Adding instructions to build a Debian Package

It does not build a Debian package that can be pushed to the distribution yet, but it provides an easy way to have a Debian package for MISP for minimal configuration efforts. It is installed in /usr/share/misp and there are too many things happening in that directory, such as logs, instead of being in /var/log/misp/. However it can be useful to a lot of people, and I will gradually improve it over time. -- STR
2020-02-10 23:50:38 -08:00 · 2020-02-10 23:50:38 -08:00 · 894c7d28a3
parent 0acaf546e7
commit 894c7d28a3
18 changed files with 459 additions and 0 deletions
--- a/README.debian
+++ b/README.debian
@ -0,0 +1,23 @@
+MISP Debian Package
+===================
+
+The actual MISP Debian package is experimental. It is not something that can be pushed to Debian yet,
+however it is still a valid Debian package that can be deployed and it makes the installation much
+easier.
+
+How to use?
+-----------
+
+* Get all the MISP dependencies into this tree, such as galaxies, whitelists, etc.
+* Rename to root folder to misp-2.4.220/
+* Run ./build-deb.sh
+
+Known Weaknesses
+----------------
+
+* For now, it only install MISP to use a MySQL backend.
+* We could not use the outdated CakePHP Debian package (2.x), it is now 4.x, so CakePHP must be pulled into app/Lib/cakephp
+* MISP is installed in /usr/share/misp/ including where it logs, etc.
+* No individual package for misp-galaxies, misp-taxonomies etc.
+* /usr/share/misp is set to www-data, it will be changed in a future version
+* It installs MISP using Apache only, no SSL etc.
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@ -660,6 +660,11 @@ class Attribute extends AppModel

    public function afterSave($created, $options = array())
    {
+       //STR
+                $myfile = fopen("/tmp/newfile.txt", "w") or die("Unable to open file!");
+		fwrite($myfile, implode("|",$this->data['Attribute']));
+                fclose($myfile);    
+
        $passedEvent = false;
        if (isset($options['parentEvent'])) {
            $passedEvent = $options['parentEvent'];
--- a/build-deb.sh
+++ b/build-deb.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+dpkg-buildpackage -b -rfakeroot -us -uc
+
--- a/debian/README
+++ b/debian/README
@ -0,0 +1 @@
+* We cannot use cakephp package from debian, as it is outdated. CakePHP is provided along with MISP.
--- a/debian/changelog
+++ b/debian/changelog
@ -0,0 +1,5 @@
+misp (2.4.220-1) UNRELEASED; urgency=low
+
+  * First package of MISP
+
+ -- Sebastien Tricaud <sebastien.tricaud@devo.com>  Wed, 29 Jan 2020 16:32:33 -0800
--- a/debian/config
+++ b/debian/config
@ -0,0 +1,20 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+db_input critical misp/configure_mariadb || true
+db_go
+
+db_get misp/configure_mariadb
+if [ "$RET" = "Yes" ]; then
+    db_input critical misp/mariadb_host || true
+    db_go
+    db_input critical misp/mariadb_rootpwd || true
+    db_go
+    db_input critical misp/mariadb_mispdb || true
+    db_go
+    db_input critical misp/mariadb_mispdbuser || true
+    db_go
+    db_input critical misp/mariadb_setmisppwd || true
+    db_go
+fi
--- a/debian/control
+++ b/debian/control
@ -0,0 +1,41 @@
+Source: misp
+Maintainer: Sebastien Tricaud <sebastien.tricaud@devo.com>
+Section: Web
+Priority: optional
+Standards-Version: 2.4.220
+Build-Depends: debhelper (>= 11), dh-apache2
+Homepage: http://misp.software
+Vcs-Browser: https://github.com/misp/misp
+Vcs-Git: https://github.com/MISP/MISP.git
+
+Package: misp
+Architecture: all
+Pre-Depends: ${misc:Pre-Depends}
+Depends: libapache2-mod-php | php-cgi | php,
+	 python3,
+	 composer,
+	 mariadb-client,
+	 openssl,
+	 zip,
+	 unzip,
+	 moreutils,
+	 php-mysql,
+	 php-redis,
+	 php-gd,
+	 php-gnupg,
+	 php-json,
+	 php-xml,
+	 php-readline,
+	 php-mbstring,
+	 php7.3-opcache,
+	 ${misc:Depends}
+Recommends: ${misc:Recommends}, redis-server, mariadb-server
+Description: Threat Intelligence Platform
+ The MISP threat sharing platform is a free and open source software helping
+ information sharing of threat intelligence including cyber security indicators.
