mirror of https://github.com/MISP/MISP
Merge pull request #4152 from SteveClement/guides
new: [installer] MISP has now an Install Script for Ubuntu 18.04 - 18.10 and Kalipull/4155/head
commit
9f981dfb95
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,695 @@
|
|||
#!/usr/bin/env bash
|
||||
############################################################
|
||||
###### #
|
||||
##### Please AutoGenerated... ##
|
||||
#### Do NOT was ###
|
||||
### Manually It ####
|
||||
## Change this Script... #####
|
||||
# ######
|
||||
############################################################
|
||||
############################################################
|
||||
#INSTALLATION INSTRUCTIONS #
|
||||
##########################################################
|
||||
#------------------------- for Debian Flavored Linux Distributions
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# 20190208: Kali Linux tested and working.
|
||||
#
|
||||
#
|
||||
#-------------------------------------------------------|
|
||||
# 1/ For Kali, download and run Installer Script |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# To install MISP on Kali copy paste the following to your r00t shell:
|
||||
# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
#
|
||||
#
|
||||
#---------------------------------------------------------------------------------------------|
|
||||
# 2/ For other Debian based Linux distributions, download script and run as unprivileged user |
|
||||
#---------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C
|
||||
#
|
||||
#
|
||||
#----------------------------------------------------------|
|
||||
# 3/ The following script has been partially autogenerated |
|
||||
#----------------------------------------------------------|
|
||||
#
|
||||
# To generate this script yourself, the following steps need to be taken.
|
||||
# $ git clone https://github.com/SteveClement/xsnippet.git
|
||||
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
|
||||
# $ git clone https://github.com/MISP/MISP.git
|
||||
# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh
|
||||
#
|
||||
##
|
||||
###
|
||||
####----------------\
|
||||
## Developer Note |
|
||||
####--------------------------------------------------------------------------------------------------|
|
||||
## In theory the order does not matter as everything is a self-contained function. |
|
||||
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
|
||||
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
|
||||
#-----------------------------------------------------------------------------------------------------|
|
||||
#
|
||||
# ToC #
|
||||
#
|
||||
#### BEGIN AUTOMATED SECTION ####
|
||||
#
|
||||
## 0_global-vars.sh ##
|
||||
## 0_support-functions.sh ##
|
||||
## 0_apt-upgrade.sh ##
|
||||
## 0_sudoKeeper.sh ##
|
||||
## 0_installCoreDeps.sh ##
|
||||
## 0_installDepsPhp73.sh ##
|
||||
## 0_installDepsPhp72.sh ##
|
||||
## 1_prepareDB.sh ##
|
||||
## 1_apacheConfig.sh ##
|
||||
## 1_mispCoreInstall.sh ##
|
||||
## 1_installCake.sh ##
|
||||
## 2_permissions.sh ##
|
||||
## 2_configMISP.sh ##
|
||||
## 2_core-cake.sh ##
|
||||
## 2_gnupg.sh ##
|
||||
## 2_logRotation.sh ##
|
||||
## 2_backgroundWorkers.sh ##
|
||||
## 3_misp-modules.sh ##
|
||||
## 4_misp-dashboard.sh ##
|
||||
## 4_misp-dashboard-cake.sh ##
|
||||
## 5_mail_to_misp.sh ##
|
||||
## 6_ssdeep.sh ##
|
||||
## 6_viper.sh ##
|
||||
|
||||
# No functions scripts:
|
||||
## apt-upgrade.sh ##
|
||||
## postfix.sh ##
|
||||
## interfaces.sh ##
|
||||
#
|
||||
### END AUTOMATED SECTION ###
|
||||
|
||||
# This function will generate the main installer.
|
||||
# It is a helper function for the maintainers for the installer.
|
||||
|
||||
colors () {
|
||||
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
LBLUE='\033[1;34m'
|
||||
YELLOW='\033[0;33m'
|
||||
HIDDEN='\e[8m'
|
||||
NC='\033[0m'
|
||||
}
|
||||
|
||||
generateInstaller () {
|
||||
if [ ! -f $(which xsnippet) ]; then
|
||||
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
||||
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then
|
||||
echo -e "${RED}iAmError!${NC}"
|
||||
echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break."
|
||||
echo -e "You called: ${RED}$0${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir installer ; cd installer
|
||||
cp ../INSTALL.debian.tpl.sh .
|
||||
|
||||
# Pull code snippets out of Main Install Documents
|
||||
for f in `echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do
|
||||
xsnippet . ../../docs/${f}
|
||||
done
|
||||
|
||||
# Pull out code snippets from generic Install Documents
|
||||
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
|
||||
xsnippet . ../../docs/generic/${f}
|
||||
done
|
||||
|
||||
# TODO: Fix the below.
|
||||
# $ for f in `echo ls [0-9]_*`; do
|
||||
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh
|
||||
# $ done
|
||||
#
|
||||
# Temporary copy/paste holder
|
||||
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh
|
||||
|
||||
cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh
|
||||
cd ..
|
||||
rm -rf installer
|
||||
echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# Simple debug function with message
|
||||
|
||||
# Make sure no alias exists
|
||||
if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi
|
||||
debug () {
|
||||
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
||||
if [ ! -z $DEBUG ]; then
|
||||
NO_PROGRESS=1
|
||||
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
||||
exec 3>&1
|
||||
read
|
||||
else
|
||||
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
|
||||
#exec 3>&1 &>/dev/null
|
||||
:
|
||||
fi
|
||||
}
|
||||
|
||||
installMISPubuntuSupported () {
|
||||
space
|
||||
echo "Proceeding with the installation of MISP core"
|
||||
space
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
debug "Checking Locale"
|
||||
checkLocale
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
||||
progress 4
|
||||
|
||||
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
# TODO: Work on possibility to install as user X and install MISP for user Y
|
||||
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
||||
# <snippet-begin add-user.sh>
|
||||
# TODO: Double check how to properly handle postfix
|
||||
# <snippet-begin postfix.sh>
|
||||
|
||||
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
|
||||
progress 4
|
||||
|
||||
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
|
||||
checkID
|
||||
progress 4
|
||||
|
||||
# Starting friendly UI spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
|
||||
progress 4
|
||||
|
||||
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
|
||||
progress 4
|
||||
|
||||
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# TODO: Mysql install functions, make it upgrade safe, double check
|
||||
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Disable spinner
|
||||
#(kill $SPIN_PID 2>&1) >/dev/null
|
||||
|
||||
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
|
||||
progress 4
|
||||
|
||||
## Resume spinner
|
||||
#spin &
|
||||
#SPIN_PID=$!
