diff --git a/INSTALL/INSTALL.debian.sh b/INSTALL/INSTALL.debian.sh index 96af41d36..6e12e5128 100755 --- a/INSTALL/INSTALL.debian.sh +++ b/INSTALL/INSTALL.debian.sh @@ -1,37 +1,185 @@ #!/usr/bin/env bash -#INSTALLATION INSTRUCTIONS -#------------------------- for Kali Linux +############################################################ +###### # +##### Please AutoGenerated... ## +#### Do NOT was ### +### Manually It #### +## Change this Script... ##### +# ###### +############################################################ +############################################################ +#INSTALLATION INSTRUCTIONS # +########################################################## +#------------------------- for Debian Flavored Linux Distributions # -#0/ Quick MISP Instance on Kali Linux - Status -#--------------------------------------------- +#-------------------------------------------------------| +# 0/ Quick MISP Instance on Debian Based Linux - Status | +#-------------------------------------------------------| # -#1/ Prepare Kali with a MISP User -#-------------------------------- -# To install MISP on Kali copy paste this in your r00t shell: -# wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh +# 20190208: Kali Linux tested and working. +# +# +#-------------------------------------------------------| +# 1/ For Kali, download and run Installer Script | +#-------------------------------------------------------| +# +# To install MISP on Kali copy paste the following to your r00t shell: +# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh # /!\ Please read the installer script before randomly doing the above. # The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies. +# +# +#---------------------------------------------------------------------------------------------| +# 2/ For other Debian based Linux distributions, download script and run as unprivileged user | +#---------------------------------------------------------------------------------------------| +# +# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C +# +# +#----------------------------------------------------------| +# 3/ The following script has been partially autogenerated | +#----------------------------------------------------------| +# +# To generate this script yourself, the following steps need to be taken. +# $ git clone https://github.com/SteveClement/xsnippet.git +# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough. +# $ git clone https://github.com/MISP/MISP.git +# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh +# +## +### +####----------------\ +## Developer Note | +####--------------------------------------------------------------------------------------------------| +## In theory the order does not matter as everything is a self-contained function. | +# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. | +# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. | +#-----------------------------------------------------------------------------------------------------| +# +# ToC # +# +#### BEGIN AUTOMATED SECTION #### +# +MISPvars () { + debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours" + # Local non-root MISP user + MISP_USER='misp' + MISP_PASSWORD='Password1234' -# Leave empty for NO debug messages. + # The web server user + WWW_USER="www-data" + + # MISP configuration variables + PATH_TO_MISP='/var/www/MISP' + + if [ -z "$FQDN" ]; then + FQDN="misp.local" + fi + + if [ -z "$MISP_BASEURL" ]; then + MISP_BASEURL='""' + fi + + MISP_LIVE='1' + + # Database configuration + DBHOST='localhost' + DBNAME='misp' + DBUSER_ADMIN='root' + DBPASSWORD_ADMIN="$(openssl rand -hex 32)" + DBUSER_MISP='misp' + DBPASSWORD_MISP="$(openssl rand -hex 32)" + + # OpenSSL configuration + OPENSSL_CN=$FQDN + OPENSSL_C='LU' + OPENSSL_ST='State' + OPENSSL_L='Location' + OPENSSL_O='Organization' + OPENSSL_OU='Organizational Unit' + OPENSSL_EMAILADDRESS="info@$FQDN" + + # GPG configuration + GPG_REAL_NAME='Autogenerated Key' + GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' + GPG_EMAIL_ADDRESS='admin@admin.test' + GPG_KEY_LENGTH='2048' + GPG_PASSPHRASE='Password1234' + + # debug alias to make sure people are not confused when blindly copy pasting blobs of code + alias debug="echo -e" + + # checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code + alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'" + + # php.ini configuration + upload_max_filesize=50M + post_max_size=50M + max_execution_time=300 + memory_limit=512M + + CAKE="$PATH_TO_MISP/app/Console/cake" + + # sudo config to run $LUSER commands + SUDO_USER="sudo -H -u ${MISP_USER} " + SUDO_WWW="sudo -H -u ${WWW_USER} " + + echo "The following DB Passwords were generated..." + echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}" + echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}" +} + +# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default DEBUG= -# Function Section +case "$-" in + *x*) NO_PROGRESS=1; DEBUG=1 ;; + *) NO_PROGRESS=0 ;; +esac + +## Function Section ## ## Usage of this script usage () { - echo "Please specify what type of MISP if you want to install." + if [ "$0" == "bash" ]; then + WEB_INSTALL=1 + SCRIPT_NAME="Web Installer Command" + else + SCRIPT_NAME=$0 + fi + + exec &> /dev/tty space - echo "${0} -c | Install ONLY MISP Core" # core - echo " -V | Core + Viper" # viper - echo " -M | Core + MISP modules" # modules - echo " -D | Core + MISP dashboard" # dashboard - echo " -m | Core + Mail 2 MISP" # mail2 - echo " -A | Install all of the above" # all + echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install." space - echo " -C | Only do pre-install checks and exit" # pre + echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core + echo -e " -M | ${LBLUE}MISP${NC} modules" # modules + echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard + echo -e " -V | Viper" # viper + echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2 + echo -e " -S | Experimental ssdeep correlations" # ssdeep + echo -e " -A | Install ${YELLOW}all${NC} of the above" # all space - echo "Options can be combined: ${0} -V -D # Will install Core+Viper+Dashboard" + echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre space + echo -e " -u | Do an unattanded Install, no questions asked" # UNATTENDED + echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE + space + echo -e "${HIDDEN}Some parameters want to be hidden: ${NC}" + echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE + echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard" + space + echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or" + echo -e "MISP + modules - ${SCRIPT_NAME} -c -M" + space +} + +# Check if element is contained in array +containsElement () { + local e match="$1" + shift + for e; do [[ "$e" == "$match" ]] && return 0; done + return 1 } checkOpt () { @@ -42,28 +190,54 @@ checkOpt () { setOpt () { options=() for o in $@; do - option=$( case "$o" in - ("-c") echo "core" ;; - ("-V") echo "viper" ;; - ("-M") echo "modules" ;; - ("-D") echo "dashboard" ;; - ("-m") echo "mail2" ;; - ("-A") echo "all" ;; - ("-C") echo "pre" ;; - #(*) echo "$o is not a valid argument" ;; - esac) - options+=($option) + ("-c") echo "core"; CORE=1 ;; + ("-V") echo "viper"; VIPER=1 ;; + ("-M") echo "modules"; MODULES=1 ;; + ("-D") echo "dashboard"; DASHBOARD=1 ;; + ("-m") echo "mail2"; MAIL2=1 ;; + ("-S") echo "ssdeep"; SSDEEP=1 ;; + ("-A") echo "all"; ALL=1 ;; + ("-C") echo "pre"; PRE=1 ;; + ("-U") echo "upgrade"; UPGRADE=1 ;; + ("-u") echo "unattended"; UNATTENDED=1 ;; + ("-f") echo "force"; FORCE=1 ;; + (*) echo "$o is not a valid argument"; exit 1 ;; + esac done } # Extract debian flavour checkFlavour () { + if [ -z $(which lsb_release) ]; then + checkAptLock + sudo apt install lsb-release dialog -y + fi + FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z]) + if [ FLAVOUR == "ubuntu" ]; then + RELEASE=$(lsb_release -s -r) + debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}" + else + debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}" + fi +} + +# Extract manufacturer +checkManufacturer () { + if [ ! -f $(which dmidecode) ]; then + checkAptLock + sudo apt install dmidecode -y + fi + MANUFACTURER=$(sudo dmidecode -s system-manufacturer) + echo $MANUFACTURER } # Dynamic horizontal spacer space () { + if [[ "$NO_PROGRESS" == "1" ]]; then + return + fi # Check terminal width num=`tput cols` for i in `seq 1 $num`; do @@ -72,21 +246,52 @@ space () { echo "" } -# Simple debug function with message -debug () { - echo $1 - if [ ! -z $DEBUG ]; then - echo "Debug Mode, press enter to continue..." - read +# Spinner so the user knows something is happening +spin() +{ + if [[ "$NO_PROGRESS" == "1" ]]; then + return fi + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 0.$i + done + done } -# Check if element is contained in array -containsElement () { - local e match="$1" - shift - for e; do [[ "$e" == "$match" ]] && return 0; done - return 1 +# Progress bar +progress () { + if [[ "$NO_PROGRESS" == "1" ]]; then + return + fi + bar="#" + if [[ $progress -ge 100 ]]; then + echo -ne "##################################################################################################### (100%)\r" + return + fi + progress=$[$progress+$1] + for p in $(seq 1 $progress); do + bar+="#" + echo -ne "$bar ($p%)\r" + done + echo -ne '\n' +} + +# Check locale +checkLocale () { + debug "Checking Locale" + # If locale is missing, generate and install a common UTF-8 + if [ ! -f /etc/default/locale ]; then + checkAptLock + sudo apt install locales -y + sudo locale-gen en_US.UTF-8 + sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 + fi } # Simple function to check command exit code @@ -100,51 +305,91 @@ checkFail () { # Check if misp user is present and if run as root checkID () { + debug "Checking if run as root and $MISP_USER is present" if [[ $EUID == 0 ]]; then - echo "This script cannot be run as a root" - exit 1 + echo "This script cannot be run as a root" + exit 1 elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then - echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) " - read ANSWER - ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + if [[ "$UNATTENDED" != "1" ]]; then + echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + else + ANSWER="y" + fi + if [[ $ANSWER == "y" ]]; then - useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER - echo $MISP_USER:$MISP_PASSWORD | chpasswd + sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER + echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd echo "User $MISP_USER added, password is: $MISP_PASSWORD" elif [[ $ANSWER == "n" ]]; then echo "Using $USER as install user, hope that is what you want." + echo -e "${RED}Adding $USER to groups www-data and staff${NC}" MISP_USER=$USER + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data else echo "yes or no was asked, try again." + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data exit 1 fi else echo "User ${MISP_USER} exists, skipping creation" + echo -e "${RED}Adding $MISP_USER to groups www-data and staff${NC}" + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data fi } -# check if sudo is installed -checkSudo () { -sudo -H -u $MISP_USER ls -la /tmp > /dev/null 2> /dev/null -if [[ $? -ne 0 ]]; then - echo "sudo seems to be not installed or working, please fix this before continuing the installation." - echo "apt install sudo # As root should be enough, make sure the $MISP_USER is able to run sudo." - exit 1 -fi +# pre-install check to make sure what we will be installing on, is ready and not a half installed system +preInstall () { + echo -e "${RED}Place-holder, not implemented yet.${NC}" + exit +} + +# Upgrade function +upgrade () { + echo -e "${RED}Place-holder, not implemented yet.${NC}" + exit } # check is /usr/local/src is RW by misp user checkUsrLocalSrc () { -if [[ -e /usr/local/src ]]; then - if [[ -w /usr/local/src ]]; then - echo "Good, /usr/local/src exists and is writeable as $MISP_USER" + echo "" + if [[ -e /usr/local/src ]]; then + WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?) + if [[ "$WRITEABLE" == "0" ]]; then + echo "Good, /usr/local/src exists and is writeable as $MISP_USER" + else + # TODO: The below might be shorter, more elegant and more modern + #[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it" + if [ "$KALI" == "1" -o "$UNATTENDED" == "1" ]; then + ANSWER="y" + else + space + echo "/usr/local/src need to be writeable by $MISP_USER for misp-modules, viper etc." + echo -n "Permission to fix? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + space + fi + if [ "$ANSWER" == "y" ]; then + sudo chmod 2775 /usr/local/src + sudo chown root:staff /usr/local/src + fi + fi else - echo -n "/usr/local/src need to be writeable by $MISP_USER, permission to fix? (y/n)" - read ANSWER - ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + echo "/usr/local/src does not exist, creating." + mkdir /usr/local/src + sudo chmod 2775 /usr/local/src + sudo chown root:staff /usr/local/src fi -fi +} +kaliSpaceSaver () { + # Future function in case Kali overlay on LiveCD is full + echo "${RED}Not implement${NC}" } # Because Kali is l33t we make sure we run as root @@ -153,7 +398,7 @@ kaliOnRootR0ckz () { echo "This script must be run as root" exit 1 elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then - useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER + useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER echo $MISP_USER:$MISP_PASSWORD | chpasswd else # TODO: Make sure we consider this further down the road @@ -161,67 +406,119 @@ kaliOnRootR0ckz () { fi } -# Setting generic MISP variables share by all flavours -MISPvars () { - # Local non-root MISP user - MISP_USER='misp' - MISP_PASSWORD='Password1234' +setBaseURL () { + debug "Setting Base URL" + if [[ $(checkManufacturer) != "innotek GmbH" ]]; then + debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be." + if [[ "$UNATTENDED" != "1" ]]; then + echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards." + echo "Do you want to change it now? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + if [[ $ANSWER == "y" ]]; then + echo "Please enter the Base URL, e.g: 'https://example.org'" + echo -n "Enter Base URL: " + read MISP_BASEURL + else + MISP_BASEURL='""' + fi + else + MISP_BASEURL="https://misp.local" + # Webserver configuration + FQDN='misp.local' + fi + elif [[ $KALI == "1" ]]; then + MISP_BASEURL="https://misp.local" + # Webserver configuration + FQDN='misp.local' + else + MISP_BASEURL='https://localhost:8443' + # Webserver configuration + FQDN='localhost.localdomain' + fi +} - # MISP configuration variables - PATH_TO_MISP='/var/www/MISP' - MISP_BASEURL='https://misp.local' - MISP_LIVE='1' - CAKE="$PATH_TO_MISP/app/Console/cake" +# Test and install software RNG +installRNG () { + sudo modprobe tpm-rng 2> /dev/null + if [ "$?" -eq "0" ]; then + echo tpm-rng | sudo tee -a /etc/modules + fi + checkAptLock + sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS + sudo service rng-tools start - # Database configuration - DBHOST='localhost' - DBNAME='misp' - DBUSER_ADMIN='root' - DBPASSWORD_ADMIN="$(openssl rand -hex 32)" - DBUSER_MISP='misp' - DBPASSWORD_MISP="$(openssl rand -hex 32)" + if [ "$?" -eq "1" ]; then + sudo apt purge -qy rng-tools + sudo apt install -qy haveged + sudo /etc/init.d/haveged start + fi +} - # Webserver configuration - FQDN='misp.local' +# Kali upgrade +kaliUpgrade () { + debug "Running various Kali upgrade tasks" + sudo apt update + checkAptLock + sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y + sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y +} - # OpenSSL configuration - OPENSSL_CN=$FQDN - OPENSSL_C='LU' - OPENSSL_ST='State' - OPENSSL_L='Location' - OPENSSL_O='Organization' - OPENSSL_OU='Organizational Unit' - OPENSSL_EMAILADDRESS='info@localhost' +# Disables sleep +disableSleep () { + debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null + gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null + gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null - # GPG configuration - GPG_REAL_NAME='Autogenerated Key' - GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' - GPG_EMAIL_ADDRESS='admin@admin.test' - GPG_KEY_LENGTH='2048' - GPG_PASSPHRASE='Password1234' + setterm -blank 0 -powersave off -powerdown 0 + xset s 0 0 2> /dev/null + xset dpms 0 0 2> /dev/null + xset dpms force off + xset s off 2> /dev/null + service sleepd stop + kill $(lsof | grep 'sleepd' | awk '{print $2}') + checkAptLock +} - # php.ini configuration - upload_max_filesize=50M - post_max_size=50M - max_execution_time=300 - memory_limit=512M - PHP_INI=/etc/php/7.3/apache2/php.ini +# Remove alias if present +if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi +# Simple function to make sure APT is not locked +checkAptLock () { + SLEEP=3 + while [ "$DONE" != "0" ]; do + sudo apt-get check 2> /dev/null > /dev/null && DONE=0 + echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty + sleep $SLEEP + SLEEP=$[$SLEEP+3] + done + unset DONE +} - # apt config - export DEBIAN_FRONTEND=noninteractive - - # sudo config to run $LUSER commands - SUDO="sudo -u ${MISP_USER}" - SUDO_WWW="sudo -u www-data" - - echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}" - echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}" +# Install Php 7.3 deps +installDepsPhp73 () { + debug "Installing PHP 7.3 dependencies" + PHP_ETC_BASE=/etc/php/7.3 + PHP_INI=${PHP_ETC_BASE}/apache2/php.ini + sudo apt update + checkAptLock + sudo apt install -qy \ + libapache2-mod-php7.3 \ + php7.3 php7.3-cli \ + php7.3-dev \ + php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ + php-pear \ + php-redis php-gnupg } # Installing core dependencies installDeps () { - apt update - apt install -qy etckeeper + debug "Installing core dependencies" + checkAptLock + sudo apt update + sudo apt install -qy etckeeper # Skip dist-upgrade for now, pulls in 500+ updated packages #sudo apt -y dist-upgrade gitMail=$(git config --global --get user.email ; echo $?) @@ -233,40 +530,23 @@ installDeps () { git config --global user.name "Root User" fi - apt install -qy postfix + [[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix - apt install -qy \ + sudo apt install -qy \ curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \ mariadb-client \ mariadb-server \ apache2 apache2-doc apache2-utils \ - libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php-pear php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \ python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect installRNG } -# Test and install software RNG -installRNG () { - modprobe tpm-rng 2> /dev/null - if [ "$?" -eq "0" ]; then - echo tpm-rng >> /etc/modules - fi - apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS - service rng-tools start - - if [ "$?" -eq "1" ]; then - apt purge -qy rng-tools - apt install -qy haveged - /etc/init.d/haveged start - fi -} - # On Kali, the redis start-up script is broken. This tries to fix it. fixRedis () { # As of 20190124 redis-server init.d scripts are broken and need to be replaced - mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d` + sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d` echo '#! /bin/sh ### BEGIN INIT INFO @@ -326,9 +606,9 @@ case "$1" in ;; esac -exit 0' | tee /etc/init.d/redis-server - chmod 755 /etc/init.d/redis-server - /etc/init.d/redis-server start +exit 0' | sudo tee /etc/init.d/redis-server + sudo chmod 755 /etc/init.d/redis-server + sudo /etc/init.d/redis-server start } # generate MISP apache conf @@ -413,20 +693,601 @@ enableServices () { update-rc.d mysql enable update-rc.d apache2 enable update-rc.d redis-server enable - } +} + +# Generate rc.local +genRCLOCAL () { + if [ ! -e /etc/rc.local ]; then + echo '#!