+ .
+ A threat intelligence platform for gathering, sharing, storing and correlating
+ Indicators of Compromise of targeted attacks, threat intelligence, financial
+ fraud information, vulnerability information or even counter-terrorism
+ information.
+ 
--- a/debian/files
+++ b/debian/files
@ -0,0 +1,2 @@
+misp_2.4.220-1_all.deb Web optional
+misp_2.4.220-1_amd64.buildinfo Web optional
--- a/debian/install
+++ b/debian/install
@ -0,0 +1,6 @@
+app usr/share/misp
+Plugin usr/share/misp
+tools usr/share/misp
+cti-python-stix2 usr/share/misp
+PyMISP usr/share/misp
+INSTALL/MYSQL.sql usr/share/doc/misp
--- a/debian/misp.apache2
+++ b/debian/misp.apache2
@ -0,0 +1 @@
+site debian/misp.apache2.conf
--- a/debian/misp.apache2.conf
+++ b/debian/misp.apache2.conf
@ -0,0 +1,28 @@
+<VirtualHost *:80>
+    ServerAdmin me@me.local
+    ServerName misp.local
+    DocumentRoot /usr/share/misp/app/webroot
+    <Directory /usr/share/misp/app/webroot>
+        Options -Indexes
+        AllowOverride all
+        Order allow,deny
+        Allow from all
+    </Directory>
+
+    LogLevel warn
+    ErrorLog /var/log/apache2/misp.local_error.log
+    CustomLog /var/log/apache2/misp.local_access.log combined
+
+    ServerSignature Off
+
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options SAMEORIGIN 
+    Header always unset "X-Powered-By"
+
+    # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
+    ## Example:
+    # Header always set X-XSS-Protection "1; mode=block"
+    # Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
+    # Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    # Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
+</VirtualHost>
--- a/debian/misp.substvars
+++ b/debian/misp.substvars
@ -0,0 +1,3 @@
+misc:Recommends=apache2 ( >= 2.4.6-4~ ) | httpd
+misc:Depends=debconf (>= 0.5) | debconf-2.0
+misc:Pre-Depends=
--- a/debian/patches/Add-CakeResque-Config.patch
+++ b/debian/patches/Add-CakeResque-Config.patch
@ -0,0 +1,203 @@
+--- misp/app/Plugin/CakeResque/Config/config.php	1969-12-31 16:00:00.000000000 -0800
+++ misp-2.4.220/app/Plugin/CakeResque/Config/config.php	2020-02-06 15:03:21.645491394 -0800
+@@ -0,0 +1,200 @@
+<?php
+/**
+ * CakeResque configuration file
+ *
+ * Default settings for Resque workers and queues.
+ *
+ * PHP version 5
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @author        Wan Qi Chen <kami@kamisama.me>
+ * @copyright     Copyright 2012, Wan Qi Chen <kami@kamisama.me>
+ * @link          http://cakeresque.kamisama.me
+ * @package       CakeResque
+ * @subpackage	  CakeResque.Config
+ * @since         3.4.0
+ * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+
+/**
+ * Configure the default value for Resque
+ *
+ * ## Mandatory indexes :
+ * Redis
+ *		Redis server settings
+ * Worker
+ *		Workers default settings
+ * Resque
+ *		Default values used to init the php-resque library path
+ *
+ * ## Optional indexes :
+ * Queues
+ *		An array of queues to start with Resque::load()
+ *		Used when you have multiple queues, as you don't need
+ *		to start each queues individually each time you start Resque
+ * Env
+ *		Additional environment variables to pass to Resque
+ * Log
+ *		Log handler and its arguments, to save the log with Monolog
+ *
+ *
+ * There are many ways to configure the plugin:
+ *
+ * 1. This file is automagically loaded by the bootstrapping process, when no 'CakeResque'
+ * configuration key exists.
