mirror of https://github.com/MISP/MISP
new: [docs] Added intial mkdocs directory
parent
1bdaedce0d
commit
93d861a6ae
|
@ -0,0 +1,32 @@
|
|||
#SMIME patch
|
||||
|
||||
## Create SMIME directory
|
||||
|
||||
mkdir /var/www/MISP/.smime
|
||||
|
||||
## Copy your public x509 certificate (for signing) in PEM format
|
||||
|
||||
cp email@address.com.pem /var/www/MISP/.smime/email@address.com.pem
|
||||
|
||||
## Copy your private key for signing email
|
||||
|
||||
cp email@address.com.key /var/www/MISP/.smime/email@address.com.key
|
||||
|
||||
### Set permissions
|
||||
|
||||
chown www-data:www-data /var/www/MISP/.smime
|
||||
chmod 500 /var/www/MISP/.smime
|
||||
chmod 440 /var/www/MISP/.smime/*
|
||||
|
||||
## Export the public certificate (for Encipherment) to the webroot
|
||||
|
||||
cp public_certificate.pem /var/www/MISP/app/webroot/public_certificate.pem
|
||||
|
||||
Due to this action, the MISP users will be able to download your public certificate (for Encipherment) by clicking on the footer
|
||||
|
||||
### Set permissions
|
||||
|
||||
chown www-data:www-data /var/www/MISP/app/webroot/public_certificate.pem
|
||||
chmod 440 /var/www/MISP/app/webroot/public_certificate.pem
|
||||
|
||||
## Configure the section "SMIME" in the server settings (Administration -> Server settings -> Encryption tab)
|
|
@ -0,0 +1,67 @@
|
|||
# It's possible to send all logs from MISP to an elasticsearch
|
||||
# endpoint
|
||||
|
||||
# First, we'll need an ES PHP library
|
||||
|
||||
# Replace according to your requirements
|
||||
export MISP_DIR=/var/www/MISP
|
||||
cd $MISP_DIR/app
|
||||
sudo -u www-data php composer.phar require elasticsearch/elasticsearch
|
||||
|
||||
# Ok now we need to configure where we log to
|
||||
#
|
||||
# In Administration -> Server Settings & Maintenance -> Plugin Settings
|
||||
# Under the elasticsearch tab, enable elasticsearch logging, and input
|
||||
# your connection string
|
||||
# Note that explicitly specifying the port may be needed, e.g. for AWS instances
|
||||
# running on 443.
|
||||
# Also input a log index - all logs will be thrown at this index.
|
||||
|
||||
# Now give ES a template to work from
|
||||
cat << EOF > misp_es_template.json
|
||||
{
|
||||
"template": "misp_logging",
|
||||
"mappings": {
|
||||
"log": {
|
||||
"_source": {
|
||||
"enabled": true
|
||||
},
|
||||
"properties": {
|
||||
"Log.email": {
|
||||
"type": "keyword"
|
||||
},
|
||||
"Log.title": {
|
||||
"type": "text"
|
||||
},
|
||||
"Log.ip": {
|
||||
"type": "ip"
|
||||
},
|
||||
"Log.created": {
|
||||
"format": "YYYY-MM-dd HH:mm:ss",
|
||||
"type": "date"
|
||||
},
|
||||
"Log.description": {
|
||||
"type": "text"
|
||||
},
|
||||
"Log.org": {
|
||||
"type": "text"
|
||||
},
|
||||
"Log.action": {
|
||||
"type": "text"
|
||||
},
|
||||
"Log.model": {
|
||||
"type": "text"
|
||||
},
|
||||
"Log.change": {
|
||||
"type": "text"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# And put it to ES
|
||||
curl -XPUT https://my_es/_template/misp_logging --data-binary @misp_es_template.json
|
||||
|
||||
# Now MISP will start sending logs to ES! Hooray!
|
|
@ -0,0 +1,97 @@
|
|||
Using S3 as an attachment store
|
||||
===============================
|
||||
|
||||
It is possible to use Amazon's Simple Storage Service (S3) to store event attachments
|
||||
to allow for a stateless MISP setup (i.e for containerisation)
|
||||
|
||||
There's a massive caveat here so let me make this incredibly clear
|
||||
|
||||
##############################################
|
||||
# WARNING WARNING WARNING #
|
||||
# #
|
||||
# Storing malware is against amazon's #
|
||||
# terms of service. #
|
||||
# #
|
||||
# DO NOT USE THIS UNLESS YOU HAVE #
|
||||
# THEIR EXPLICIT PERMISSION #
|
||||
##############################################
|
||||
|
||||
0. Installing Dependencies
|
||||
--------------------------
|
||||
|
||||
Install the AWS PHP SDK
|
||||
|
||||
```bash
|
||||
cd /var/www/MISP/app
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar require aws/aws-sdk-php
|
||||
```
|
||||
|
||||
1. Creating an S3 bucket
|
||||
-------------------------
|
||||
|
||||
Go to https://s3.console.aws.amazon.com/s3/home
|
||||
|
||||
And create a bucket. It has to have a globally unique name, and
|
||||
this cannot be changed later on.
|
||||
|
||||
2a. Using an EC2 instance for MISP
|
||||
-----------------------------------
|
||||
|
||||
If you run MISP on EC2, this will be super duper easy peasy.
|
||||
|
||||
Simply create an IAM role with the following permissions and assign it to the instance
|
||||
by right-clicking and selecting "Instance Settings -> Attach/Replace IAM role"
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "PermitMISPAttachmentsToS3",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:*"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::your-bucket-name"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
2b. Using AWS access keys
|
||||
-------------------------
|
||||
|
||||
This is not recommended, but it works I think.
|
||||
|
||||
Create a new programmatic access user via IAM and apply the same
|
||||
policy outlined above.
|
||||
|
||||
Copy the access keys and save them for the next step
|
||||
|
||||
3. Setting up MISP
|
||||
------------------
|
||||
|
||||
In Administration -> Server Settings & Maintenance -> MISP settings
|
||||
|
||||
Set MISP.attachments_dir to "s3://"
|
||||
|
||||
In Administration -> Server Settings & Maintenance -> Plugin Settings -> S3
|
||||
|
||||
Set S3_enable to True
|
||||
Set S3_bucket-name to the bucket you created earlier
|
||||
Set S3_region to your region
|
||||
|
||||
ONLY IF YOU DID NOT USE THE EC2 METHOD
|
||||
Set aws_access_key and aws_secret_key to the ones you created in 2b
|
||||
|
||||
Now theoretically it should work.
|
||||
|
||||
Addendum
|
||||
========
|
||||
|
||||
If you are migrating a server currently in use, simply copy the directory structure from
|
||||
the attachments folder (usually /var/www/MISP/app/files) to S3 and everything should
|
||||
continue to work.