|
||||
#disown
|
||||
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
||||
|
||||
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
|
||||
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
|
||||
progress 4
|
||||
|
||||
# Install Viper - functionLocation('generic/viper-debian.md')
|
||||
[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
|
||||
progress 4
|
||||
|
||||
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
|
||||
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
|
||||
progress 4
|
||||
|
||||
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
||||
[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
||||
progress 4
|
||||
|
||||
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
||||
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
|
||||
progress 100
|
||||
|
||||
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
|
||||
theEnd
|
||||
}
|
||||
|
||||
# Main Kalin Install function
|
||||
installMISPonKali () {
|
||||
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
||||
kaliUpgrade 2> /dev/null > /dev/null
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
||||
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
||||
setBaseURL
|
||||
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
installDepsPhp73 2> /dev/null > /dev/null
|
||||
|
||||
# Set custom Kali only variables and tweaks
|
||||
space
|
||||
# The following disables sleep on kali/gnome
|
||||
### FIXME: Disabling for now, maybe source of some issues.
|
||||
##disableSleep 2> /dev/null > /dev/null
|
||||
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
||||
##sleep 3
|
||||
|
||||
debug "Installing dependencies"
|
||||
installDeps 2> /dev/null > /dev/null
|
||||
|
||||
installCoreDeps 2> /dev/null > /dev/null
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status 2> /dev/null > /dev/null
|
||||
a2dismod php7.2 2> /dev/null > /dev/null
|
||||
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
||||
a2dissite 000-default 2> /dev/null > /dev/null
|
||||
a2ensite default-ssl 2> /dev/null > /dev/null
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service 2> /dev/null > /dev/null
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
apt install redis-server
|
||||
fixRedis 2> /dev/null > /dev/null
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
||||
|
||||
|
||||
mkdir /var/www/.cache/
|
||||
|
||||
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
||||
mkdir $MISP_USER_HOME/.cache
|
||||
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
chown www-data:www-data /var/www/.cache
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
|
||||
debug "Setting up main MISP virtualenv"
|
||||
# Needs virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
debug "Installing MISP dashboard"
|
||||
mispDashboard
|
||||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Install maec"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export
|
||||
debug "Installing cti-python-stix2"
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
||||
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [ ! -e /var/lib/mysql/misp/users.ibd ]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
send -- \"y\r\"
|
||||
expect \"New password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Re-enter new password:\"
|
||||
send -- \"${DBPASSWORD_ADMIN}\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send -- \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
|
||||
enableServices
|
||||
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R www-data:www-data $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG 2> /dev/null > /dev/null
|
||||
|
||||
debug "Starting workers"
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
$SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE 2> /dev/null > /dev/null
|
||||
dashboardCAKE 2> /dev/null > /dev/null
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT 2> /dev/null > /dev/null
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
|
||||
checkUsrLocalSrc
|
||||
|
||||
debug "Installing misp-modules"
|
||||
mispmodules
|
||||
|
||||
debug "Installing Viper"
|
||||
viper
|
||||
|
||||
debug "Installing ssdeep"
|
||||
ssdeep
|
||||
phpenmod -v 7.3 ssdeep
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
||||
debug "Running Then End!"
|
||||
theEnd
|
||||
}
|
||||
# End installMISPonKali ()
|
||||
|
||||
## End Function Section ##
|
||||
|
||||
colors
|
||||
debug "Checking if we are run as the installer template"
|
||||
if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then
|
||||
generateInstaller
|
||||
fi
|
||||
|
||||
space
|
||||
debug "Setting MISP variables"
|
||||
MISPvars
|
||||
debug "Checking Linux distribution and flavour..."
|
||||
checkFlavour
|
||||
|
||||
debug "Checking for parameters or Unattended Kali Install"
|
||||
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
else
|
||||
debug "Setting install options with given parameters."
|
||||
# The setOpt/checkOpt function lives in generic/supportFunctions.md
|
||||
setOpt $@
|
||||
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
|
||||
checkOpt viper && echo "${GREEN}Viper${NC} selected"
|
||||
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
|
||||
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
|
||||
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
|
||||
checkOpt all && echo "${GREEN}All options${NC} selected"
|
||||
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
|
||||
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
|
||||
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
|
||||
checkOpt force && echo "${GREEN}force${NC} install selected"
|
||||
|
||||
# Check if at least core is selected if no other options that do not require core are set
|
||||
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
|
||||
space
|
||||
usage
|
||||
echo "You need to at least select core, or -A to install everything."
|
||||
echo "$0 -c # Is the minima for install options"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Add upgrade option to do upgrade pre flight
|
||||
[[ -n $PRE ]] && preInstall
|
||||
|
||||
[[ -n $UPGRADE ]] && upgrade
|
||||
|
||||
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z])
|
||||
if [ "${RELEASE}" == "18.04" ]; then
|
||||
echo "Install on Ubuntu 18.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installMISPubuntuSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "18.10" ]; then
|
||||
echo "Install on Ubuntu 18.10 partially supported, bye."
|
||||
installMISPubuntuSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.04" ]; then
|
||||
echo "Install on Ubuntu 19.04 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.10" ]; then
|
||||
echo "Install on Ubuntu 19.10 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
||||
|
||||
# If Debian is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "debian" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "buster" ]; then
|
||||
echo "Install on Debian testing fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp73
|
||||
fi
|
||||
if [ "${CODE}" == "sid" ]; then
|
||||
echo "Install on Debian unstable not fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp73
|
||||
fi
|
||||
if [ "${CODE}" == "stretch" ]; then
|
||||
echo "Install on Debian stable fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installDepsPhp72
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
||||
CODE=$(lsb_release -s -c| tr [A-Z] [a-z])
|
||||
if [ "${CODE}" == "bamboo" ]; then
|
||||
echo "Install on Tsurugi Lab partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
if [ "${CODE}" == "soy sauce" ]; then
|
||||
echo "Install on Tsurugi Acquire partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
echo "Installation done!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# If Kali Linux is detected, run the acccording scripts
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
KALI=1
|
||||
kaliOnRootR0ckz
|
||||
installMISPonKali
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
|
@ -1,21 +1,34 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Ubuntu 18.04.1-server
|
||||
|
||||
### -1/ Installer and Manual install instructions
|
||||
|
||||
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
|
||||
|
||||
To install MISP on a fresh Ubuntu install all you need to do is:
|
||||
|
||||
```bash
|
||||
# Please check the installer options first to make the best choice for your install
|
||||
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s
|
||||
|
||||
# This will install MISP Core and misp-modules (recommended)
|
||||
curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c -M
|
||||
```
|
||||
|
||||
### 0/ MISP Ubuntu 18.04-server install - status
|
||||
-------------------------
|
||||
!!! notice
|
||||
Tested working by @SteveClement on 20190118 (works with **Ubuntu 18.10** too)
|
||||
As of 20190118 on **Ubuntu 19.04** you need to use Python 3.6 as LIEF with 3.7 is not "eggED" yet.