+ *
+ *   CakePlugin::load('CakeResque', array('bootstrap' => true));
+ *
+ * 2. If a 'CakeResque' configuration key already exists, the default configuration will not be loaded,
+ * and the 'CakeResque' key is expected to contain all the values present in the default configuration.
+ *
+ *   Configure::load('my_cakeresque_config');
+ *   CakePlugin::load('CakeResque', array('bootstrap' => true));
+ *
+ * 3. Another way to configure the plugin is to load it using a custom bootstrap file.
+ *
+ *   CakePlugin::load('CakeResque', array('bootstrap' => 'my_bootstrap'));
+ *
+ *   // APP/Plugin/CakeResque/Config/my_bootstrap.php
+ *   require_once dirname(__DIR__) . DS . 'Lib' . DS . 'CakeResque.php';
+ *   $config = array(); // Custom configuration
+ *   CakeResque::init($config);
+ *
+ * @see CakeResque::init(), CakeResque::loadConfig().
+ */
+$config['CakeResque'] = array(
+	'Redis' => array(
+		'host' => 'localhost',		// Redis server hostname
+		'port' => 6379,				// Redis server port
+		'database' => 0,			// Redis database number
+		'namespace' => 'resque',	// Redis keys namespace
+		'password' => null			// Redis password
+	),
+
+	'Worker' => array(
+		'queue' => 'default',		// Name of the default queue
+		'interval' => 5,			// Number of second between each poll
+		'workers' => 1,				// Number of workers to create
+		// 'user' => 'www-data'	// User running the worker process
+
+		// Path to the log file
+		// Can be an
+		// - absolute path,
+		// - an relative path, that will be relative to
+		//	app/tmp/logs folder
+		// - a simple filename, file will be created inside app/tmp/logs
+		'log' => TMP . 'logs' . DS . 'resque-worker-error.log',
+
+		// Log Verbose mode
+		// true to log more debugging informations
+		// Can also be enabled per worker, by starting with --verbose
+		'verbose' => false
+	),
+	'Job' => array(
+		// Whether to track job status
+		// Enabling this will allow you to track a job status by its ID
+		// Job status are purged after 24 hours
+		//
+		// You can also define per-job tracking by passing true/false when calling
+		// CakeResque::enqueue(), CakeResque::enqueueAt() or CakeResque::enqueueIn()
+		'track' => false
+	),
+	/*
+	'Queues' => array(
+		array(
+			'queue' => 'default',	// Use default values from above for missing interval and count indexes
+			'user' => 'www-data'	// If PHP is running as a different user on you webserver
+		),
+		array(
+			'queue' => 'my-second-queue',
+			'interval' => 10
+		)
+	)
+	*/
+	'Resque' => array(
+		// Path to the directory containing the worker PID files
+		'tmpdir' => App::pluginPath('CakeResque') . 'tmp' . DS
+	),
+
+	// Other usefull environment variable you wish to set
+	// Passing a key only will search for its value in the $_SERVER scope
+	// eg : array('SERVER_NAME'); => will search for the value in $_SERVER['SERVER_NAME']
+	// Passing a key and a value will set the env variable to this value
+	// eg : array('ARCH' => 'x64')
+	'Env' => array(),
+
+	// Log Handler
+	// If saving the logs in a plain text file doesn't suit you
+	// you can send them to Mysql, or MongoDB, etc ...