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,715 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Debian 9 "stretch" server
|
||||
|
||||
0/ MISP debian stable install - Status
|
||||
--------------------------------------
|
||||
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.0/apache2/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal Debian install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Debian 9 "stretch" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
|
||||
# install etckeeper (optional)
|
||||
su -
|
||||
apt install etckeeper
|
||||
apt install sudo
|
||||
adduser misp sudo
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt update
|
||||
sudo apt -y dist-upgrade
|
||||
|
||||
# Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt install -y postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install all the dependencies: (some might already be installed)
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server vim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-readline php-redis php7.0-mbstring php-pear python3 \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2
|
||||
|
||||
To flip between the 2 pythons: sudo update-alternatives --config python
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo pip3 install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP.
|
||||
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
# Make composer cache happy
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/php/7.0/apache2/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
sudo $CAKE Admin updateWarningLists
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand yara
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip3 install redis
|
||||
|
||||
## install pyzmq
|
||||
sudo pip3 install pyzmq
|
||||
|
||||
|
||||
MISP Dashboard
|
||||
--------------
|
||||
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
|
||||
|
||||
Install viper framework
|
||||
-----------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git submodule update --init --recursive
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
|
||||
|
||||
|
||||
Install mail to misp
|
||||
--------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#INSTALLATION INSTRUCTIONS
|
||||
## for Kali Linux
|
||||
#0/ Quick MISP Instance on Kali Linux - Status
|
||||
#1/ Prepare Kali with a MISP User
|
||||
To install MISP on Kali copy paste this in your r00t shell:
|
||||
```bash
|
||||
wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.kali.txt && bash /tmp/misp-kali.sh
|
||||
```
|
||||
|
||||
!!! warning
|
||||
Please read the installer script before randomly doing the above.
|
||||
The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
|
@ -0,0 +1,435 @@
|
|||
INSTALLATION INSTRUCTIONS for RHEL 7.x
|
||||
-------------------------
|
||||
|
||||
+----------------------------------------+
|
||||
| 0/ Overview and Assumptions |
|
||||
+----------------------------------------+
|
||||
This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x). At time of this writing it
|
||||
was tested on version 7.4.
|
||||
|
||||
The following assumptions with regard to this installation have been made.
|
||||
|
||||
0.1/ A valid support agreement allowing the system to register to the Red Hat Customer Portal and receive updates
|
||||
0.2/ The ability to enable additional RPM repositories, specifically the EPEL and Software Collections (SCL) repos
|
||||
0.3/ This system will have direct or proxy access to the Internet for updates. Or connected to a Red Hat Satellite Server
|
||||
0.4/ This document is to get a MISP instance up and running over HTTP. I haven't done a full test of all features
|
||||
|
||||
+----------------------------------------------+
|
||||
| 1/ OS Install and additional repositories |
|
||||
+----------------------------------------------+
|
||||
|
||||
1.1/ Complete a minimal RHEL installation, configure IP address to connect automatically.
|
||||
|
||||
1.2/ Configure system hostname
|
||||
hostnamectl set-hostname misp # You're choice, in a production environment, it's best to use a FQDN
|
||||
|
||||
1.3/ Register the system for updates with Red Hat Subscription Manager
|
||||
subscription-manager register # register your system to an account
|
||||
subscription-manager attach # attach your system to a current subscription
|
||||
|
||||
1.4/ Enable the optional, extras and Software Collections (SCL) repos
|
||||
subscription-manager repos --enable rhel-7-server-optional-rpms
|
||||
subscription-manager repos --enable rhel-7-server-extras-rpms
|
||||
subscription-manager repos --enable rhel-server-rhscl-7-rpms
|
||||
|
||||
1.5a/ OPTIONAL: Install the deltarpm package to help reduce download size when installing updates
|
||||
yum install deltarpm
|
||||
|
||||
1.5/ Update the system and reboot
|
||||
yum update
|
||||
|
||||
## NOTE: As time of writing performing a yum update results in the rhel-7-server-rt-beta-rpms being forbidden
|
||||
## The repo can be disabled using the following command
|
||||
subscription-manager repos --disable rhel-7-server-rt-beta-rpms
|
||||
|
||||
1.6/ Install the EPEL repo
|
||||
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
||||
|
||||
1.7/ Install the SCL repo
|
||||
yum install centos-release-scl
|
||||
|
||||
+-----------------------------+
|
||||
| 2/ Install Dependencies |
|
||||
+-----------------------------+
|
||||
Once the system is installed and updated, the following steps can be performed as root
|
||||
|
||||
2.01/ Install some base system dependencies
|
||||
yum install gcc git httpd zip python-devel libxslt-devel zlib-devel python-pip ssdeep-devel