|
||||
You will need to **sudo apt install python3.6-dev** to make everything work according to this guide.
|
||||
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20190212 (works with **Ubuntu 18.10** too)
|
||||
|
||||
{!generic/community.md!}
|
||||
!!! notice
|
||||
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.debian.sh) script.
|
||||
Which explains why you will see the use of shell *functions* in various steps.
|
||||
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
!!! notice
|
||||
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
|
||||
|
||||
```bash
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
```
|
||||
{!generic/core.md!}
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
@ -24,19 +37,27 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|||
- OpenSSH server
|
||||
- This guide assumes a user name of 'misp' with sudo working
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
# <snippet-begin 0_apt-upgrade.sh>
|
||||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade -y
|
||||
}
|
||||
# <snippet-end 0_apt-upgrade.sh>
|
||||
```
|
||||
|
||||
{!generic/sudo_etckeeper.md!}
|
||||
|
||||
{!generic/ethX.md!}
|
||||
|
||||
#### Make sure your system is up2date
|
||||
```bash
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
```
|
||||
|
||||
#### install postfix, there will be some questions.
|
||||
```bash
|
||||
sudo apt-get install postfix -y
|
||||
# <snippet-begin postfix.sh>
|
||||
sudo apt-get install postfix dialog -y
|
||||
# <snippet-end postfix.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -47,187 +68,210 @@ sudo apt-get install postfix -y
|
|||
sudo postfix reload
|
||||
```
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
### 2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps.
|
||||
```bash
|
||||
# Make sure you have enabled the Universe repository
|
||||
# (ie. for redis-server), enable it with:
|
||||
# sudo add-apt-repository universe
|
||||
# <snippet-begin 0_installCoreDeps.sh>
|
||||
installCoreDeps () {
|
||||
debug "Installing core dependencies"
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv libfuzzy-dev -y
|
||||
|
||||
# Install the dependencies: (some might already be installed)
|
||||
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv -y
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server -y
|
||||
|
||||
# Install MariaDB (a MySQL fork/alternative)
|
||||
sudo apt-get install mariadb-client mariadb-server -y
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -y
|
||||
|
||||
sudo apt install expect -y
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
|
||||
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
sudo apt-get install python3-pip -y
|
||||
sudo apt install expect -y
|
||||
}
|
||||
# <snippet-end 0_installCoreDeps.sh>
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
# <snippet-begin 0_installDepsPhp72.sh>
|
||||
# Install Php 7.2 dependencies
|
||||
installDepsPhp72 () {
|
||||
debug "Installing PHP 7.2 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
php-dev \
|
||||
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
|
||||
php-redis php-gnupg
|
||||
|
||||
spawn sudo -k mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect ; sudo apt autoremove -y
|
||||
|
||||
# Install Apache2
|
||||
sudo apt-get install apache2 apache2-doc apache2-utils -y
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Install PHP and dependencies
|
||||
sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp72.sh>
|
||||
```
|
||||
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```bash
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown www-data:www-data ${PATH_TO_MISP}
|
||||
cd ${PATH_TO_MISP}
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
# <snippet-begin 1_mispCoreInstall.sh>
|
||||
installCore () {
|
||||
debug "Installing ${LBLUE}MISP${NC} core"
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown www-data:www-data ${PATH_TO_MISP}
|
||||
cd ${PATH_TO_MISP}
|
||||
sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
||||
sudo -u www-data git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www-data git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo apt-get install python3-pip -y
|
||||
pip3 install virtualenv
|
||||
sudo -u www-data virtualenv -p python3.6 ${PATH_TO_MISP}/venv
|
||||
# Create a python3 virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
# make pip happy
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown www-data:www-data /var/www/.cache
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y
|
||||
cd ${PATH_TO_MISP}/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts
|
||||
sudo -H -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -H -u www-data git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -H -u www-data git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -H -u www-data git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install PyMISP
|
||||
cd ${PATH_TO_MISP}/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
# install PyMISP
|
||||
cd ${PATH_TO_MISP}/PyMISP
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
}
|
||||
# <snippet-end 1_mispCoreInstall.sh>
|
||||
```
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
|
||||
```bash
|
||||
# Once done, install CakeResque along with its dependencies
|
||||
# if you intend to use the built in background jobs:
|
||||
cd ${PATH_TO_MISP}/app
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -H -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -H -u www-data php composer.phar install
|
||||
# <snippet-begin 1_installCake.sh>
|
||||
installCake () {
|
||||
debug "Installing CakePHP"
|
||||
# Once done, install CakeResque along with its dependencies
|
||||
# if you intend to use the built in background jobs:
|
||||
cd ${PATH_TO_MISP}/app
|
||||
# Make composer cache happy
|
||||
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
||||
sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer
|
||||
sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -H -u www-data php composer.phar config vendor-dir Vendor
|
||||
sudo -H -u www-data php composer.phar install
|
||||
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
# Enable CakeResque with php-redis
|
||||
sudo phpenmod redis
|
||||
sudo phpenmod gnupg
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
||||
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
||||
}
|
||||
# <snippet-end 1_installCake.sh>
|
||||
```
|
||||
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```bash
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||
# <snippet-begin 2_permissions.sh>
|
||||
# Main function to fix permissions to something sane
|
||||
permissions () {
|
||||
debug "Setting permissions"
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
||||
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
}
|
||||
# <snippet-end 2_permissions.sh>
|
||||
```
|
||||
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
|
||||
#### Manual procedure:
|
||||
```bash
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
```
|
||||
#### Set-up DB, User and import empty MISP DB
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
#### Same as Manual but for copy/paste foo:
|
||||
```bash
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
# <snippet-begin 1_prepareDB.sh>
|
||||
prepareDB () {
|
||||
debug "Setting up database"
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw=$MISP_PASSWORD
|
||||
|
||||
#### Import the empty MISP database from MYSQL.sql
|
||||
```bash
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo -k mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
sudo apt-get purge -y expect ; sudo apt autoremove -y
|
||||
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
}
|
||||
# <snippet-end 1_prepareDB.sh>
|
||||
```
|
||||
|
||||
### 7/ Apache configuration
|
||||
|
@ -235,9 +279,6 @@ sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$
|
|||
Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/
|
||||
|
||||
#### Apache version 2.4 config:
|
||||
```bash
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
|
@ -245,11 +286,35 @@ sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/
|
|||
For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
```bash
|
||||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
# <snippet-begin 1_apacheConfig.sh>
|
||||
apacheConfig () {
|
||||
debug "Generating Apache config"
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
|
||||
# If a valid SSL certificate is not already created for the server,
|
||||
# create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Enable modules, settings, and default of SSL in Apache
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl
|
||||
sudo a2enmod rewrite
|
||||
sudo a2enmod headers
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
# Apply all changes
|
||||
sudo systemctl restart apache2
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
}
|
||||
# <snippet-end 1_apacheConfig.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -295,90 +360,63 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
```bash
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
# <snippet-begin 2_logRotation.sh>
|
||||
logRotation () {
|
||||
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
}
|
||||
# <snippet-end 2_logRotation.sh>
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```bash
|
||||
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||
# <snippet-begin 2_configMISP.sh>
|
||||
configMISP () {
|
||||
debug "Generating ${LBLUE}MISP${NC} config files"
|
||||
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
||||
sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www-data tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config
|
||||
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
||||
}
|
||||
# <snippet-end 2_configMISP.sh>
|
||||
```
|
||||
|
||||
{!generic/gnupg.md!}
|
||||
|
||||
!!! notice
|
||||
If entropy is not high enough, you can install havegd and then start the service
|
||||
```bash
|
||||
|
@ -387,54 +425,38 @@ sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG
|
|||
```
|
||||
|
||||
```bash
|
||||
# <snippet-begin 2_backgroundWorkers.sh>
|
||||
backgroundWorkers () {
|
||||
debug "Setting up background workers"
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
# Start the workers
|
||||
$SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 2_backgroundWorkers.sh>
|
||||
```
|
||||
|
||||
```bash
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
||||
# some misp-modules dependencies
|
||||
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
|
||||
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip install
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
{!generic/misp-modules-debian.md!}
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
|
@ -463,3 +485,11 @@ sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
|||
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
|
||||
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
|
||||
Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
||||
|
||||
# INSTALL.debian.sh
|
||||
|
||||
!!! notice
|
||||
The following section is an administrative section that is used by the "[INSTALL.debian.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh)" script.
