mirror of https://github.com/MISP/MISP
Merge remote-tracking branch 'upstream/2.4' into i18n
commit
b0ece7fe36
|
@ -0,0 +1,12 @@
|
|||
Main INSTALL Documentation for the MISP Project.
|
||||
|
||||
Currently the following install guides are being tested on a regular basis:
|
||||
|
||||
```
|
||||
INSTALL.debian9.txt
|
||||
INSTALL.debian_testing.txt
|
||||
INSTALL.kali.txt
|
||||
INSTALL.ubuntu1804.txt
|
||||
```
|
||||
|
||||
Install guides with the 'x' prefix, are marked as Experimental.
|
|
@ -1,6 +1,64 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for CentOS 7.x
|
||||
|
||||
0/ MISP CentOS 7 Minimal NetInstall - Status
|
||||
--------------------------------------------
|
||||
|
||||
Maintained and tested by @SteveClement, CentOS 7.5-1804 on 20180906
|
||||
|
||||
CentOS 7.5-1804 NetInstallURL: http://mirror.centos.org/centos/7.5.1804/os/x86_64/
|
||||
|
||||
Some configurables used below:
|
||||
|
||||
```
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php56 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/opt/rh/rh-php56/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal CentOS install
|
||||
-------------------------
|
||||
|
||||
|
@ -11,178 +69,200 @@ Install a minimal CentOS 7.x system with the software:
|
|||
- Mail server
|
||||
|
||||
# Make sure you set your hostname CORRECTLY vs. like an animal (manually in /etc/hostname)
|
||||
hostnamectl set-hostname misp # or whatever you want it to be
|
||||
hostnamectl set-hostname misp.local # or whatever you want it to be
|
||||
|
||||
# Make sure your system is up2date:
|
||||
yum update
|
||||
sudo yum update -y
|
||||
|
||||
2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root:
|
||||
Once the system is installed you can perform the following steps as root or with sudo:
|
||||
|
||||
# We need some packages from the Extra Packages for Enterprise Linux repository
|
||||
yum install epel-release
|
||||
sudo yum install epel-release -y
|
||||
|
||||
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
|
||||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
yum install centos-release-scl
|
||||
sudo yum install centos-release-scl -y
|
||||
|
||||
# Install the dependencies:
|
||||
yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip libxslt-devel zlib-devel
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip libxslt-devel zlib-devel -y
|
||||
|
||||
# Install PHP 5.6 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php56/
|
||||
yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath rh-php56-php-opcache
|
||||
sudo yum install rh-php56 rh-php56-php-fpm rh-php56-php-devel rh-php56-php-mysqlnd rh-php56-php-mbstring rh-php56-php-xml rh-php56-php-bcmath rh-php56-php-opcache -y
|
||||
|
||||
# Install Python 3.6 from SCL, see
|
||||
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
yum install rh-python36
|
||||
sudo yum install rh-python36 -y
|
||||
|
||||
# rh-php56-php only provided mod_php for httpd24-httpd from SCL
|
||||
# if we want to use httpd from CentOS base we can use rh-php56-php-fpm instead
|
||||
systemctl enable rh-php56-php-fpm.service
|
||||
systemctl start rh-php56-php-fpm.service
|
||||
sudo systemctl enable rh-php56-php-fpm.service
|
||||
sudo systemctl start rh-php56-php-fpm.service
|
||||
|
||||
# Start a new shell with rh-php56 enabled
|
||||
scl enable rh-php56 bash
|
||||
$RUN_PHP "pear channel-update pear.php.net"
|
||||
sudo $RUN_PHP "pear install Crypt_GPG" # we need version >1.3.0
|
||||
|
||||
pear channel-update pear.php.net
|
||||
|
||||
pear install Crypt_GPG # we need version >1.3.0
|
||||
|
||||
NOTE: if using rh-php56 the command needs to be run through its terminal: /usr/bin/scl enable rh-php56 "pear list | grep Crypt_GPG"
|
||||
NOTE: $RUN_PHP makes php available for you if using rh-php56. e.g: $RUN_PHP "pear list | grep Crypt_GPG"
|
||||
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
yum install haveged
|
||||
systemctl enable haveged.service
|
||||
systemctl start haveged.service
|
||||
sudo yum install haveged -y
|
||||
sudo systemctl enable haveged.service
|
||||
sudo systemctl start haveged.service
|
||||
|
||||