|
||||
|
||||
2.02/ Install MariaDB 10.2 from SCL
|
||||
yum install rh-mariadb102
|
||||
|
||||
2.03/ Start the MariaDB service and enable it to start on boot
|
||||
systemctl start rh-mariadb102-mariadb.service
|
||||
systemctl enable rh-mariadb102-mariadb.service
|
||||
|
||||
## MISP 2.4 requires PHP 5.5 as a minimum, we need a higher version than base RHEL provides.
|
||||
## This guide installs PHP 7.1 from SCL
|
||||
|
||||
2.04/ Install PHP 7.1 from SCL
|
||||
yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache
|
||||
|
||||
## If we want to use httpd from RHEL base we can use the rh-php71-php-fpm service instead
|
||||
2.05/ Start the PHP FPM service and enable to start on boot
|
||||
systemctl start rh-php71-php-fpm.service
|
||||
systemctl enable rh-php71-php-fpm.service
|
||||
|
||||
2.06/ Install redis 3.2 from SCL
|
||||
yum install rh-redis32
|
||||
|
||||
2.07/ Start redis service and enable to start on boot
|
||||
systemctl start rh-redis32-redis.service
|
||||
systemctl enable rh-redis32-redis.service
|
||||
|
||||
2.08/ Start a SCL shell with rh-mariadb102 rh-php71 and rh-redis32 enabled
|
||||
scl enable rh-mariadb102 rh-php71 rh-redis32 bash
|
||||
|
||||
2.08/ Secure the MariaDB installation, run the following command and follow the prompts
|
||||
mysql_secure_installation
|
||||
|
||||
2.10/ Update the PHP extension repository and install required package
|
||||
pear channel-update pear.php.net
|
||||
pear install Crypt_GPG
|
||||
|
||||
2.11/ Install haveged and enable to start on boot to provide entropy for GPG
|
||||
yum install haveged
|
||||
systemctl start haveged
|
||||
systemctl enable haveged
|
||||
|
||||
2.12/ Install Python 3.6 from SCL
|
||||
yum install rh-python36
|
||||
|
||||
+---------------------+
|
||||
| 3/ MISP Download |
|
||||
+---------------------+
|
||||
|
||||
3.01/ Download MISP code using git in /var/www/ directory
|
||||
cd /var/www
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
3.02/ Make git ignore filesystem permission differences
|
||||
git config core.filemode false
|
||||
|
||||
3.03/ Install Mitre's STIX and its dependencies by running the following commands:
|
||||
pip install importlib
|
||||
yum install python-six
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
# If your umask has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
|
||||
3.04/ Install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
scl enable rh-python36 'python3 setup.py install'
|
||||
umask $UMASK
|
||||
|
||||
3.05/ Enable python3 for php-fpm
|
||||
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
+---------------------+
|
||||
| 4/ CakePHP |
|
||||
+---------------------+
|
||||
|
||||
4.01/ CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it ignore this
|
||||
message: No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
cd /var/www/MISP
|
||||
git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
4.02/ Install CakeResque along with its dependencies if you intend to use the built in background jobs
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
4.03/ Install and configure php redis connector through pecl
|
||||
pecl install redis
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php71/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
4.04/ Set a timezone in php.ini
|
||||
echo 'date.timezone = "Australia/Sydney"' > /etc/opt/rh/rh-php71/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php71/php.d/99-timezone.ini
|
||||
|
||||
4.05/ To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
+----------------------------+
|
||||
| 5/ Set file permissions |
|
||||
+----------------------------+
|
||||
|
||||
5.01/ Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
+--------------------------------+
|
||||
| 6/ Create database and user |
|
||||
+--------------------------------+
|
||||
|
||||
6.01/ Set database to listen on localhost only
|
||||
echo [mysqld] > /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 >> /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf
|
||||
systemctl restart rh-mariadb102-mariadb
|
||||
|
||||
6.02/ Start MariaDB shell and create database
|
||||
mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
6.03/ Import the empty MySQL database from MYSQL.sql
|
||||
cd /var/www/MISP
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
|
||||
+--------------------------------+
|
||||
| 7/ Apache Configuration |
|
||||
+--------------------------------+
|
||||
|
||||
7.01/ Copy a sample vhost config to Apache configuration directory
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
7.02/ Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
7.02/ Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
|
||||
7.03/ Enable and start the httpd service
|
||||
systemctl enable httpd.service
|
||||
systemctl start httpd.service
|
||||
|
||||
7.04/ Open a hole in the firewalld service
|
||||
firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
firewall-cmd --reload
|
||||
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
+--------------------------------+
|
||||
| 8/ Log Rotation |
|
||||
+--------------------------------+
|
||||
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
8.01/ Allow logrotate to work under SELinux and modify the log files
|
||||
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
|
||||
8.02/ Allow logrotate to read /var/www
|
||||
checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te
|
||||
semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
semodule -i /tmp/misplogrotate.pp
|
||||
|
||||
+--------------------------------+
|
||||
| 9/ MISP Configuration |
|
||||
+--------------------------------+
|
||||
|
||||
9.01/ There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
|
||||
9.02/ Configure the fields in the newly created files
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
|
||||
# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');`
|
||||
# database.php : login, port, password, database
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
9.03/ If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
|
||||
9.04/ Generate an encryption key
|
||||
gpg --gen-key
|
||||
mv ~/.gnupg /var/www/MISP/
|
||||
chown -R apache:apache /var/www/MISP/.gnupg
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.gnupg
|
||||
## NOTE: There is a bug that if a passphrase is added MISP will produce an error on the diagnostic page.
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool
|
||||
|
||||
9.05/ export the public key to the webroot
|
||||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
9.06/ Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
9.07a/ To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
9.07b/ Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
9.07c/ and make sure it will execute
|
||||
chmod +x /etc/rc.local
|
||||
|
||||
# Now log in using the webinterface: http://misp/users/login
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
+---------------------------+
|
||||
| 10/ Post Install |
|
||||
+---------------------------+
|
||||
|
||||
10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs
|
||||
# Result from diagnostic is that the directory is not writable.
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs/
|
||||
# NOTE: This may mean that logrotate cannot access the logs directory, will require further investigation
|
||||
|
||||
10.02/ Change php.ini settings to suggested limits from diagnostic page.
|
||||
# Edit /etc/opt/rh/rh-php71/php.ini and set the following settings
|
||||
max_execution_time = 300
|
||||
memory_limit = 512M
|
||||
upload_max_filesize = 50M
|
||||
post_max_size = 50M
|
||||
|
||||
10.03/ Restart rh-php71 for settings to take effect
|
||||
systemctl restart rh-php71-php-fpm
|
||||
|
||||
10.04/ Install pymisp and pydeep for Advanced Attachment handler
|
||||
pip install pymisp
|
||||
pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
10.05/ Install pymisp also in Python 3
|
||||
scl enable rh-python36 pip3 install pymisp
|
||||
|
||||
+---------------------------+
|
||||
| 11/ LIEF Installation |
|
||||
+---------------------------+
|
||||
# lief is required for the Advanced Attachment Handler and requires manual compilation
|
||||
|
||||
11.01/ Install cmake3 devtoolset-7 from SCL
|
||||
yum install devtoolset-7 cmake3
|
||||
|
||||
11.02/ Enable devtoolset-7
|
||||
scl enable devtoolset-7 bash
|
||||
|
||||
11.03/ Set env variable, create directories and download source code
|
||||
mkdir -p /tmp/LIEF
|
||||
mkdir -p /tmp/LIEF_INSTALL
|
||||
export LIEF_TMP=/tmp/LIEF
|
||||
export LIEF_INSTALL=/tmp/LIEF_INSTALL
|
||||
export LIEF_BRANCH=master
|
||||
cd $LIEF_TMP
|
||||
git clone --branch $LIEF_BRANCH --single-branch https://github.com/lief-project/LIEF.git LIEF
|
||||
|
||||
11.04/ Compile lief and install
|
||||
cd $LIEF_TMP/LIEF
|
||||
mkdir -p build
|
||||
cd build
|
||||
scl enable devtoolset-7 'bash -c "cmake3 \
|
||||
-DLIEF_PYTHON_API=on \
|
||||
-DLIEF_DOC=off \
|
||||
-DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DPYTHON_VERSION=2.7 \
|
||||
.."'
