MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [doc] Updated docs and removed obsolete refs.

pull/8056/head
Steve Clement 2021-12-25 11:02:44 +09:00
parent 30104a7df0
commit 9cff98016d
No known key found for this signature in database
GPG Key ID: 69A20F509BE4AEE9
12 changed files with 19 additions and 1103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/INSTALL.rhel7.md
View File

@ -635,7 +635,7 @@ configWorkersRHEL () {
{!generic/MISP_CAKE_init.md!}
{!generic/misp-modules-centos.md!}
{!generic/misp-modules-rhel.md!}
{!generic/misp-modules-cake.md!}

27
docs/INSTALL.rhel8.md
View File

@ -1,14 +1,13 @@
# INSTALLATION INSTRUCTIONS for RHEL 8.x based distros
-------------------------
### -2/ RHEL8/CentOS8/CentOS_Stream(8/9)/Rocky8.4/Rocky8.5/Fedora34/Fedora35 - status
### -2/ RHEL8/Rocky8.4/Rocky8.5/Fedora34/Fedora35 - status
-------------------------
!!! notice
Tested fully working without SELinux by [@SteveClement](https://twitter.com/SteveClement) on 20210702
!!! notice
TODO: Fix SELinux permissions, *pull-requests welcome*.
TODO: Test CentOS Stram 9, misp-core works approximately.
{!generic/manual-install-notes.md!}
@ -19,8 +18,6 @@
### 0/ Overview and Assumptions
{!generic/rhelVScentos.md!}
!!! warning
The core MISP team cannot easily verify if this guide is working or not. Please help us in keeping it up to date and accurate.
Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.
@ -32,8 +29,8 @@
{!generic/manual-install-notes.md!}
This document details the steps to install MISP on Red Hat Enterprise Linux 8.x (RHEL 8.x) and CentOS 8.x.
This is a joint RHEL/CentOS install guide. The authors tried to make it contextually evident what applies to which flavor.
This document details the steps to install MISP on Red Hat Enterprise Linux 8.x (RHEL 8.x) and Rocky Linux 8.x.
This is a joint RHEL/Rocky install guide. The authors tried to make it contextually evident what applies to which flavor.
The following assumptions with regard to this installation have been made.
@ -59,7 +56,7 @@ The following assumptions with regard to this installation have been made.
### 1/ OS Install and additional repositories
## 1.1/ Complete a minimal RHEL/CentOS installation, configure IP address to connect automatically.
## 1.1/ Complete a minimal RHEL/Rocky installation, configure IP address to connect automatically.
## 1.2/ Configure system hostname (if not done during install)
```bash
@ -127,14 +124,6 @@ enableEPEL_REMI_8 () {
([[ ${DISTRI} == "centos8stream" ]] || [[ ${DISTRI} == "centos8" ]] || [[ ${DISTRI} == "rocky8.4" ]] || [[ ${DISTRI} == "rocky8.5" ]]) && sudo dnf config-manager --set-enabled powertools
}
enableEPEL_REMI_9 () {
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
sudo dnf install http://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf install dnf-utils -y
sudo dnf module enable php:remi-7.4 -y
([[ ${DISTRI} == "centos9stream" ]]) && sudo dnf config-manager --set-enabled powertools
}
enableREMI_fedora () {
[[ "${DISTRI%??}" == "fedora" ]] && sudo dnf install http://rpms.remirepo.net/fedora/remi-release-${DISTRI:6}.rpm -y
dnf list installed mod_lua && sudo dnf remove mod_lua -y
@ -321,7 +310,7 @@ installCoreRHEL8 () {
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
([[ ${DISTRI} == 'fedora33' ]] || [[ ${DISTRI} == 'fedora34' ]] || [[ ${DISTRI} == 'rhel8.3' ]]) && sudo dnf install cmake3 -y && CMAKE_BIN='cmake3'
([[ ${DISTRI} == 'centos8stream' ]] || [[ ${DISTRI} == 'centos8' ]] || [[ ${DISTRI} == 'rocky8.4' ]] || [[ ${DISTRI} == 'rocky8.5' ]] || [[ ${DISTRI} == 'centos9stream']]) && sudo dnf install cmake -y && CMAKE_BIN='cmake'
([[ ${DISTRI} == 'centos8stream' ]] || [[ ${DISTRI} == 'centos8' ]] || [[ ${DISTRI} == 'rocky8.4' ]] || [[ ${DISTRI} == 'rocky8.5' ]]) && sudo dnf install cmake -y && CMAKE_BIN='cmake'
UMASK=$(umask)
umask 0022
@ -345,7 +334,7 @@ installCoreRHEL8 () {
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U .
