin.Import_services_port" 6666
+ $CAKE Admin setSetting "Plugin.Import_timeout" 300
+ $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
+ $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
+ $CAKE Admin setSetting "Plugin.Export_services_enable" true
+ $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
+ $CAKE Admin setSetting "Plugin.Export_services_port" 6666
+ $CAKE Admin setSetting "Plugin.Export_timeout" 300
+ $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
+ $CAKE Admin setSetting "MISP.host_org_id" 1
+ $CAKE Admin setSetting "MISP.email" "info@admin.test"
+ $CAKE Admin setSetting "MISP.disable_emailing" false
+ $CAKE Admin setSetting "MISP.contact" "info@admin.test"
+ $CAKE Admin setSetting "MISP.disablerestalert" true
+ $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
+ $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
+ $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+ $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+ $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
+ $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
+ $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
+ $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
+ $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
+ $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
+ $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
+ $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
+ $CAKE Admin setSetting "Plugin.Sightings_policy" 0
+ $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
+ $CAKE Admin setSetting "Plugin.Sightings_range" 365
+ $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
+ $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
+ $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
+ $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
+ $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
+ $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
+ $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
+ $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
+ $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
+ $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
+ $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
+ $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
+ $CAKE Admin setSetting "MISP.language" "eng"
+ $CAKE Admin setSetting "MISP.proposals_block_attributes" false
+ $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
+ $CAKE Admin setSetting "MISP.redis_port" 6379
+ $CAKE Admin setSetting "MISP.redis_database" 13
+ $CAKE Admin setSetting "MISP.redis_password" ""
+ $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
+ $CAKE Admin setSetting "MISP.extended_alert_subject" false
+ $CAKE Admin setSetting "MISP.default_event_threat_level" 4
+ $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+ $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
+ $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
+ $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
+ $CAKE Admin setSetting "MISP.log_client_ip" false
+ $CAKE Admin setSetting "MISP.log_auth" false
+ $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
+ $CAKE Admin setSetting "MISP.block_event_alert" false
+ $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
+ $CAKE Admin setSetting "MISP.block_old_event_alert" false
+ $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
+ $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
+ $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
+ $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
+ $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
+ $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
+ $CAKE Admin setSetting "Security.password_policy_length" 12
+ $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
+ $CAKE Admin setSetting "Session.autoRegenerate" 0
+ $CAKE Admin setSetting "Session.timeout" 600
+ $CAKE Admin setSetting "Session.cookie_timeout" 3600
+ $CAKE Live $MISP_LIVE
+}
+
+setupGnuPG () {
+ echo "%echo Generating a default key
+ Key-Type: default
+ Key-Length: $GPG_KEY_LENGTH
+ Subkey-Type: default
+ Name-Real: $GPG_REAL_NAME
+ Name-Comment: $GPG_COMMENT
+ Name-Email: $GPG_EMAIL_ADDRESS
+ Expire-Date: 0
+ Passphrase: $GPG_PASSPHRASE
+ # Do a commit here, so that we can later print "done"
+ %commit
+ %echo done" > /tmp/gen-key-script
+
+ $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
+
+ $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
+}
+
+updateGOWNT () {
+ AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
+
+ # TODO: Fix updateGalaxies
+ #$CAKE Admin updateGalaxies
+ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
+ $CAKE Admin updateTaxonomies
+ # TODO: Fix updateWarningLists
+ #$CAKE Admin updateWarningLists
+ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
+ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
+ curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
+}
+
+genRCLOCAL () {
+ if [ ! -e /etc/rc.local ]
+ then
+ echo '#!/bin/sh -e' | tee -a /etc/rc.local
+ echo 'exit 0' | tee -a /etc/rc.local
+ chmod u+x /etc/rc.local
+ fi
+
+ sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
+ sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
+ sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
+ sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
+}
+
+mispmodules () {
+ sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
+ $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
+ cd /usr/local/src/
+ git clone https://github.com/MISP/misp-modules.git
+ cd misp-modules
+ # pip3 install
+ pip3 install -I -r REQUIREMENTS
+ pip3 install -I .