|
||||
make -j3
|
||||
cd api/python
|
||||
scl enable rh-python36 python3 setup.py install || :
|
||||
# you can ignore the error about finding suitable distribution
|
||||
cd $LIEF_TMP/LIEF/build
|
||||
make install
|
||||
make package
|
||||
|
||||
11.05/ Test lief installation, if no error, package installed
|
||||
python
|
||||
>> import lief
|
||||
|
||||
+---------------------------+
|
||||
| 12/ Known Issues |
|
||||
+---------------------------+
|
||||
|
||||
12.01/ PHP CLI cannot determine version
|
||||
# PHP CLI Version cannot be determined. Possibly due to PHP being installed through SCL
|
||||
|
||||
12.02/ Workers cannot be started or restarted from the web page
|
||||
# Possible also due to package being installed via SCL, attempting to start workers through the web page will result in
|
||||
# error. Worker's can be restarted via the CLI using the following command.
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
## NOTE: No other functions were tested after the conclusion of this install. There may be issue that aren't addressed
|
||||
## via this guide and will need additional investigation.
|
|
@ -0,0 +1,338 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Ubuntu 18.04-server
|
||||
|
||||
1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Ubuntu 18.04-server system with the software:
|
||||
- OpenSSH server
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt-get install postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Make sure you have enabled the Universe repository (fe. for redis-server), enable it with
|
||||
# sudo add-apt-repository universe
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir /var/www/MISP
|
||||
sudo chown www-data:www-data /var/www/MISP
|
||||
cd /var/www/MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-maec
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install support for STIX 2.0
|
||||
sudo pip3 install stix2
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you've set in line 129 when prompted
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.2:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL
|
||||
|
||||
# Also remember to verify the SSLCertificateChainFile property in your config file - this is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/MISP/app/webroot
|
||||
<Directory /var/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www-data vim /var/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
/var/www/MISP/app/Console/cake Baseurl https://<your.FQDN.here>
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
sudo chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www-data mkdir /var/www/MISP/.gnupg
|
||||
sudo chmod 700 /var/www/MISP/.gnupg
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# NOTE: if entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-----------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pip3 install pyzmq
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip3 install redis
|
||||
|
||||
# For the experimental ssdeep correlations, run the following installation:
|
||||
# installing ssdeep
|
||||
wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz
|
||||
tar zxvf ssdeep-2.13.tar.gz
|
||||
cd ssdeep-2.13
|
||||
./configure
|
||||
make
|
||||
sudo make install
|
||||
ssdeep -h # test
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
|
||||
Optional features: misp-modules
|
||||
-------------------------------
|
||||
# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
|
||||
# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
|
||||
# Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
|
@ -0,0 +1,103 @@
|
|||
# In general, updating MISP between point releases (for exampe 2.4.50 -> 2.4.53) happens with one of the following two options (both are to be executed as root):
|
||||
|
||||
# Option 1: To update to the latest commit from the 2.4 branch simply pull the latest commit
|
||||
cd /var/www/MISP
|
||||
git pull origin 2.4
|
||||
git submodule update --init --recursive
|
||||
|
||||
# Option 2: If you want to stick to a point release instead of pulling the latest commit directly:
|
||||
cd /var/www/MISP
|
||||
git fetch
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
git submodule update --init --recursive
|
||||
|
||||
# If you would like to upgrade from a minor version to another, look at the UPGRADE.txt file instead (such as 2.3.142 -> 2.4.13)
|
||||
|
||||
# If for any reason something goes wrong with the above instructions, walk through the following manual upgrade
|
||||
|
||||
# 1. Update the MISP code to the latest hotfix.
|
||||
As user root, do the following:
|
||||
|
||||
cd /var/www/MISP
|
||||
git fetch
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
|
||||
# 2. Update CakePHP to the latest supported version (if for some reason it doesn't get updated automatically with git submodule)
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule update --init --recursive
|
||||
|
||||
|
||||
# 3. Update Mitre's STIX and its dependencies
|
||||
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
rm -rf python-cybox
|
||||
rm -rf python-stix
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
python3 setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 4. Update mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
rm -rf mixbox
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 5. install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
|
||||
|
||||
# 6. For RHEL/CentOS: enable python3 for php-fpm
|
||||
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf
|
||||
systemctl restart rh-php71-php-fpm.service
|
||||
|
||||
|
||||
# 7. Update CakeResque and its dependencies
|
||||
|
||||
cd /var/www/MISP/app
|
||||
|
||||
# Edit composer.json so that cake-resque is allowed to be updated
|
||||
# "kamisama/cake-resque": ">=4.1.2"
|
||||
|
||||
vim composer.json
|
||||
php composer.phar self-update
|
||||
# if behind a proxy use HTTP_PROXY="http://yourproxy:port" php composer.phar self-update
|
||||
php composer.phar update
|
||||
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
# 8. Make sure all file permissions are set correctly
|
||||
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP/
|
||||
chown -R www-data:www-data /var/www/MISP/
|
||||
|
||||
|
||||
# 9. Restart the CakeResque workers
|
||||
|
||||
su - www-data -s /bin/bash -c 'bash /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# You can also do this using the MISP application by navigating to the workers tab in the server settings and clicking on the "Restart all workers" button.
|
||||
|
||||
|
||||
# 10. Add any new dependencies that might have been added since you've last updated (shown below)
|
||||
|
||||
# 11. Add requirements for the pubsub optional feature
|
||||
pip install pyzmq
|
Binary file not shown.
After Width: | Height: | Size: 1.1 KiB |
Binary file not shown.