|
||||
Please ignore.
|
||||
|
||||
{!generic/supportFunctions.md!}
|
||||
|
|
|
@ -1,156 +1,140 @@
|
|||
#### Initialize MISP configuration and set some defaults
|
||||
```bash
|
||||
# Default Cake path
|
||||
export CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -H -u www-data -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
# <snippet-begin 2_core-cake.sh>
|
||||
# Core cake commands
|
||||
coreCAKE () {
|
||||
debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}"
|
||||
$SUDO_WWW -E $CAKE userInit -q
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
# This makes sure all Database upgrades are done, without logging in.
|
||||
$SUDO_WWW $CAKE Admin updateDatabase
|
||||
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
sudo -H -u www-data $CAKE Baseurl $MISP_BASEURL
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
# The default install is Python in a virtualenv, setting accordingly
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
||||
|
||||
# Enable GnuPG
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
# Tune global time outs
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.timeout" 600
|
||||
$SUDO_WWW $CAKE Admin setSetting "Session.cookieTimeout" 3600
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
# Change base url, either with this CLI command or in the UI
|
||||
$SUDO_WWW $CAKE Baseurl $MISP_BASEURL
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
# Enable GnuPG
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
$SUDO_WWW $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
# Enable installer org and tune some configurables
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
|
||||
# Provisional Cortex tunes
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
|
||||
# Mysteriously removed?
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
# Mysteriously removed?
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
# Various plugin sightings settings
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
# Plugin CustomAuth tuneable
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
# RPZ Plugin settings
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# RPZ Plugin settings
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.language" "eng"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
# Redis block
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
## Redis block
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.log_auth" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
# TODO: Make sure $FLAVOUR is correct
|
||||
$SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
$SUDO_WWW $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Set MISP Live
|
||||
$SUDO_WWW $CAKE Live $MISP_LIVE
|
||||
}
|
||||
|
||||
# Tune global time outs
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
|
||||
updateGOWNT () {
|
||||
debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Update the galaxies…
|
||||
##sudo -H -u www-data $CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo -H -u www-data $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo -H -u www-data $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo -H -u www-data $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo -H -u www-data $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo -H -u www-data $CAKE Live $MISP_LIVE
|
||||
# Update the galaxies…
|
||||
# TODO: Fix updateGalaxies
|
||||
##$SUDO_WWW $CAKE Admin updateGalaxies
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update
|
||||
# Updating the taxonomies…
|
||||
$SUDO_WWW $CAKE Admin updateTaxonomies
|
||||
# Updating the warning lists…
|
||||
# TODO: Fix updateWarningLists
|
||||
##$SUDO_WWW $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
# Updating the notice lists…
|
||||
## $SUDO_WWW $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
# Updating the object templates…
|
||||
##$SUDO_WWW $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
}
|
||||
# <snippet-end 2_core-cake.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
!!! notice
|
||||
Maintained and tested by the MISP core team.<br />
|
||||
Enjoy installing MISP. For any issues see [here](https://github.com/MISP/MISP/issues)
|
||||
|
|
@ -3,13 +3,30 @@
|
|||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```bash
|
||||
# <snippet-end interfaces.sh>
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
do
|
||||
sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
done
|
||||
|
||||
echo "--- Using old style name (ethX) for interfaces"
|
||||
#for key in GRUB_CMDLINE_LINUX
|
||||
#do
|
||||
# sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB
|
||||
#done
|
||||
sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null
|
||||
|
||||
# install ifupdown since ubuntu 18.04
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y ifupdown
|
||||
|
||||
# enable eth0
|
||||
echo "--- Configuring eth0"
|
||||
|
||||
echo "# The primary network interface
|
||||
auto eth0
|
||||
iface eth0 inet dhcp" | sudo tee /etc/network/interfaces
|
||||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
sudo update-grub > /dev/null 2>&1
|
||||
# <snippet-end interfaces.sh>
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
|
|
@ -1,46 +1,74 @@
|
|||
#### MISP configuration variables
|
||||
|
||||
```bash
|
||||
# <snippet-begin 0_global-vars.sh>
|
||||
MISPvars () {
|
||||
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours"
|
||||
# Local non-root MISP user
|
||||
MISP_USER='misp'
|
||||
MISP_PASSWORD='Password1234'
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL='""'
|
||||
MISP_LIVE='1'
|
||||
# The web server user
|
||||
WWW_USER="www-data"
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
if [ -z "$FQDN" ]; then
|
||||
FQDN="misp.local"
|
||||
fi
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
if [ -z "$MISP_BASEURL" ]; then
|
||||
MISP_BASEURL='""'
|
||||
fi
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
MISP_LIVE='1'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS="info@$FQDN"
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# debug alias to make sure people are not confused when blindly copy pasting blobs of code
|
||||
alias debug="echo -e"
|
||||
|
||||
# checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code
|
||||
alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'"
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
SUDO_USER="sudo -H -u ${MISP_USER} "
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
|
||||
echo "The following DB Passwords were generated..."