+ pip3 install maec lief python-magic wand yara
+ pip3 install git+https://github.com/kbandla/pydeep.git
+ gem install pygments.rb
+ gem install asciidoctor-pdf --pre
+ $SUDO_WWW misp-modules -l 0.0.0.0 -s &
+}
+
+viper () {
+ cd /usr/local/src/
+ debug "Installing Viper dependencies"
+ apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
+ pip3 install SQLAlchemy PrettyTable python-magic
+ debug "Cloning Viper"
+ git clone https://github.com/viper-framework/viper.git
+ chown -R $MISP_USER:$MISP_USER viper
+ cd viper
+ debug "Submodule update"
+ $SUDO git submodule update --init --recursive
+ debug "pip install scrapy"
+ pip3 install scrapy
+ debug "pip install reqs"
+ pip3 install -r requirements.txt
+ debug "pip uninstall yara"
+ pip3 uninstall yara -y
+ debug "Launching viper-cli"
+ $SUDO /usr/local/src/viper/viper-cli -h > /dev/null
+ debug "Launching viper-web"
+ $SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
+ echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
+ echo ". /etc/environment" >> /home/${MISP_USER}/.profile
+ debug "Setting misp_url/misp_key"
+ $SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
+ $SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
+
+ debug "Fixing admin.db with default password"
+ while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
+ # FIXME This might lead to a race condition, the while loop is sub-par
+ chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
+ echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
+ sleep 6
+ done
+ sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
+}
+
+permissions () {
+ chown -R www-data:www-data $PATH_TO_MISP
+ chmod -R 750 $PATH_TO_MISP
+ chmod -R g+ws $PATH_TO_MISP/app/tmp
+ chmod -R g+ws $PATH_TO_MISP/app/files
+ chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+}
+
+mail2misp () {
+ # TODO: fix faup
+ cd /usr/local/src/
+ apt-get install -y cmake
+ git clone https://github.com/MISP/mail_to_misp.git
+ git clone git://github.com/stricaud/faup.git faup
+ chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
+ cd faup
+ $SUDO mkdir -p build
+ cd build
+ $SUDO cmake .. && $SUDO make
+ make install
+ ldconfig
+ cd ../../
+ cd mail_to_misp
+ pip3 install -r requirements.txt
+ $SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
+ sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
+ sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
+}
+
+theEnd () {
+ echo ""
+ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
+ echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
+ echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
+
+ clear
+ space
+ echo "MISP Installed, access here: https://misp.local"
+ echo "User: admin@admin.test"
+ echo "Password: admin"
+ echo "MISP Dashboard, access here: http://misp.local:8001"
+ space
+ cat /home/${MISP_USER}/mysql.txt
+ cat /home/${MISP_USER}/MISP-authkey.txt
+ space
+ echo "The LOCAL system credentials:"
+ echo "User: ${MISP_USER}"
+ echo "Password: ${MISP_PASSWORD}"
+ space
+ echo "viper-web installed, access here: http://misp.local:8888"
+ echo "viper-cli configured with your MISP Site Admin Auth Key"
+ echo "User: admin"
+ echo "Password: Password1234"
+ space
+ echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
+ echo ""
+ echo "sudo postconf -e 'relayhost = example.com'"
+ echo "sudo postfix reload"
+ space
+ echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
+ su - ${MISP_USER}
+}
+
+debug "Checking for parameters or Kali Install"
+if [[ $# -ne 1 && $0 != "/tmp/misp-kali.sh" ]]; then
+ usage
+ exit
+fi
+
+debug "Checking flavour"
+checkFlavour
+debug "Setting MISP variables"
+MISPvars
+
+if [ "${FLAVOUR}" == "kali" ]; then
+ kaliOnRootR0ckz
+ installMISPonKali
+ exit
+fi
diff --git a/INSTALL/INSTALL.kali.txt b/INSTALL/INSTALL.kali.txt
deleted file mode 100644
index e67fa5f6e..000000000
--- a/INSTALL/INSTALL.kali.txt
+++ /dev/null
@@ -1,673 +0,0 @@
-#!/usr/bin/env bash
-#INSTALLATION INSTRUCTIONS
-#------------------------- for Kali Linux
-#
-#0/ Quick MISP Instance on Kali Linux - Status
-#---------------------------------------------
-#
-#1/ Prepare Kali with a MISP User
-#--------------------------------
-# To install MISP on Kali copy paste this in your r00t shell:
-# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
-# /!\ Please read the installer script before randomly doing the above.
-# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
-
-
-# Bug: /tmp/misp-kali.sh: line 142: pip3: command not found
-
-
-
-MISP_USER='misp'
-MISP_PASSWORD='Password1234'
-
-function kaliOnRootR0ckz() {
- if [[ $EUID -ne 0 ]]; then
- echo "This script must be run as root"
- exit 1
- elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
- useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER
- echo $MISP_USER:$MISP_PASSWORD | chpasswd
- else
- echo "User ${MISP_USER} exists, skipping creation"
- fi
-}
-
-function installMISPonKali() {
- # MISP configuration variables
- PATH_TO_MISP='/var/www/MISP'
- MISP_BASEURL='https://misp.local'
- MISP_LIVE='1'
- CAKE="$PATH_TO_MISP/app/Console/cake"
-
- # Database configuration
- DBHOST='localhost'
- DBNAME='misp'
- DBUSER_ADMIN='root'
- DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
- DBUSER_MISP='misp'
- DBPASSWORD_MISP="$(openssl rand -hex 32)"
-
- # Webserver configuration
- FQDN='misp.local'
-
- # OpenSSL configuration
- OPENSSL_CN=$FQDN
- OPENSSL_C='LU'
- OPENSSL_ST='State'
- OPENSSL_L='Location'
- OPENSSL_O='Organization'
- OPENSSL_OU='Organizational Unit'
- OPENSSL_EMAILADDRESS='info@localhost'
-
- # GPG configuration
- GPG_REAL_NAME='Autogenerated Key'
- GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
- GPG_EMAIL_ADDRESS='admin@admin.test'
- GPG_KEY_LENGTH='2048'
- GPG_PASSPHRASE='Password1234'
-
- # php.ini configuration
- upload_max_filesize=50M
- post_max_size=50M
- max_execution_time=300
- memory_limit=512M
- PHP_INI=/etc/php/7.3/apache2/php.ini
-
- # apt config
- export DEBIAN_FRONTEND=noninteractive
-
- # sudo config to run $LUSER commands
- SUDO="sudo -u ${MISP_USER}"
- SUDO_WWW="sudo -u www-data"
-
- echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
- echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
-
- echo "-----------------------------------------------------------------------"
- echo "Disabling sleep etc…"
- gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
- gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0
- gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing'
- xset s 0 0 2> /dev/null
- xset dpms 0 0 2> /dev/null
- xset s off 2> /dev/null
- apt update
- apt install -qy etckeeper
- # Skip dist-upgrade for now, pulls in 500+ updated packages
- #sudo apt -y dist-upgrade
- git config --global user.email "root@kali.lan"
- git config --global user.name "Root User"
- apt install -qy postfix
-
- apt install -qy \
- curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
- mariadb-client \
- mariadb-server \
- apache2 apache2-doc apache2-utils \
- libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
- python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
- libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
-
- modprobe tpm-rng 2> /dev/null
- if [ "$?" -eq "0" ]; then
- echo tpm-rng >> /etc/modules
- fi
- apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
- service rng-tools start
-
- if [ "$?" -eq "1" ]; then
- apt purge -qy rng-tools
- apt install -qy haveged
- /etc/init.d/haveged start
- fi
-
- phpenmod -v 7.3 redis
- phpenmod -v 7.3 gnupg
-
- a2dismod status
- a2dismod php7.2
- a2enmod ssl rewrite headers php7.3
- a2dissite 000-default
- a2ensite default-ssl
-
- systemctl restart mysql.service
-
- #update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
- #update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
-
- # As of 20190124 redis-server init.d scripts are broken and need to be replaced
- mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
-
- echo '#! /bin/sh
-### BEGIN INIT INFO
-# Provides: redis-server
-# Required-Start: $syslog
-# Required-Stop: $syslog
-# Should-Start: $local_fs
-# Should-Stop: $local_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: redis-server - Persistent key-value db
-# Description: redis-server - Persistent key-value db
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/bin/redis-server
-DAEMON_ARGS=/etc/redis/redis.conf
-NAME=redis-server
-DESC=redis-server
-PIDFILE=/var/run/redis.pid
-
-test -x $DAEMON || exit 0
-test -x $DAEMONBOOTSTRAP || exit 0
-
-set -e
-
-case "$1" in
- start)
- echo -n "Starting $DESC: "
- touch $PIDFILE
- chown redis:redis $PIDFILE
- if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
- then
- echo "$NAME."
- else
- echo "failed"
- fi
- ;;
- stop)
- echo -n "Stopping $DESC: "
- if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
- then
- echo "$NAME."
- else
- echo "failed"
- fi
- rm -f $PIDFILE
- ;;
-
- restart|force-reload)
- ${0} stop
- ${0} start
- ;;
- *)
- echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
- exit 1
- ;;
-esac
-
-exit 0' | tee /etc/init.d/redis-server
- chmod 755 /etc/init.d/redis-server
- /etc/init.d/redis-server start
-
- mkdir $PATH_TO_MISP
- chown www-data:www-data $PATH_TO_MISP
- cd $PATH_TO_MISP
- $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
-
- $SUDO_WWW git config core.filemode false
-
- cd $PATH_TO_MISP
- $SUDO_WWW git submodule update --init --recursive
- # Make git ignore filesystem permission differences for submodules
- $SUDO_WWW git submodule foreach --recursive git config core.filemode false
-
- cd $PATH_TO_MISP/app/files/scripts
- $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
- $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
- cd $PATH_TO_MISP/app/files/scripts/python-cybox
- pip3 install .
- cd $PATH_TO_MISP/app/files/scripts/python-stix
- pip3 install .
- # install STIX2.0 library to support STIX 2.0 export:
- cd ${PATH_TO_MISP}/cti-python-stix2
- pip3 install -I .
-
- cd $PATH_TO_MISP/app/files/scripts/
- $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
- cd $PATH_TO_MISP/app/files/scripts/mixbox
- pip3 install .
-
- # install PyMISP
- cd $PATH_TO_MISP/PyMISP
- pip3 install .