After Width: | Height: | Size: 10 KiB |
|
@ -0,0 +1,7 @@
|
|||
# Welcome to the official MISP Install Guides
|
||||
|
||||
On the following pages you will find stock install instructions for getting a base MISP system running.
|
||||
|
||||
For full documentation visit [misp-book](https://www.circl.lu/doc/misp/).
|
||||
|
||||
[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/fold_left.svg?style=social&label=Follow%20%40MISPProject)](https://twitter.com/MISPProject)
|
|
@ -0,0 +1,5 @@
|
|||
## License
|
||||
|
||||
The MISP INSTALL guides are dual-licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html) and [CC-BY-SA 4.0 international](https://creativecommons.org/licenses/by-sa/4.0/).
|
||||
|
||||
* Copyright \(C\) 2014-2018 CIRCL - Computer Incident Response Center Luxembourg
|
|
@ -0,0 +1,503 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for OpenBSD 6.3-amd64
|
||||
|
||||
0/ WIP /!\ You are warned, this does not work yet! /!\
|
||||
|
||||
Current issues: php-redis only available in binary for php-56, workaround: use ports.
|
||||
This guide attempts to offer native httpd or apache2/nginx set-up.
|
||||
|
||||
1/ Minimal OpenBSD install
|
||||
--------------------------
|
||||
|
||||
# Install standard OpenBSD-amd64 with ports
|
||||
|
||||
## In case you forgot to fetch ports
|
||||
|
||||
```
|
||||
$ cd /tmp
|
||||
$ ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
|
||||
$ signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
|
||||
# cd /usr
|
||||
# tar xzf /tmp/ports.tar.gz
|
||||
````
|
||||
|
||||
# System Hardening
|
||||
|
||||
- TBD
|
||||
|
||||
# doas & pkg (as root)
|
||||
```
|
||||
echo http://ftp.belnet.be/pub/OpenBSD/ > /etc/installurl
|
||||
echo "permit keepenv setenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } :wheel" > /etc/doas.conf
|
||||
```
|
||||
|
||||
# Update system
|
||||
```
|
||||
doas syspatch
|
||||
```
|
||||
|
||||
# Install bash & ntp
|
||||
```
|
||||
doas pkg_add -v bash ntp
|
||||
```
|
||||
|
||||
# rc.local - Add ntpdate on boot
|
||||
|
||||
```
|
||||
echo -n ' ntpdate'
|
||||
/usr/local/sbin/ntpdate -b pool.ntp.org >/dev/null
|
||||
```
|
||||
|
||||
# Launch ntpd on boot
|
||||
```
|
||||
doas rcctl enable xntpd
|
||||
doas rcctl set xntpd flags "-p /var/run/ntpd.pid"
|
||||
doas /usr/local/sbin/ntpd -p /var/run/ntpd.pid
|
||||
```
|
||||
|
||||
# misp user
|
||||
```
|
||||
useradd -m -s /usr/local/bin/bash -G wheel,www misp
|
||||
```
|
||||
|
||||
# nvim (optional)
|
||||
```
|
||||
doas pkg_add -v neovim
|
||||
doas mv /usr/bin/vi /usr/bin/vi-`date +%d%m%y`
|
||||
doas ln -s /usr/local/bin/nvim /usr/bin/vi
|
||||
```
|
||||
|
||||
# /etc/httpd.conf
|
||||
```
|
||||
cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config example below
|
||||
```
|
||||
|
||||
```
|
||||
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
|
||||
|
||||
#
|
||||
# Macros
|
||||
#
|
||||
ext4_addr="*"
|
||||
ext6_addr="::"
|
||||
|
||||
server "default" {
|
||||
#listen on $ext4_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
|
||||
listen on $ext4_addr port 80
|
||||
listen on $ext4_addr tls port 443
|
||||
#listen on $ext6_addr port 80 block return 301 "https://$SERVER_NAME$REQUEST_URI"
|
||||
listen on $ext6_addr port 80
|
||||
listen on $ext6_addr tls port 443
|
||||
|
||||
root "/htdocs/MISP/app/webroot"
|
||||
|
||||
tls {
|
||||
key "/etc/ssl/private/server.key"
|
||||
certificate "/etc/ssl/server.crt"
|
||||
}
|
||||
directory {
|
||||
index "index.php"
|
||||
}
|
||||
location "*.php" {
|
||||
fastcgi socket "/run/php-fpm.sock"
|
||||
}
|
||||
#location "/.well-known/acme-challenge/*" {
|
||||
# root "/acme"
|
||||
# root strip 2
|
||||
#}
|
||||
#location * {
|
||||
# block return 302 "https://$HTTP_HOST$REQUEST_URI"
|
||||
#}
|
||||
}
|
||||
|
||||
# Include MIME types instead of the built-in ones
|
||||
types {
|
||||
include "/usr/share/misc/mime.types"
|
||||
}
|
||||
|
||||
#server "example.com" {
|
||||
# listen on * tls port 443
|
||||
# listen on :: tls port 443
|
||||
# tls {
|
||||
# certificate "/etc/ssl/example.com.fullchain.pem"
|
||||
# key "/etc/ssl/private/example.com.key"
|
||||
# }
|
||||
# location "/pub/*" {
|
||||
# directory auto index
|
||||
# }
|
||||
# location "/.well-known/acme-challenge/*" {
|
||||
# root "/acme"
|
||||
# root strip 2
|
||||
# }
|
||||
#}
|
||||
```
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
```
|
||||
doas openssl genrsa -out /etc/ssl/private/server.key
|
||||
doas openssl req -new -x509 -subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" -key /etc/ssl/private/server.key -out /etc/ssl/server.crt -days 3650
|
||||
```
|
||||
|
||||
# mariadb server
|
||||
```
|
||||
pkd_add -v mariadb-server
|
||||
```
|
||||
|
||||
# start httpd
|
||||
```
|
||||
/etc/rc.d/httpd -f start
|
||||
```
|
||||
|
||||
# Install postfix
|
||||
```
|
||||
doas pkg_add -v postfix
|
||||
```
|
||||
|
||||
# Enable httpd
|
||||
```
|
||||
doas rcctl enable httpd
|
||||
```
|
||||
|
||||
# Install misc dependencies
|
||||
|
||||
```
|
||||
doas pkg_add -v curl git python redis
|
||||
```
|
||||
|
||||
# OpendBSD + Apache/httpd/nginx + MySQL/Mariadb + PHP
|
||||
```
|
||||
#pkg_add -v apache-httpd
|
||||
pkg_add -v \
|
||||
gnupg \
|
||||
```
|
||||
|
||||
# php7 ports
|
||||
```
|
||||
php-mysqli
|
||||
php-pcntl
|
||||
php-pdo_mysql
|
||||
pecl-redis
|
||||
pear
|
||||
```
|
||||
|
||||
# Optional for Apache2
|
||||
```
|
||||
doas pkg_add -v fcgi-cgi fcgi
|
||||
``
|
||||
|
||||
# /etc/php-5.6.ini
|
||||
```
|
||||
allow_url_fopen = On
|
||||
```
|
||||
|
||||
```
|
||||
cd /etc/php-5.6
|
||||
doas cp ../php-5.6.sample/* .