# FIXME: Remove libfaup etc once the egg has the library baked-in
# BROKEN: This needs to be tested on RHEL/CentOS
# BROKEN: This needs to be tested on RHEL/Rocky
sudo dnf install libcaca-devel -y
cd /tmp
[[ ! -d "faup" ]] && $SUDO_CMD git clone https://github.com/stricaud/faup.git faup
@ -729,11 +718,11 @@ configWorkersRHEL () {
{!generic/MISP_CAKE_init.md!}
{!generic/misp-modules-centos.md!}
{!generic/misp-modules-rhel.md!}
{!generic/misp-modules-cake.md!}
{!generic/misp-dashboard-centos.md!}
{!generic/misp-dashboard-rhel.md!}
{!generic/misp-dashboard-cake.md!}

2
docs/UPDATE.md
View File

@ -81,7 +81,7 @@ cd /var/www/MISP/PyMISP
python3 setup.py install
```
# 6. For RHEL/CentOS: enable python3 for php-fpm
# 6. For RHEL: enable python3 for php-fpm
```bash
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf

486
docs/archive/INSTALL.ubuntu1604.md
View File

@ -1,486 +0,0 @@
# INSTALLATION INSTRUCTIONS
## for Ubuntu 16.04.5-server
### 0/ MISP Ubuntu 16.04-server install - status
-------------------------
!!! notice
Tested working by @SteveClement on 20181025
{!generic/community.md!}
{!generic/globalVariables.md!}
```bash
PHP_ETC_BASE=/etc/php/7.0
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
```
### 1/ Minimal Ubuntu install
-------------------------
#### Install a minimal Ubuntu 16.04-server system with the software:
- OpenSSH server
- This guide assumes a user name of 'misp' with sudo working
{!generic/sudo_etckeeper.md!}
{!generic/ethX.md!}
#### Make sure your system is up2date
```bash
# Install python 3.6 from ppa due to this domaintools_api bug: https://github.com/DomainTools/python_api/issues/31
sudo add-apt-repository ppa:jonathonf/python-3.6
sudo apt-get update
sudo apt-get upgrade
```
#### install postfix, there will be some questions.
```bash
sudo apt-get install postfix -y
```
!!! notice
Postfix Configuration: Satellite system<br />
change the relay server later with:
```bash
sudo postconf -e 'relayhost = example.com'
sudo postfix reload
```
### 2/ Install LAMP & dependencies
------------------------------
Once the system is installed you can perform the following steps.
```bash
# Make sure you have enabled the Universe repository
# (ie. for redis-server), enable it with:
# sudo add-apt-repository universe
# Install the dependencies: (some might already be installed)
sudo apt-get install curl gcc git gnupg-agent make python python3 python3.6 virtualenv openssl redis-server sudo vim zip -y
# Install MariaDB (a MySQL fork/alternative)
sudo apt-get install mariadb-client mariadb-server -y
sudo apt install expect -y
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
expect -f - <<-EOF
set timeout 10
spawn sudo mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo apt-get purge -y expect ; sudo apt autoremove -y