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
}
|
||||
# <snippet-end 0_global-vars.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
```bash
|
||||
# <snippet-begin 2_gnupg.sh>
|
||||
# Generate GnuPG key
|
||||
setupGnuPG () {
|
||||
if [ ! -d $PATH_TO_MISP/.gnupg ]; then
|
||||
# The email address should match the one set in the config.php
|
||||
# set in the configuration menu in the administration menu configuration file
|
||||
echo "%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done" > /tmp/gen-key-script
|
||||
|
||||
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
|
||||
# Export the public key to the webroot
|
||||
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
fi
|
||||
}
|
||||
# <snippet-end 2_gnupg.sh>
|
||||
```
|
|
@ -1,29 +1,33 @@
|
|||
#### Install mail to misp
|
||||
--------------------
|
||||
|
||||
!!! warning
|
||||
mail_to_misp has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
|
||||
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
|
||||
```bash
|
||||
virtualenv -p python3.6 venv
|
||||
```
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake -y
|
||||
git clone https://github.com/MISP/mail_to_misp.git
|
||||
git clone https://github.com/stricaud/faup.git
|
||||
cd faup
|
||||
sudo mkdir -p build
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
virtualenv -p python3.6 venv
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
|
||||
sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
# <snippet-begin 5_mail_to_misp.sh>
|
||||
# Main mail2misp install function
|
||||
mail2misp () {
|
||||
debug "Installing Mail2${LBLUE}MISP${NC}"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake libcaca-dev -y
|
||||
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
|
||||
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp
|
||||
cd faup
|
||||
# TODO Check permissions
|
||||
##$SUDO mkdir -p build
|
||||
$SUDO_USER mkdir -p build
|
||||
cd build
|
||||
$SUDO_USER cmake .. && $SUDO_USER make
|
||||
##$SUDO cmake .. && $SUDO make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
cd ../../mail_to_misp
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
}
|
||||
# <snippet-end 5_mail_to_misp.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
#### MISP Dashboard on CentOS
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false"
|
||||
```
|
|
@ -1,75 +1,96 @@
|
|||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
# <snippet-begin 4_misp-dashboard.sh>
|
||||
# Main MISP Dashboard install function
|
||||
mispDashboard () {
|
||||
debug "Install misp-dashboard"
|
||||
# Install pyzmq to main MISP venv
|
||||
debug "Installing PyZMQ"
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo apt install libapache2-mod-wsgi-py3 -y
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl reload apache2
|
||||
DocumentRoot /var/www/misp-dashboard
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/var/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
||||
|
||||
<Directory /var/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel info
|
||||
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
||||
|
||||
# Enable misp-dashboard in apache and reload
|
||||
sudo a2ensite misp-dashboard
|
||||
sudo systemctl restart apache2
|
||||
|
||||
# Needs to be started after apache2 is reloaded so the port status check works
|
||||
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
||||
|
||||
# Add misp-dashboard to rc.local to start on boot.
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 4_misp-dashboard.sh>
|
||||
|
||||
# <snippet-begin 4_misp-dashboard-cake.sh>
|
||||
dashboardCAKE () {
|
||||
# Enable ZeroMQ for misp-dashboard
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
}
|
||||
# <snippet-end 4_misp-dashboard-cake.sh>
|
||||
```
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
#### Install misp-modules (optional)
|
||||
|
||||
```bash
|
||||
# <snippet-begin 3_misp-modules.sh>
|
||||
# Main MISP Modules install function
|
||||
mispmodules () {
|
||||
# FIXME: this is broken, ${PATH_TO_MISP} is litteral
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
cd /usr/local/src/
|
||||
## TODO: checkUsrLocalSrc in main doc
|
||||
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# some misp-modules dependencies
|
||||
sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y
|
||||
# If you build an egg, the user you build it as need write permissions in the CWD
|
||||
sudo chgrp $WWW_USER .
|
||||
sudo chmod g+w .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo chgrp staff .
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib
|
||||
# Start misp-modules
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s &
|
||||
|
||||
# Sleep 9 seconds to give misp-modules a chance to spawn
|
||||
sleep 9
|
||||
|
||||
# Enable Enrichment, set better timeouts
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
# TODO:"Investigate why the next one fails"
|
||||
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules, set better timeout
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules, set better timeout
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
}
|
||||
# <snippet-end 3_misp-modules.sh>
|
||||
```
|
|
@ -1,8 +0,0 @@
|
|||
#### Make some misp-modules available
|
||||
|
||||
```bash
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
```
|
||||
|
|
@ -1,19 +1,24 @@
|
|||
#### Experimental ssdeep correlations
|
||||
##### installing ssdeep
|
||||
```
|
||||
cd /usr/local/src
|
||||
wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
make
|
||||
sudo make install
|
||||
```bash
|
||||
# <snippet-begin 6_ssdeep.sh>
|
||||
ssdeep () {
|
||||
debug "Install ssdeep 2.14.1"
|
||||
cd /usr/local/src
|
||||
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
||||
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
|
||||
cd ssdeep-2.14.1
|
||||
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
||||
$SUDO_USER make
|
||||
sudo make install
|
||||
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
#installing ssdeep_php
|
||||
sudo pecl install ssdeep
|
||||
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
||||
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
|
||||
sudo phpenmod ssdeep
|
||||
sudo service apache2 restart
|
||||
}
|
||||
# <snippet-end 6_ssdeep.sh>
|
||||
```
|
||||
|
|
|
@ -1,16 +1,31 @@
|
|||
#### install etckeeper and sudo (optional)
|
||||
|
||||
|
||||
```bash
|
||||
su -
|
||||
apt install -y etckeeper
|
||||
apt install -y sudo
|
||||
adduser misp sudo
|
||||
# <snippet-begin 0_sudoKeeper.sh>
|
||||
# check if sudo is installed
|
||||
checkSudoKeeper () {
|
||||
echo "Checking for sudo and installing etckeeper"
|
||||
if [[ ! -f $(which sudo) ]]; then
|
||||
su -c "apt install etckeeper -y"
|
||||
su -c "apt install sudo -y"
|
||||
# TODO: Fix this, user misp might not exist
|
||||
su -c "adduser misp sudo"