|
||||
```
|
||||
|
||||
# php ln
|
||||
```
|
||||
doas ln -s /usr/local/bin/php-5.6 /usr/local/bin/php
|
||||
```
|
||||
|
||||
# Enable php fpm
|
||||
``
|
||||
doas rcctl enable php56_fpm
|
||||
```
|
||||
|
||||
# Configure fpm
|
||||
```
|
||||
doas vi /etc/php-fpm.conf
|
||||
```
|
||||
|
||||
error_log = log/php-fpm.log
|
||||
chroot -> remove for the time being
|
||||
|
||||
|
||||
For native httpd: listen = /var/www/run/php-fpm.sock
|
||||
For apache2: listen = 127.0.0.1:9000
|
||||
|
||||
# Enable redis
|
||||
```
|
||||
doas rcctl enable redis
|
||||
doas /etc/rc.d/redis start
|
||||
```
|
||||
|
||||
# Enable mysqld
|
||||
```
|
||||
doas rcctl set mysqld status on
|
||||
doas rcctl set mysqld flags --bind-address=127.0.0.1
|
||||
doas /etc/rc.d/mysqld start
|
||||
doas mysql_secure_installation
|
||||
```
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
```
|
||||
# Download MISP using git in the /usr/local/www/ directory.
|
||||
doas mkdir /var/www/htdocs/MISP
|
||||
doas chown www:www /var/www/htdocs/MISP
|
||||
cd /var/www/htdocs/MISP
|
||||
doas -u www git clone https://github.com/MISP/MISP.git /var/www/htdocs/MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
doas -u www git config core.filemode false
|
||||
|
||||
doas pkg_add py-pip py3-pip libxml libxslt py3-jsonschema
|
||||
|
||||
cd /var/www/htdocs/MISP/app/files/scripts
|
||||
doas -u www git clone https://github.com/CybOXProject/python-cybox.git
|
||||
doas -u www git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/python-cybox
|
||||
doas python3 setup.py install
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/python-stix
|
||||
doas python3 setup.py install
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/
|
||||
doas -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/htdocs/MISP/app/files/scripts/mixbox
|
||||
doas python3 setup.py install
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/htdocs/MISP/PyMISP
|
||||
doas python3 setup.py install
|
||||
|
||||
# install support for STIX 2.0
|
||||
doas pip3.6 install stix2
|
||||
```
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
```
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd /var/www/htdocs/MISP
|
||||
doas -u www git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
doas -u www git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/htdocs/MISP/app
|
||||
doas -u www php composer.phar require kamisama/cake-resque:4.1.2
|
||||
doas -u www php composer.phar config vendor-dir Vendor
|
||||
doas -u www php composer.phar install
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
doas -u www cp -f /var/www/htdocs/MISP/INSTALL/setup/config.php /var/www/htdocs/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
```
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
```
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
doas chown -R www:www /var/www/htdocs/MISP
|
||||
doas chmod -R 750 /var/www/htdocs/MISP
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/tmp
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/files
|
||||
doas chmod -R g+ws /var/www/htdocs/MISP/app/files/scripts/tmp
|
||||
```
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
```
|
||||
# Enter the mysql shell
|
||||
doas mysql -u root -p
|
||||
```
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
```
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
doas -u www sh -c "mysql -u misp -p misp < /var/www/htdocs/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you set previously
|
||||
```
|
||||
|
||||
7/ Apache configuration (optional)
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot /var/www/htdocs/MISP/app/webroot/
|
||||
|
||||
#2.4
|
||||
doas mkdir /etc/apache2/sites-available/ /etc/apache2/sites-enabled/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
doas cp /var/www/htdocs/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
doas mkdir /etc/ssl/private/
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
|
||||
doas openssl req -newkey rsa:4096 -days 3650 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
doas mkdir /var/log/apache2/
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /var/www/htdocs/MISP/app/webroot
|
||||
<Directory /var/www/htdocs/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
cd /etc/apache2/sites-enabled/
|
||||
doas ln -s ../sites-available/misp-ssl.conf
|
||||
echo "Include /etc/apache2/sites-enabled/*.conf" >> /etc/apache2/httpd2.conf
|
||||
|
||||
doas vi /etc/apache2/httpd2.conf
|
||||
|
||||
/!\ Enable mod_rewrite in httpd2.conf /!\
|
||||
LoadModule rewrite_module /usr/local/lib/apache2/mod_rewrite.so
|
||||
LoadModule ssl_module /usr/local/lib/apache2/mod_ssl.so
|
||||
LoadModule proxy_module /usr/local/lib/apache2/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/local/lib/apache2/mod_proxy_fcgi.so
|
||||
Listen 443
|
||||
|
||||
# Restart apache
|
||||
doas /etc/rc.d/apache2 restart
|
||||
|
||||
8/ Log rotation (needs to be adapted to OpenBSD, newsyslog does this for you
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /var/www/htdocs/MISP/app/tmp/logs
|
||||
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/htdocs/MISP/app/Config that need to be copied
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/bootstrap.default.php /var/www/htdocs/MISP/app/Config/bootstrap.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/database.default.php /var/www/htdocs/MISP/app/Config/database.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/core.default.php /var/www/htdocs/MISP/app/Config/core.php
|
||||
doas -u www cp /var/www/htdocs/MISP/app/Config/config.default.php /var/www/htdocs/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
doas -u www vim /var/www/htdocs/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
doas -u www vim /var/www/htdocs/MISP/app/Config/config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
doas chown -R www:www /var/www/htdocs/MISP/app/Config
|
||||
doas chmod -R 750 /var/www/htdocs/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
doas -u www mkdir /var/www/htdocs/MISP/.gnupg
|
||||
doas chmod 700 /var/www/htdocs/MISP/.gnupg
|
||||
##### doas -u www gpg --homedir /var/www/htdocs/MISP/.gnupg --gen-key <- Broken
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
doas -u www sh -c "gpg --homedir /var/www/htdocs/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/htdocs/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
doas chmod +x /var/www/htdocs/MISP/app/Console/worker/start.sh
|
||||
doas vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
|
||||
doas -u www bash /var/www/htdocs/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
doas chmod -R 750 /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
doas chown -R www:www /var/www/htdocs/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/htdocs/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache/httpd
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ.