/bin/sh -e' | tee -a /etc/rc.local + echo 'exit 0' | tee -a /etc/rc.local + chmod u+x /etc/rc.local + fi + + sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local + sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local + sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local + sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local +} + +# Final function to let the user know what happened +theEnd () { + space + echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt + echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt + echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt + + clear + space + echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}" + echo + echo "User: admin@admin.test" + echo "Password: admin" + space + [[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001" + [[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space + echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)" + echo "/home/${MISP_USER}/mysql.txt" + echo -e "${RED}Contents:${NC}" + cat /home/${MISP_USER}/mysql.txt + echo "/home/${MISP_USER}/MISP-authkey.txt" + echo -e "${RED}Contents:${NC}" + cat /home/${MISP_USER}/MISP-authkey.txt + space + echo -e "The ${RED}LOCAL${NC} system credentials:" + echo "User: ${MISP_USER}" + echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user" + space + echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" + echo + echo "sudo postconf -e 'relayhost = example.com'" + echo "sudo postfix reload" + space + echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues" + space + if [ $UNATTENDED == "1" ]; then + echo -e "${RED}Unattended install!${NC}" + echo -e "This means we guessed the Base URL, it might be wrong, please double check." + space + fi + + if [[ "$USER" != "$MISP_USER" ]]; then + sudo su - ${MISP_USER} + fi +} +## End Function Section Nothing allowed in .md after this line ## + +aptUpgrade () { + debug "Upgrading system" + checkAptLock + sudo apt-get update + sudo apt-get upgrade -y +} + +# check if sudo is installed +checkSudoKeeper () { + echo "Checking for sudo and installing etckeeper" + if [[ ! -f $(which sudo) ]]; then + su -c "apt install etckeeper -y" + su -c "apt install sudo -y" + # TODO: Fix this, user misp might not exist + su -c "adduser misp sudo" + else + sudo apt install etckeeper -y + fi +} + +installCoreDeps () { + debug "Installing core dependencies" + # Install the dependencies: (some might already be installed) + sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv libfuzzy-dev -y + + # Install MariaDB (a MySQL fork/alternative) + sudo apt-get install mariadb-client mariadb-server -y + + # Install Apache2 + sudo apt-get install apache2 apache2-doc apache2-utils -y + + # install Mitre's STIX and its dependencies by running the following commands: + sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y + + sudo apt-get install python3-pip -y + sudo apt install expect -y +} + +# Install Php 7.3 deps +installDepsPhp73 () { + debug "Installing PHP 7.3 dependencies" + PHP_ETC_BASE=/etc/php/7.3 + PHP_INI=${PHP_ETC_BASE}/apache2/php.ini + sudo apt update + checkAptLock + sudo apt install -qy \ + libapache2-mod-php7.3 \ + php7.3 php7.3-cli \ + php7.3-dev \ + php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ + php-pear \ + php-redis php-gnupg +} + +# Install Php 7.2 dependencies +installDepsPhp72 () { + debug "Installing PHP 7.2 dependencies" + PHP_ETC_BASE=/etc/php/7.2 + PHP_INI=${PHP_ETC_BASE}/apache2/php.ini + sudo apt update + sudo apt install -qy \ + libapache2-mod-php \ + php php-cli \ + php-dev \ + php-json php-xml php-mysql php-opcache php-readline php-mbstring \ + php-redis php-gnupg + + for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit + do + sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI + done +} + +prepareDB () { + debug "Setting up database" + # Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines + pw=$MISP_PASSWORD + + expect -f - <<-EOF + set timeout 10 + + spawn sudo -k mysql_secure_installation + expect "*?assword*" + send -- "$pw\r" + expect "Enter current password for root (enter for none):" + send -- "\r" + expect "Set root password?" + send -- "y\r" + expect "New password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Re-enter new password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Remove anonymous users?" + send -- "y\r" + expect "Disallow root login remotely?" + send -- "y\r" + expect "Remove test database and access to it?" + send -- "y\r" + expect "Reload privilege tables now?" + send -- "y\r" + expect eof +EOF + sudo apt-get purge -y expect ; sudo apt autoremove -y + + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" + # Import the empty MISP database from MYSQL.sql + sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME +} + +apacheConfig () { + debug "Generating Apache config" + sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf + + # If a valid SSL certificate is not already created for the server, + # create a self-signed certificate: + sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ + -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt + + # Enable modules, settings, and default of SSL in Apache + sudo a2dismod status + sudo a2enmod ssl + sudo a2enmod rewrite + sudo a2enmod headers + sudo a2dissite 000-default + sudo a2ensite default-ssl + + # Apply all changes + sudo systemctl restart apache2 + # activate new vhost + sudo a2dissite default-ssl + sudo a2ensite misp-ssl + + # Restart apache + sudo systemctl restart apache2 +} + +installCore () { + debug "Installing ${LBLUE}MISP${NC} core" + # Download MISP using git in the /var/www/ directory. + sudo mkdir ${PATH_TO_MISP} + sudo chown www-data:www-data ${PATH_TO_MISP} + cd ${PATH_TO_MISP} + sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP} + sudo -u www-data git submodule update --init --recursive + # Make git ignore filesystem permission differences for submodules + sudo -u www-data git submodule foreach --recursive git config core.filemode false + + # Make git ignore filesystem permission differences + sudo -u www-data git config core.filemode false + + # Create a python3 virtualenv + sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv + + # make pip happy + sudo mkdir /var/www/.cache/ + sudo chown www-data:www-data /var/www/.cache + + cd ${PATH_TO_MISP}/app/files/scripts + sudo -H -u www-data git clone https://github.com/CybOXProject/python-cybox.git + sudo -H -u www-data git clone https://github.com/STIXProject/python-stix.git + sudo -H -u www-data git clone https://github.com/MAECProject/python-maec.git + # install mixbox to accommodate the new STIX dependencies: + sudo -H -u www-data git clone https://github.com/CybOXProject/mixbox.git + cd ${PATH_TO_MISP}/app/files/scripts/mixbox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd ${PATH_TO_MISP}/app/files/scripts/python-cybox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd ${PATH_TO_MISP}/app/files/scripts/python-stix + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd $PATH_TO_MISP/app/files/scripts/python-maec + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + # install STIX2.0 library to support STIX 2.0 export: + cd ${PATH_TO_MISP}/cti-python-stix2 + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + + # install PyMISP + cd ${PATH_TO_MISP}/PyMISP + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + + # install pydeep + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git + + # install lief + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + + # install python-magic + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic + + # Install Crypt_GPG and Console_CommandLine + sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml + sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml +} + +installCake () { + debug "Installing CakePHP" + # Once done, install CakeResque along with its dependencies + # if you intend to use the built in background jobs: + cd ${PATH_TO_MISP}/app + # Make composer cache happy + # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ + sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer + sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2 + sudo -H -u www-data php composer.phar config vendor-dir Vendor + sudo -H -u www-data php composer.phar install + + # Enable CakeResque with php-redis + sudo phpenmod redis + sudo phpenmod gnupg + + # To use the scheduler worker for scheduled tasks, do the following: + sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php + + # If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers + # The default Redis port can be updated in Plugin/CakeResque/Config/config.php +} + +# Main function to fix permissions to something sane +permissions () { + debug "Setting permissions" + sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} + sudo chmod -R 750 ${PATH_TO_MISP} + sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp + sudo chmod -R g+ws ${PATH_TO_MISP}/app/files + sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp +} + +configMISP () { + debug "Generating ${LBLUE}MISP${NC} config files" + # There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php + + echo " 'Database/Mysql', + //'datasource' => 'Database/Postgres', + 'persistent' => false, + 'host' => '$DBHOST', + 'login' => '$DBUSER_MISP', + 'port' => 3306, // MySQL & MariaDB + //'port' => 5432, // PostgreSQL + 'password' => '$DBPASSWORD_MISP', + 'database' => '$DBNAME', + 'prefix' => '', + 'encoding' => 'utf8', + ); + }" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php + + # Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php + # The salt key must be a string at least 32 bytes long. + # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user + # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, + # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) + + # and make sure the file permissions are still OK + sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config + sudo chmod -R 750 ${PATH_TO_MISP}/app/Config +} + +# Core cake commands +coreCAKE () { + debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}" + $SUDO_WWW -E $CAKE userInit -q + + # This makes sure all Database upgrades are done, without logging in. + $SUDO_WWW $CAKE Admin updateDatabase + + # Setup some more MISP default via cake CLI + + # The default install is Python in a virtualenv, setting accordingly + $SUDO_WWW $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python" + + # Tune global time outs + $SUDO_WWW $CAKE Admin setSetting "Session.autoRegenerate" 0 + $SUDO_WWW $CAKE Admin setSetting "Session.timeout" 600 + $SUDO_WWW $CAKE Admin setSetting "Session.cookieTimeout" 3600 + + # Change base url, either with this CLI command or in the UI + $SUDO_WWW $CAKE Baseurl $MISP_BASEURL + # example: 'baseurl' => 'https://', + # alternatively, you can leave this field empty if you would like to use relative pathing in MISP + # 'baseurl' => '', + + # Enable GnuPG + $SUDO_WWW $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS" + $SUDO_WWW $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" + $SUDO_WWW $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE" + + # Enable installer org and tune some configurables + $SUDO_WWW $CAKE Admin setSetting "MISP.host_org_id" 1 + $SUDO_WWW $CAKE Admin setSetting "MISP.email" "info@admin.test" + $SUDO_WWW $CAKE Admin setSetting "MISP.disable_emailing" true + $SUDO_WWW $CAKE Admin setSetting "MISP.contact" "info@admin.test" + $SUDO_WWW $CAKE Admin setSetting "MISP.disablerestalert" true + $SUDO_WWW $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true + $SUDO_WWW $CAKE Admin setSetting "MISP.default_event_tag_collection" 0 + + # Provisional Cortex tunes + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_enable" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_authkey" "" + # Mysteriously removed? + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 + # Mysteriously removed? + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true + + # Various plugin sightings settings + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_policy" 0 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_anonymise" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_range" 365 + + # Plugin CustomAuth tuneable + $SUDO_WWW $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false + + # RPZ Plugin settings + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" + + # Force defaults to make MISP Server Settings less RED + $SUDO_WWW $CAKE Admin setSetting "MISP.language" "eng" + $SUDO_WWW $CAKE Admin setSetting "MISP.proposals_block_attributes" false + + # Redis block + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_port" 6379 + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_database" 13 + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_password" "" + + # Force defaults to make MISP Server Settings less YELLOW + $SUDO_WWW $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 + $SUDO_WWW $CAKE Admin setSetting "MISP.extended_alert_subject" false + $SUDO_WWW $CAKE Admin setSetting "MISP.default_event_threat_level" 4 + $SUDO_WWW $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" + $SUDO_WWW $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" + $SUDO_WWW $CAKE Admin setSetting "MISP.enableEventBlacklisting" true + $SUDO_WWW $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true + $SUDO_WWW $CAKE Admin setSetting "MISP.log_client_ip" false + $SUDO_WWW $CAKE Admin setSetting "MISP.log_auth" false + $SUDO_WWW $CAKE Admin setSetting "MISP.disableUserSelfManagement" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" + $SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" + $SUDO_WWW $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false + $SUDO_WWW $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" + $SUDO_WWW $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" + $SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" + # TODO: Make sure $FLAVOUR is correct + $SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings" + + # Force defaults to make MISP Server Settings less GREEN + $SUDO_WWW $CAKE Admin setSetting "Security.password_policy_length" 12 + $SUDO_WWW $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' + + # Set MISP Live + $SUDO_WWW $CAKE Live $MISP_LIVE +} + +# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates +updateGOWNT () { + debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates" + AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) + + # Update the galaxies… + # TODO: Fix updateGalaxies + ##$SUDO_WWW $CAKE Admin updateGalaxies + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update + # Updating the taxonomies… + $SUDO_WWW $CAKE Admin updateTaxonomies + # Updating the warning lists… + # TODO: Fix updateWarningLists + ##$SUDO_WWW $CAKE Admin updateWarningLists + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update + # Updating the notice lists… + ## $SUDO_WWW $CAKE Admin updateNoticeLists + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update + # Updating the object templates… + ##$SUDO_WWW $CAKE Admin updateObjectTemplates + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update +} + +# Generate GnuPG key +setupGnuPG () { + if [ ! -d $PATH_TO_MISP/.gnupg ]; then + # The email address should match the one set in the config.php + # set in the configuration menu in the administration menu configuration file + echo "%echo Generating a default key + Key-Type: default + Key-Length: $GPG_KEY_LENGTH + Subkey-Type: default + Name-Real: $GPG_REAL_NAME + Name-Comment: $GPG_COMMENT + Name-Email: $GPG_EMAIL_ADDRESS + Expire-Date: 0 + Passphrase: $GPG_PASSPHRASE + # Do a commit here, so that we can later print "done" + %commit + %echo done" > /tmp/gen-key-script + + $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script + + # Export the public key to the webroot + $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc + fi +} + +logRotation () { + # MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs + # To rotate these logs install the supplied logrotate script: + sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp + sudo chmod 0640 /etc/logrotate.d/misp +} + +backgroundWorkers () { + debug "Setting up background workers" + # To make the background workers start on boot + sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh + if [ ! -e /etc/rc.local ] + then + echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local + echo 'exit 0' | sudo tee -a /etc/rc.local + sudo chmod u+x /etc/rc.local + fi + + # Start the workers + $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh + + # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: + sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local + sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local + sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local + sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local +} + +# Main MISP Modules install function +mispmodules () { + # FIXME: this is broken, ${PATH_TO_MISP} is litteral + sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local + cd /usr/local/src/ + ## TODO: checkUsrLocalSrc in main doc + $SUDO_USER git clone https://github.com/MISP/misp-modules.git + cd misp-modules + # some misp-modules dependencies + sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y + # If you build an egg, the user you build it as need write permissions in the CWD + sudo chgrp $WWW_USER . + sudo chmod g+w . + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS + sudo chgrp staff . + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . + sudo apt install ruby-pygments.rb -y + sudo gem install asciidoctor-pdf --pre + + # install additional dependencies for extended object generation and extraction + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib + # Start misp-modules + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s & + + # Sleep 9 seconds to give misp-modules a chance to spawn + sleep 9 + + # Enable Enrichment, set better timeouts + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 + # TODO:"Investigate why the next one fails" + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 + + # Enable Import modules, set better timeout + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true + + # Enable Export modules, set better timeout + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true +} # Main MISP Dashboard install function mispDashboard () { + debug "Install misp-dashboard" + # Install pyzmq to main MISP venv + debug "Installing PyZMQ" + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq cd /var/www - mkdir misp-dashboard - chown www-data:www-data misp-dashboard + sudo mkdir misp-dashboard + sudo chown www-data:www-data misp-dashboard + $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git cd misp-dashboard - /var/www/misp-dashboard/install_dependencies.sh - sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg - sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local - $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh - apt install libapache2-mod-wsgi-py3 -y + sudo -H /var/www/misp-dashboard/install_dependencies.sh + sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg + sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf + sudo apt install libapache2-mod-wsgi-py3 -y echo " ServerAdmin admin@misp.local ServerName misp.local @@ -467,323 +1328,427 @@ mispDashboard () { ErrorLog /var/log/apache2/misp-dashboard.local_error.log CustomLog /var/log/apache2/misp-dashboard.local_access.log combined ServerSignature Off - " | tee /etc/apache2/sites-available/misp-dashboard.conf - a2ensite misp-dashboard + " | sudo tee /etc/apache2/sites-available/misp-dashboard.conf + + # Enable misp-dashboard in apache and reload + sudo a2ensite misp-dashboard + sudo systemctl restart apache2 + + # Needs to be started after apache2 is reloaded so the port status check works + $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh + + # Add misp-dashboard to rc.local to start on boot. + sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local } -# TODO: dashboardCAKE () { } - -# Core cake commands -coreCAKE () { - $CAKE Live $MISP_LIVE - $CAKE Baseurl $MISP_BASEURL - - $CAKE userInit -q - - $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true - $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 - $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" - $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 - $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 - $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" - $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false - $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false - $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false - $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" - $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg" - $CAKE Admin setSetting "GnuPG.password" "Password1234" - $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true - $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true - $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 - $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 - $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true - $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true - $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" - $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 - $CAKE Admin setSetting "Plugin.Import_services_enable" true - $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" - $CAKE Admin setSetting "Plugin.Import_services_port" 6666 - $CAKE Admin setSetting "Plugin.Import_timeout" 300 - $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true - $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true - $CAKE Admin setSetting "Plugin.Export_services_enable" true - $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" - $CAKE Admin setSetting "Plugin.Export_services_port" 6666 - $CAKE Admin setSetting "Plugin.Export_timeout" 300 - $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true - $CAKE Admin setSetting "MISP.host_org_id" 1 - $CAKE Admin setSetting "MISP.email" "info@admin.test" - $CAKE Admin setSetting "MISP.disable_emailing" false - $CAKE Admin setSetting "MISP.contact" "info@admin.test" - $CAKE Admin setSetting "MISP.disablerestalert" true - $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true - $CAKE Admin setSetting "Plugin.Cortex_services_enable" false - $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" - $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 - $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 - $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" - $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 - $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 - $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" - $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false - $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false - $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true - $CAKE Admin setSetting "Plugin.Sightings_policy" 0 - $CAKE Admin setSetting "Plugin.Sightings_anonymise" false - $CAKE Admin setSetting "Plugin.Sightings_range" 365 - $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false - $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" - $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" - $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" - $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" - $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" - $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" - $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" - $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" - $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." - $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" - $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" - $CAKE Admin setSetting "MISP.language" "eng" - $CAKE Admin setSetting "MISP.proposals_block_attributes" false - $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" - $CAKE Admin setSetting "MISP.redis_port" 6379 - $CAKE Admin setSetting "MISP.redis_database" 13 - $CAKE Admin setSetting "MISP.redis_password" "" - $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 - $CAKE Admin setSetting "MISP.extended_alert_subject" false - $CAKE Admin setSetting "MISP.default_event_threat_level" 4 - $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" - $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" - $CAKE Admin setSetting "MISP.enableEventBlacklisting" true - $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true - $CAKE Admin setSetting "MISP.log_client_ip" false - $CAKE Admin setSetting "MISP.log_auth" false - $CAKE Admin setSetting "MISP.disableUserSelfManagement" false - $CAKE Admin setSetting "MISP.block_event_alert" false - $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" - $CAKE Admin setSetting "MISP.block_old_event_alert" false - $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" - $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false - $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install" - $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production" - $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly" - $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Kali" - $CAKE Admin setSetting "Security.password_policy_length" 12 - $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' - $CAKE Admin setSetting "Session.autoRegenerate" 0 - $CAKE Admin setSetting "Session.timeout" 600 - $CAKE Admin setSetting "Session.cookie_timeout" 3600 - $CAKE Live $MISP_LIVE -} - -# Setup GnuPG key -setupGnuPG () { - echo "%echo Generating a default key - Key-Type: default - Key-Length: $GPG_KEY_LENGTH - Subkey-Type: default - Name-Real: $GPG_REAL_NAME - Name-Comment: $GPG_COMMENT - Name-Email: $GPG_EMAIL_ADDRESS - Expire-Date: 0 - Passphrase: $GPG_PASSPHRASE - # Do a commit here, so that we can later print "done" - %commit - %echo done" > /tmp/gen-key-script - - $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script - - $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc -} - -updateGOWNT () { - AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) - - # TODO: Fix updateGalaxies - #$CAKE Admin updateGalaxies - curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update - $CAKE Admin updateTaxonomies - # TODO: Fix updateWarningLists - #$CAKE Admin updateWarningLists - curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update - curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update - curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update -} - -# Generate rc.local -genRCLOCAL () { - if [ ! -e /etc/rc.local ]; then - echo '#!/bin/sh -e' | tee -a /etc/rc.local - echo 'exit 0' | tee -a /etc/rc.local - chmod u+x /etc/rc.local - fi - - sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local - sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local - sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local - sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local -} - -# Main MISP Modules install function -mispmodules () { - sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local - $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh - cd /usr/local/src/ - git clone https://github.com/MISP/misp-modules.git - cd misp-modules - # pip3 install - pip3 install -I -r REQUIREMENTS - pip3 install -I . - pip3 install maec lief python-magic wand yara - pip3 install git+https://github.com/kbandla/pydeep.git - gem install pygments.rb - gem install asciidoctor-pdf --pre - $SUDO_WWW misp-modules -l 0.0.0.0 -s & -} - -# Main Viper install function -viper () { - cd /usr/local/src/ - debug "Installing Viper dependencies" - apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 - pip3 install SQLAlchemy PrettyTable python-magic - debug "Cloning Viper" - git clone https://github.com/viper-framework/viper.git - chown -R $MISP_USER:$MISP_USER viper - cd viper - debug "Submodule update" - $SUDO git submodule update --init --recursive - debug "pip install scrapy" - pip3 install scrapy - debug "pip install reqs" - pip3 install -r requirements.txt - debug "pip uninstall yara" - pip3 uninstall yara -y - debug "Launching viper-cli" - $SUDO /usr/local/src/viper/viper-cli -h > /dev/null - debug "Launching viper-web" - $SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & - echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee /etc/environment - echo ". /etc/environment" >> /home/${MISP_USER}/.profile - debug "Setting misp_url/misp_key" - $SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/${MISP_USER}/.viper/viper.conf - $SUDO sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" /home/${MISP_USER}/.viper/viper.conf - - debug "Fixing admin.db with default password" - while [ "$(sqlite3 /home/${MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do - # FIXME This might lead to a race condition, the while loop is sub-par - chown $MISP_USER:$MISP_USER /home/${MISP_USER}/.viper/admin.db - echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…" - sleep 6 - done - sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local -} - -# Main function to fix permissions to something sane -permissions () { - chown -R www-data:www-data $PATH_TO_MISP - chmod -R 750 $PATH_TO_MISP - chmod -R g+ws $PATH_TO_MISP/app/tmp - chmod -R g+ws $PATH_TO_MISP/app/files - chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp +dashboardCAKE () { + # Enable ZeroMQ for misp-dashboard + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false } # Main mail2misp install function mail2misp () { + debug "Installing Mail2${LBLUE}MISP${NC}" cd /usr/local/src/ - apt-get install -y cmake - git clone https://github.com/MISP/mail_to_misp.git - git clone git://github.com/stricaud/faup.git faup - chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp + sudo apt-get install cmake libcaca-dev -y + $SUDO_USER git clone https://github.com/MISP/mail_to_misp.git + $SUDO_USER git clone git://github.com/stricaud/faup.git faup + sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp cd faup - $SUDO mkdir -p build + # TODO Check permissions + ##$SUDO mkdir -p build + $SUDO_USER mkdir -p build cd build - $SUDO cmake .. && $SUDO make - make install - ldconfig - cd ../../ - cd mail_to_misp - pip3 install -r requirements.txt - $SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py - sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py - sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py + $SUDO_USER cmake .. && $SUDO_USER make + ##$SUDO cmake .. && $SUDO make + sudo make install + sudo ldconfig + cd ../../mail_to_misp + $SUDO_USER virtualenv -p python3 venv + $SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + $SUDO_USER ./venv/bin/pip install -r requirements.txt + $SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py + ##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py + $SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py + $SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py } -# Final function to let the user know what happened -theEnd () { - space - echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt - echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt - echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt +ssdeep () { + debug "Install ssdeep 2.14.1" + cd /usr/local/src + $SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz + $SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz + cd ssdeep-2.14.1 + $SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc + $SUDO_USER make + sudo make install - clear + #installing ssdeep_php + sudo pecl install ssdeep + + # You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version + echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini + sudo phpenmod ssdeep + sudo service apache2 restart +} + +# Main Viper install function +viper () { + debug "Installing Viper dependencies" + cd /usr/local/src/ + sudo apt-get install \ + libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \ + python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y + echo "Cloning Viper" + $SUDO_USER git clone https://github.com/viper-framework/viper.git + sudo chown -R $MISP_USER:$MISP_USER viper + cd viper + echo "Creating virtualenv" + $SUDO_USER virtualenv -p python3 venv + echo "Submodule update" + # TODO: Check for current user install permissions + $SUDO_USER git submodule update --init --recursive + ##$SUDO git submodule update --init --recursive + echo "Pip install deps" + $SUDO_USER ./venv/bin/pip install SQLAlchemy PrettyTable python-magic + echo "pip install scrapy" + $SUDO_USER ./venv/bin/pip install scrapy + echo "install lief" + $SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + echo "pip install reqs" + $SUDO_USER ./venv/bin/pip install -r requirements.txt + $SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli + $SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web + echo "pip uninstall yara" + $SUDO_USER ./venv/bin/pip uninstall yara -y + echo "Launching viper-cli" + # TODO: Perms + #$SUDO /usr/local/src/viper/viper-cli -h > /dev/null + /usr/local/src/viper/viper-cli -h > /dev/null + echo "Launching viper-web" + # TODO: Perms + /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & + #$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & + echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment + echo ". /etc/environment" >> /home/${MISP_USER}/.profile + + # TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t + if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then + VIPER_HOME="/home/${MISP_USER}/.viper" + else + VIPER_HOME="${HOME}/.viper" + fi + + echo "Setting misp_url/misp_key" + $SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf + $SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf + # Reset admin password to: admin/Password1234 + echo "Fixing admin.db with default password" + while [ "$(sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do + # FIXME This might lead to a race condition, the while loop is sub-par + sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db + echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…" + sleep 6 + done + + # Add viper-web to rc.local to be started on boot + sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local +} + + +# No functions scripts: +## apt-upgrade.sh ## +## postfix.sh ## +## interfaces.sh ## +# +### END AUTOMATED SECTION ### + +# This function will generate the main installer. +# It is a helper function for the maintainers for the installer. + +colors () { + # Some colors for easier debug and better UX (not colorblind compatible, PR welcome) + RED='\033[0;31m' + GREEN='\033[0;32m' + LBLUE='\033[1;34m' + YELLOW='\033[0;33m' + HIDDEN='\e[8m' + NC='\033[0m' +} + +generateInstaller () { + if [ ! -f $(which xsnippet) ]; then + echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH' + echo "git clone https://github.com/SteveClement/xsnippet.git" + exit 1 + fi + + if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then + echo -e "${RED}iAmError!${NC}" + echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break." + echo -e "You called: ${RED}$0${NC}" + exit 1 + fi + + mkdir installer ; cd installer + cp ../INSTALL.debian.tpl.sh . + + # Pull code snippets out of Main Install Documents + for f in `echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do + xsnippet . ../../docs/${f} + done + + # Pull out code snippets from generic Install Documents + for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do + xsnippet . ../../docs/generic/${f} + done + + # TODO: Fix the below. + # $ for f in `echo ls [0-9]_*`; do + # $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh + # $ done + # + # Temporary copy/paste holder + perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh + + cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh + cd .. + rm -rf installer + echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}" + exit 0 +} + +# Simple debug function with message + +# Make sure no alias exists +if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi +debug () { + echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty + if [ ! -z $DEBUG ]; then + NO_PROGRESS=1 + echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty + exec 3>&1 + read + else + # [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash) + #exec 3>&1 &>/dev/null + : + fi +} + +installMISPubuntuSupported () { space - echo "MISP Installed, access here: https://misp.local" - echo "User: admin@admin.test" - echo "Password: admin" - echo "MISP Dashboard, access here: http://misp.local:8001" + echo "Proceeding with the installation of MISP core" space - echo "The following files were created and need either protection or removal (shred on the CLI)" - echo "/home/${MISP_USER}/mysql.txt" - echo "/home/${MISP_USER}/MISP-authkey.txt" - cat /home/${MISP_USER}/mysql.txt - cat /home/${MISP_USER}/MISP-authkey.txt - space - echo "The LOCAL system credentials:" - echo "User: ${MISP_USER}" - echo "Password: ${MISP_PASSWORD}" - space - echo "viper-web installed, access here: http://misp.local:8888" - echo "viper-cli configured with your MISP Site Admin Auth Key" - echo "User: admin" - echo "Password: Password1234" - space - echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" - space - echo "sudo postconf -e 'relayhost = example.com'" - echo "sudo postfix reload" - space - echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues" - su - ${MISP_USER} + + # Set locale if not set - functionLocation('generic/supportFunctions.md') + debug "Checking Locale" + checkLocale + + # Set Base URL - functionLocation('generic/supportFunctions.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL + progress 4 + + # Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null + progress 4 + + # Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null + progress 4 + + # TODO: Double check how the user is added and subsequently used during the install. + # TODO: Work on possibility to install as user X and install MISP for user Y + # TODO: Check if logout needed. (run SUDO_USER in installer) + # + # TODO: Double check how to properly handle postfix + # + + # Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars + progress 4 + + # Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md') + checkID + progress 4 + + # Starting friendly UI spinner + #spin & + #SPIN_PID=$! + #disown + #trap "kill -9 $SPIN_PID" `seq 0 15` + + # Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps 2> /dev/null > /dev/null + progress 4 + + # Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 2> /dev/null > /dev/null + progress 4 + + # Install Core MISP - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCore + progress 4 + + # Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCake + progress 4 + + # Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null + progress 4 + + # TODO: Mysql install functions, make it upgrade safe, double check + # Setup Databse - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null + progress 4 + + # Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null + progress 4 + + # Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null + progress 4 + + # Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null + progress 4 + + # Generate GnuPG key - functionLocation('generic/gnupg.