-
- cd $PATH_TO_MISP/app
- mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
- # Update composer.phar
- sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
- sudo -H -u www-data php composer-setup.php
- sudo -H -u www-data php -r "unlink('composer-setup.php');"
- $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
- $SUDO_WWW php composer.phar config vendor-dir Vendor
- $SUDO_WWW php composer.phar install
-
- $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
-
- chown -R www-data:www-data $PATH_TO_MISP
- chmod -R 750 $PATH_TO_MISP
- chmod -R g+ws $PATH_TO_MISP/app/tmp
- chmod -R g+ws $PATH_TO_MISP/app/files
- chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-
- if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
- echo "
- set timeout 10
- spawn mysql_secure_installation
- expect \"Enter current password for root (enter for none):\"
- send -- \"\r\"
- expect \"Set root password?\"
- send -- \"y\r\"
- expect \"New password:\"
- send -- \"${DBPASSWORD_ADMIN}\r\"
- expect \"Re-enter new password:\"
- send -- \"${DBPASSWORD_ADMIN}\r\"
- expect \"Remove anonymous users?\"
- send -- \"y\r\"
- expect \"Disallow root login remotely?\"
- send -- \"y\r\"
- expect \"Remove test database and access to it?\"
- send -- \"y\r\"
- expect \"Reload privilege tables now?\"
- send -- \"y\r\"
- expect eof" | expect -f -
-
- mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
- mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
- mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
- mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
-
- update-rc.d mysql enable
- update-rc.d apache2 enable
- update-rc.d redis-server enable
-
- $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
-
- echo " 'Database/Mysql',
- //'datasource' => 'Database/Postgres',
- 'persistent' => false,
- 'host' => '$DBHOST',
- 'login' => '$DBUSER_MISP',
- 'port' => 3306, // MySQL & MariaDB
- //'port' => 5432, // PostgreSQL
- 'password' => '$DBPASSWORD_MISP',
- 'database' => '$DBNAME',
- 'prefix' => '',
- 'encoding' => 'utf8',
- );
- }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
- else
- echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
- echo "Skipping any creations…"
- sleep 3
- fi
-
- openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
- -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
- -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
-
- if [ ! -e /etc/rc.local ]
- then
- echo '#!/bin/sh -e' | tee -a /etc/rc.local
- echo 'exit 0' | tee -a /etc/rc.local
- chmod u+x /etc/rc.local
- fi
-
- cd /var/www
- mkdir misp-dashboard
- chown www-data:www-data misp-dashboard
- $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
- cd misp-dashboard
- /var/www/misp-dashboard/install_dependencies.sh
- sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
- sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
- sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local
- sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
- sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
- sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
- sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
- sed -i -e '$i \done\n' /etc/rc.local
- $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
-
- apt install libapache2-mod-wsgi-py3 -y
-
- echo "
- ServerAdmin admin@localhost.lu
- ServerName misp.local
-
- Redirect permanent / https://misp.local
-
- LogLevel warn
- ErrorLog /var/log/apache2/misp.local_error.log
- CustomLog /var/log/apache2/misp.local_access.log combined
- ServerSignature Off
-
-
-
- ServerAdmin admin@localhost.lu
- ServerName misp.local
- DocumentRoot $PATH_TO_MISP/app/webroot
-
-
- Options -Indexes
- AllowOverride all
- Require all granted
- Order allow,deny
- allow from all
-
-
- SSLEngine On
- SSLCertificateFile /etc/ssl/private/misp.local.crt
- SSLCertificateKeyFile /etc/ssl/private/misp.local.key
- # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
-
- LogLevel warn
- ErrorLog /var/log/apache2/misp.local_error.log
- CustomLog /var/log/apache2/misp.local_access.log combined
- ServerSignature Off
- Header set X-Content-Type-Options nosniff
- Header set X-Frame-Options DENY
- " | tee /etc/apache2/sites-available/misp-ssl.conf
-
- echo "127.0.0.1 misp.local" | tee -a /etc/hosts
-
- echo "
- ServerAdmin admin@misp.local
- ServerName misp.local
-
- DocumentRoot /var/www/misp-dashboard
-
- WSGIDaemonProcess misp-dashboard \
- user=misp group=misp \
- python-home=/var/www/misp-dashboard/DASHENV \
- processes=1 \
- threads=15 \
- maximum-requests=5000 \
- listen-backlog=100 \
- queue-timeout=45 \
- socket-timeout=60 \
- connect-timeout=15 \
- request-timeout=60 \
- inactivity-timeout=0 \
- deadlock-timeout=60 \
- graceful-timeout=15 \
- eviction-timeout=0 \
- shutdown-timeout=5 \
- send-buffer-size=0 \
- receive-buffer-size=0 \
- header-buffer-size=0 \
- response-buffer-size=0 \
- server-metrics=Off
-
- WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
-
-
- WSGIProcessGroup misp-dashboard
- WSGIApplicationGroup %{GLOBAL}
- Require all granted
-
-
- LogLevel info
- ErrorLog /var/log/apache2/misp-dashboard.local_error.log
- CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
- ServerSignature Off
- " | tee /etc/apache2/sites-available/misp-dashboard.conf
-
- a2dissite default-ssl
- a2ensite misp-ssl
- a2ensite misp-dashboard
-
- for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
- do
- sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
- done
-
- systemctl restart apache2
-
- cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
- chmod 0640 /etc/logrotate.d/misp
-
- $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
- $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
- $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
-
- chown -R www-data:www-data $PATH_TO_MISP/app/Config
- chmod -R 750 $PATH_TO_MISP/app/Config
- $CAKE Live $MISP_LIVE
- $CAKE Baseurl $MISP_BASEURL
-
- echo "%echo Generating a default key
- Key-Type: default
- Key-Length: $GPG_KEY_LENGTH
- Subkey-Type: default
- Name-Real: $GPG_REAL_NAME
- Name-Comment: $GPG_COMMENT
- Name-Email: $GPG_EMAIL_ADDRESS
- Expire-Date: 0
- Passphrase: $GPG_PASSPHRASE
- # Do a commit here, so that we can later print "done"
- %commit