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
```
|
||||
doas pkg_add -v py3-zmq
|
||||
```
|
|
@ -0,0 +1,589 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for CentOS 7.x
|
||||
|
||||
0/ MISP CentOS 7 Minimal NetInstall - Status
|
||||
--------------------------------------------
|
||||
|
||||
Maintained and tested by @SteveClement, CentOS 7.5-1804 on 20180906
|
||||
|
||||
CentOS 7.5-1804 NetInstallURL: http://mirror.centos.org/centos/7.5.1804/os/x86_64/
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php56 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/opt/rh/rh-php56/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal CentOS install
|
||||
-------------------------
|
||||
|
||||
Install a minimal CentOS 7.x system with the software:
|
||||
|
||||
- OpenSSH server
|
||||
- LAMP server (actually, this is done below)
|
||||
- Mail server
|
||||
|
||||
# Make sure you set your hostname CORRECTLY vs. like an animal (manually in /etc/hostname)
|
||||
hostnamectl set-hostname misp.local # or whatever you want it to be
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo yum update -y
|
||||
|
||||
2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root or with sudo:
|
||||
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
sudo yum install epel-release -y
|
||||
|
||||
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
||||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
sudo yum install centos-release-scl -y
|
||||
|
||||
# Install the dependencies:
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel -y
|
||||
|
||||
# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/
|
||||
sudo yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath rh-php56-php-opcache -y
|
||||
|
||||
# Install Python 3.6 from SCL, see
|
||||
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
sudo yum install rh-python36 -y
|
||||
|
||||
# rh-php56-php only provided mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead
|
||||
sudo systemctl enable rh-php56-php-fpm.service
|
||||
sudo systemctl start rh-php56-php-fpm.service
|
||||
|
||||
$RUN_PHP "pear channel-update pear.php.net"
|
||||
sudo $RUN_PHP "pear install Crypt_GPG" # we need version >1.3.0
|
||||
|
||||
NOTE: $RUN_PHP makes php available for you if using rh-php56. e.g: $RUN_PHP "pear list | grep Crypt_GPG"
|
||||
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
sudo yum install haveged -y
|
||||
sudo systemctl enable haveged.service
|
||||
sudo systemctl start haveged.service
|
||||
|
||||
# Enable and start redis
|
||||
sudo systemctl enable redis.service
|
||||
sudo systemctl start redis.service
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
sudo git clone https://github.com/MISP/MISP.git
|
||||
cd /var/www/MISP
|
||||
sudo git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo git config core.filemode false
|
||||
|
||||
# Fetch submodules
|
||||
cd /var/www/MISP
|
||||
sudo git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo yum install python-importlib python-lxml python-dateutil python-six -y
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
sudo git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
sudo git config core.filemode false
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install maec
|
||||
sudo $RUN_PYTHON "pip install maec"
|
||||
|
||||
# install zmq
|
||||
sudo $RUN_PYTHON "pip install zmq"
|
||||
|
||||
# install redis
|
||||
sudo $RUN_PYTHON "pip install redis"
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
umask $UMASK
|
||||
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
sudo chown -R apache:apache /var/www/MISP
|
||||
sudo mkdir /usr/share/httpd/.composer
|
||||
sudo chown apache:apache /usr/share/httpd/.composer
|
||||
cd /var/www/MISP/app
|
||||
sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
|
||||
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
|
||||
sudo -u apache $RUN_PHP "php composer.phar install"
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
|
||||
sudo $RUN_PHP "pecl install redis-2.2.8"
|
||||
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
# If you have not yet set a timezone in php.ini
|
||||
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php56/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
sudo chown -R root:apache /var/www/MISP
|
||||
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
sudo chmod -R g+r,o= /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache /var/www/MISP/app/files
|
||||
sudo chown apache:apache /var/www/MISP/app/files/terms
|
||||
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/Config
|
||||
sudo chown -R apache:apache /var/www/MISP/app/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enable, start and secure your mysql database server
|
||||
sudo systemctl enable mariadb.service
|
||||
sudo systemctl start mariadb.service
|
||||
|
||||
# If you want to continue copy pasting set the MySQL root password to $DBPASSWORD_ADMIN
|
||||
echo $DBPASSWORD_ADMIN
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Additionally, it is probably a good idea to make the database server listen on localhost only
|
||||
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
|
||||
sudo systemctl restart mariadb.service
|
||||
|
||||
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
|
||||
|
||||
sudo cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
# Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
:warning: Revise all permissions so update in Web UI works.
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
|
||||
|
||||
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
sudo setsebool -P httpd_can_network_connect on
|
||||
|
||||
# Enable and start the httpd service
|
||||
sudo systemctl enable httpd.service
|
||||
sudo systemctl start httpd.service
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
sudo firewall-cmd --reload
|
||||
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
/!\ WARNING - To be fixed - Place holder
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
# Now make logrotate work under SELinux as well
|
||||
# Allow logrotate to modify the log files
|
||||
sudo semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
sudo chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
|
||||
# Allow logrotate to read /var/www
|
||||
sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
|
||||
sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
sudo semodule -i /tmp/misplogrotate.pp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u apache tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
|
||||
# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');`
|
||||
# database.php : login, port, password, database
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
sudo chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
|
||||
|
||||
# Change base url
|
||||
sudo $RUN_PHP "$CAKE Baseurl $MISP_BASEURL"
|
||||
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo gpg --homedir /var/www/MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
sudo rm -f /tmp/gen-key-script
|
||||
sudo chown -R apache:apache /var/www/MISP/.gnupg
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo gpg --homedir /var/www/MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee /var/www/MISP/app/webroot/gpg.asc
|
||||
sudo chown apache:apache /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo -u apache $RUN_PHP /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
# and make sure it will execute
|
||||
sudo chmod +x /etc/rc.local
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $RUN_PHP "$CAKE userInit -q"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_authkey" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns_alt" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
|
||||
|
||||
## Redis block
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_password" """
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
|
||||
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert_age" """
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidleft" "This is an initial install""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings""
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'"
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
|
||||
# Now log in using the webinterface: http://misp/users/login
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
|
||||
Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R apache:apache /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
|
@ -0,0 +1,735 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Debian testing "buster" server
|
||||
|
||||
0/ MISP testing dev install - Status
|
||||
------------------------------------
|
||||
|
||||
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
|
||||
uses for testing, qc and random development.