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null + progress 4 + + # Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null + progress 4 + + # Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null + progress 4 + + # Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null + progress 4 + + # Disable spinner + #(kill $SPIN_PID 2>&1) >/dev/null + + # Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc + progress 4 + + ## Resume spinner + #spin & + #SPIN_PID=$! + #disown + #trap "kill -9 $SPIN_PID" `seq 0 15` + + # Install misp-modules - functionLocation('generic/misp-modules-debian.md') + [[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules + progress 4 + + # Install Viper - functionLocation('generic/viper-debian.md') + [[ -n $VIPER ]] || [[ -n $ALL ]] && viper + progress 4 + + # Install ssdeep - functionLocation('generic/ssdeep-debian.md') + [[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep + progress 4 + + # Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md') + [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null + progress 4 + + # Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md') + [[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp + progress 100 + + # Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md') + theEnd } # Main Kalin Install function installMISPonKali () { + # Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('') + kaliUpgrade 2> /dev/null > /dev/null + + # Set locale if not set - functionLocation('generic/supportFunctions.md') + checkLocale + + # Set Base URL - functionLocation('generic/supportFunctions.md') + setBaseURL + + # Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md') + installDepsPhp73 2> /dev/null > /dev/null + + # Set custom Kali only variables and tweaks space - debug "Disabling sleep etc…" - gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null - gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null - gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 2> /dev/null - xset s 0 0 2> /dev/null - xset dpms 0 0 2> /dev/null - xset s off 2> /dev/null + # The following disables sleep on kali/gnome + ### FIXME: Disabling for now, maybe source of some issues. + ##disableSleep 2> /dev/null > /dev/null + ##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script." + ##sleep 3 debug "Installing dependencies" - installDeps + installDeps 2> /dev/null > /dev/null + + installCoreDeps 2> /dev/null > /dev/null debug "Enabling redis and gnupg modules" phpenmod -v 7.3 redis phpenmod -v 7.3 gnupg debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl" - a2dismod status - a2dismod php7.2 - a2enmod ssl rewrite headers php7.3 - a2dissite 000-default - a2ensite default-ssl + a2dismod status 2> /dev/null > /dev/null + a2dismod php7.2 2> /dev/null > /dev/null + a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null + a2dissite 000-default 2> /dev/null > /dev/null + a2ensite default-ssl 2> /dev/null > /dev/null debug "Restarting mysql.service" - systemctl restart mysql.service + systemctl restart mysql.service 2> /dev/null > /dev/null debug "Fixing redis rc script on Kali" - fixRedis + apt install redis-server + fixRedis 2> /dev/null > /dev/null debug "git clone, submodule update everything" mkdir $PATH_TO_MISP @@ -794,32 +1759,68 @@ installMISPonKali () { $SUDO_WWW git config core.filemode false cd $PATH_TO_MISP - $SUDO_WWW git submodule update --init --recursive + $SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null # Make git ignore filesystem permission differences for submodules $SUDO_WWW git submodule foreach --recursive git config core.filemode false cd $PATH_TO_MISP/app/files/scripts - $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git - $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git - $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git + $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null + + + mkdir /var/www/.cache/ + + MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=) + mkdir $MISP_USER_HOME/.cache + chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache + chown www-data:www-data /var/www/.cache + + debug "Generating rc.local" + genRCLOCAL + + debug "Setting up main MISP virtualenv" + # Needs virtualenv + sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv + + debug "Installing MISP dashboard" + mispDashboard debug "Installing python-cybox" cd $PATH_TO_MISP/app/files/scripts/python-cybox - pip3 install . + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + debug "Installing python-stix" cd $PATH_TO_MISP/app/files/scripts/python-stix - pip3 install . - # install STIX2.0 library to support STIX 2.0 export: + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + debug "Install maec" + cd $PATH_TO_MISP/app/files/scripts/python-maec + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + # install STIX2.0 library to support STIX 2.0 export debug "Installing cti-python-stix2" cd ${PATH_TO_MISP}/cti-python-stix2 - pip3 install -I . + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null + debug "Installing mixbox" cd $PATH_TO_MISP/app/files/scripts/mixbox - pip3 install . + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + # install PyMISP debug "Installing PyMISP" cd $PATH_TO_MISP/PyMISP - pip3 install . + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + # install pydeep + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null + + # install lief + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null + + # install python-magic + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null # Install Crypt_GPG and Console_CommandLine debug "Installing pear Console_CommandLine" @@ -827,6 +1828,7 @@ installMISPonKali () { debug "Installing pear Crypt_GPG" pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml + debug "Installing composer with php 7.3 updates" composer73 @@ -885,7 +1887,7 @@ installMISPonKali () { 'prefix' => '', 'encoding' => 'utf8', ); - }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php + }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null else echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd" echo "Skipping any creations…" @@ -902,9 +1904,6 @@ installMISPonKali () { echo "127.0.0.1 misp.local" | tee -a /etc/hosts - debug "Installing MISP dashboard" - mispDashboard - debug "Disabling site default-ssl, enabling misp-ssl" a2dissite default-ssl a2ensite misp-ssl @@ -929,58 +1928,155 @@ installMISPonKali () { chmod -R 750 $PATH_TO_MISP/app/Config debug "Setting up GnuPG" - setupGnuPG + setupGnuPG 2> /dev/null > /dev/null + debug "Starting workers" chmod +x $PATH_TO_MISP/app/Console/worker/start.sh + $SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh debug "Running Core Cake commands" - coreCAKE + coreCAKE 2> /dev/null > /dev/null + dashboardCAKE 2> /dev/null > /dev/null debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies" - updateGOWNT - - debug "Generating rc.local" - genRCLOCAL + updateGOWNT 2> /dev/null > /dev/null gitPullAllRCLOCAL + checkUsrLocalSrc + debug "Installing misp-modules" mispmodules debug "Installing Viper" viper + debug "Installing ssdeep" + ssdeep + phpenmod -v 7.3 ssdeep + debug "Setting permissions" permissions debug "Running Then End!" theEnd } +# End installMISPonKali () +## End Function Section ## -debug "Checking for parameters or Kali Install" -if [[ $# -ne 1 && $0 != "/tmp/misp-kali.sh" ]]; then +colors +debug "Checking if we are run as the installer template" +if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then + generateInstaller +fi + +space +debug "Setting MISP variables" +MISPvars +debug "Checking Linux distribution and flavour..." +checkFlavour + +debug "Checking for parameters or Unattended Kali Install" +if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then usage exit else debug "Setting install options with given parameters." + # The setOpt/checkOpt function lives in generic/supportFunctions.md setOpt $@ - checkOpt core && echo "core selected" - checkOpt viper && echo "viper selected" - checkOpt modules && echo "modules selected" - checkOpt dashboard && echo "dashboard selected" - checkOpt mail2 && echo "mail2 selected" - checkOpt all && echo "all selected" - checkOpt pre && echo "pre selected" + checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected" + checkOpt viper && echo "${GREEN}Viper${NC} selected" + checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected" + checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected" + checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected" + checkOpt all && echo "${GREEN}All options${NC} selected" + checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected" + checkOpt unattended && echo "${GREEN}unattended${NC} install selected" + checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected" + checkOpt force && echo "${GREEN}force${NC} install selected" + + # Check if at least core is selected if no other options that do not require core are set + if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then + space + usage + echo "You need to at least select core, or -A to install everything." + echo "$0 -c # Is the minima for install options" + exit 1 + fi fi -debug "Checking flavour" -checkFlavour -debug "Setting MISP variables" -MISPvars +# Add upgrade option to do upgrade pre flight +[[ -n $PRE ]] && preInstall -if [ "${FLAVOUR}" == "kali" ]; then - kaliOnRootR0ckz - installMISPonKali +[[ -n $UPGRADE ]] && upgrade + +# If Ubuntu is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "ubuntu" ]; then + RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z]) + if [ "${RELEASE}" == "18.04" ]; then + echo "Install on Ubuntu 18.04 LTS fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installMISPubuntuSupported && exit || exit + fi + if [ "${RELEASE}" == "18.10" ]; then + echo "Install on Ubuntu 18.10 partially supported, bye." + installMISPubuntuSupported && exit || exit + fi + if [ "${RELEASE}" == "19.04" ]; then + echo "Install on Ubuntu 19.04 not supported, bye" + exit 1 + fi + if [ "${RELEASE}" == "19.10" ]; then + echo "Install on Ubuntu 19.10 not supported, bye" + exit 1 + fi + echo "Installation done!" + exit +fi + +# If Debian is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "debian" ]; then + CODE=$(lsb_release -s -c| tr [A-Z] [a-z]) + if [ "${CODE}" == "buster" ]; then + echo "Install on Debian testing fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp73 + fi + if [ "${CODE}" == "sid" ]; then + echo "Install on Debian unstable not fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp73 + fi + if [ "${CODE}" == "stretch" ]; then + echo "Install on Debian stable fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp72 + fi + echo "Installation done!" + exit 0 +fi + +# If Tsurugi is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "tsurugi" ]; then + CODE=$(lsb_release -s -c| tr [A-Z] [a-z]) + if [ "${CODE}" == "bamboo" ]; then + echo "Install on Tsurugi Lab partially supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + fi + if [ "${CODE}" == "soy sauce" ]; then + echo "Install on Tsurugi Acquire partially supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + fi + echo "Installation done!" + exit 0 +fi + +# If Kali Linux is detected, run the acccording scripts +if [ "${FLAVOUR}" == "kali" ]; then + KALI=1 + kaliOnRootR0ckz + installMISPonKali + echo "Installation done!" exit fi diff --git a/INSTALL/INSTALL.debian.tpl.sh b/INSTALL/INSTALL.debian.tpl.sh new file mode 100755 index 000000000..6d5c3d97a --- /dev/null +++ b/INSTALL/INSTALL.debian.tpl.sh @@ -0,0 +1,695 @@ +#!/usr/bin/env bash +############################################################ +###### # +##### Please AutoGenerated... ## +#### Do NOT was ### +### Manually It #### +## Change this Script... ##### +# ###### +############################################################ +############################################################ +#INSTALLATION INSTRUCTIONS # +########################################################## +#------------------------- for Debian Flavored Linux Distributions +# +#-------------------------------------------------------| +# 0/ Quick MISP Instance on Debian Based Linux - Status | +#-------------------------------------------------------| +# +# 20190208: Kali Linux tested and working. +# +# +#-------------------------------------------------------| +# 1/ For Kali, download and run Installer Script | +#-------------------------------------------------------| +# +# To install MISP on Kali copy paste the following to your r00t shell: +# # wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash /tmp/misp-kali.sh +# /!\ Please read the installer script before randomly doing the above. +# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies. +# +# +#---------------------------------------------------------------------------------------------| +# 2/ For other Debian based Linux distributions, download script and run as unprivileged user | +#---------------------------------------------------------------------------------------------| +# +# $ wget -O ~/INSTALL.debian.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh && bash ~/INSTALL.debian.sh -C +# +# +#----------------------------------------------------------| +# 3/ The following script has been partially autogenerated | +#----------------------------------------------------------| +# +# To generate this script yourself, the following steps need to be taken. +# $ git clone https://github.com/SteveClement/xsnippet.git +# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough. +# $ git clone https://github.com/MISP/MISP.git +# $ cd MISP/INSTALL ; ./INSTALL.debian.tpl.sh +# +## +### +####----------------\ +## Developer Note | +####--------------------------------------------------------------------------------------------------| +## In theory the order does not matter as everything is a self-contained function. | +# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. | +# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. | +#-----------------------------------------------------------------------------------------------------| +# +# ToC # +# +#### BEGIN AUTOMATED SECTION #### +# +## 0_global-vars.sh ## +## 0_support-functions.sh ## +## 0_apt-upgrade.sh ## +## 0_sudoKeeper.sh ## +## 0_installCoreDeps.sh ## +## 0_installDepsPhp73.sh ## +## 0_installDepsPhp72.sh ## +## 1_prepareDB.sh ## +## 1_apacheConfig.sh ## +## 1_mispCoreInstall.sh ## +## 1_installCake.sh ## +## 2_permissions.sh ## +## 2_configMISP.sh ## +## 2_core-cake.sh ## +## 2_gnupg.sh ## +## 2_logRotation.sh ## +## 2_backgroundWorkers.sh ## +## 3_misp-modules.sh ## +## 4_misp-dashboard.sh ## +## 4_misp-dashboard-cake.sh ## +## 5_mail_to_misp.sh ## +## 6_ssdeep.sh ## +## 6_viper.sh ## + +# No functions scripts: +## apt-upgrade.sh ## +## postfix.sh ## +## interfaces.sh ## +# +### END AUTOMATED SECTION ### + +# This function will generate the main installer. +# It is a helper function for the maintainers for the installer. + +colors () { + # Some colors for easier debug and better UX (not colorblind compatible, PR welcome) + RED='\033[0;31m' + GREEN='\033[0;32m' + LBLUE='\033[1;34m' + YELLOW='\033[0;33m' + HIDDEN='\e[8m' + NC='\033[0m' +} + +generateInstaller () { + if [ ! -f $(which xsnippet) ]; then + echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH' + echo "git clone https://github.com/SteveClement/xsnippet.git" + exit 1 + fi + + if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.debian.tpl.sh" ]]; then + echo -e "${RED}iAmError!${NC}" + echo -e "To generate the installer call it with './INSTALL.debian.tpl.sh' otherwise things will break." + echo -e "You called: ${RED}$0${NC}" + exit 1 + fi + + mkdir installer ; cd installer + cp ../INSTALL.debian.tpl.sh . + + # Pull code snippets out of Main Install Documents + for f in `echo INSTALL.ubuntu1804.md INSTALL.debian9.md INSTALL.kali.md xINSTALL.debian_testing.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do + xsnippet . ../../docs/${f} + done + + # Pull out code snippets from generic Install Documents + for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do + xsnippet . ../../docs/generic/${f} + done + + # TODO: Fix the below. + # $ for f in `echo ls [0-9]_*`; do + # $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.debian.sh + # $ done + # + # Temporary copy/paste holder + perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.debian.tpl.sh + perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.debian.tpl.sh + + cp INSTALL.debian.tpl.sh ../INSTALL.debian.sh + cd .. + rm -rf installer + echo -e "${LBLUE}Generated INSTALL.debian.sh${NC}" + exit 0 +} + +# Simple debug function with message + +# Make sure no alias exists +if [[ $(type -t debug) == "alias" ]]; then unalias debug; fi +debug () { + echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty + if [ ! -z $DEBUG ]; then + NO_PROGRESS=1 + echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty + exec 3>&1 + read + else + # [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash) + #exec 3>&1 &>/dev/null + : + fi +} + +installMISPubuntuSupported () { + space + echo "Proceeding with the installation of MISP core" + space + + # Set locale if not set - functionLocation('generic/supportFunctions.md') + debug "Checking Locale" + checkLocale + + # Set Base URL - functionLocation('generic/supportFunctions.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL + progress 4 + + # Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null + progress 4 + + # Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null + progress 4 + + # TODO: Double check how the user is added and subsequently used during the install. + # TODO: Work on possibility to install as user X and install MISP for user Y + # TODO: Check if logout needed. (run SUDO_USER in installer) + # + # TODO: Double check how to properly handle postfix + # + + # Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars + progress 4 + + # Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md') + checkID + progress 4 + + # Starting friendly UI spinner + #spin & + #SPIN_PID=$! + #disown + #trap "kill -9 $SPIN_PID" `seq 0 15` + + # Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps 2> /dev/null > /dev/null + progress 4 + + # Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72 2> /dev/null > /dev/null + progress 4 + + # Install Core MISP - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCore + progress 4 + + # Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && installCake + progress 4 + + # Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null + progress 4 + + # TODO: Mysql install functions, make it upgrade safe, double check + # Setup Databse - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null + progress 4 + + # Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null + progress 4 + + # Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null + progress 4 + + # Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null + progress 4 + + # Generate GnuPG key - functionLocation('generic/gnupg.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null + progress 4 + + # Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null + progress 4 + + # Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null + progress 4 + + # Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null + progress 4 + + # Disable spinner + #(kill $SPIN_PID 2>&1) >/dev/null + + # Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md') + [[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc + progress 4 + + ## Resume spinner + #spin & + #SPIN_PID=$! + #disown + #trap "kill -9 $SPIN_PID" `seq 0 15` + + # Install misp-modules - functionLocation('generic/misp-modules-debian.md') + [[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules + progress 4 + + # Install Viper - functionLocation('generic/viper-debian.md') + [[ -n $VIPER ]] || [[ -n $ALL ]] && viper + progress 4 + + # Install ssdeep - functionLocation('generic/ssdeep-debian.md') + [[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep + progress 4 + + # Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md') + [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null + progress 4 + + # Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md') + [[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp + progress 100 + + # Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md') + theEnd +} + +# Main Kalin Install function +installMISPonKali () { + # Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('') + kaliUpgrade 2> /dev/null > /dev/null + + # Set locale if not set - functionLocation('generic/supportFunctions.md') + checkLocale + + # Set Base URL - functionLocation('generic/supportFunctions.md') + setBaseURL + + # Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md') + installDepsPhp73 2> /dev/null > /dev/null + + # Set custom Kali only variables and tweaks + space + # The following disables sleep on kali/gnome + ### FIXME: Disabling for now, maybe source of some issues. + ##disableSleep 2> /dev/null > /dev/null + ##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script." + ##sleep 3 + + debug "Installing dependencies" + installDeps 2> /dev/null > /dev/null + + installCoreDeps 2> /dev/null > /dev/null + + debug "Enabling redis and gnupg modules" + phpenmod -v 7.3 redis + phpenmod -v 7.3 gnupg + + debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl" + a2dismod status 2> /dev/null > /dev/null + a2dismod php7.2 2> /dev/null > /dev/null + a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null + a2dissite 000-default 2> /dev/null > /dev/null + a2ensite default-ssl 2> /dev/null > /dev/null + + debug "Restarting mysql.service" + systemctl restart mysql.service 2> /dev/null > /dev/null + + debug "Fixing redis rc script on Kali" + apt install redis-server + fixRedis 2> /dev/null > /dev/null + + debug "git clone, submodule update everything" + mkdir $PATH_TO_MISP + chown www-data:www-data $PATH_TO_MISP + cd $PATH_TO_MISP + $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP + + $SUDO_WWW git config core.filemode false + + cd $PATH_TO_MISP + $SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null + # Make git ignore filesystem permission differences for submodules + $SUDO_WWW git submodule foreach --recursive git config core.filemode false + + cd $PATH_TO_MISP/app/files/scripts + $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null + $SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null + + + mkdir /var/www/.cache/ + + MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=) + mkdir $MISP_USER_HOME/.cache + chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache + chown www-data:www-data /var/www/.cache + + debug "Generating rc.local" + genRCLOCAL + + debug "Setting up main MISP virtualenv" + # Needs virtualenv + sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv + + debug "Installing MISP dashboard" + mispDashboard + + debug "Installing python-cybox" + cd $PATH_TO_MISP/app/files/scripts/python-cybox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + debug "Installing python-stix" + cd $PATH_TO_MISP/app/files/scripts/python-stix + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + debug "Install maec" + cd $PATH_TO_MISP/app/files/scripts/python-maec + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + # install STIX2.0 library to support STIX 2.0 export + debug "Installing cti-python-stix2" + cd ${PATH_TO_MISP}/cti-python-stix2 + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null + + debug "Installing mixbox" + cd $PATH_TO_MISP/app/files/scripts/mixbox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + # install PyMISP + debug "Installing PyMISP" + cd $PATH_TO_MISP/PyMISP + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null + + # install pydeep + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null + + # install lief + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null + + # install python-magic + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null + + # Install Crypt_GPG and Console_CommandLine + debug "Installing pear Console_CommandLine" + pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml + debug "Installing pear Crypt_GPG" + pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml + + + debug "Installing composer with php 7.3 updates" + composer73 + + $SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php + + chown -R www-data:www-data $PATH_TO_MISP + chmod -R 750 $PATH_TO_MISP + chmod -R g+ws $PATH_TO_MISP/app/tmp + chmod -R g+ws $PATH_TO_MISP/app/files + chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp + + debug "Setting up database" + if [ ! -e /var/lib/mysql/misp/users.ibd ]; then + echo " + set timeout 10 + spawn mysql_secure_installation + expect \"Enter current password for root (enter for none):\" + send -- \"\r\" + expect \"Set root password?