# Install Apache2
sudo apt-get install apache2 apache2-doc apache2-utils -y
# Enable modules, settings, and default of SSL in Apache
sudo a2dismod status
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2dissite 000-default
sudo a2ensite default-ssl
# Install PHP and dependencies
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring php-gd -y
# Apply all changes
sudo systemctl restart apache2
```
### 3/ MISP code
------------
```bash
# Download MISP using git in the /var/www/ directory.
sudo mkdir /var/www/MISP
sudo chown www-data:www-data /var/www/MISP
cd /var/www/MISP
sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP
sudo -u www-data git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www-data git submodule foreach --recursive git config core.filemode false
# Make git ignore filesystem permission differences
sudo -u www-data git config core.filemode false
# Create a python3 virtualenv
sudo -u www-data virtualenv -p python3.6 /var/www/MISP/venv
# make pip happy
sudo mkdir /var/www/.cache/
sudo chown www-data:www-data /var/www/.cache
# install Mitre's STIX and its dependencies by running the following commands:
sudo apt-get install python3.6-dev libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
cd /var/www/MISP/app/files/scripts
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
# install mixbox to accommodate the new STIX dependencies:
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
cd /var/www/MISP/app/files/scripts/mixbox
sudo -H -u www-data /var/www/MISP/venv/bin/pip install .
cd /var/www/MISP/app/files/scripts/python-cybox
sudo -H -u www-data /var/www/MISP/venv/bin/pip install .
cd /var/www/MISP/app/files/scripts/python-stix
sudo -H -u www-data /var/www/MISP/venv/bin/pip install .
# install PyMISP
cd /var/www/MISP/PyMISP
sudo -H -u www-data /var/www/MISP/venv/bin/pip install .
```
### 4/ CakePHP
-----------
```bash
# Once done, install CakeResque along with its dependencies
# if you intend to use the built in background jobs:
cd /var/www/MISP/app
# Make composer cache happy
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
sudo -H -u www-data php composer.phar install --no-dev
# Enable CakeResque with php-redis
sudo phpenmod redis
sudo phpenmod gnupg
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
```
### 5/ Set the permissions
----------------------
```bash
# Check if the permissions are set correctly using the following commands:
sudo chown -R www-data:www-data /var/www/MISP
sudo chmod -R 750 /var/www/MISP
sudo chmod -R g+ws /var/www/MISP/app/tmp
sudo chmod -R g+ws /var/www/MISP/app/files
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
```
### 6/ Create a database and user
-----------------------------
```bash
# Enter the mysql shell
sudo mysql -u root -p
```
```
MariaDB [(none)]> create database misp;
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
```
#### copy/paste:
```bash
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
#### Import the empty MISP database from MYSQL.sql
```bash
# Import the empty MISP database from MYSQL.sql
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
```
### 7/ Apache configuration
-----------------------
Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/
#### Apache version 2.2 config:
```bash
sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
```
#### Apache version 2.4 config:
```bash
sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
```
!!! notice
Be aware that the configuration files for apache 2.4 and up have changed.
The configuration file has to have the .conf extension in the sites-available directory
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
```bash
# If a valid SSL certificate is not already created for the server,
# create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
```
!!! notice
Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL).<br />
Also remember to verify the SSLCertificateChainFile property in your config file.<br />
This is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.<br />
Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
```
============================================= Begin sample working SSL config for MISP
<VirtualHost <IP, FQDN, or *>:80>
ServerName <your.FQDN.here>
Redirect permanent / https://<your.FQDN.here>
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost <IP, FQDN, or *>:443>
ServerAdmin admin@<your.FQDN.here>
ServerName <your.FQDN.here>
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
============================================= End sample working SSL config for MISP
```
```bash
# activate new vhost
sudo a2dissite default-ssl
sudo a2ensite misp-ssl
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
# Restart apache
sudo systemctl restart apache2
```
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
sudo chmod 0640 /etc/logrotate.d/misp
```
### 9/ MISP configuration
---------------------
```bash
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The salt key must be a string at least 32 bytes long.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# and make sure the file permissions are still OK
sudo chown -R www-data:www-data /var/www/MISP/app/Config
sudo chmod -R 750 /var/www/MISP/app/Config
# Generate a GPG encryption key.
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: 1
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: 1
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
# And export the public key to the webroot
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
```
!!! notice
If entropy is not high enough, you can install havegd and then start the service
```bash
sudo apt install haveged -y
sudo service havegd start
```
```bash
# To make the background workers start on boot
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
```
{!generic/MISP_CAKE_init.md!}
```bash
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
# Start the workers
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
# some misp-modules dependencies
sudo apt-get install -y libpq5 libjpeg-dev libfuzzy-dev
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
sudo -H -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
sudo -H -u www-data /var/www/MISP/venv/bin/pip install .