# Enable and start redis
|
||||
systemctl enable redis.service
|
||||
systemctl start redis.service
|
||||
sudo systemctl enable redis.service
|
||||
sudo systemctl start redis.service
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
sudo git clone https://github.com/MISP/MISP.git
|
||||
cd /var/www/MISP
|
||||
git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
sudo git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
# if the last shortcut doesn't work, specify the latest version manually
|
||||
# example: git checkout tags/v2.4.XY
|
||||
# the message regarding a "detached HEAD state" is expected behaviour
|
||||
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
git config core.filemode false
|
||||
sudo git config core.filemode false
|
||||
|
||||
# Start new shell with python 3 enabled
|
||||
scl enable rh-python36 bash
|
||||
# Fetch submodules
|
||||
cd /var/www/MISP
|
||||
sudo git submodule init
|
||||
sudo git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo git submodule foreach git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
yum install python-importlib python-lxml python-dateutil python-six
|
||||
sudo yum install python-importlib python-lxml python-dateutil python-six -y
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git config core.filemode false
|
||||
sudo git config core.filemode false
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
umask 0022
|
||||
python3 setup.py install
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install mixbox to accomodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
git clone https://github.com/CybOXProject/mixbox.git
|
||||
sudo git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /var/www/MISP/app/files/scripts/mixbox
|
||||
git config core.filemode false
|
||||
python3 setup.py install
|
||||
sudo git config core.filemode false
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
python3 setup.py install
|
||||
sudo $RUN_PYTHON "python3 setup.py install"
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
systemctl restart rh-php56-php-fpm.service
|
||||
echo 'source scl_source enable rh-python36' | sudo tee -a /etc/opt/rh/rh-php56/sysconfig/php-fpm
|
||||
sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php56/php-fpm.d/www.conf
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
umask $UMASK
|
||||
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it
|
||||
# ignore this message:
|
||||
# No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque'
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule init
|
||||
git submodule update
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
git submodule foreach git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
# CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
sudo chown -R apache:apache /var/www/MISP
|
||||
sudo mkdir /usr/share/httpd/.composer
|
||||
sudo chown apache:apache /usr/share/httpd/.composer
|
||||
cd /var/www/MISP/app
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
sudo -u apache $RUN_PHP "php composer.phar require kamisama/cake-resque:4.1.2"
|
||||
sudo -u apache $RUN_PHP "php composer.phar config vendor-dir Vendor"
|
||||
sudo -u apache $RUN_PHP "php composer.phar install"
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis using "yum install php-redis"
|
||||
pecl install redis-2.2.8
|
||||
echo "extension=redis.so" > /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
Note: if using rh-php56 redis needs to be installed through its terminal: /usr/bin/scl enable rh-php56 "pecl install redis-2.2.8"
|
||||
sudo $RUN_PHP "pecl install redis-2.2.8"
|
||||
echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/redis.ini
|
||||
sudo ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php56/php.d/99-redis.ini
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
# If you have not yet set a timezone in php.ini
|
||||
echo 'date.timezone = "Europe/Amsterdam"' > /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
echo 'date.timezone = "Europe/Luxembourg"' |sudo tee /etc/opt/rh/rh-php56/php-fpm.d/timezone.ini
|
||||
sudo ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php56/php.d/99-timezone.ini