|
||||
else
|
||||
sudo apt install etckeeper -y
|
||||
fi
|
||||
}
|
||||
# <snippet-end 0_sudoKeeper.sh>
|
||||
```
|
||||
|
||||
##### add the misp user to staff and www-data (mandatory)
|
||||
```bash
|
||||
# <snippet-begin add-user.sh>
|
||||
# Add the user to the staff group to be able to write to /usr/local/src
|
||||
# TODO: Fix this, user misp might not exist
|
||||
sudo adduser misp staff
|
||||
sudo adduser misp www-data
|
||||
# <snippet-end add-user.sh>
|
||||
# Logout and back in to make the group changes take effect.
|
||||
logout
|
||||
```
|
||||
|
|
|
@ -0,0 +1,638 @@
|
|||
```bash
|
||||
# <snippet-begin 0_support-functions.sh>
|
||||
# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default
|
||||
DEBUG=
|
||||
|
||||
case "$-" in
|
||||
*x*) NO_PROGRESS=1; DEBUG=1 ;;
|
||||
*) NO_PROGRESS=0 ;;
|
||||
esac
|
||||
|
||||
## Function Section ##
|
||||
|
||||
## Usage of this script
|
||||
usage () {
|
||||
if [ "$0" == "bash" ]; then
|
||||
WEB_INSTALL=1
|
||||
SCRIPT_NAME="Web Installer Command"
|
||||
else
|
||||
SCRIPT_NAME=$0
|
||||
fi
|
||||
|
||||
exec &> /dev/tty
|
||||
space
|
||||
echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install."
|
||||
space
|
||||
echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core
|
||||
echo -e " -M | ${LBLUE}MISP${NC} modules" # modules
|
||||
echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard
|
||||
echo -e " -V | Viper" # viper
|
||||
echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2
|
||||
echo -e " -S | Experimental ssdeep correlations" # ssdeep
|
||||
echo -e " -A | Install ${YELLOW}all${NC} of the above" # all
|
||||
space
|
||||
echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre
|
||||
space
|
||||
echo -e " -u | Do an unattanded Install, no questions asked" # UNATTENDED
|
||||
echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE
|
||||
space
|
||||
echo -e "${HIDDEN}Some parameters want to be hidden: ${NC}"
|
||||
echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE
|
||||
echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard"
|
||||
space
|
||||
echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or"
|
||||
echo -e "MISP + modules - ${SCRIPT_NAME} -c -M"
|
||||
space
|
||||
}
|
||||
|
||||
# Check if element is contained in array
|
||||
containsElement () {
|
||||
local e match="$1"
|
||||
shift
|
||||
for e; do [[ "$e" == "$match" ]] && return 0; done
|
||||
return 1
|
||||
}
|
||||
|
||||
checkOpt () {
|
||||
# checkOpt feature
|
||||
containsElement $1 "${options[@]}"
|
||||
}
|
||||
|
||||
setOpt () {
|
||||
options=()
|
||||
for o in $@; do
|
||||
case "$o" in
|
||||
("-c") echo "core"; CORE=1 ;;
|
||||
("-V") echo "viper"; VIPER=1 ;;
|
||||
("-M") echo "modules"; MODULES=1 ;;
|
||||
("-D") echo "dashboard"; DASHBOARD=1 ;;
|
||||
("-m") echo "mail2"; MAIL2=1 ;;
|
||||
("-S") echo "ssdeep"; SSDEEP=1 ;;
|
||||
("-A") echo "all"; ALL=1 ;;
|
||||
("-C") echo "pre"; PRE=1 ;;
|
||||
("-U") echo "upgrade"; UPGRADE=1 ;;
|
||||
("-u") echo "unattended"; UNATTENDED=1 ;;
|
||||
("-f") echo "force"; FORCE=1 ;;
|
||||
(*) echo "$o is not a valid argument"; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
# Extract debian flavour
|
||||
checkFlavour () {
|
||||
if [ -z $(which lsb_release) ]; then
|
||||
checkAptLock
|
||||
sudo apt install lsb-release dialog -y
|
||||
fi
|
||||
|
||||
FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z])
|
||||
if [ FLAVOUR == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r)
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
||||
else
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Extract manufacturer
|
||||
checkManufacturer () {
|
||||
if [ ! -f $(which dmidecode) ]; then
|
||||
checkAptLock
|
||||
sudo apt install dmidecode -y
|
||||
fi
|
||||
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
||||
echo $MANUFACTURER
|
||||
}
|
||||
|
||||
# Dynamic horizontal spacer
|
||||
space () {
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
# Check terminal width
|
||||
num=`tput cols`
|
||||
for i in `seq 1 $num`; do
|
||||
echo -n "-"
|
||||
done
|
||||
echo ""
|
||||
}
|
||||
|
||||
# Spinner so the user knows something is happening
|
||||
spin()
|
||||
{
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
spinner="/|\\-/|\\-"
|
||||
while :
|
||||
do
|
||||
for i in `seq 0 7`
|
||||
do
|
||||
echo -n "${spinner:$i:1}"
|
||||
echo -en "\010"
|
||||
sleep 0.$i
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
# Progress bar
|
||||
progress () {
|
||||
if [[ "$NO_PROGRESS" == "1" ]]; then
|
||||
return
|
||||
fi
|
||||
bar="#"
|
||||
if [[ $progress -ge 100 ]]; then
|
||||
echo -ne "##################################################################################################### (100%)\r"
|
||||
return
|
||||
fi
|
||||
progress=$[$progress+$1]
|
||||
for p in $(seq 1 $progress); do
|
||||
bar+="#"
|
||||
echo -ne "$bar ($p%)\r"
|
||||
done
|
||||
echo -ne '\n'
|
||||
}
|
||||
|
||||
# Check locale
|
||||
checkLocale () {
|
||||
debug "Checking Locale"
|
||||
# If locale is missing, generate and install a common UTF-8
|
||||
if [ ! -f /etc/default/locale ]; then
|
||||
checkAptLock
|
||||
sudo apt install locales -y
|
||||
sudo locale-gen en_US.UTF-8
|
||||
sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
|
||||
fi
|
||||
}
|
||||
|
||||
# Simple function to check command exit code
|
||||
checkFail () {
|
||||
if [[ $2 -ne 0 ]]; then
|
||||
echo "iAmError: $1"
|
||||
echo "The last command exited with error code: $2"
|
||||
exit $2
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if misp user is present and if run as root
|
||||
checkID () {
|
||||
debug "Checking if run as root and $MISP_USER is present"
|
||||
if [[ $EUID == 0 ]]; then
|
||||
echo "This script cannot be run as a root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
else
|
||||
ANSWER="y"
|
||||
fi
|
||||
|
||||
if [[ $ANSWER == "y" ]]; then
|
||||
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
|
||||
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
|
||||
elif [[ $ANSWER == "n" ]]; then
|
||||
echo "Using $USER as install user, hope that is what you want."
|
||||
echo -e "${RED}Adding $USER to groups www-data and staff${NC}"
|
||||
MISP_USER=$USER
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
else
|
||||
echo "yes or no was asked, try again."