sudo apt install ruby-pygments.rb -y
sudo gem install asciidoctor-pdf --pre
# install STIX2.0 library to support STIX 2.0 export:
sudo -H -u www-data /var/www/MISP/venv/bin/pip install stix2
# install additional dependencies for extended object generation and extraction
sudo -H -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib
sudo -H -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
sudo -u www-data misp-modules -l 127.0.0.1 -s &
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
{!generic/INSTALL.done.md!}
{!generic/recommended.actions.md!}
### Optional features
-----------------
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
```bash
sudo -H -u www-data /var/www/MISP/venv/bin/pip install pyzmq
```
#### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands
```bash
apt-get install librdkafka-dev php-dev
pecl install rdkafka
find /etc -name php.ini | while read f; do echo 'extension=rdkafka.so' | tee -a "$f"; done
```
!!! warning
There is an issue with the apache config of misp-dashboard in Ubuntu 16.04
You need to **remove** the following 3 options from **WSGIDaemonProcess**
```
# eviction-timeout=0
# response-buffer-size=0
# server-metrics=Off
```
The version of **libapache2-mod-wsgi-py3** is "out-of-date".
```
ii libapache2-mod-wsgi-py3 4.3.0-1.1build1 amd64 Python 3 WSGI adapter module for Apache
```
!!! warning
On a stock Ubuntu 16.04 **redis-server** is only at v3.0 the command GEOADD only got introduce v3.2
If you want to use misp-dashboard on 16.04 do the following:
```bash
sudo add-apt-repository ppa:chris-lea/redis-server
sudo apt update
sudo apt install redis-server
```
All of the above said, it might still not work for you. If so, please open an [issue](https://github.com/MISP/misp-dashboard/issues) or join [gitter](https://gitter.im/MISP) and discuss there.
{!generic/misp-dashboard-debian.md!}
{!generic/viper-debian.md!}
{!generic/ssdeep-debian.md!}
{!generic/mail_to_misp-debian.md!}
#### misp-modules (section deprecated)
-------------------------------
!!! notice
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
Then the enrichment, export and import modules can be enabled in MISP via the settings.

587
docs/archive/xINSTALL.centos6.md
View File

@ -1,587 +0,0 @@
# INSTALLATION INSTRUCTIONS
## for CentOS 6.10
### -1/ Installer and Manual install instructions
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/xINSTALL.centos6/).
!!! warning
In the **future**, to install MISP on a fresh CentOS 6 install all you need to do is:
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```
**The above does NOT work yet**
### 0/ MISP CentOS 6 Minimal NetInstall - Status
--------------------------------------------
{!generic/community.md!}
{!generic/rhelVScentos.md!}
!!! notice
Semi-maintained and tested by @SteveClement, CentOS 6.10 on 20190417<br />
It is still considered experimental as not everything works seemlessly.
!!! notice
Maintenance will end on: November 30th, 2020 [Source[0]](https://wiki.centos.org/About/Product) [Source[1]](https://linuxlifecycle.com/)
CentOS 6.10 [NetInstallURL](http://mirrors.sonic.net/centos/6.10/os/x86_64/)
{!generic/globalVariables.md!}
```bash
# CentOS Specific
RUN_PHP='/usr/bin/scl enable rh-php70 '
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
SUDO_WWW='sudo -H -u apache'
PHP_INI=/etc/opt/rh/rh-php70/php.ini
```
### 1/ Minimal CentOS install
-------------------------
Install a minimal CentOS 6.x system with the software:
- OpenSSH server
- LAMP server (actually, this is done below)
- Mail server
```bash
# Make sure you set your hostname CORRECTLY vs. like an brute (manually in /etc/hostname)
sudo hostnamectl set-hostname misp.local # Your choice, in a production environment, it's best to use a FQDN
# Make sure your system is up2date:
sudo yum update -y
```
### 2/ Dependencies *
----------------
Once the system is installed you can perform the following steps as root or with sudo.