\" + send -- \"y\r\" + expect \"New password:\" + send -- \"${DBPASSWORD_ADMIN}\r\" + expect \"Re-enter new password:\" + send -- \"${DBPASSWORD_ADMIN}\r\" + expect \"Remove anonymous users?\" + send -- \"y\r\" + expect \"Disallow root login remotely?\" + send -- \"y\r\" + expect \"Remove test database and access to it?\" + send -- \"y\r\" + expect \"Reload privilege tables now?\" + send -- \"y\r\" + expect eof" | expect -f - + + mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" + mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" + mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" + mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" + + enableServices + + $SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME + + echo " 'Database/Mysql', + //'datasource' => 'Database/Postgres', + 'persistent' => false, + 'host' => '$DBHOST', + 'login' => '$DBUSER_MISP', + 'port' => 3306, // MySQL & MariaDB + //'port' => 5432, // PostgreSQL + 'password' => '$DBPASSWORD_MISP', + 'database' => '$DBNAME', + 'prefix' => '', + 'encoding' => 'utf8', + ); + }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null + else + echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd" + echo "Skipping any creations…" + sleep 3 + fi + + debug "Generating Certificate" + openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ + -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt + + debug "Generating Apache Conf" + genApacheConf + + echo "127.0.0.1 misp.local" | tee -a /etc/hosts + + debug "Disabling site default-ssl, enabling misp-ssl" + a2dissite default-ssl + a2ensite misp-ssl + + for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit + do + sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI + done + + debug "Restarting Apache2" + systemctl restart apache2 + + debug "Setting up logrotate" + cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp + chmod 0640 /etc/logrotate.d/misp + + $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php + $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php + $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php + + chown -R www-data:www-data $PATH_TO_MISP/app/Config + chmod -R 750 $PATH_TO_MISP/app/Config + + debug "Setting up GnuPG" + setupGnuPG 2> /dev/null > /dev/null + + debug "Starting workers" + chmod +x $PATH_TO_MISP/app/Console/worker/start.sh + $SUDO_WWW $PATH_TO_MISP/app/Console/worker/start.sh + + debug "Running Core Cake commands" + coreCAKE 2> /dev/null > /dev/null + dashboardCAKE 2> /dev/null > /dev/null + + debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies" + updateGOWNT 2> /dev/null > /dev/null + + gitPullAllRCLOCAL + + checkUsrLocalSrc + + debug "Installing misp-modules" + mispmodules + + debug "Installing Viper" + viper + + debug "Installing ssdeep" + ssdeep + phpenmod -v 7.3 ssdeep + + debug "Setting permissions" + permissions + + debug "Running Then End!" + theEnd +} +# End installMISPonKali () + +## End Function Section ## + +colors +debug "Checking if we are run as the installer template" +if [[ "$0" == "./INSTALL.debian.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.debian.tpl.sh')" == "INSTALL.debian.tpl.sh" ]]; then + generateInstaller +fi + +space +debug "Setting MISP variables" +MISPvars +debug "Checking Linux distribution and flavour..." +checkFlavour + +debug "Checking for parameters or Unattended Kali Install" +if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then + usage + exit +else + debug "Setting install options with given parameters." + # The setOpt/checkOpt function lives in generic/supportFunctions.md + setOpt $@ + checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected" + checkOpt viper && echo "${GREEN}Viper${NC} selected" + checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected" + checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected" + checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected" + checkOpt all && echo "${GREEN}All options${NC} selected" + checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected" + checkOpt unattended && echo "${GREEN}unattended${NC} install selected" + checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected" + checkOpt force && echo "${GREEN}force${NC} install selected" + + # Check if at least core is selected if no other options that do not require core are set + if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then + space + usage + echo "You need to at least select core, or -A to install everything." + echo "$0 -c # Is the minima for install options" + exit 1 + fi +fi + +# Add upgrade option to do upgrade pre flight +[[ -n $PRE ]] && preInstall + +[[ -n $UPGRADE ]] && upgrade + +# If Ubuntu is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "ubuntu" ]; then + RELEASE=$(lsb_release -s -r| tr [A-Z] [a-z]) + if [ "${RELEASE}" == "18.04" ]; then + echo "Install on Ubuntu 18.04 LTS fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installMISPubuntuSupported && exit || exit + fi + if [ "${RELEASE}" == "18.10" ]; then + echo "Install on Ubuntu 18.10 partially supported, bye." + installMISPubuntuSupported && exit || exit + fi + if [ "${RELEASE}" == "19.04" ]; then + echo "Install on Ubuntu 19.04 not supported, bye" + exit 1 + fi + if [ "${RELEASE}" == "19.10" ]; then + echo "Install on Ubuntu 19.10 not supported, bye" + exit 1 + fi + echo "Installation done!" + exit +fi + +# If Debian is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "debian" ]; then + CODE=$(lsb_release -s -c| tr [A-Z] [a-z]) + if [ "${CODE}" == "buster" ]; then + echo "Install on Debian testing fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp73 + fi + if [ "${CODE}" == "sid" ]; then + echo "Install on Debian unstable not fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp73 + fi + if [ "${CODE}" == "stretch" ]; then + echo "Install on Debian stable fully supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + installDepsPhp72 + fi + echo "Installation done!" + exit 0 +fi + +# If Tsurugi is detected, figure out which release it is and run the according scripts +if [ "${FLAVOUR}" == "tsurugi" ]; then + CODE=$(lsb_release -s -c| tr [A-Z] [a-z]) + if [ "${CODE}" == "bamboo" ]; then + echo "Install on Tsurugi Lab partially supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + fi + if [ "${CODE}" == "soy sauce" ]; then + echo "Install on Tsurugi Acquire partially supported." + echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues" + fi + echo "Installation done!" + exit 0 +fi + +# If Kali Linux is detected, run the acccording scripts +if [ "${FLAVOUR}" == "kali" ]; then + KALI=1 + kaliOnRootR0ckz + installMISPonKali + echo "Installation done!" + exit +fi diff --git a/docs/INSTALL.ubuntu1804.md b/docs/INSTALL.ubuntu1804.md index c10f6d3d0..2ab733981 100644 --- a/docs/INSTALL.ubuntu1804.md +++ b/docs/INSTALL.ubuntu1804.md @@ -1,21 +1,34 @@ # INSTALLATION INSTRUCTIONS ## for Ubuntu 18.04.1-server +### -1/ Installer and Manual install instructions + +Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/). + +To install MISP on a fresh Ubuntu install all you need to do is: + +```bash +# Please check the installer options first to make the best choice for your install +curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s + +# This will install MISP Core and misp-modules (recommended) +curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh | bash -s -- -c -M +``` + ### 0/ MISP Ubuntu 18.04-server install - status ------------------------- !!! notice - Tested working by @SteveClement on 20190118 (works with **Ubuntu 18.10** too) - As of 20190118 on **Ubuntu 19.04** you need to use Python 3.6 as LIEF with 3.7 is not "eggED" yet. - You will need to **sudo apt install python3.6-dev** to make everything work according to this guide. + Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20190212 (works with **Ubuntu 18.10** too) -{!generic/community.md!} +!!! notice + This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.debian.sh) script. + Which explains why you will see the use of shell *functions* in various steps. + Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc... -{!generic/globalVariables.md!} +!!! notice + If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/). -```bash -PHP_ETC_BASE=/etc/php/7.2 -PHP_INI=${PHP_ETC_BASE}/apache2/php.ini -``` +{!generic/core.md!} ### 1/ Minimal Ubuntu install ------------------------- @@ -24,19 +37,27 @@ PHP_INI=${PHP_ETC_BASE}/apache2/php.ini - OpenSSH server - This guide assumes a user name of 'misp' with sudo working +#### Make sure your system is up2date +```bash +# +aptUpgrade () { + debug "Upgrading system" + checkAptLock + sudo apt-get update + sudo apt-get upgrade -y +} +# +``` + {!generic/sudo_etckeeper.md!} {!generic/ethX.md!} -#### Make sure your system is up2date -```bash -sudo apt-get update -sudo apt-get upgrade -``` - #### install postfix, there will be some questions. ```bash -sudo apt-get install postfix -y +# +sudo apt-get install postfix dialog -y +# ``` !!! notice @@ -47,187 +68,210 @@ sudo apt-get install postfix -y sudo postfix reload ``` +{!generic/globalVariables.md!} + ### 2/ Install LAMP & dependencies ------------------------------ Once the system is installed you can perform the following steps. ```bash -# Make sure you have enabled the Universe repository -# (ie. for redis-server), enable it with: -# sudo add-apt-repository universe +# +installCoreDeps () { + debug "Installing core dependencies" + # Install the dependencies: (some might already be installed) + sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv libfuzzy-dev -y -# Install the dependencies: (some might already be installed) -sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip virtualenv -y + # Install MariaDB (a MySQL fork/alternative) + sudo apt-get install mariadb-client mariadb-server -y -# Install MariaDB (a MySQL fork/alternative) -sudo apt-get install mariadb-client mariadb-server -y + # Install Apache2 + sudo apt-get install apache2 apache2-doc apache2-utils -y -sudo apt install expect -y + # install Mitre's STIX and its dependencies by running the following commands: + sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y -# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines -pw="Password1234" + sudo apt-get install python3-pip -y + sudo apt install expect -y +} +# -expect -f - <<-EOF - set timeout 10 +# +# Install Php 7.2 dependencies +installDepsPhp72 () { + debug "Installing PHP 7.2 dependencies" + PHP_ETC_BASE=/etc/php/7.2 + PHP_INI=${PHP_ETC_BASE}/apache2/php.ini + sudo apt update + sudo apt install -qy \ + libapache2-mod-php \ + php php-cli \ + php-dev \ + php-json php-xml php-mysql php-opcache php-readline php-mbstring \ + php-redis php-gnupg - spawn sudo -k mysql_secure_installation - expect "*?assword*" - send -- "$pw\r" - expect "Enter current password for root (enter for none):" - send -- "\r" - expect "Set root password?" - send -- "y\r" - expect "New password:" - send -- "${DBPASSWORD_ADMIN}\r" - expect "Re-enter new password:" - send -- "${DBPASSWORD_ADMIN}\r" - expect "Remove anonymous users?" - send -- "y\r" - expect "Disallow root login remotely?" - send -- "y\r" - expect "Remove test database and access to it?" - send -- "y\r" - expect "Reload privilege tables now?" - send -- "y\r" - expect eof -EOF -sudo apt-get purge -y expect ; sudo apt autoremove -y - -# Install Apache2 -sudo apt-get install apache2 apache2-doc apache2-utils -y - -# Enable modules, settings, and default of SSL in Apache -sudo a2dismod status -sudo a2enmod ssl -sudo a2enmod rewrite -sudo a2enmod headers -sudo a2dissite 000-default -sudo a2ensite default-ssl - -# Install PHP and dependencies -sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y - -# Apply all changes -sudo systemctl restart apache2 + for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit + do + sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI + done +} +# ``` ### 3/ MISP code ------------ ```bash -# Download MISP using git in the /var/www/ directory. -sudo mkdir ${PATH_TO_MISP} -sudo chown www-data:www-data ${PATH_TO_MISP} -cd ${PATH_TO_MISP} -sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP} -sudo -u www-data git submodule update --init --recursive -# Make git ignore filesystem permission differences for submodules -sudo -u www-data git submodule foreach --recursive git config core.filemode false +# +installCore () { + debug "Installing ${LBLUE}MISP${NC} core" + # Download MISP using git in the /var/www/ directory. + sudo mkdir ${PATH_TO_MISP} + sudo chown www-data:www-data ${PATH_TO_MISP} + cd ${PATH_TO_MISP} + sudo -u www-data git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP} + sudo -u www-data git submodule update --init --recursive + # Make git ignore filesystem permission differences for submodules + sudo -u www-data git submodule foreach --recursive git config core.filemode false -# Make git ignore filesystem permission differences -sudo -u www-data git config core.filemode false + # Make git ignore filesystem permission differences + sudo -u www-data git config core.filemode false -# Create a python3 virtualenv -sudo apt-get install python3-pip -y -pip3 install virtualenv -sudo -u www-data virtualenv -p python3.6 ${PATH_TO_MISP}/venv + # Create a python3 virtualenv + sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv -# make pip happy -sudo mkdir /var/www/.cache/ -sudo chown www-data:www-data /var/www/.cache + # make pip happy + sudo mkdir /var/www/.cache/ + sudo chown www-data:www-data /var/www/.cache -# install Mitre's STIX and its dependencies by running the following commands: -sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -y -cd ${PATH_TO_MISP}/app/files/scripts -sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git -sudo -u www-data git clone https://github.com/STIXProject/python-stix.git -sudo -u www-data git clone https://github.com/MAECProject/python-maec.git -# install mixbox to accommodate the new STIX dependencies: -sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git -cd ${PATH_TO_MISP}/app/files/scripts/mixbox -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -cd ${PATH_TO_MISP}/app/files/scripts/python-cybox -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -cd ${PATH_TO_MISP}/app/files/scripts/python-stix -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -cd $PATH_TO_MISP/app/files/scripts/python-maec -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -# install STIX2.0 library to support STIX 2.0 export: -cd ${PATH_TO_MISP}/cti-python-stix2 -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd ${PATH_TO_MISP}/app/files/scripts + sudo -H -u www-data git clone https://github.com/CybOXProject/python-cybox.git + sudo -H -u www-data git clone https://github.com/STIXProject/python-stix.git + sudo -H -u www-data git clone https://github.com/MAECProject/python-maec.git + # install mixbox to accommodate the new STIX dependencies: + sudo -H -u www-data git clone https://github.com/CybOXProject/mixbox.git + cd ${PATH_TO_MISP}/app/files/scripts/mixbox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd ${PATH_TO_MISP}/app/files/scripts/python-cybox + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd ${PATH_TO_MISP}/app/files/scripts/python-stix + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + cd $PATH_TO_MISP/app/files/scripts/python-maec + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + # install STIX2.0 library to support STIX 2.0 export: + cd ${PATH_TO_MISP}/cti-python-stix2 + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -# install PyMISP -cd ${PATH_TO_MISP}/PyMISP -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . + # install PyMISP + cd ${PATH_TO_MISP}/PyMISP + sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -# Install Crypt_GPG and Console_CommandLine -sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml -sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml + # install pydeep + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git + + # install lief + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + + # install python-magic + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic + + # Install Crypt_GPG and Console_CommandLine + sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml + sudo pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml +} +# ``` ### 4/ CakePHP ----------- ```bash -# Once done, install CakeResque along with its dependencies -# if you intend to use the built in background jobs: -cd ${PATH_TO_MISP}/app -# Make composer cache happy -# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ -sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer -sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2 -sudo -H -u www-data php composer.phar config vendor-dir Vendor -sudo -H -u www-data php composer.phar install +# +installCake () { + debug "Installing CakePHP" + # Once done, install CakeResque along with its dependencies + # if you intend to use the built in background jobs: + cd ${PATH_TO_MISP}/app + # Make composer cache happy + # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ + sudo mkdir /var/www/.composer ; sudo chown www-data:www-data /var/www/.composer + sudo -H -u www-data php composer.phar require kamisama/cake-resque:4.1.2 + sudo -H -u www-data php composer.phar config vendor-dir Vendor + sudo -H -u www-data php composer.phar install -# Enable CakeResque with php-redis -sudo phpenmod redis -sudo phpenmod gnupg + # Enable CakeResque with php-redis + sudo phpenmod redis + sudo phpenmod gnupg -# To use the scheduler worker for scheduled tasks, do the following: -sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php + # To use the scheduler worker for scheduled tasks, do the following: + sudo -u www-data cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php -# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers -# The default Redis port can be updated in Plugin/CakeResque/Config/config.php + # If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers + # The default Redis port can be updated in Plugin/CakeResque/Config/config.php +} +# ``` ### 5/ Set the permissions ---------------------- ```bash -# Check if the permissions are set correctly using the following commands: -sudo chown -R www-data:www-data ${PATH_TO_MISP} -sudo chmod -R 750 ${PATH_TO_MISP} -sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp -sudo chmod -R g+ws ${PATH_TO_MISP}/app/files +# +# Main function to fix permissions to something sane +permissions () { + debug "Setting permissions" + sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} + sudo chmod -R 750 ${PATH_TO_MISP} + sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp + sudo chmod -R g+ws ${PATH_TO_MISP}/app/files + sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp +} +# ``` ### 6/ Create a database and user ----------------------------- -#### Manual procedure: -```bash -# Enter the mysql shell -sudo mysql -u root -p -``` +#### Set-up DB, User and import empty MISP DB -``` -MariaDB [(none)]> create database misp; -MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX'; -MariaDB [(none)]> grant all privileges on misp.