- %echo done" > /tmp/gen-key-script
-
- $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
-
- $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
-
- chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
-
- $CAKE userInit -q
-
- AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
-
- $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
- $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
- $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
- $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
- $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
- $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
- $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
- $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
- $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
- $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
- $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"
- $CAKE Admin setSetting "GnuPG.password" "Password1234"
- $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
- $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
- $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
- $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
- $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
- $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
- $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
- $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
- $CAKE Admin setSetting "Plugin.Import_services_enable" true
- $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
- $CAKE Admin setSetting "Plugin.Import_services_port" 6666
- $CAKE Admin setSetting "Plugin.Import_timeout" 300
- $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
- $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
- $CAKE Admin setSetting "Plugin.Export_services_enable" true
- $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
- $CAKE Admin setSetting "Plugin.Export_services_port" 6666
- $CAKE Admin setSetting "Plugin.Export_timeout" 300
- $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
- $CAKE Admin setSetting "MISP.host_org_id" 1
- $CAKE Admin setSetting "MISP.email" "info@admin.test"
- $CAKE Admin setSetting "MISP.disable_emailing" false
- $CAKE Admin setSetting "MISP.contact" "info@admin.test"
- $CAKE Admin setSetting "MISP.disablerestalert" true
- $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
- $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
- $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
- $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
- $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
- $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
- $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
- $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
- $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
- $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
- $CAKE Admin setSetting "Plugin.Sightings_policy" 0
- $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
- $CAKE Admin setSetting "Plugin.Sightings_range" 365
- $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
- $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
- $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
- $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
- $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
- $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
- $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
- $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
- $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
- $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
- $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
- $CAKE Admin setSetting "MISP.language" "eng"
- $CAKE Admin setSetting "MISP.proposals_block_attributes" false
- $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
- $CAKE Admin setSetting "MISP.redis_port" 6379
- $CAKE Admin setSetting "MISP.redis_database" 13
- $CAKE Admin setSetting "MISP.redis_password" ""
- $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
- $CAKE Admin setSetting "MISP.extended_alert_subject" false
- $CAKE Admin setSetting "MISP.default_event_threat_level" 4
- $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
- $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
- $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
- $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
- $CAKE Admin setSetting "MISP.log_client_ip" false
- $CAKE Admin setSetting "MISP.log_auth" false
- $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
- $CAKE Admin setSetting "MISP.block_event_alert" false
- $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
- $CAKE Admin setSetting "MISP.block_old_event_alert" false
- $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
- $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
- $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install"
- $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production"
- $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly"
- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali"
- $CAKE Admin setSetting "Security.password_policy_length" 12
- $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
- $CAKE Admin setSetting "Session.autoRegenerate" 0
- $CAKE Admin setSetting "Session.timeout" 600
- $CAKE Admin setSetting "Session.cookie_timeout" 3600
- $CAKE Live $MISP_LIVE
- #$CAKE Admin updateGalaxies
- curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
- $CAKE Admin updateTaxonomies
- #$CAKE Admin updateWarningLists
- curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
- curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
- curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
- sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
- sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
- sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
- sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
- sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
- $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
- cd /usr/local/src/
- git clone https://github.com/MISP/misp-modules.git
- cd misp-modules
- # pip3 install
- pip3 install -I -r REQUIREMENTS
- pip3 install -I .