```bash
# We need some packages from the Extra Packages for Enterprise Linux repository
curl -o /tmp/epel.rpm http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh /tmp/epel.rpm
# php 7.2
# sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
# sudo yum install yum-utils
# sudo yum-config-manager --enable remi-php72
# sudo yum update
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
sudo yum install centos-release-scl -y
# Because vim is just so practical
sudo yum install vim -y
# Install the dependencies:
sudo yum install gcc git zip \
httpd \
mod_ssl \
redis \
mysql-server \
python-devel python-pip python-zmq \
libxslt-devel zlib-devel ssdeep-devel -y
# Install PHP 7.0 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php70/
sudo yum install rh-php70 rh-php70-php-fpm rh-php70-php-devel rh-php70-php-mysqlnd rh-php70-php-mbstring rh-php70-php-xml rh-php70-php-bcmath rh-php70-php-gd rh-php70-php-zip
# Install Python 3.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
sudo yum install rh-python36 -y
# rh-php70-php only provided mod_php for httpd24-httpd from SCL
# if we want to use httpd from CentOS base we can use rh-php70-php-fpm instead
sudo chkconfig rh-php70-php-fpm on
sudo service rh-php70-php-fpm start
# php-fpm is accessed using the fcgi interface
sudo yum install mod_fcgid mod_proxy_fcgi
```
!!! notice
$RUN_PHP makes php available for you if using rh-php70. e.g: $RUN_PHP "pear list | grep Crypt_GPG"
```bash
# GPG needs lots of entropy, haveged provides entropy
sudo yum install haveged -y
sudo chkconfig haveged on
sudo service haveged start
# Enable and start redis
sudo chkconfig redis on
sudo service redis start
```
### 3/ MISP code
------------
```bash
# Download MISP using git in the /var/www/ directory.
sudo mkdir ${PATH_TO_MISP}
sudo chown apache:apache ${PATH_TO_MISP}
cd /var/www
${SUDO_WWW} git clone https://github.com/MISP/MISP.git
cd ${PATH_TO_MISP}
##${SUDO_WWW} git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
# if the last shortcut doesn't work, specify the latest version manually
# example: git checkout tags/v2.4.XY
# the message regarding a "detached HEAD state" is expected behaviour
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
# Fetch submodules
${SUDO_WWW} git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
# Create a python3 virtualenv
${SUDO_WWW} $RUN_PYTHON "virtualenv -p python3 ${PATH_TO_MISP}/venv"
sudo mkdir /var/www/.cache
sudo chown apache:apache /var/www/.cache
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U pip setuptools
# install Mitre's STIX and its dependencies by running the following commands:
sudo yum install python-importlib python-lxml python-dateutil python-six -y
cd ${PATH_TO_MISP}/app/files/scripts
${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git
${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
$SUDO_WWW git config core.filemode false
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
UMASK=$(umask)
umask 0022
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
$SUDO_WWW git config core.filemode false
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# install maec
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U maec
# install zmq
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U zmq
# install redis
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U redis
# lief needs manual compilation
sudo yum install devtoolset-7 cmake3 -y
sudo yum install http://opensource.wandisco.com/centos/6/git/x86_64/wandisco-git-release-6-1.noarch.rpm
sudo yum install git -y
cd ${PATH_TO_MISP}/app/files/scripts
${SUDO_WWW} git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
# TODO: Fix static path with PATH_TO_MISP
cd ${PATH_TO_MISP}/app/files/scripts/lief
$SUDO_WWW git config core.filemode false
${SUDO_WWW} mkdir build
cd build
${SUDO_WWW} scl enable devtoolset-7 rh-python36 'bash -c "cmake3 \
-DLIEF_PYTHON_API=on \
-DLIEF_DOC=off \
-DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \
-DCMAKE_BUILD_TYPE=Release \
-DPYTHON_VERSION=3.6 \
-DPYTHON_EXECUTABLE=/var/www/MISP/venv/bin/python \
.."'