* to misp@localhost; -MariaDB [(none)]> flush privileges; -MariaDB [(none)]> exit -``` - -#### Same as Manual but for copy/paste foo: ```bash -sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" -sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" -sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" -sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" -``` +# +prepareDB () { + debug "Setting up database" + # Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines + pw=$MISP_PASSWORD -#### Import the empty MISP database from MYSQL.sql -```bash -# Import the empty MISP database from MYSQL.sql -sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME + expect -f - <<-EOF + set timeout 10 + + spawn sudo -k mysql_secure_installation + expect "*?assword*" + send -- "$pw\r" + expect "Enter current password for root (enter for none):" + send -- "\r" + expect "Set root password?" + send -- "y\r" + expect "New password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Re-enter new password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Remove anonymous users?" + send -- "y\r" + expect "Disallow root login remotely?" + send -- "y\r" + expect "Remove test database and access to it?" + send -- "y\r" + expect "Reload privilege tables now?" + send -- "y\r" + expect eof +EOF + sudo apt-get purge -y expect ; sudo apt autoremove -y + + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" + sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" + # Import the empty MISP database from MYSQL.sql + sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME +} +# ``` ### 7/ Apache configuration @@ -235,9 +279,6 @@ sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$ Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/ #### Apache version 2.4 config: -```bash -sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf -``` !!! notice Be aware that the configuration files for apache 2.4 and up have changed. @@ -245,11 +286,35 @@ sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/ For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html ```bash -# If a valid SSL certificate is not already created for the server, -# create a self-signed certificate: -sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ --subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ --keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt +# +apacheConfig () { + debug "Generating Apache config" + sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf + + # If a valid SSL certificate is not already created for the server, + # create a self-signed certificate: + sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ + -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ + -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt + + # Enable modules, settings, and default of SSL in Apache + sudo a2dismod status + sudo a2enmod ssl + sudo a2enmod rewrite + sudo a2enmod headers + sudo a2dissite 000-default + sudo a2ensite default-ssl + + # Apply all changes + sudo systemctl restart apache2 + # activate new vhost + sudo a2dissite default-ssl + sudo a2ensite misp-ssl + + # Restart apache + sudo systemctl restart apache2 +} +# ``` !!! notice @@ -295,90 +360,63 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ ============================================= End sample working SSL config for MISP ``` -```bash -# activate new vhost -sudo a2dissite default-ssl -sudo a2ensite misp-ssl - -for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit -do - sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI -done - -# Restart apache -sudo systemctl restart apache2 -``` - ### 8/ Log rotation --------------- ```bash -# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs -# To rotate these logs install the supplied logrotate script: - -sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp -sudo chmod 0640 /etc/logrotate.d/misp +# +logRotation () { + # MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs + # To rotate these logs install the supplied logrotate script: + sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp + sudo chmod 0640 /etc/logrotate.d/misp +} +# ``` ### 9/ MISP configuration --------------------- ```bash -# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied -sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php -sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php -sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php -sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php +# +configMISP () { + debug "Generating ${LBLUE}MISP${NC} config files" + # There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php + sudo -u www-data cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php -echo " 'Database/Mysql', - //'datasource' => 'Database/Postgres', - 'persistent' => false, - 'host' => '$DBHOST', - 'login' => '$DBUSER_MISP', - 'port' => 3306, // MySQL & MariaDB - //'port' => 5432, // PostgreSQL - 'password' => '$DBPASSWORD_MISP', - 'database' => '$DBNAME', - 'prefix' => '', - 'encoding' => 'utf8', - ); -}" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php + echo " 'Database/Mysql', + //'datasource' => 'Database/Postgres', + 'persistent' => false, + 'host' => '$DBHOST', + 'login' => '$DBUSER_MISP', + 'port' => 3306, // MySQL & MariaDB + //'port' => 5432, // PostgreSQL + 'password' => '$DBPASSWORD_MISP', + 'database' => '$DBNAME', + 'prefix' => '', + 'encoding' => 'utf8', + ); + }" | sudo -u www-data tee $PATH_TO_MISP/app/Config/database.php -# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php -# The salt key must be a string at least 32 bytes long. -# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user -# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, -# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) + # Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php + # The salt key must be a string at least 32 bytes long. + # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user + # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, + # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) -# and make sure the file permissions are still OK -sudo chown -R www-data:www-data ${PATH_TO_MISP}/app/Config -sudo chmod -R 750 ${PATH_TO_MISP}/app/Config - -# Generate a GPG encryption key. - -cat >/tmp/gen-key-script < ``` +{!generic/gnupg.md!} + !!! notice If entropy is not high enough, you can install havegd and then start the service ```bash @@ -387,54 +425,38 @@ sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG ``` ```bash +# +backgroundWorkers () { + debug "Setting up background workers" + # To make the background workers start on boot + sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh + if [ ! -e /etc/rc.local ] + then + echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local + echo 'exit 0' | sudo tee -a /etc/rc.local + sudo chmod u+x /etc/rc.local + fi -# To make the background workers start on boot -sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh -if [ ! -e /etc/rc.local ] -then - echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local - echo 'exit 0' | sudo tee -a /etc/rc.local - sudo chmod u+x /etc/rc.local -fi + # Start the workers + $SUDO_WWW bash $PATH_TO_MISP/app/Console/worker/start.sh + + # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: + sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local + sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local + sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local + sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local +} +# +``` + +```bash +echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" +echo "User (misp) DB Password: $DBPASSWORD_MISP" ``` {!generic/MISP_CAKE_init.md!} -```bash -# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: -sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local -sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local -sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local -sudo sed -i -e '$i \sudo -u www-data bash ${PATH_TO_MISP}/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local -sudo sed -i -e '$i \sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local - -# Start the workers -sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh - -# some misp-modules dependencies -sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y - -sudo chmod 2775 /usr/local/src -sudo chown root:staff /usr/local/src -cd /usr/local/src/ -git clone https://github.com/MISP/misp-modules.git -cd misp-modules -# pip install -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install . -sudo apt install ruby-pygments.rb -y -sudo gem install asciidoctor-pdf --pre - -# install additional dependencies for extended object generation and extraction -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib -sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git - -# Start misp-modules -sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s & - -echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" -echo "User (misp) DB Password: $DBPASSWORD_MISP" -``` +{!generic/misp-modules-debian.md!} {!generic/INSTALL.done.md!} @@ -463,3 +485,11 @@ sudo -H -u www-data ${PATH_TO_MISP}/venv/bin/pip install pyzmq If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules
Then the enrichment, export and import modules can be enabled in MISP via the settings. + +# INSTALL.debian.sh + +!!! notice + The following section is an administrative section that is used by the "[INSTALL.debian.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.debian.sh)" script. + Please ignore. + +{!generic/supportFunctions.md!} diff --git a/docs/generic/MISP_CAKE_init.md b/docs/generic/MISP_CAKE_init.md index f791c966a..32c3d2647 100644 --- a/docs/generic/MISP_CAKE_init.md +++ b/docs/generic/MISP_CAKE_init.md @@ -1,156 +1,140 @@ #### Initialize MISP configuration and set some defaults ```bash -# Default Cake path -export CAKE="$PATH_TO_MISP/app/Console/cake" -# Initialize user and fetch Auth Key -sudo -H -u www-data -E $CAKE userInit -q -AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) +# +# Core cake commands +coreCAKE () { + debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}" + $SUDO_WWW -E $CAKE userInit -q -# Setup some more MISP default via cake CLI + # This makes sure all Database upgrades are done, without logging in. + $SUDO_WWW $CAKE Admin updateDatabase -# Change base url, either with this CLI command or in the UI -sudo -H -u www-data $CAKE Baseurl $MISP_BASEURL -# example: 'baseurl' => 'https://', -# alternatively, you can leave this field empty if you would like to use relative pathing in MISP -# 'baseurl' => '', + # Setup some more MISP default via cake CLI -# Tune global time outs -sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600 -sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600 + # The default install is Python in a virtualenv, setting accordingly + $SUDO_WWW $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python" -# Enable GnuPG -sudo -H -u www-data $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" -sudo -H -u www-data $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" -sudo -H -u www-data $CAKE Admin setSetting "GnuPG.password" "Password1234" + # Tune global time outs + $SUDO_WWW $CAKE Admin setSetting "Session.autoRegenerate" 0 + $SUDO_WWW $CAKE Admin setSetting "Session.timeout" 600 + $SUDO_WWW $CAKE Admin setSetting "Session.cookieTimeout" 3600 -# Enable Enrichment set better timeouts -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 + # Change base url, either with this CLI command or in the UI + $SUDO_WWW $CAKE Baseurl $MISP_BASEURL + # example: 'baseurl' => 'https://', + # alternatively, you can leave this field empty if you would like to use relative pathing in MISP + # 'baseurl' => '', -# Enable Import modules set better timout -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_services_port" 6666 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_timeout" 300 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true + # Enable GnuPG + $SUDO_WWW $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS" + $SUDO_WWW $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" + $SUDO_WWW $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE" -# Enable Export modules set better timout -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_services_port" 6666 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_timeout" 300 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true + # Enable installer org and tune some configurables + $SUDO_WWW $CAKE Admin setSetting "MISP.host_org_id" 1 + $SUDO_WWW $CAKE Admin setSetting "MISP.email" "info@admin.test" + $SUDO_WWW $CAKE Admin setSetting "MISP.disable_emailing" true + $SUDO_WWW $CAKE Admin setSetting "MISP.contact" "info@admin.test" + $SUDO_WWW $CAKE Admin setSetting "MISP.disablerestalert" true + $SUDO_WWW $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true + $SUDO_WWW $CAKE Admin setSetting "MISP.default_event_tag_collection" 0 -# Enable installer org and tune some configurables -sudo -H -u www-data $CAKE Admin setSetting "MISP.host_org_id" 1 -sudo -H -u www-data $CAKE Admin setSetting "MISP.email" "info@admin.test" -sudo -H -u www-data $CAKE Admin setSetting "MISP.disable_emailing" true -sudo -H -u www-data $CAKE Admin setSetting "MISP.contact" "info@admin.test" -sudo -H -u www-data $CAKE Admin setSetting "MISP.disablerestalert" true -sudo -H -u www-data $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true -sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_tag_collection" 0 + # Provisional Cortex tunes + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_enable" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_authkey" "" + # Mysteriously removed? + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 + # Mysteriously removed? + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true -# Provisional Cortex tunes -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_enable" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true + # Various plugin sightings settings + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_policy" 0 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_anonymise" false + $SUDO_WWW $CAKE Admin setSetting "Plugin.Sightings_range" 365 -# Various plugin sightings settings -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_policy" 0 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_anonymise" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Sightings_range" 365 + # Plugin CustomAuth tuneable + $SUDO_WWW $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false -# Plugin CustomAuth tuneable -sudo -H -u www-data $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false + # RPZ Plugin settings + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" + $SUDO_WWW $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" -# RPZ Plugin settings -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" + # Force defaults to make MISP Server Settings less RED + $SUDO_WWW $CAKE Admin setSetting "MISP.language" "eng" + $SUDO_WWW $CAKE Admin setSetting "MISP.proposals_block_attributes" false -# Force defaults to make MISP Server Settings less RED -sudo -H -u www-data $CAKE Admin setSetting "MISP.language" "eng" -sudo -H -u www-data $CAKE Admin setSetting "MISP.proposals_block_attributes" false + # Redis block + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_port" 6379 + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_database" 13 + $SUDO_WWW $CAKE Admin setSetting "MISP.redis_password" "" -## Redis block -sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" -sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_port" 6379 -sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_database" 13 -sudo -H -u www-data $CAKE Admin setSetting "MISP.redis_password" "" + # Force defaults to make MISP Server Settings less YELLOW + $SUDO_WWW $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 + $SUDO_WWW $CAKE Admin setSetting "MISP.extended_alert_subject" false + $SUDO_WWW $CAKE Admin setSetting "MISP.default_event_threat_level" 4 + $SUDO_WWW $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" + $SUDO_WWW $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" + $SUDO_WWW $CAKE Admin setSetting "MISP.enableEventBlacklisting" true + $SUDO_WWW $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true + $SUDO_WWW $CAKE Admin setSetting "MISP.log_client_ip" false + $SUDO_WWW $CAKE Admin setSetting "MISP.log_auth" false + $SUDO_WWW $CAKE Admin setSetting "MISP.disableUserSelfManagement" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" + $SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert" false + $SUDO_WWW $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" + $SUDO_WWW $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false + $SUDO_WWW $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" + $SUDO_WWW $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" + $SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" + # TODO: Make sure $FLAVOUR is correct + $SUDO_WWW $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings" -# Force defaults to make MISP Server Settings less YELLOW -sudo -H -u www-data $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 -sudo -H -u www-data $CAKE Admin setSetting "MISP.extended_alert_subject" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.default_event_threat_level" 4 -sudo -H -u www-data $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo -H -u www-data $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo -H -u www-data $CAKE Admin setSetting "MISP.enableEventBlacklisting" true -sudo -H -u www-data $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true -sudo -H -u www-data $CAKE Admin setSetting "MISP.log_client_ip" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.log_auth" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.disableUserSelfManagement" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" -sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" -sudo -H -u www-data $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false -sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" -sudo -H -u www-data $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" -sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" -sudo -H -u www-data $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings" + # Force defaults to make MISP Server Settings less GREEN + $SUDO_WWW $CAKE Admin setSetting "Security.password_policy_length" 12 + $SUDO_WWW $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' -# Force defaults to make MISP Server Settings less GREEN -sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_length" 12 -sudo -H -u www-data $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' + # Set MISP Live + $SUDO_WWW $CAKE Live $MISP_LIVE +} -# Tune global time outs -sudo -H -u www-data $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo -H -u www-data $CAKE Admin setSetting "Session.timeout" 600 -sudo -H -u www-data $CAKE Admin setSetting "Session.cookie_timeout" 3600 +# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates +updateGOWNT () { + debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates" + AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) -# Update the galaxies… -##sudo -H -u www-data $CAKE Admin updateGalaxies -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update - -# Updating the taxonomies… -sudo -H -u www-data $CAKE Admin updateTaxonomies - -# Updating the warning lists… -##sudo -H -u www-data $CAKE Admin updateWarningLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update - -# Updating the notice lists… -## sudo -H -u www-data $CAKE Admin updateNoticeLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update - -# Updating the object templates… -##sudo -H -u www-data $CAKE Admin updateObjectTemplates -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update - -# Set MISP Live -sudo -H -u www-data $CAKE Live $MISP_LIVE + # Update the galaxies… + # TODO: Fix updateGalaxies + ##$SUDO_WWW $CAKE Admin updateGalaxies + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/galaxies/update + # Updating the taxonomies… + $SUDO_WWW $CAKE Admin updateTaxonomies + # Updating the warning lists… + # TODO: Fix updateWarningLists + ##$SUDO_WWW $CAKE Admin updateWarningLists + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update + # Updating the notice lists… + ## $SUDO_WWW $CAKE Admin updateNoticeLists + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update + # Updating the object templates… + ##$SUDO_WWW $CAKE Admin updateObjectTemplates + curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update +} +# ``` diff --git a/docs/generic/core.md b/docs/generic/core.md new file mode 100644 index 000000000..99c618ba2 --- /dev/null +++ b/docs/generic/core.md @@ -0,0 +1,4 @@ +!!! notice + Maintained and tested by the MISP core team.