- pip3 install maec lief python-magic wand yara
- pip3 install git+https://github.com/kbandla/pydeep.git
- gem install pygments.rb
- gem install asciidoctor-pdf --pre
- $SUDO_WWW misp-modules -l 0.0.0.0 -s &
- cd /usr/local/src/
- apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
- pip3 install SQLAlchemy PrettyTable python-magic
- git clone https://github.com/viper-framework/viper.git
- chown -R $MISP_USER:$MISP_USER viper
- cd viper
- $SUDO git submodule update --init --recursive
- pip3 install scrapy
- pip3 install -r requirements.txt
- pip3 uninstall yara -y
- $SUDO /usr/local/src/viper/viper-cli -h > /dev/null
- $SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
- echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment
- echo ". /etc/environment" >> /home/${MISP_USER}/.profile
- $SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf
- $SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf
-
- while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
- # FIXME This might lead to a race condition, the while loop is sub-par
- chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db
- echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
- sleep 6
- done
-
- chown -R www-data:www-data $PATH_TO_MISP
- chmod -R 750 $PATH_TO_MISP
- chmod -R g+ws $PATH_TO_MISP/app/tmp
- chmod -R g+ws $PATH_TO_MISP/app/files
- chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-
- # TODO: fix faup
- cd /usr/local/src/
- apt-get install -y cmake
- git clone https://github.com/MISP/mail_to_misp.git
- git clone git://github.com/stricaud/faup.git faup
- chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
- cd faup
- $SUDO mkdir -p build
- cd build
- $SUDO cmake .. && $SUDO make
- make install
- ldconfig
- cd ../../
- cd mail_to_misp
- pip3 install -r requirements.txt
- $SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
- sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
- sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
- echo ""
- echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
- echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
- echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
-
- clear
- echo "-------------------------------------------------------------------------"
- echo "MISP Installed, access here: https://misp.local"
- echo "User: admin@admin.test"
- echo "Password: admin"
- echo "MISP Dashboard, access here: http://misp.local:8001"
- echo "-------------------------------------------------------------------------"
- cat /home/${MISP_USER}/mysql.txt
- cat /home/${MISP_USER}/MISP-authkey.txt
- echo "-------------------------------------------------------------------------"
- echo "The LOCAL system credentials:"
- echo "User: ${MISP_USER}"
- echo "Password: ${MISP_PASSWORD}"
- echo "-------------------------------------------------------------------------"
- echo "viper-web installed, access here: http://misp.local:8888"
- echo "viper-cli configured with your MISP Site Admin Auth Key"
- echo "User: admin"
- echo "Password: Password1234"
- echo "-------------------------------------------------------------------------"
- echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
- echo ""
- echo "sudo postconf -e 'relayhost = example.com'"
- echo "sudo postfix reload"
- echo "-------------------------------------------------------------------------"
- echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues"
- su - misp
-}
-
-kaliOnRootR0ckz
-installMISPonKali
diff --git a/INSTALL/INSTALL.kali.txt b/INSTALL/INSTALL.kali.txt
new file mode 120000
index 000000000..72f6638eb
--- /dev/null
+++ b/INSTALL/INSTALL.kali.txt
@@ -0,0 +1 @@
+INSTALL.debian.sh
\ No newline at end of file
diff --git a/INSTALL/apache.misp.centos7.ssl b/INSTALL/apache.misp.centos7.ssl
index d71dd62f2..7192d51a9 100644
--- a/INSTALL/apache.misp.centos7.ssl
+++ b/INSTALL/apache.misp.centos7.ssl
@@ -32,7 +32,7 @@
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/misp.local.crt
SSLCertificateKeyFile /etc/pki/tls/private/misp.local.key
-# SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
+ SSLCertificateChainFile /etc/pki/tls/certs/misp-chain.crt
LogLevel warn
ErrorLog /var/log/httpd/misp.local_error.log
diff --git a/docs/INSTALL.debian9.md b/docs/INSTALL.debian9.md
index 6d23e482a..7cc2df540 100644
--- a/docs/INSTALL.debian9.md
+++ b/docs/INSTALL.debian9.md
@@ -101,16 +101,6 @@ sudo a2enmod ssl rewrite
sudo a2dissite 000-default
sudo a2ensite default-ssl
sudo a2enmod headers
-
-# Switch to python3 by default (optional)
-
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
-```
-
-To flip between the 2 pythons use *update-alternatives*
-```bash
-sudo update-alternatives --config python
```
#### Apply all changes
diff --git a/docs/INSTALL.kali.md b/docs/INSTALL.kali.md
index b7f0095c5..71f3876b7 100644
--- a/docs/INSTALL.kali.md
+++ b/docs/INSTALL.kali.md
@@ -8,7 +8,7 @@ This has been tested by @SteveClement on 20190115
To install MISP on Kali copy paste this in your r00t shell:
```bash
-wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
+wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
```
!!! notice
diff --git a/docs/INSTALL.rhel7.md b/docs/INSTALL.rhel7.md
index a528e6644..ea1aff9b9 100644
--- a/docs/INSTALL.rhel7.md
+++ b/docs/INSTALL.rhel7.md
@@ -3,7 +3,7 @@
## 0/ Overview and Assumptions
-{!generic/community.md!}
+{!generic/rhelVScentos.md!}
!!! warning
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
diff --git a/docs/INSTALL.ubuntu1804.md b/docs/INSTALL.ubuntu1804.md
index 3f12ca95b..c10f6d3d0 100644
--- a/docs/INSTALL.ubuntu1804.md
+++ b/docs/INSTALL.ubuntu1804.md
@@ -159,8 +159,8 @@ cd ${PATH_TO_MISP}/PyMISP
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
# Install Crypt_GPG and Console_CommandLine
-sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
-sudo -H -u www-data pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
+sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
+sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
```
### 4/ CakePHP
diff --git a/docs/SSL.md b/docs/SSL.md
new file mode 100644
index 000000000..eb0a5a058
--- /dev/null
+++ b/docs/SSL.md
@@ -0,0 +1,3 @@
+# Let's encrypt SSL with stock MISP install
+
+This will explain how to enable [letsencrypt]*(https://letsencrypt.org/) on a stock Ubuntu/Debian MISP install.