${SUDO_WWW} make -j3
sudo make install
cd api/python/lief_pybind11-prefix/src/lief_pybind11
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/python setup.py install
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
# install magic, pydeep
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U python-magic
## pydeep does not compile ):
## git+https://github.com/kbandla/pydeep.git
# install mixbox to accommodate the new STIX dependencies:
cd ${PATH_TO_MISP}/app/files/scripts/
${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# install STIX2.0 library to support STIX 2.0 export:
cd ${PATH_TO_MISP}/cti-python-stix2
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd ${PATH_TO_MISP}/PyMISP
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# FIXME: Remove libfaup etc once the egg has the library baked-in
# BROKEN: This needs to be tested on RHEL/CentOS
##sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
cd /tmp
[[ ! -d "faup" ]] && $SUDO_CMD git clone https://github.com/stricaud/faup.git faup
[[ ! -d "gtcaca" ]] && $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca
sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
cd gtcaca
$SUDO_CMD mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
sudo make install
cd ../../faup
$SUDO_CMD mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
sudo make install
sudo ldconfig
# Enable python3 for php-fpm
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php70/sysconfig/php-fpm
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php70/php-fpm.d/www.conf
sudo service rh-php70-php-fpm restart
umask $UMASK
# Enable dependencies detection in the diagnostics page
# This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings.
echo "env[PATH] =/opt/rh/rh-python36/root/usr/bin:/opt/rh/rh-php70/root/usr/bin:/usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/rh/rh-php70/php-fpm.d/www.conf
sudo service rh-php70-php-fpm restart
```
### 4/ CakePHP
-----------
#### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
#### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
```bash
sudo chown -R apache:apache ${PATH_TO_MISP}
sudo mkdir /var/www/.composer/
sudo chown apache:apache /var/www/.composer/
cd ${PATH_TO_MISP}/app
# Update composer.phar (optional)
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
#${SUDO_WWW} $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
#${SUDO_WWW} $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
#${SUDO_WWW} $RUN_PHP "php composer-setup.php"
#${SUDO_WWW} $RUN_PHP -- php -r "unlink('composer-setup.php');"
${SUDO_WWW} $RUN_PHP "php composer.phar install --no-dev"
sudo yum install php-redis -y
sudo service rh-php70-php-fpm restart
# If you have not yet set a timezone in php.ini
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php70/php-fpm.d/timezone.ini
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php70/php.d/99-timezone.ini
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php70/php.ini
# max_execution_time=300
# memory_limit=2048M
# upload_max_filesize=50M
# post_max_size=50M
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
sudo service rh-php70-php-fpm restart
# To use the scheduler worker for scheduled tasks, do the following:
sudo cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
```
### 5/ Set the permissions
----------------------
```bash
# Make sure the permissions are set correctly using the following commands as root:
sudo chown -R apache:apache ${PATH_TO_MISP}
sudo find ${PATH_TO_MISP} -type d -exec chmod g=rx {} \;
sudo chmod -R g+r,o= ${PATH_TO_MISP}
sudo chmod -R 750 ${PATH_TO_MISP}
sudo chmod -R g+xws ${PATH_TO_MISP}/app/tmp
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
sudo chmod -R g+rw ${PATH_TO_MISP}/venv
sudo chmod -R g+rw ${PATH_TO_MISP}/.git
sudo chown apache:apache ${PATH_TO_MISP}/app/files
sudo chown apache:apache ${PATH_TO_MISP}/app/files/terms
sudo chown apache:apache ${PATH_TO_MISP}/app/files/scripts/tmp
sudo chown apache:apache ${PATH_TO_MISP}/app/Plugin/CakeResque/tmp
sudo chown -R apache:apache ${PATH_TO_MISP}/app/Config
sudo chown -R apache:apache ${PATH_TO_MISP}/app/tmp
sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/orgs
sudo chown -R apache:apache ${PATH_TO_MISP}/app/webroot/img/custom
```
### 6/ Create a database and user
-----------------------------
```bash
# Enable, start and secure your mysql database server
sudo chkconfig mysqld on
sudo service mysqld start
sudo yum install expect -y
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
expect -f - <<-EOF
set timeout 10
spawn sudo mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo yum remove tcl expect -y
# Additionally, it is probably a good idea to make the database server listen on localhost only
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
sudo service mysqld restart
```
#### Manual procedure:
```bash
# Enter the mysql shell
mysql -u root -p
```
```
mysql> create database misp;
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
mysql> grant all privileges on misp.* to misp@localhost ;
mysql> exit
```
#### Same as Manual but for copy/paste foo:
```bash
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
#### Import the empty MySQL database from MYSQL.sql
```bash
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
```
### 7/ Apache configuration
-----------------------
!!! notice
SELinux note, to check if it is running:
```bash
$ sestatus
SELinux status: disabled
```
If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
```bash
# Now configure your apache server with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
# A sample vhost can be found in ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6
sudo cp ${PATH_TO_MISP}/INSTALL/old/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
sudo setsebool -P httpd_can_network_connect on
# Enable and start the httpd service
sudo chkconfig httpd on
sudo service httpd start
# Open a hole in the iptables firewall
sudo iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo service iptables save