+ Enjoy installing MISP. For any issues see [here](https://github.com/MISP/MISP/issues) + diff --git a/docs/generic/ethX.md b/docs/generic/ethX.md index 9a3723edf..3a0be0b8c 100644 --- a/docs/generic/ethX.md +++ b/docs/generic/ethX.md @@ -3,13 +3,30 @@ This will bring back 'ethX' e.g: eth0 ```bash +# GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" DEFAULT_GRUB=/etc/default/grub -for key in GRUB_CMDLINE_LINUX -do - sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB -done + +echo "--- Using old style name (ethX) for interfaces" +#for key in GRUB_CMDLINE_LINUX +#do +# sudo sed -i "s/^\($key\)=.*/\1=\"$(eval echo \${$key})\"/" $DEFAULT_GRUB +#done +sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null + +# install ifupdown since ubuntu 18.04 +sudo apt-get update +sudo apt-get install -y ifupdown + +# enable eth0 +echo "--- Configuring eth0" + +echo "# The primary network interface +auto eth0 +iface eth0 inet dhcp" | sudo tee /etc/network/interfaces sudo grub-mkconfig -o /boot/grub/grub.cfg +sudo update-grub > /dev/null 2>&1 +# ``` !!! notice diff --git a/docs/generic/globalVariables.md b/docs/generic/globalVariables.md index 7d526894f..5a3c16503 100644 --- a/docs/generic/globalVariables.md +++ b/docs/generic/globalVariables.md @@ -1,46 +1,74 @@ #### MISP configuration variables ```bash +# +MISPvars () { + debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours" + # Local non-root MISP user + MISP_USER='misp' + MISP_PASSWORD='Password1234' -# MISP configuration variables -PATH_TO_MISP='/var/www/MISP' -CAKE="$PATH_TO_MISP/app/Console/cake" -MISP_BASEURL='""' -MISP_LIVE='1' + # The web server user + WWW_USER="www-data" -# Database configuration -DBHOST='localhost' -DBNAME='misp' -DBUSER_ADMIN='root' -DBPASSWORD_ADMIN="$(openssl rand -hex 32)" -DBUSER_MISP='misp' -DBPASSWORD_MISP="$(openssl rand -hex 32)" + # MISP configuration variables + PATH_TO_MISP='/var/www/MISP' -# Webserver configuration -FQDN='localhost' + if [ -z "$FQDN" ]; then + FQDN="misp.local" + fi -# OpenSSL configuration -OPENSSL_CN='Common Name' -OPENSSL_C='LU' -OPENSSL_ST='State' -OPENSSL_L='Location' -OPENSSL_O='Organization' -OPENSSL_OU='Organizational Unit' -OPENSSL_EMAILADDRESS='info@localhost' + if [ -z "$MISP_BASEURL" ]; then + MISP_BASEURL='""' + fi -# GPG configuration -GPG_REAL_NAME='Autogenerated Key' -GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' -GPG_EMAIL_ADDRESS='admin@admin.test' -GPG_KEY_LENGTH='2048' -GPG_PASSPHRASE='Password1234' + MISP_LIVE='1' -# php.ini configuration -upload_max_filesize=50M -post_max_size=50M -max_execution_time=300 -memory_limit=512M + # Database configuration + DBHOST='localhost' + DBNAME='misp' + DBUSER_ADMIN='root' + DBPASSWORD_ADMIN="$(openssl rand -hex 32)" + DBUSER_MISP='misp' + DBPASSWORD_MISP="$(openssl rand -hex 32)" -echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" -echo "User (misp) DB Password: $DBPASSWORD_MISP" + # OpenSSL configuration + OPENSSL_CN=$FQDN + OPENSSL_C='LU' + OPENSSL_ST='State' + OPENSSL_L='Location' + OPENSSL_O='Organization' + OPENSSL_OU='Organizational Unit' + OPENSSL_EMAILADDRESS="info@$FQDN" + + # GPG configuration + GPG_REAL_NAME='Autogenerated Key' + GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' + GPG_EMAIL_ADDRESS='admin@admin.test' + GPG_KEY_LENGTH='2048' + GPG_PASSPHRASE='Password1234' + + # debug alias to make sure people are not confused when blindly copy pasting blobs of code + alias debug="echo -e" + + # checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code + alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'" + + # php.ini configuration + upload_max_filesize=50M + post_max_size=50M + max_execution_time=300 + memory_limit=512M + + CAKE="$PATH_TO_MISP/app/Console/cake" + + # sudo config to run $LUSER commands + SUDO_USER="sudo -H -u ${MISP_USER} " + SUDO_WWW="sudo -H -u ${WWW_USER} " + + echo "The following DB Passwords were generated..." + echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}" + echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}" +} +# ``` diff --git a/docs/generic/gnupg.md b/docs/generic/gnupg.md new file mode 100644 index 000000000..99e3f7ada --- /dev/null +++ b/docs/generic/gnupg.md @@ -0,0 +1,28 @@ +```bash +# +# Generate GnuPG key +setupGnuPG () { + if [ ! -d $PATH_TO_MISP/.gnupg ]; then + # The email address should match the one set in the config.php + # set in the configuration menu in the administration menu configuration file + echo "%echo Generating a default key + Key-Type: default + Key-Length: $GPG_KEY_LENGTH + Subkey-Type: default + Name-Real: $GPG_REAL_NAME + Name-Comment: $GPG_COMMENT + Name-Email: $GPG_EMAIL_ADDRESS + Expire-Date: 0 + Passphrase: $GPG_PASSPHRASE + # Do a commit here, so that we can later print "done" + %commit + %echo done" > /tmp/gen-key-script + + $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script + + # Export the public key to the webroot + $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc + fi +} +# +``` diff --git a/docs/generic/mail_to_misp-debian.md b/docs/generic/mail_to_misp-debian.md index d23f774d9..aa56612af 100644 --- a/docs/generic/mail_to_misp-debian.md +++ b/docs/generic/mail_to_misp-debian.md @@ -1,29 +1,33 @@ #### Install mail to misp -------------------- -!!! warning - mail_to_misp has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7
- If you have python3.7 installed make sure **virtualenv** uses **python3.6**
- ```bash - virtualenv -p python3.6 venv - ``` - ```bash -cd /usr/local/src/ -sudo apt-get install cmake -y -git clone https://github.com/MISP/mail_to_misp.git -git clone https://github.com/stricaud/faup.git -cd faup -sudo mkdir -p build -cd build -cmake .. && make -sudo make install -sudo ldconfig -cd ../../mail_to_misp -virtualenv -p python3.6 venv -./venv/bin/pip install -r requirements.txt -cp mail_to_misp_config.py-example mail_to_misp_config.py - -sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py -sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py +# +# Main mail2misp install function +mail2misp () { + debug "Installing Mail2${LBLUE}MISP${NC}" + cd /usr/local/src/ + sudo apt-get install cmake libcaca-dev -y + $SUDO_USER git clone https://github.com/MISP/mail_to_misp.git + $SUDO_USER git clone git://github.com/stricaud/faup.git faup + sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp + cd faup + # TODO Check permissions + ##$SUDO mkdir -p build + $SUDO_USER mkdir -p build + cd build + $SUDO_USER cmake .. && $SUDO_USER make + ##$SUDO cmake .. && $SUDO make + sudo make install + sudo ldconfig + cd ../../mail_to_misp + $SUDO_USER virtualenv -p python3 venv + $SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + $SUDO_USER ./venv/bin/pip install -r requirements.txt + $SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py + ##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py + $SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py + $SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py +} +# ``` diff --git a/docs/generic/misp-dashboard-centos.md b/docs/generic/misp-dashboard-centos.md new file mode 100644 index 000000000..a17223715 --- /dev/null +++ b/docs/generic/misp-dashboard-centos.md @@ -0,0 +1,75 @@ +#### MISP Dashboard on CentOS +-------------- +```bash +cd /var/www +sudo mkdir misp-dashboard +sudo chown www-data:www-data misp-dashboard +sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git +cd misp-dashboard +sudo -H /var/www/misp-dashboard/install_dependencies.sh +sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg +sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf +sudo apt install libapache2-mod-wsgi-py3 -y + +echo " + ServerAdmin admin@misp.local + ServerName misp.local + DocumentRoot /var/www/misp-dashboard + + WSGIDaemonProcess misp-dashboard \ + user=misp group=misp \ + python-home=/var/www/misp-dashboard/DASHENV \ + processes=1 \ + threads=15 \ + maximum-requests=5000 \ + listen-backlog=100 \ + queue-timeout=45 \ + socket-timeout=60 \ + connect-timeout=15 \ + request-timeout=60 \ + inactivity-timeout=0 \ + deadlock-timeout=60 \ + graceful-timeout=15 \ + eviction-timeout=0 \ + shutdown-timeout=5 \ + send-buffer-size=0 \ + receive-buffer-size=0 \ + header-buffer-size=0 \ + response-buffer-size=0 \ + server-metrics=Off + WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi + + WSGIProcessGroup misp-dashboard + WSGIApplicationGroup %{GLOBAL} + Require all granted + + LogLevel info + ErrorLog /var/log/apache2/misp-dashboard.local_error.log + CustomLog /var/log/apache2/misp-dashboard.local_access.log combined + ServerSignature Off +" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf + +sudo a2ensite misp-dashboard +sudo systemctl reload apache2 + +# Add misp-dashboard to rc.local to start on boot. +sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local + +# Enable ZeroMQ for misp-dashboard +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false" +sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false" +``` diff --git a/docs/generic/misp-dashboard-debian.md b/docs/generic/misp-dashboard-debian.md index 2ee8c8dd7..ed14711fc 100644 --- a/docs/generic/misp-dashboard-debian.md +++ b/docs/generic/misp-dashboard-debian.md @@ -1,75 +1,96 @@ #### MISP Dashboard -------------- ```bash -cd /var/www -sudo mkdir misp-dashboard -sudo chown www-data:www-data misp-dashboard -sudo -u www-data git clone https://github.com/MISP/misp-dashboard.git -cd misp-dashboard -sudo -H /var/www/misp-dashboard/install_dependencies.sh -sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg -sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf -sudo apt install libapache2-mod-wsgi-py3 -y +# +# Main MISP Dashboard install function +mispDashboard () { + debug "Install misp-dashboard" + # Install pyzmq to main MISP venv + debug "Installing PyZMQ" + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq + cd /var/www + sudo mkdir misp-dashboard + sudo chown www-data:www-data misp-dashboard -echo " - ServerAdmin admin@misp.local - ServerName misp.local - DocumentRoot /var/www/misp-dashboard - - WSGIDaemonProcess misp-dashboard \ - user=misp group=misp \ - python-home=/var/www/misp-dashboard/DASHENV \ - processes=1 \ - threads=15 \ - maximum-requests=5000 \ - listen-backlog=100 \ - queue-timeout=45 \ - socket-timeout=60 \ - connect-timeout=15 \ - request-timeout=60 \ - inactivity-timeout=0 \ - deadlock-timeout=60 \ - graceful-timeout=15 \ - eviction-timeout=0 \ - shutdown-timeout=5 \ - send-buffer-size=0 \ - receive-buffer-size=0 \ - header-buffer-size=0 \ - response-buffer-size=0 \ - server-metrics=Off - WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi - - WSGIProcessGroup misp-dashboard - WSGIApplicationGroup %{GLOBAL} - Require all granted - - LogLevel info - ErrorLog /var/log/apache2/misp-dashboard.local_error.log - CustomLog /var/log/apache2/misp-dashboard.local_access.log combined - ServerSignature Off -" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf + $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git + cd misp-dashboard + sudo -H /var/www/misp-dashboard/install_dependencies.sh + sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg + sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf + sudo apt install libapache2-mod-wsgi-py3 -y + echo " + ServerAdmin admin@misp.local + ServerName misp.local -sudo a2ensite misp-dashboard -sudo systemctl reload apache2 + DocumentRoot /var/www/misp-dashboard -# Add misp-dashboard to rc.local to start on boot. -sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local + WSGIDaemonProcess misp-dashboard \ + user=misp group=misp \ + python-home=/var/www/misp-dashboard/DASHENV \ + processes=1 \ + threads=15 \ + maximum-requests=5000 \ + listen-backlog=100 \ + queue-timeout=45 \ + socket-timeout=60 \ + connect-timeout=15 \ + request-timeout=60 \ + inactivity-timeout=0 \ + deadlock-timeout=60 \ + graceful-timeout=15 \ + eviction-timeout=0 \ + shutdown-timeout=5 \ + send-buffer-size=0 \ + receive-buffer-size=0 \ + header-buffer-size=0 \ + response-buffer-size=0 \ + server-metrics=Off -# Enable ZeroMQ for misp-dashboard -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false -sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false + WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi + + + WSGIProcessGroup misp-dashboard + WSGIApplicationGroup %{GLOBAL} + Require all granted + + + LogLevel info + ErrorLog /var/log/apache2/misp-dashboard.local_error.log + CustomLog /var/log/apache2/misp-dashboard.local_access.log combined + ServerSignature Off + " | sudo tee /etc/apache2/sites-available/misp-dashboard.conf + + # Enable misp-dashboard in apache and reload + sudo a2ensite misp-dashboard + sudo systemctl restart apache2 + + # Needs to be started after apache2 is reloaded so the port status check works + $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh + + # Add misp-dashboard to rc.local to start on boot. + sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local +} +# + +# +dashboardCAKE () { + # Enable ZeroMQ for misp-dashboard + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false + sudo -H -u www-data $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false +} +# ``` diff --git a/docs/generic/misp-modules-debian.md b/docs/generic/misp-modules-debian.md new file mode 100644 index 000000000..70acc2384 --- /dev/null +++ b/docs/generic/misp-modules-debian.md @@ -0,0 +1,60 @@ +#### Install misp-modules (optional) + +```bash +# +# Main MISP Modules install function +mispmodules () { + # FIXME: this is broken, ${PATH_TO_MISP} is litteral + sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local + cd /usr/local/src/ + ## TODO: checkUsrLocalSrc in main doc + $SUDO_USER git clone https://github.com/MISP/misp-modules.git + cd misp-modules + # some misp-modules dependencies + sudo apt-get install libpq5 libjpeg-dev libfuzzy-dev -y + # If you build an egg, the user you build it as need write permissions in the CWD + sudo chgrp $WWW_USER . + sudo chmod g+w . + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS + sudo chgrp staff . + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . + sudo apt install ruby-pygments.rb -y + sudo gem install asciidoctor-pdf --pre + + # install additional dependencies for extended object generation and extraction + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install wand yara pathlib + # Start misp-modules + $SUDO_WWW ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s & + + # Sleep 9 seconds to give misp-modules a chance to spawn + sleep 9 + + # Enable Enrichment, set better timeouts + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 + # TODO:"Investigate why the next one fails" + #$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 + + # Enable Import modules, set better timeout + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true + + # Enable Export modules, set better timeout + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300 + $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true +} +# +``` diff --git a/docs/generic/misp-modules.md b/docs/generic/misp-modules.md deleted file mode 100644 index 90438395d..000000000 --- a/docs/generic/misp-modules.md +++ /dev/null @@ -1,8 +0,0 @@ -#### Make some misp-modules available - -```bash -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true -sudo -H -u www-data $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true -``` - diff --git a/docs/generic/ssdeep-debian.md b/docs/generic/ssdeep-debian.md index 97b0b88ea..313f48f8d 100644 --- a/docs/generic/ssdeep-debian.md +++ b/docs/generic/ssdeep-debian.md @@ -1,19 +1,24 @@ #### Experimental ssdeep correlations ##### installing ssdeep -``` -cd /usr/local/src -wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz -tar zxvf ssdeep-2.14.1.tar.gz -cd ssdeep-2.14.1 -./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc -make -sudo make install +```bash +# +ssdeep () { + debug "Install ssdeep 2.14.1" + cd /usr/local/src + $SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz + $SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz + cd ssdeep-2.14.1 + $SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc + $SUDO_USER make + sudo make install -#installing ssdeep_php -sudo pecl install ssdeep + #installing ssdeep_php + sudo pecl install ssdeep -# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version -echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini -sudo phpenmod ssdeep -sudo service apache2 restart + # You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version + echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini + sudo phpenmod ssdeep + sudo service apache2 restart +} +# ``` diff --git a/docs/generic/sudo_etckeeper.md b/docs/generic/sudo_etckeeper.md index d478eaf52..4caeea176 100644 --- a/docs/generic/sudo_etckeeper.md +++ b/docs/generic/sudo_etckeeper.md @@ -1,16 +1,31 @@ #### install etckeeper and sudo (optional) + ```bash -su - -apt install -y etckeeper -apt install -y sudo -adduser misp sudo +# +# check if sudo is installed +checkSudoKeeper () { + echo "Checking for sudo and installing etckeeper" + if [[ ! -f $(which sudo) ]]; then + su -c "apt install etckeeper -y" + su -c "apt install sudo -y" + # TODO: Fix this, user misp might not exist + su -c "adduser misp sudo" + else + sudo apt install etckeeper -y + fi +} +# ``` ##### add the misp user to staff and www-data (mandatory) ```bash +# # Add the user to the staff group to be able to write to /usr/local/src +# TODO: Fix this, user misp might not exist sudo adduser misp staff sudo adduser misp www-data +# +# Logout and back in to make the group changes take effect. logout ``` diff --git a/docs/generic/supportFunctions.md b/docs/generic/supportFunctions.md new file mode 100644 index 000000000..a61351af7 --- /dev/null +++ b/docs/generic/supportFunctions.md @@ -0,0 +1,638 @@ +```bash +# +# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default +DEBUG= + +case "$-" in + *x*) NO_PROGRESS=1; DEBUG=1 ;; + *) NO_PROGRESS=0 ;; +esac + +## Function Section ## + +## Usage of this script +usage () { + if [ "$0" == "bash" ]; then + WEB_INSTALL=1 + SCRIPT_NAME="Web Installer Command" + else + SCRIPT_NAME=$0 + fi + + exec &> /dev/tty + space + echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install." + space + echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core + echo -e " -M | ${LBLUE}MISP${NC} modules" # modules + echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard + echo -e " -V | Viper" # viper + echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2 + echo -e " -S | Experimental ssdeep correlations" # ssdeep + echo -e " -A | Install ${YELLOW}all${NC} of the above" # all + space + echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre + space + echo -e " -u | Do an unattanded Install, no questions asked" # UNATTENDED + echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE + space + echo -e "${HIDDEN}Some parameters want to be hidden: ${NC}" + echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE + echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard" + space + echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or" + echo -e "MISP + modules - ${SCRIPT_NAME} -c -M" + space +} + +# Check if element is contained in array +containsElement () { + local e match="$1" + shift + for e; do [[ "$e" == "$match" ]] && return 0; done + return 1 +} + +checkOpt () { + # checkOpt feature + containsElement $1 "${options[@]}" +} + +setOpt () { + options=() + for o in $@; do + case "$o" in + ("-c") echo "core"; CORE=1 ;; + ("-V") echo "viper"; VIPER=1 ;; + ("-M") echo "modules"; MODULES=1 ;; + ("-D") echo "dashboard"; DASHBOARD=1 ;; + ("-m") echo "mail2"; MAIL2=1 ;; + ("-S") echo "ssdeep"; SSDEEP=1 ;; + ("-A") echo "all"; ALL=1 ;; + ("-C") echo "pre"; PRE=1 ;; + ("-U") echo "upgrade"; UPGRADE=1 ;; + ("-u") echo "unattended"; UNATTENDED=1 ;; + ("-f") echo "force"; FORCE=1 ;; + (*) echo "$o is not a valid argument"; exit 1 ;; + esac + done +} + +# Extract debian flavour +checkFlavour () { + if [ -z $(which lsb_release) ]; then + checkAptLock + sudo apt install lsb-release dialog -y + fi + + FLAVOUR=$(lsb_release -s -i |tr [A-Z] [a-z]) + if [ FLAVOUR == "ubuntu" ]; then + RELEASE=$(lsb_release -s -r) + debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}" + else + debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}" + fi +} + +# Extract manufacturer +checkManufacturer () { + if [ ! -f $(which dmidecode) ]; then + checkAptLock + sudo apt install dmidecode -y + fi + MANUFACTURER=$(sudo dmidecode -s system-manufacturer) + echo $MANUFACTURER +} + +# Dynamic horizontal spacer +space () { + if [[ "$NO_PROGRESS" == "1" ]]; then + return + fi + # Check terminal width + num=`tput cols` + for i in `seq 1 $num`; do + echo -n "-" + done + echo "" +} + +# Spinner so the user knows something is happening +spin() +{ + if [[ "$NO_PROGRESS" == "1" ]]; then + return + fi + spinner="/|\\-/|\\-" + while : + do + for i in `seq 0 7` + do + echo -n "${spinner:$i:1}" + echo -en "\010" + sleep 0.