diff --git a/docs/generic/MISP_CAKE_init_centos.md b/docs/generic/MISP_CAKE_init_centos.md
index bbb371fb8..b66231f3a 100644
--- a/docs/generic/MISP_CAKE_init_centos.md
+++ b/docs/generic/MISP_CAKE_init_centos.md
@@ -57,6 +57,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
+sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_tag_collection" 0"
# Provisional Cortex tunes
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
@@ -108,7 +109,7 @@ sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
-##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
+##sudo $RUN_PHP '$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"'
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
@@ -134,22 +135,23 @@ sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
# Update the galaxies…
-sudo $RUN_PHP "$CAKE Admin updateGalaxies"
+##sudo $RUN_PHP "$CAKE Admin updateGalaxies"
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
# Updating the taxonomies…
sudo $RUN_PHP "$CAKE Admin updateTaxonomies"
# Updating the warning lists…
##sudo $RUN_PHP "$CAKE Admin updateWarningLists"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/warninglists/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
# Updating the notice lists…
## sudo $RUN_PHP "$CAKE Admin updateNoticeLists"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/noticelists/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
# Updating the object templates…
##sudo $RUN_PHP "$CAKE Admin updateObjectTemplates"
-curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST http://127.0.0.1/objectTemplates/update
+curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
# Set MISP Live
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
diff --git a/docs/generic/misp-modules.md b/docs/generic/misp-modules.md
new file mode 100644
index 000000000..90438395d
--- /dev/null
+++ b/docs/generic/misp-modules.md
@@ -0,0 +1,8 @@
+#### Make some misp-modules available
+
+```bash
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
+sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
+```
+
diff --git a/docs/generic/rhelVScentos.md b/docs/generic/rhelVScentos.md
new file mode 100644
index 000000000..cf6b24780
--- /dev/null
+++ b/docs/generic/rhelVScentos.md
@@ -0,0 +1,3 @@
+!!! notice
+ There are technically only minor differences between CentOS and RHEL.
+ For more information on what might differ, [this StackExchange](https://unix.stackexchange.com/questions/27323/is-centos-exactly-the-same-as-rhel) question might answer some questions.
diff --git a/docs/xINSTALL.centos6.md b/docs/xINSTALL.centos6.md
index d8242dc28..bb47d1f49 100644
--- a/docs/xINSTALL.centos6.md
+++ b/docs/xINSTALL.centos6.md
@@ -4,6 +4,10 @@
### 0/ MISP CentOS 6 Minimal NetInstall - Status
--------------------------------------------
+{!generic/community.md!}
+
+{!generic/rhelVScentos.md!}
+
!!! notice
Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20181025
It is still considered experimental as not everything works seemlessly.
diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md
index a97b9f1a3..80532c636 100644
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@@ -4,6 +4,10 @@
### 0/ MISP CentOS 7 Minimal NetInstall - Status
--------------------------------------------
+{!generic/community.md!}
+
+{!generic/rhelVScentos.md!}
+
!!! notice
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113
It is still considered experimental as not everything works seemlessly.