|
||||
|
||||
# Recommended: Change some PHP settings in /etc/opt/rh/rh-php56/php.ini
|
||||
# max_execution_time = 300
|
||||
# memory_limit = 512M
|
||||
# upload_max_filesize = 50M
|
||||
# post_max_size = 50M
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
sudo systemctl restart rh-php56-php-fpm.service
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
sudo cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
chown -R root:apache /var/www/MISP
|
||||
find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
chmod -R g+r,o= /var/www/MISP
|
||||
chown apache:apache /var/www/MISP/app/files
|
||||
chown apache:apache /var/www/MISP/app/files/terms
|
||||
chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/tmp
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
sudo chown -R root:apache /var/www/MISP
|
||||
sudo find /var/www/MISP -type d -exec chmod g=rx {} \;
|
||||
sudo chmod -R g+r,o= /var/www/MISP
|
||||
sudo chmod -R 750 /var/www/MISP
|
||||
sudo chmod -R g+ws /var/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files
|
||||
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache /var/www/MISP/app/files
|
||||
sudo chown apache:apache /var/www/MISP/app/files/terms
|
||||
sudo chown apache:apache /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/Config
|
||||
sudo chown -R apache:apache /var/www/MISP/app/tmp
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chown -R apache:apache /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enable, start and secure your mysql database server
|
||||
systemctl enable mariadb.service
|
||||
systemctl start mariadb.service
|
||||
mysql_secure_installation
|
||||
sudo systemctl enable mariadb.service
|
||||
sudo systemctl start mariadb.service
|
||||
|
||||
# If you want to continue copy pasting set the MySQL root password to $DBPASSWORD_ADMIN
|
||||
echo $DBPASSWORD_ADMIN
|
||||
sudo mysql_secure_installation
|
||||
|
||||
# Additionally, it is probably a good idea to make the database server listen on localhost only
|
||||
echo [mysqld] > /etc/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 >> /etc/my.cnf.d/bind-address.cnf
|
||||
systemctl restart mariadb.service
|
||||
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
|
||||
echo bind-address=127.0.0.1 |sudo tee -a /etc/my.cnf.d/bind-address.cnf
|
||||
sudo systemctl restart mariadb.service
|
||||
|
||||
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
cd /var/www/MISP
|
||||
copy/paste:
|
||||
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
|
@ -190,59 +270,82 @@ mysql -u misp -p misp < INSTALL/MYSQL.sql
|
|||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
|
||||
|
||||
cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
sudo cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf
|
||||
|
||||
# Since SELinux is enabled, we need to allow httpd to write to certain directories
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs
|
||||
sudo chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom
|
||||
|
||||
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
|
||||
setsebool -P httpd_can_network_connect on
|
||||
sudo setsebool -P httpd_can_network_connect on
|
||||
|
||||
# Enable and start the httpd service
|
||||
systemctl enable httpd.service
|
||||
systemctl start httpd.service
|
||||
sudo systemctl enable httpd.service
|
||||
sudo systemctl start httpd.service
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
firewall-cmd --reload
|
||||
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
sudo firewall-cmd --reload
|
||||
|
||||
# We seriously recommend using only HTTPS / SSL !
|
||||
# Add SSL support by running: yum install mod_ssl
|
||||
# Check out the apache.misp.ssl file for an example
|
||||
|
||||
/!\ WARNING - To be fixed - Place holder
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
cp INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
# Now make logrotate work under SELinux as well
|
||||
# Allow logrotate to modify the log files
|
||||
semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
sudo semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?"