$i + done + done +} + +# Progress bar +progress () { + if [[ "$NO_PROGRESS" == "1" ]]; then + return + fi + bar="#" + if [[ $progress -ge 100 ]]; then + echo -ne "##################################################################################################### (100%)\r" + return + fi + progress=$[$progress+$1] + for p in $(seq 1 $progress); do + bar+="#" + echo -ne "$bar ($p%)\r" + done + echo -ne '\n' +} + +# Check locale +checkLocale () { + debug "Checking Locale" + # If locale is missing, generate and install a common UTF-8 + if [ ! -f /etc/default/locale ]; then + checkAptLock + sudo apt install locales -y + sudo locale-gen en_US.UTF-8 + sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 + fi +} + +# Simple function to check command exit code +checkFail () { + if [[ $2 -ne 0 ]]; then + echo "iAmError: $1" + echo "The last command exited with error code: $2" + exit $2 + fi +} + +# Check if misp user is present and if run as root +checkID () { + debug "Checking if run as root and $MISP_USER is present" + if [[ $EUID == 0 ]]; then + echo "This script cannot be run as a root" + exit 1 + elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then + if [[ "$UNATTENDED" != "1" ]]; then + echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' or continue as $USER? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + else + ANSWER="y" + fi + + if [[ $ANSWER == "y" ]]; then + sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER + echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd + echo "User $MISP_USER added, password is: $MISP_PASSWORD" + elif [[ $ANSWER == "n" ]]; then + echo "Using $USER as install user, hope that is what you want." + echo -e "${RED}Adding $USER to groups www-data and staff${NC}" + MISP_USER=$USER + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data + else + echo "yes or no was asked, try again." + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data + exit 1 + fi + else + echo "User ${MISP_USER} exists, skipping creation" + echo -e "${RED}Adding $MISP_USER to groups www-data and staff${NC}" + sudo adduser $MISP_USER staff + sudo adduser $MISP_USER www-data + fi +} + +# pre-install check to make sure what we will be installing on, is ready and not a half installed system +preInstall () { + echo -e "${RED}Place-holder, not implemented yet.${NC}" + exit +} + +# Upgrade function +upgrade () { + echo -e "${RED}Place-holder, not implemented yet.${NC}" + exit +} + +# check is /usr/local/src is RW by misp user +checkUsrLocalSrc () { + echo "" + if [[ -e /usr/local/src ]]; then + WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?) + if [[ "$WRITEABLE" == "0" ]]; then + echo "Good, /usr/local/src exists and is writeable as $MISP_USER" + else + # TODO: The below might be shorter, more elegant and more modern + #[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it" + if [ "$KALI" == "1" -o "$UNATTENDED" == "1" ]; then + ANSWER="y" + else + space + echo "/usr/local/src need to be writeable by $MISP_USER for misp-modules, viper etc." + echo -n "Permission to fix? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + space + fi + if [ "$ANSWER" == "y" ]; then + sudo chmod 2775 /usr/local/src + sudo chown root:staff /usr/local/src + fi + fi + else + echo "/usr/local/src does not exist, creating." + mkdir /usr/local/src + sudo chmod 2775 /usr/local/src + sudo chown root:staff /usr/local/src + fi +} + +kaliSpaceSaver () { + # Future function in case Kali overlay on LiveCD is full + echo "${RED}Not implement${NC}" +} + +# Because Kali is l33t we make sure we run as root +kaliOnRootR0ckz () { + if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 + elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then + useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER + echo $MISP_USER:$MISP_PASSWORD | chpasswd + else + # TODO: Make sure we consider this further down the road + echo "User ${MISP_USER} exists, skipping creation" + fi +} + +setBaseURL () { + debug "Setting Base URL" + if [[ $(checkManufacturer) != "innotek GmbH" ]]; then + debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be." + if [[ "$UNATTENDED" != "1" ]]; then + echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards." + echo "Do you want to change it now? (y/n) " + read ANSWER + ANSWER=$(echo $ANSWER |tr [A-Z] [a-z]) + if [[ $ANSWER == "y" ]]; then + echo "Please enter the Base URL, e.g: 'https://example.org'" + echo -n "Enter Base URL: " + read MISP_BASEURL + else + MISP_BASEURL='""' + fi + else + MISP_BASEURL="https://misp.local" + # Webserver configuration + FQDN='misp.local' + fi + elif [[ $KALI == "1" ]]; then + MISP_BASEURL="https://misp.local" + # Webserver configuration + FQDN='misp.local' + else + MISP_BASEURL='https://localhost:8443' + # Webserver configuration + FQDN='localhost.localdomain' + fi +} + +# Test and install software RNG +installRNG () { + sudo modprobe tpm-rng 2> /dev/null + if [ "$?" -eq "0" ]; then + echo tpm-rng | sudo tee -a /etc/modules + fi + checkAptLock + sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS + sudo service rng-tools start + + if [ "$?" -eq "1" ]; then + sudo apt purge -qy rng-tools + sudo apt install -qy haveged + sudo /etc/init.d/haveged start + fi +} + +# Kali upgrade +kaliUpgrade () { + debug "Running various Kali upgrade tasks" + sudo apt update + checkAptLock + sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y + sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y +} + +# Disables sleep +disableSleep () { + debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null + gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null + gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null + gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null + + setterm -blank 0 -powersave off -powerdown 0 + xset s 0 0 2> /dev/null + xset dpms 0 0 2> /dev/null + xset dpms force off + xset s off 2> /dev/null + service sleepd stop + kill $(lsof | grep 'sleepd' | awk '{print $2}') + checkAptLock +} + +# Remove alias if present +if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi +# Simple function to make sure APT is not locked +checkAptLock () { + SLEEP=3 + while [ "$DONE" != "0" ]; do + sudo apt-get check 2> /dev/null > /dev/null && DONE=0 + echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty + sleep $SLEEP + SLEEP=$[$SLEEP+3] + done + unset DONE +} + +# +# Install Php 7.3 deps +installDepsPhp73 () { + debug "Installing PHP 7.3 dependencies" + PHP_ETC_BASE=/etc/php/7.3 + PHP_INI=${PHP_ETC_BASE}/apache2/php.ini + sudo apt update + checkAptLock + sudo apt install -qy \ + libapache2-mod-php7.3 \ + php7.3 php7.3-cli \ + php7.3-dev \ + php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ + php-pear \ + php-redis php-gnupg +} +# + +# Installing core dependencies +installDeps () { + debug "Installing core dependencies" + checkAptLock + sudo apt update + sudo apt install -qy etckeeper + # Skip dist-upgrade for now, pulls in 500+ updated packages + #sudo apt -y dist-upgrade + gitMail=$(git config --global --get user.email ; echo $?) + if [ "$?" -eq "1" ]; then + git config --global user.email "root@kali.lan" + fi + gitUser=$(git config --global --get user.name ; echo $?) + if [ "$?" -eq "1" ]; then + git config --global user.name "Root User" + fi + + [[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix + + sudo apt install -qy \ + curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \ + mariadb-client \ + mariadb-server \ + apache2 apache2-doc apache2-utils \ + python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ + libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect + + installRNG +} + +# On Kali, the redis start-up script is broken. This tries to fix it. +fixRedis () { + # As of 20190124 redis-server init.d scripts are broken and need to be replaced + sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d` + + echo '#! /bin/sh +### BEGIN INIT INFO +# Provides: redis-server +# Required-Start: $syslog +# Required-Stop: $syslog +# Should-Start: $local_fs +# Should-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: redis-server - Persistent key-value db +# Description: redis-server - Persistent key-value db +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/redis-server +DAEMON_ARGS=/etc/redis/redis.conf +NAME=redis-server +DESC=redis-server +PIDFILE=/var/run/redis.pid + +test -x $DAEMON || exit 0 +test -x $DAEMONBOOTSTRAP || exit 0 + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + touch $PIDFILE + chown redis:redis $PIDFILE + if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS + then + echo "$NAME." + else + echo "failed" + fi + ;; + stop) + echo -n "Stopping $DESC: " + if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON + then + echo "$NAME." + else + echo "failed" + fi + rm -f $PIDFILE + ;; + + restart|force-reload) + ${0} stop + ${0} start + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0' | sudo tee /etc/init.d/redis-server + sudo chmod 755 /etc/init.d/redis-server + sudo /etc/init.d/redis-server start +} + +# generate MISP apache conf +genApacheConf () { + echo " + ServerAdmin admin@localhost.lu + ServerName misp.local + + Redirect permanent / https://misp.local + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + + + + ServerAdmin admin@localhost.lu + ServerName misp.local + DocumentRoot $PATH_TO_MISP/app/webroot + + + Options -Indexes + AllowOverride all + Require all granted + Order allow,deny + allow from all + + + SSLEngine On + SSLCertificateFile /etc/ssl/private/misp.local.crt + SSLCertificateKeyFile /etc/ssl/private/misp.local.key + # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + Header set X-Content-Type-Options nosniff + Header set X-Frame-Options DENY + " | tee /etc/apache2/sites-available/misp-ssl.conf +} + +# Add git pull update mechanism to rc.local - TODO: Make this better +gitPullAllRCLOCAL () { + sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local + sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local + sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local + sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local + sed -i -e '$i \done\n' /etc/rc.local +} + +# Composer on php 7.2 does not need any special treatment the provided phar works well +composer72 () { + cd $PATH_TO_MISP/app + mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer + $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2 + $SUDO_WWW php composer.phar config vendor-dir Vendor + $SUDO_WWW php composer.phar install +} + +# Composer on php 7.3 needs a recent version of composer.phar +composer73 () { + cd $PATH_TO_MISP/app + mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer + # Update composer.phar + # If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one + # Current Sum for: v1.8.3 + SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5' + sudo -H -u www-data php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + sudo -H -u www-data php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;" + checkFail "composer.phar checksum failed, please investigate manually. " $? + sudo -H -u www-data php composer-setup.php + sudo -H -u www-data php -r "unlink('composer-setup.php');" + $SUDO_WWW php composer.phar require kamisama/cake-resque:4.1.2 + $SUDO_WWW php composer.phar config vendor-dir Vendor + $SUDO_WWW php composer.phar install +} + +# Enable various core services +enableServices () { + update-rc.d mysql enable + update-rc.d apache2 enable + update-rc.d redis-server enable +} + +# Generate rc.local +genRCLOCAL () { + if [ ! -e /etc/rc.local ]; then + echo '#!/bin/sh -e' | tee -a /etc/rc.local + echo 'exit 0' | tee -a /etc/rc.local + chmod u+x /etc/rc.local + fi + + sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local + sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local + sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local + sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local +} + +# Final function to let the user know what happened +theEnd () { + space + echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" > /home/${MISP_USER}/mysql.txt + echo "User (misp) DB Password: $DBPASSWORD_MISP" >> /home/${MISP_USER}/mysql.txt + echo "Authkey: $AUTH_KEY" > /home/${MISP_USER}/MISP-authkey.txt + + clear + space + echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}" + echo + echo "User: admin@admin.test" + echo "Password: admin" + space + [[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001" + [[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234" + [[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space + echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)" + echo "/home/${MISP_USER}/mysql.txt" + echo -e "${RED}Contents:${NC}" + cat /home/${MISP_USER}/mysql.txt + echo "/home/${MISP_USER}/MISP-authkey.txt" + echo -e "${RED}Contents:${NC}" + cat /home/${MISP_USER}/MISP-authkey.txt + space + echo -e "The ${RED}LOCAL${NC} system credentials:" + echo "User: ${MISP_USER}" + echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user" + space + echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" + echo + echo "sudo postconf -e 'relayhost = example.com'" + echo "sudo postfix reload" + space + echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues" + space + if [ $UNATTENDED == "1" ]; then + echo -e "${RED}Unattended install!${NC}" + echo -e "This means we guessed the Base URL, it might be wrong, please double check." + space + fi + + if [[ "$USER" != "$MISP_USER" ]]; then + sudo su - ${MISP_USER} + fi +} +## End Function Section Nothing allowed in .md after this line ## +# +``` diff --git a/docs/generic/viper-debian.md b/docs/generic/viper-debian.md index 7d4ae2c8a..895988cc8 100644 --- a/docs/generic/viper-debian.md +++ b/docs/generic/viper-debian.md @@ -1,31 +1,69 @@ #### Install viper framework (with a virtualenv) ----------------------- -!!! warning - Viper has **lief** as a dependency, lief only has an .egg for Python3.6 NOT Python3.7
- If you have python3.7 installed make sure **virtualenv** uses **python3.6**
- ```bash - virtualenv -p python3.6 venv - ``` - ```bash -cd /usr/local/src/ -sudo apt-get install libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 python3-magic python3-sqlalchemy python3-prettytable -y -git clone https://github.com/viper-framework/viper.git -cd viper -virtualenv -p python3.6 venv -git submodule update --init --recursive -./venv/bin/pip install scrapy -./venv/bin/pip install -r requirements.txt -sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli -sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web -/usr/local/src/viper/viper-cli -h -/usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & -echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper"' |sudo tee /etc/environment -sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf -sed -i "s/^misp_key\ =/misp_key\ =\ ${AUTH_KEY}/g" ~/.viper/viper.conf -# Reset admin password to: admin/Password1234 -sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="' -# Add viper-web to rc.local to be started on boot -sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local +# +# Main Viper install function +viper () { + debug "Installing Viper dependencies" + cd /usr/local/src/ + sudo apt-get install \ + libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \ + python3-magic python3-sqlalchemy python3-prettytable libffi-dev -y + echo "Cloning Viper" + $SUDO_USER git clone https://github.com/viper-framework/viper.git + sudo chown -R $MISP_USER:$MISP_USER viper + cd viper + echo "Creating virtualenv" + $SUDO_USER virtualenv -p python3 venv + echo "Submodule update" + # TODO: Check for current user install permissions + $SUDO_USER git submodule update --init --recursive + ##$SUDO git submodule update --init --recursive + echo "Pip install deps" + $SUDO_USER ./venv/bin/pip install SQLAlchemy PrettyTable python-magic + echo "pip install scrapy" + $SUDO_USER ./venv/bin/pip install scrapy + echo "install lief" + $SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip + echo "pip install reqs" + $SUDO_USER ./venv/bin/pip install -r requirements.txt + $SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli + $SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web + echo "pip uninstall yara" + $SUDO_USER ./venv/bin/pip uninstall yara -y + echo "Launching viper-cli" + # TODO: Perms + #$SUDO /usr/local/src/viper/viper-cli -h > /dev/null + /usr/local/src/viper/viper-cli -h > /dev/null + echo "Launching viper-web" + # TODO: Perms + /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & + #$SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & + echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment + echo ". /etc/environment" >> /home/${MISP_USER}/.profile + + # TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t + if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then + VIPER_HOME="/home/${MISP_USER}/.viper" + else + VIPER_HOME="${HOME}/.viper" + fi + + echo "Setting misp_url/misp_key" + $SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf + $SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf + # Reset admin password to: admin/Password1234 + echo "Fixing admin.db with default password" + while [ "$(sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do + # FIXME This might lead to a race condition, the while loop is sub-par + sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db + echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…" + sleep 6 + done + + # Add viper-web to rc.local to be started on boot + sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local +} +# ``` diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md index 7ac1d6afd..68c2a7e5e 100644 --- a/docs/xINSTALL.centos7.md +++ b/docs/xINSTALL.centos7.md @@ -352,6 +352,7 @@ sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp +sudo chcon -t httpd_sys_script_exec_t /var/www/MISP/app/Console/cake sudo chcon -R -t usr_t /var/www/MISP/venv sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.git sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp @@ -535,6 +536,8 @@ sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s & sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local ``` +{!generic/misp-dashboard-centos.md!} + {!generic/MISP_CAKE_init_centos.md!} {!generic/INSTALL.done.md!} diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md index b4043d336..e88103d94 100644 --- a/docs/xINSTALL.debian_testing.md +++ b/docs/xINSTALL.debian_testing.md @@ -424,7 +424,7 @@ sudo -u www-data ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kba sudo -u www-data ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s & ``` -{!generic/misp-modules.md!} +{!generic/misp-modules-debian.md!} ```bash echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"