@@ -55,7 +59,13 @@ sudo yum install centos-release-scl -y
sudo yum install vim -y
# Install the dependencies:
-sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel ssdeep-devel -y
+sudo yum install gcc git zip \
+ httpd \
+ mod_ssl \
+ redis \
+ mariadb mariadb-server \
+ python-devel python-pip python-zmq \
+ libxslt-devel zlib-devel ssdeep-devel -y
# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
@@ -64,13 +74,8 @@ sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysql
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
sudo yum install rh-python36 -y
-# rh-php71-php only provided mod_ssl mod_php for httpd24-httpd from SCL
-# if we want to use httpd from CentOS base we can use rh-php71-php-fpm instead
sudo systemctl enable rh-php71-php-fpm.service
sudo systemctl start rh-php71-php-fpm.service
-
-sudo $RUN_PHP "pear channel-update pear.php.net"
-sudo $RUN_PHP "pear install Crypt_GPG" # we need version >1.3.0
```
!!! notice
@@ -97,7 +102,7 @@ sudo chown apache:apache $PATH_TO_MISP
cd /var/www
sudo -u apache git clone https://github.com/MISP/MISP.git
cd $PATH_TO_MISP
-sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
+##sudo -u apache git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
# if the last shortcut doesn't work, specify the latest version manually
# example: git checkout tags/v2.4.XY
# the message regarding a "detached HEAD state" is expected behaviour
@@ -108,6 +113,10 @@ sudo -u apache git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u apache git submodule foreach --recursive git config core.filemode false
+# Install packaged pears
+sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml"
+sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml"
+
# Create a python3 virtualenv
sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
sudo mkdir /usr/share/httpd/.cache
@@ -174,7 +183,9 @@ sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
sudo -u apache $RUN_PHP "php composer.phar install"
-# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
+# CakeResque normally uses phpredis to connect to redis, but it has a (buggy)
+# fallback connector through Redisent.
+# It is highly advised to install phpredis using "yum install php-redis"
sudo $RUN_PHP "pecl install redis"
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
@@ -207,9 +218,11 @@ sudo chown -R root:apache /var/www/MISP
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
sudo chmod -R g+r,o= /var/www/MISP
sudo chmod -R 750 /var/www/MISP
-sudo chmod -R g+ws /var/www/MISP/app/tmp
+sudo chmod -R g+xws /var/www/MISP/app/tmp
sudo chmod -R g+ws /var/www/MISP/app/files
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+sudo chmod -R g+rw /var/www/MISP/venv
+sudo chmod -R g+rw /var/www/MISP/.git
sudo chown apache:apache /var/www/MISP/app/files
sudo chown apache:apache /var/www/MISP/app/files/terms
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
@@ -263,8 +276,11 @@ sudo yum remove tcl expect -y
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
sudo systemctl restart mariadb.service
+```
+#### Manual procedure:
+```bash
# Enter the mysql shell
mysql -u root -p
```
@@ -276,8 +292,7 @@ MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
MariaDB [(none)]> exit
```
-#### copy/paste:
-
+#### Same as Manual but for copy/paste foo:
```bash
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
@@ -310,6 +325,21 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
sudo cp /var/www/MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf
+sudo rm /etc/httpd/conf.d/ssl.conf
+sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf
+sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf
+echo $OPENSSL_CN
+sudo systemctl start httpd.service
+sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096
+sudo openssl genrsa -des3 -passout pass:x -out /tmp/misp.local.key 4096
+sudo openssl rsa -passin pass:x -in /tmp/misp.local.key -out /etc/pki/tls/certs/misp.local.key
+sudo rm /tmp/misp.local.key
+sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/certs/misp.local.key -out /etc/pki/tls/certs/misp.local.csr
+sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt
+sudo ln -s /etc/pki/tls/certs/misp.local.csr /etc/pki/tls/certs/misp-chain.crt
+cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.crt
+
+sudo systemctl restart httpd.service
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
@@ -323,7 +353,9 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
sudo chcon -R -t usr_t /var/www/MISP/venv
+sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
+sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/Config
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
@@ -482,17 +514,17 @@ sudo yum install -y openjpeg-devel
sudo chmod 2777 /usr/local/src
sudo chown root:users /usr/local/src
cd /usr/local/src/
-git clone https://github.com/MISP/misp-modules.git
+sudo -u apache git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
-sudo -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
-sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
+sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
+sudo -H -u apache $PATH_TO_MISP/venv/bin/pip install .
sudo yum install rubygem-rouge rubygem-asciidoctor -y
##sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
-sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
-sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
+sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
+sudo -H -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md
index eb12f698b..b4043d336 100644
--- a/docs/xINSTALL.debian_testing.md
+++ b/docs/xINSTALL.debian_testing.md
@@ -107,15 +107,6 @@ sudo a2enmod ssl rewrite
sudo a2dissite 000-default
sudo a2ensite default-ssl
-# Switch to python3 by default (optional)
-
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
-sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
-```
-
-To flip between the 2 pythons use *update-alternatives*
-```bash
-sudo update-alternatives --config python
```
#### Apply all changes
diff --git a/docs/xINSTALL.rhel7.md b/docs/xINSTALL.rhel7.md
index ecf85dad1..fba232ad8 100644
--- a/docs/xINSTALL.rhel7.md
+++ b/docs/xINSTALL.rhel7.md
@@ -5,6 +5,8 @@
{!generic/community.md!}
+{!generic/rhelVScentos.md!}
+
!!! warning
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.