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal Debian install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Debian testing "buster" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
|
||||
# Make sure you can sudo
|
||||
```
|
||||
misp@debian:~$ sudo ls
|
||||
[sudo] password for misp:
|
||||
misp is not in the sudoers file. This incident will be reported.
|
||||
```
|
||||
|
||||
su -
|
||||
adduser misp sudo
|
||||
|
||||
# install etckeeper (optional)
|
||||
sudo apt install -y etckeeper
|
||||
|
||||
# Make sure your system is up2date:
|
||||
sudo apt update
|
||||
sudo apt -y dist-upgrade
|
||||
|
||||
# Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt install -y postfix
|
||||
# Postfix Configuration: Satellite system
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install all the dependencies: (some might already be installed)
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
libapache2-mod-php7.2 php7.2 php7.2-cli php7.2-mbstring php-pear php7.2-dev php7.2-json php7.2-xml php7.2-mysql php7.2-opcache php7.2-readline \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools
|
||||
|
||||
# Start rng-tools to get more entropy (optional)
|
||||
# If you get TPM errors, enable "Security chip" in BIOS (keep secure boot disabled)
|
||||
sudo apt install rng-tools
|
||||
sudo service rng-tools start
|
||||
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP external dependencies
|
||||
sudo pear channel-update pear.php.net
|
||||
sudo pear install Crypt_GPG
|
||||
sudo pecl channel-update pecl.php.net
|
||||
sudo pecl install redis
|
||||
echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
|
||||
|
||||
# Switch to python3 by default (optional)
|
||||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
|
||||
To flip between the 2 pythons: sudo update-alternatives --config python
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo pip3 install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo pip3 install .
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo pip3 install .
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP.
|
||||
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
# Make composer cache happy
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/php/7.2/apache2/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Change base url
|
||||
sudo $CAKE Baseurl $MISP_BASEURL
|
||||
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
sudo $CAKE Admin updateWarningLists
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip3 install -I -r REQUIREMENTS
|
||||
sudo pip3 install -I .
|
||||
sudo pip3 install maec lief python-magic wand
|
||||
sudo pip3 install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip3 install stix2
|
||||
sudo gem install pygments.rb
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# $PATH_TO_MISP/app/tmp/logs/error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-worker-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# $PATH_TO_MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
PATH="$PATH:/usr/local/src/viper"
|
||||
fi
|
||||
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
PATH="$PATH:/var/www/MISP/app/Console"
|
||||
fi
|
||||
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo apt install python3-redis -y
|
||||
|
||||
## install pyzmq
|
||||
sudo apt install python3-zmq -y
|
||||
|
||||
|
||||
MISP Dashboard
|
||||
--------------
|
||||
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
|
||||
|
||||
Install viper framework
|
||||
-----------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
sudo git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
sudo git git submodule update --init --recursive
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo pip3 uninstall yara -y
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
|
||||
|
||||
|
||||
Install mail to misp
|
||||
--------------------
|
||||
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
sudo git clone git://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
sudo cmake .. && sudo make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../
|
||||
cd mail_to_misp
|
||||
sudo pip3 install -r requirements.txt
|
||||
sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
!!! warning
|
||||
All guides prefixed with 'x' are not being actively maintained by the MISP core maintainers.
|
||||
If you want to change that, please reach out on [gitter](https://gitter.im/MISP/MISP).
|
|
@ -0,0 +1,81 @@
|
|||
# Requirements: mkdocs >1.x && mkdocs-material
|
||||
|
||||
# Project information
|
||||
site_name: MISP Install Documentation
|
||||
site_description: MISP Project - Install Guides
|
||||
site_author: MISP Project
|
||||
site_url: https://www.misp-project.org/
|
||||
|
||||
# Repository
|
||||
repo_name: SteveClement/MISP
|
||||
repo_url: https://github.com/SteveClement/MISP
|
||||
edit_uri: ""
|
||||
|
||||
# Copyright
|
||||
copyright: "Copyright © 2019 MISP Project"
|
||||
|
||||
# Options
|
||||
extra:
|
||||
search:
|
||||
languages: "en"
|
||||
social:
|
||||
- type: globe
|
||||
link: https://www.misp-project.org/
|
||||
- type: github-alt
|
||||
link: https://github.com/MISP
|
||||
- type: twitter
|
||||
link: https://twitter.com/MISPProject
|
||||
|
||||
theme:
|
||||
name: material
|
||||
language: en
|
||||
favicon: img/favicon.ico
|
||||
logo: img/misp.png
|
||||
|
||||
# Extensions
|
||||
markdown_extensions:
|
||||
- markdown.extensions.admonition
|
||||
- markdown.extensions.codehilite:
|
||||
guess_lang: false
|
||||
- markdown.extensions.def_list
|
||||
- markdown.extensions.footnotes
|
||||
- markdown.extensions.meta
|
||||
- markdown.extensions.toc:
|
||||
permalink: true
|
||||
- pymdownx.arithmatex
|
||||
- pymdownx.betterem:
|
||||
smart_enable: all
|
||||
- pymdownx.caret
|
||||
- pymdownx.critic
|
||||
- pymdownx.details
|
||||
- pymdownx.emoji:
|
||||
emoji_generator: !!python/name:pymdownx.emoji.to_svg
|
||||
- pymdownx.inlinehilite
|
||||
- pymdownx.magiclink
|
||||
- pymdownx.mark
|
||||
- pymdownx.smartsymbols
|
||||
- pymdownx.superfences
|
||||
- pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
- pymdownx.tilde
|
||||
|
||||
nav:
|
||||
- Home: 'index.md'
|
||||
- Install Guides:
|
||||
- 'Ubuntu 18.04': 'INSTALL.ubuntu1804.md'
|
||||
- 'Debian stable': 'INSTALL.debian9.md'
|
||||
- 'Kali Linux': 'INSTALL.kali.md'
|
||||
- 'Redhat Enterprise Linux 7': 'INSTALL.rhel7.md'
|
||||
- xInstall Guides:
|
||||
- 'Warning': 'xINSTALL.md'
|
||||
- 'Centos 7': 'xINSTALL.centos7.md'
|
||||
- 'Debian testing': 'xINSTALL.debian_testing.md'
|
||||
- 'OpenBSD 6.3': 'xINSTALL.OpenBSD.md'
|
||||
- Config Guides:
|
||||
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
|
||||
- 'Amazon S3 attachments': 'CONFIG.s3-attachments.md'
|
||||
- 'S/MIME': 'CONFIG.SMIME.md'
|
||||
- Update MISP: 'UPDATE.md'
|
||||
- About:
|
||||
- 'MISP Release Notes': 'Changelog.md'
|
||||
- 'License': 'license.md'
|
Loading…
Reference in New Issue