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
echo -e "${RED}Adding $MISP_USER to groups www-data and staff${NC}"
|
||||
sudo adduser $MISP_USER staff
|
||||
sudo adduser $MISP_USER www-data
|
||||
fi
|
||||
}
|
||||
|
||||
# pre-install check to make sure what we will be installing on, is ready and not a half installed system
|
||||
preInstall () {
|
||||
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
||||
exit
|
||||
}
|
||||
|
||||
# Upgrade function
|
||||
upgrade () {
|
||||
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
||||
exit
|
||||
}
|
||||
|
||||
# check is /usr/local/src is RW by misp user
|
||||
checkUsrLocalSrc () {
|
||||
echo ""
|
||||
if [[ -e /usr/local/src ]]; then
|
||||
WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?)
|
||||
if [[ "$WRITEABLE" == "0" ]]; then
|
||||
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
|
||||
else
|
||||
# TODO: The below might be shorter, more elegant and more modern
|
||||
#[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it"
|
||||
if [ "$KALI" == "1" -o "$UNATTENDED" == "1" ]; then
|
||||
ANSWER="y"
|
||||
else
|
||||
space
|
||||
echo "/usr/local/src need to be writeable by $MISP_USER for misp-modules, viper etc."
|
||||
echo -n "Permission to fix? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
space
|
||||
fi
|
||||
if [ "$ANSWER" == "y" ]; then
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "/usr/local/src does not exist, creating."
|
||||
mkdir /usr/local/src
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
fi
|
||||
}
|
||||
|
||||
kaliSpaceSaver () {
|
||||
# Future function in case Kali overlay on LiveCD is full
|
||||
echo "${RED}Not implement${NC}"
|
||||
}
|
||||
|
||||
# Because Kali is l33t we make sure we run as root
|
||||
kaliOnRootR0ckz () {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
else
|
||||
# TODO: Make sure we consider this further down the road
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
fi
|
||||
}
|
||||
|
||||
setBaseURL () {
|
||||
debug "Setting Base URL"
|
||||
if [[ $(checkManufacturer) != "innotek GmbH" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
||||
echo "Do you want to change it now? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr [A-Z] [a-z])
|
||||
if [[ $ANSWER == "y" ]]; then
|
||||
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
||||
echo -n "Enter Base URL: "
|
||||
read MISP_BASEURL
|
||||
else
|
||||
MISP_BASEURL='""'
|
||||
fi
|
||||
else
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
fi
|
||||
elif [[ $KALI == "1" ]]; then
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
else
|
||||
MISP_BASEURL='https://localhost:8443'
|
||||
# Webserver configuration
|
||||
FQDN='localhost.localdomain'
|
||||
fi
|
||||
}
|
||||
|
||||
# Test and install software RNG
|
||||
installRNG () {
|
||||
sudo modprobe tpm-rng 2> /dev/null
|
||||
if [ "$?" -eq "0" ]; then
|
||||
echo tpm-rng | sudo tee -a /etc/modules
|
||||
fi
|
||||
checkAptLock
|
||||
sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
||||
sudo service rng-tools start
|
||||
|
||||
if [ "$?" -eq "1" ]; then
|
||||
sudo apt purge -qy rng-tools
|
||||
sudo apt install -qy haveged
|
||||
sudo /etc/init.d/haveged start
|
||||
fi
|
||||
}
|
||||
|
||||
# Kali upgrade
|
||||
kaliUpgrade () {
|
||||
debug "Running various Kali upgrade tasks"
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
||||
}
|
||||
|
||||
# Disables sleep
|
||||
disableSleep () {
|
||||
debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
|
||||
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null
|
||||
gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null
|
||||
gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null
|
||||
|
||||
setterm -blank 0 -powersave off -powerdown 0
|
||||
xset s 0 0 2> /dev/null
|
||||
xset dpms 0 0 2> /dev/null
|
||||
xset dpms force off
|
||||
xset s off 2> /dev/null
|
||||
service sleepd stop
|
||||
kill $(lsof | grep 'sleepd' | awk '{print $2}')
|
||||
checkAptLock
|
||||
}
|
||||
|
||||
# Remove alias if present
|
||||
if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
||||
# Simple function to make sure APT is not locked
|
||||
checkAptLock () {
|
||||
SLEEP=3
|
||||
while [ "$DONE" != "0" ]; do
|
||||
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
||||
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
||||
sleep $SLEEP
|
||||
SLEEP=$[$SLEEP+3]
|
||||
done
|
||||
unset DONE
|
||||
}
|
||||
|
||||
# <snippet-begin 0_installDepsPhp73.sh>
|
||||
# Install Php 7.3 deps
|
||||
installDepsPhp73 () {
|
||||
debug "Installing PHP 7.3 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.3
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-pear \
|
||||
php-redis php-gnupg
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp73.sh>
|
||||
|
||||
# Installing core dependencies
|
||||
installDeps () {
|
||||
debug "Installing core dependencies"
|
||||
checkAptLock
|
||||
sudo apt update
|
||||
sudo apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
gitMail=$(git config --global --get user.email ; echo $?)
|
||||
if [ "$?" -eq "1" ]; then
|
||||
git config --global user.email "root@kali.lan"
|
||||
fi
|
||||
gitUser=$(git config --global --get user.name ; echo $?)
|
||||
if [ "$?" -eq "1" ]; then
|
||||
git config --global user.name "Root User"
|
||||
fi
|
||||
|
||||
[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix
|
||||
|
||||
sudo apt install -qy \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
mariadb-server \
|
||||
apache2 apache2-doc apache2-utils \
|
||||
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
||||
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
||||
|
||||
installRNG
|
||||
}
|
||||
|
||||
# On Kali, the redis start-up script is broken. This tries to fix it.
|
||||
fixRedis () {
|
||||
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
||||
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
||||
|
||||
echo '#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: redis-server
|
||||
# Required-Start: $syslog
|
||||
# Required-Stop: $syslog
|
||||
# Should-Start: $local_fs
|
||||
# Should-Stop: $local_fs
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: redis-server - Persistent key-value db
|
||||
# Description: redis-server - Persistent key-value db
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/bin/redis-server
|
||||
DAEMON_ARGS=/etc/redis/redis.conf
|
||||
NAME=redis-server
|
||||
DESC=redis-server
|
||||
PIDFILE=/var/run/redis.pid
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
test -x $DAEMONBOOTSTRAP || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
touch $PIDFILE
|
||||
chown redis:redis $PIDFILE
|
||||
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
||||
then
|
||||
echo "$NAME."