|
||||
sudo chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs
|
||||
|
||||
# Allow logrotate to read /var/www
|
||||
checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te
|
||||
semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
semodule -i /tmp/misplogrotate.pp
|
||||
sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te
|
||||
sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod
|
||||
sudo semodule -i /tmp/misplogrotate.pp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u apache tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally
|
||||
|
@ -270,31 +373,174 @@ cp -a config.default.php config.php
|
|||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
sudo chown apache:apache /var/www/MISP/app/Config/config.php
|
||||
sudo chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php
|
||||
|
||||
# Set some MISP directives with the command line tool
|
||||
sudo $RUN_PHP "$CAKE Live $MISP_LIVE"
|
||||
|
||||
# Change base url
|
||||
sudo $RUN_PHP "$CAKE Baseurl $MISP_BASEURL"
|
||||
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
# If the following command gives an error message, try it as root from the console
|
||||
gpg --gen-key
|
||||
mv ~/.gnupg /var/www/MISP/
|
||||
chown -R apache:apache /var/www/MISP/.gnupg
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool (Described on line 246)
|
||||
sudo gpg --homedir /var/www/MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
sudo rm -f /tmp/gen-key-script
|
||||
sudo chown -R apache:apache /var/www/MISP/.gnupg
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
sudo gpg --homedir /var/www/MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee /var/www/MISP/app/webroot/gpg.asc
|
||||
sudo chown apache:apache /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
sudo -u apache $RUN_PHP /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# To make the background workers start on boot
|
||||
vi /etc/rc.local
|
||||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
|
||||
# and make sure it will execute
|
||||
chmod +x /etc/rc.local
|
||||
sudo chmod +x /etc/rc.local
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $RUN_PHP "$CAKE userInit -q"
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.email" "admin@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "GnuPG.password" "Password1234""
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666"
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true"
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_enable" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_services_port" 6666"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_timeout" 300"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true"
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.host_org_id" 1"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.email" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disable_emailing" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.contact" "info@admin.test""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disablerestalert" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true"
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_enable" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_services_authkey" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true"
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_policy" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_anonymise" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.Sightings_range" 365"
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false"
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_retry" "30m""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost.""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_ns_alt" """
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost""
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.language" "eng""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.proposals_block_attributes" false"
|
||||
|
||||
## Redis block
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_port" 6379"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_database" 13"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.redis_password" """
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.extended_alert_subject" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.default_event_threat_level" 4"
|
||||
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
##sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableEventBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_client_ip" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.log_auth" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.disableUserSelfManagement" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert" false"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"""
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.block_old_event_alert_age" """
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidleft" "This is an initial install""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure""
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings""
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_length" 12"
|
||||
##sudo $RUN_PHP "$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'"
|
||||