# We seriously recommend using only HTTPS / SSL !
# Add SSL support by running: yum install mod_ssl
# Check out the apache.misp.ssl file for an example
```
```bash
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
```
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
sudo chmod 0640 /etc/logrotate.d/misp
# Now make logrotate work under SELinux as well
# Allow logrotate to modify the log files
sudo semanage fcontext -a -t httpd_log_t "${PATH_TO_MISP}/app/tmp/logs(/.*)?"
sudo chcon -R -t httpd_log_t ${PATH_TO_MISP}/app/tmp/logs
sudo chcon -R -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/tmp/logs
# Allow logrotate to read /var/www
sudo checkmodule -M -m -o /tmp/misplogrotate.mod ${PATH_TO_MISP}/INSTALL/misplogrotate.te
sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
sudo semodule -i /tmp/misplogrotate.pp
```
### 9/ MISP configuration
---------------------
```bash
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
# Configure the fields in the newly created files:
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');`
# database.php : login, port, password, database
# DATABASE_CONFIG has to be filled
# With the default values provided in section 6, this would look like:
# class DATABASE_CONFIG {
# public $default = array(
# 'datasource' => 'Database/Mysql',
# 'persistent' => false,
# 'host' => 'localhost',
# 'login' => 'misp', // grant usage on *.* to misp@localhost
# 'port' => 3306,
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
# 'database' => 'misp', // create database misp;
# 'prefix' => '',
# 'encoding' => 'utf8',
# );
#}
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# If you want to be able to change configuration parameters from the webinterface:
sudo chown apache:apache ${PATH_TO_MISP}/app/Config/config.php
sudo chcon -t httpd_sys_rw_content_t ${PATH_TO_MISP}/app/Config/config.php
# Generate a GPG encryption key.
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script
sudo rm -f /tmp/gen-key-script
sudo chown -R apache:apache ${PATH_TO_MISP}/.gnupg
# And export the public key to the webroot
sudo gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee ${PATH_TO_MISP}/app/webroot/gpg.asc
sudo chown apache:apache ${PATH_TO_MISP}/app/webroot/gpg.asc
# Start the workers to enable background jobs
sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh
${SUDO_WWW} $RUN_PHP ${PATH_TO_MISP}/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
# TODO: Fix static path with PATH_TO_MISP
sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php70 /var/www/MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
# Make sure it will execute
sudo chmod +x /etc/rc.local
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
```
# some misp-modules dependencies
sudo yum install -y openjpeg-devel
sudo chmod 2777 /usr/local/src
sudo chown root:users /usr/local/src
cd /usr/local/src/
${SUDO_WWW} git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
# The following fails
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
sudo yum install rubygem-rouge rubygem-asciidoctor -y
##sudo gem install asciidoctor-pdf --pre
# install additional dependencies for extended object generation and extraction
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic pathlib
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
# TODO: Fix static path with PATH_TO_MISP
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
```
{!generic/misp-dashboard-centos.md!}
{!generic/MISP_CAKE_init.md!}
{!generic/INSTALL.done.md!}
{!generic/recommended.actions.md!}
{!generic/hardening.md!}

2
docs/generic/INSTALL.done.md
View File

@ -3,7 +3,7 @@
```bash
sudo -H -u www-data $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
```
or on CentOS
or on Rocky Linux
```bash
sudo -u apache $RUN_PHP "$CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python""
```

2
docs/generic/MISP_CAKE_init.md
View File

@ -2,7 +2,7 @@
```bash
# <snippet-begin 2_core-cake.sh>
# Core cake commands to tweak MISP and aleviate some of the configuration pains
# The ${RUN_PHP} is ONLY set on RHEL/CentOS installs and can thus be ignored
# The ${RUN_PHP} is ONLY set on RHEL installs and can thus be ignored
# This file is NOT an excuse to NOT read the settings and familiarize ourselves with them ;)
coreCAKE () {

2
docs/generic/hardening.md
View File

@ -60,4 +60,6 @@ index f9f69d4..2e8fd78 100644
[CentOS Hardening](https://wiki.centos.org/HowTos/OS_Protection)
[Apache Hardened Webserver](https://docs.rockylinux.org/sv/guides/web/apache_hardened_webserver/)
[Some Linux hardening tips](https://www.cyberciti.biz/tips/linux-security.html)

2
docs/generic/misp-dashboard-centos.md → docs/generic/misp-dashboard-rhel.md
View File

@ -1,4 +1,4 @@
#### MISP Dashboard on CentOS
#### MISP Dashboard on Rocky Linux
--------------
!!! warning

2
docs/generic/misp-modules-centos.md → docs/generic/misp-modules-rhel.md
View File

@ -21,7 +21,7 @@ mispmodulesRHEL () {
# some misp-modules dependencies for RHEL<8
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[7].* ]]) && sudo dnf install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel -y
# some misp-modules dependencies for RHEL8
[[ "${DIST_VER}" =~ ^[8].* ]] && sudo dnf install https://packages.endpointdev.com/rhel/8/os/x86_64/endpoint-repo.x86_64.rpm -y && sudo dnf install zbar-devel opencv-devel -y
[[ "${DIST_VER}" =~ ^[8].* ]] && sudo dnf install https://packages.endpointdev.com/rhel/8/main/x86_64/endpoint-repo.noarch.rpm -y && sudo dnf install zbar-devel opencv-devel -y
echo "[Unit]
Description=MISP modules

2
docs/xINSTALL.centos7.md
View File

@ -597,7 +597,7 @@ ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
sudo sed -i -e '$i \sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
```
{!generic/misp-dashboard-centos.md!}
{!generic/misp-dashboard-rhel.md!}
{!generic/misp-dashboard-cake.md!}

6
mkdocs.yml
View File

@ -14,7 +14,7 @@ edit_uri: ""
#dev_addr: "192.168.10.34:8000"
# Copyright
copyright: "Copyright &copy; 2021 MISP Project"
copyright: "Copyright &copy; 2022 MISP Project"
# Options
extra:
@ -84,12 +84,10 @@ nav:
- 'S/MIME': 'CONFIG.SMIME.md'
- Update MISP: 'UPDATE.md'
- Upgrading MISP: 'UPGRADE.md'
- Migrating BG Jobs: 'background-jobs-migration-guide.md'
- Old guides:
- '2.3 to 2.4 upgrade': 'archive/old-2_3to2_4-UPGRADE.md'
- 'Ubuntu 18.04 \w webmin': 'archive/xINSTALL.ubuntu1804.with.webmin.md'
- 'Ubuntu 16.04': 'archive/INSTALL.ubuntu1604.md'
- 'Debian 9': 'archive/xINSTALL.debian9.md'
- 'Centos 6': 'archive/xINSTALL.centos6.md'
- 'FreeBSD': 'archive/xINSTALL.FreeBSD.md'
- About:
- 'MISP Release Notes': 'Changelog.md'