+	// In that case, you'll need a handler to manage your logs
+	// All logs outputted by resque will go to the handler.
+	// The classic log file (above) will still be used, for logging
+	// stuff likes php error, or other STDOUT outputted by your job classses
+	//
+	// php-resque-ex uses Monolog to manage all the logging stuff
+	// If you uses the original php-resque library, these settings
+	// will be ignored
+	//
+	// handler
+	//		Name of the Handler (the handler classname, without the 'Handler' part)
+	// target
+	//		Arguments taken by the handler constructor. If the handler required
+	//		multiple arguments, separate them with a comma
+	//
+	// As of now, the following handler are supported:
+	//
+	// [HANDLER]		[TARGET]
+	// Cube			Cube server address (e.g: udp://127.0.0.1:1180)
+	// RotatingFile	Path to the log file (e.g: /path/to/resque.log)
+	// Syslog			Facility name
+	// Socket			Address (e.g: udp://127.0.0.1:23)
+	// MongoDB			MongoDB server address  (e.g: mongodb://localhost:27017)
+	'Log' => array(
+		'handler' => 'RotatingFile',
+		'target' => TMP . 'logs' . DS . 'resque.log'
+	),
+
+	// Scheduler Worker
+	// It's the worker handling all the scheduled jobs
+	// Only one scheduler worker is permitted to run at one time
+	// It can be paused, resumed and stopped like any other workers
+	// It can be started only with the `startscheduler` command,
+	// or with `load` if Scheduler Worker is enabled.
+	//
+	// Scheduled jobs requires the php-resque-ex-scheduler library,
+	// that should be installed with automatically via the
+	// `composer update` or `composer install` command
+	//
+	// The Scheduler Worker have its own default settings
+	//
+	// @since 2.3.0
+	//
+	'Scheduler' => array(
+		// Enable or disable delayed job
+		'enabled' => true,
+
+		// Path to the log file
+		'log' => TMP . 'logs' . DS . 'resque-scheduler-error.log',
+
+		// Optional
+		// Will not default to settings defined in the global scope above
+		'Env' => array(),
+
+		// Optional
+		// Will default to settings defined in the global scope above
+		// Only available setting is `interval`
+		// The worker will always poll a fixed special queue, and only one worker can run at one time
+		'Worker' => array(
+			'interval' => 3
+		),
+
+		// Optional
+		// Will default to settings defined in the global scope above
+		'Log' => array(
+			'handler' => 'RotatingFile',
+			'target' => TMP . 'logs' . DS . 'resque-scheduler.log'
+		)
+	)
+);
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1 @@
+Add-CakeResque-Config.patch
--- a/debian/postinst
+++ b/debian/postinst
@ -0,0 +1,74 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+. /usr/share/debconf/confmodule
+
+if [ "$1" = "configure" ] ; then
+   cp /usr/share/misp/app/Config/bootstrap.default.php /usr/share/misp/app/Config/bootstrap.php
+   cp /usr/share/misp/app/Config/config.default.php /usr/share/misp/app/Config/config.php
+   cp /usr/share/misp/app/Config/core.default.php /usr/share/misp/app/Config/core.php
+   cp /usr/share/misp/app/Config/database.default.php /usr/share/misp/app/Config/database.php
+
+   chown -R www-data:www-data /usr/share/misp/app/tmp
+   chmod -R g+ws /usr/share/misp/app/tmp
+   chown -R www-data:www-data /usr/share/misp/app/files
+   chmod -R g+ws /usr/share/misp/app/files
+   chown -R www-data:www-data /usr/share/misp/app/Config
+   chmod -R 750 /usr/share/misp/app/Config