|
||||
else
|
||||
echo "failed"
|
||||
fi
|
||||
rm -f $PIDFILE
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
${0} stop
|
||||
${0} start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0' | sudo tee /etc/init.d/redis-server
|
||||
sudo chmod 755 /etc/init.d/redis-server
|
||||
sudo /etc/init.d/redis-server start
|
||||
}
|
||||
|
||||
# generate MISP apache conf
|
||||
genApacheConf () {
|
||||
echo "<VirtualHost _default_:80>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
|
||||
Redirect permanent / https://misp.local
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@localhost.lu
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
}
|
||||
|
||||
# Add git pull update mechanism to rc.local - TODO: Make this better
|
||||
gitPullAllRCLOCAL () {
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
||||
composer72 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Composer on php 7.3 needs a recent version of composer.phar
|
||||
composer73 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
|
||||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
|
||||
sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
sudo -H -u www-data php composer-setup.php
|
||||
sudo -H -u www-data php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2
|
||||
$SUDO_WWW php composer.phar config vendor-dir Vendor
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Enable various core services
|
||||
enableServices () {
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
}
|
||||
|
||||
# Generate rc.local
|
||||
genRCLOCAL () {
|
||||
if [ ! -e /etc/rc.local ]; then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Final function to let the user know what happened
|
||||
theEnd () {
|
||||
space
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt
|
||||
echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt
|
||||
|
||||
clear
|
||||
space
|
||||
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
||||
echo
|
||||
echo "User: admin@admin.test"
|
||||
echo "Password: admin"
|
||||
space
|
||||
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001"
|
||||
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234"
|
||||
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space
|
||||
echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)"
|
||||
echo "/home/${MISP_USER}/mysql.txt"
|
||||
echo -e "${RED}Contents:${NC}"
|
||||
cat /home/${MISP_USER}/mysql.txt
|
||||
echo "/home/${MISP_USER}/MISP-authkey.txt"
|
||||
echo -e "${RED}Contents:${NC}"
|
||||
cat /home/${MISP_USER}/MISP-authkey.txt
|
||||
space
|
||||
echo -e "The ${RED}LOCAL${NC} system credentials:"
|
||||
echo "User: ${MISP_USER}"
|
||||
echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user"
|
||||
space
|
||||
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
||||
echo
|
||||
echo "sudo postconf -e 'relayhost = example.com'"
|
||||
echo "sudo postfix reload"
|
||||
space
|
||||
echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues"
|
||||
space
|
||||
if [ $UNATTENDED == "1" ]; then
|
||||
echo -e "${RED}Unattended install!${NC}"
|
||||
echo -e "This means we guessed the Base URL, it might be wrong, please double check."
|
||||
space
|
||||
fi
|
||||
|
||||
if [[ "$USER" != "$MISP_USER" ]]; then
|
||||
sudo su - ${MISP_USER}
|
||||
fi
|
||||
}
|
||||
## End Function Section Nothing allowed in .md after this line ##
|
||||
# <snippet-end 0_support-functions.sh>
|
||||
```
|
|
@ -1,31 +1,69 @@
|
|||
#### Install viper framework (with a virtualenv)
|
||||
-----------------------
|
||||
|
||||
!!! warning
|
||||
Viper has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7<br />
|
||||
If you have python3.7 installed make sure **virtualenv** uses **python3.6**<br />
|
||||
```bash
|
||||
virtualenv -p python3.6 venv
|
||||
```
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable -y
|
||||
git clone https://github.com/viper-framework/viper.git
|
||||
cd viper
|
||||
virtualenv -p python3.6 venv
|
||||
git submodule update --init --recursive
|
||||
./venv/bin/pip install scrapy
|
||||
./venv/bin/pip install -r requirements.txt
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
/usr/local/src/viper/viper-cli -h
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment
|
||||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ ${AUTH_KEY}/g" ~/.viper/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
# <snippet-begin 6_viper.sh>
|
||||
# Main Viper install function
|
||||
viper () {
|
||||
debug "Installing Viper dependencies"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install \
|
||||
libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \
|
||||
python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y
|
||||
echo "Cloning Viper"
|
||||
$SUDO_USER git clone https://github.com/viper-framework/viper.git
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper
|
||||
cd viper
|
||||
echo "Creating virtualenv"
|
||||
$SUDO_USER virtualenv -p python3 venv
|
||||
echo "Submodule update"
|
||||
# TODO: Check for current user install permissions
|
||||
$SUDO_USER git submodule update --init --recursive
|
||||
##$SUDO git submodule update --init --recursive
|
||||
echo "Pip install deps"
|
||||
$SUDO_USER ./venv/bin/pip install SQLAlchemy PrettyTable python-magic
|
||||
echo "pip install scrapy"
|
||||
$SUDO_USER ./venv/bin/pip install scrapy
|
||||
echo "install lief"
|
||||
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
||||
echo "pip install reqs"
|
||||
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli
|
||||
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
||||
echo "pip uninstall yara"
|
||||
$SUDO_USER ./venv/bin/pip uninstall yara -y
|
||||
echo "Launching viper-cli"
|
||||
# TODO: Perms
|
||||
#$SUDO /usr/local/src/viper/viper-cli -h > /dev/null
|
||||
/usr/local/src/viper/viper-cli -h > /dev/null
|
||||
echo "Launching viper-web"
|
||||
# TODO: Perms
|
||||
/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
#$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &
|
||||
echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
|
||||
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
||||
|
||||
# TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t
|
||||
if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then
|
||||
VIPER_HOME="/home/${MISP_USER}/.viper"
|
||||
else
|
||||
VIPER_HOME="${HOME}/.viper"
|
||||
fi
|
||||
|
||||
echo "Setting misp_url/misp_key"
|
||||
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
||||
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
||||
# Reset admin password to: admin/Password1234
|
||||
echo "Fixing admin.db with default password"
|
||||
while [ "$(sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
||||
# FIXME This might lead to a race condition, the while loop is sub-par
|
||||
sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db
|
||||
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
||||
sleep 6
|
||||
done
|
||||
|
||||
# Add viper-web to rc.local to be started on boot
|
||||
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
||||
}
|
||||
# <snippet-end 6_viper.sh>
|
||||
```
|
||||
|
|
|
@ -352,6 +352,7 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
|||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chcon -t httpd_sys_script_exec_t /var/www/MISP/app/Console/cake
|
||||
sudo chcon -R -t usr_t /var/www/MISP/venv
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
|
@ -535,6 +536,8 @@ sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
|||
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
{!generic/misp-dashboard-centos.md!}
|
||||
|
||||
{!generic/MISP_CAKE_init_centos.md!}
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
|
|
@ -424,7 +424,7 @@ sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kba
|
|||
sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
```
|
||||
|
||||
{!generic/misp-modules.md!}
|
||||
{!generic/misp-modules-debian.md!}
|
||||
|
||||
```bash
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
|
|
Loading…
Reference in New Issue