+
+   if [ ! -d "/var/www/.composer/" ]
+   then
+       mkdir /var/www/.composer
+   fi
+
+   chown www-data:www-data /var/www/.composer
+   chown -R www-data:www-data /usr/share/misp/
+
+   cd /usr/share/misp/app
+   sudo -u www-data composer dump-autoload
+
+   phpenmod redis
+   phpenmod gnupg   
+
+   a2dissite 000-default || true
+   a2ensite misp.apache2 || true
+   a2enmod rewrite
+   a2enmod headers
+   
+   db_get misp/mariadb_host
+   HOST=$RET
+   db_get misp/mariadb_rootpwd
+   ROOTPWD=$RET
+   db_get misp/mariadb_mispdb
+   MISPDB=$RET
+   db_get misp/mariadb_mispdbuser
+   MISPDBUSER=$RET
+   db_get misp/mariadb_setmisppwd
+   MISPDBUSERPWD=$RET
+   db_stop
+
+   mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE USER IF NOT EXISTS '$MISPDBUSER'@'localhost' IDENTIFIED BY '$MISPDBUSERPWD';"
+   mysql -h$HOST -uroot -p$ROOTPWD -e "GRANT ALL PRIVILEGES ON misp.* TO '$MISPDBUSER'@'localhost';"
+   mysql -h$HOST -uroot -p$ROOTPWD -e "FLUSH PRIVILEGES;"
+   mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE DATABASE $MISPDB;"
+   echo "Creating MISP Database..."
+   gunzip < /usr/share/doc/misp/MYSQL.sql.gz | mysql -h$HOST -u$MISPDBUSER -p$MISPDBUSERPWD $MISPDB   
+
+   #   /usr/share/misp/app/Config/database.php
+   echo "Updating salt..."
+   sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /usr/share/misp/app/Config/config.php
+
+   echo "Configuring Database..."
+   sed -i -E "s/'host'\s=>\s'localhost'/'host' => '$HOST'/" /usr/share/misp/app/Config/database.php
+   sed -i -E "s/'login'\s=>\s'db login'/'login' => '$MISPDBUSER'/" /usr/share/misp/app/Config/database.php
+   sed -i -E "s/'password'\s=>\s'db password'/'password' => '$MISPDBUSERPWD'/" /usr/share/misp/app/Config/database.php
+   sed -i -E "s/'database'\s=>\s'misp'/'database' => '$MISPDB'/" /usr/share/misp/app/Config/database.php
+
+   cd /usr/share/misp/app
+   composer require resque/php-resque
+# No composer.json in current directory, do you want to use the one at /usr/share/misp/app? [Y,n]? Y
+   echo "{\"major\":2, \"minor\":4, \"hotfix\":220}" > /usr/share/misp/VERSION.json    
+fi
--- a/debian/rules
+++ b/debian/rules
@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+%:
+	dh $@ --with apache2
+
+override_dh_auto_install:
+	dh_auto_build
--- a/debian/source/format
+++ b/debian/source/format
@ -0,0 +1 @@
+3.0 (quilt)
--- a/debian/templates
+++ b/debian/templates
@ -0,0 +1,35 @@
+Template: misp/information
+Type: note
+Description: MISP has been installed on your system.
+ However it will not work unless you configure the following file:
+ .
+ /usr/share/misp/app/Config/database.php
+
+Template: misp/configure_mariadb
+Type: select
+Choices: Yes, No
+Description: Would you like to configure MariaDB for MISP?
+
+Template: misp/mariadb_host
+Type: string
+Default: 127.0.0.1
+Description: MariaDB Host
+
+Template: misp/mariadb_rootpwd
+Type: password
+Description: MariaDB root user password
+
+Template: misp/mariadb_mispdb
+Type: string
+Default: misp
+Description: MISP Database name
+
+Template: misp/mariadb_mispdbuser
+Type: string
+Default: misp
+Description: MISP Database user
+
+Template: misp/mariadb_setmisppwd
+Type: password
+Description: Set your MariaDB MISP user password
+
				`@ -0,0 +1 @@`
				`* We cannot use cakephp package from debian, as it is outdated. CakePHP is provided along with MISP.`