# Tune global time outs
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.autoRegenerate" 0"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.timeout" 600"
|
||||
sudo $RUN_PHP "$CAKE Admin setSetting "Session.cookie_timeout" 3600"
|
||||
|
||||
|
||||
# Now log in using the webinterface: http://misp/users/login
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
|
|
@ -47,7 +47,7 @@ class AppController extends Controller
|
|||
public $helpers = array('Utility', 'OrgImg');
|
||||
|
||||
private $__queryVersion = '44';
|
||||
public $pyMispVersion = '2.4.93';
|
||||
public $pyMispVersion = '2.4.95';
|
||||
public $phpmin = '5.6.5';
|
||||
public $phprec = '7.0.16';
|
||||
|
||||
|
|
|
@ -1739,13 +1739,14 @@ class EventsController extends AppController
|
|||
throw new UnauthorizedException(__('You do not have permission to do that.'));
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
$original_file = !empty($this->data['Event']['original_file']) ? $this->data['Event']['stix']['name'] : None;
|
||||
if ($this->_isRest()) {
|
||||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
|
||||
$tempFile = new File($tmpDir . DS . $randomFileName, true, 0644);
|
||||
$tempFile->write($this->request->input());
|
||||
$tempFile->close();
|
||||
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version);
|
||||
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version, $original_file);
|
||||
if (is_array($result)) {
|
||||
return $this->RestResponse->saveSuccessResponse('Events', 'upload_stix', false, $this->response->type(), 'STIX document imported, event\'s created: ' . implode(', ', $result) . '.');
|
||||
} elseif (is_numeric($result)) {
|
||||
|
@ -1763,7 +1764,7 @@ class EventsController extends AppController
|
|||
$randomFileName = $this->Event->generateRandomFileName();
|
||||
$tmpDir = APP . "files" . DS . "scripts" . DS . "tmp";
|
||||
move_uploaded_file($this->data['Event']['stix']['tmp_name'], $tmpDir . DS . $randomFileName);
|
||||
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version);
|
||||
$result = $this->Event->upload_stix($this->Auth->user(), $randomFileName, $stix_version, $original_file);
|
||||
if (is_array($result)) {
|
||||
$this->Flash->success(__('STIX document imported, event\'s created: ' . implode(', ', $result) . '.'));
|
||||
$this->redirect(array('action' => 'index'));
|
||||
|
|
|
@ -1639,9 +1639,13 @@ class ServersController extends AppController
|
|||
App::uses('SyncTool', 'Tools');
|
||||
$params = array();
|
||||
if (!empty($request['url'])) {
|
||||
$path = preg_replace('#^(://|[^/?])+#', '', $request['url']);
|
||||
$url = Configure::read('MISP.baseurl') . $path;
|
||||
unset($request['url']);
|
||||
if (empty($request['use_full_path'])) {
|
||||
$path = preg_replace('#^(://|[^/?])+#', '', $request['url']);
|
||||
$url = Configure::read('MISP.baseurl') . $path;
|
||||
unset($request['url']);
|
||||
} else {
|
||||
$url = $request['url'];
|
||||
}
|
||||
} else {
|
||||
throw new InvalidArgumentException('Url not set.');
|
||||
}
|
||||
|
|
|
@ -322,12 +322,14 @@ class ComplexTypeTool
|
|||
if (preg_match("#^cve-[0-9]{4}-[0-9]{4,9}$#i", $input['raw'])) {
|
||||
return array('types' => array('vulnerability'), 'categories' => array('External analysis'), 'to_ids' => false, 'default_type' => 'vulnerability', 'value' => $input['raw']);
|
||||
}
|
||||
// Phone numbers - for automatic recognition, needs to start with + or include dashes
|
||||
if ($input['raw'][0] === '+' || strpos($input['raw'], '-')) {
|
||||
if (preg_match("#^(\+)?([0-9]{1,3}(\(0\))?)?[0-9\/\-]{5,}[0-9]$#i", $input['raw'])) {
|
||||
return array('types' => array('phone-number', 'prtn', 'whois-registrant-phone'), 'categories' => array('Other'), 'to_ids' => false, 'default_type' => 'phone-number', 'value' => $input['raw']);
|
||||
}
|
||||
}
|
||||
// Phone numbers - for automatic recognition, needs to start with + or include dashes
|
||||
if (!empty($input['raw'])) {
|
||||
if ($input['raw'][0] === '+' || strpos($input['raw'], '-')) {
|
||||
if (preg_match("#^(\+)?([0-9]{1,3}(\(0\))?)?[0-9\/\-]{5,}[0-9]$#i", $input['raw'])) {
|
||||
return array('types' => array('phone-number', 'prtn', 'whois-registrant-phone'), 'categories' => array('Other'), 'to_ids' => false, 'default_type' => 'phone-number', 'value' => $input['raw']);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private function __checkForIP($input)
|
||||
|
|
|
@ -4743,7 +4743,7 @@ class Event extends AppModel
|
|||
return $this->save($event);
|
||||
}
|
||||
|
||||
public function upload_stix($user, $filename, $stix_version)
|
||||
public function upload_stix($user, $filename, $stix_version, $original_file)
|
||||
{
|
||||
App::uses('Folder', 'Utility');
|
||||
App::uses('File', 'Utility');
|
||||
|
@ -4760,7 +4760,7 @@ class Event extends AppModel
|
|||
} else {
|
||||
throw new MethodNotAllowedException('Invalid STIX version');
|
||||
}
|
||||
$shell_command .= ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
|
||||
$shell_command .= ' ' . $original_file . ' ' . escapeshellarg(Configure::read('MISP.default_event_distribution')) . ' ' . escapeshellarg(Configure::read('MISP.default_attribute_distribution')) . ' 2>' . APP . 'tmp/logs/exec-errors.log';
|
||||
$result = shell_exec($shell_command);
|
||||
unlink($tempFilePath);
|
||||
if (trim($result) == '1') {
|
||||
|
|
|
@ -1224,7 +1224,8 @@ class Feed extends AppModel
|
|||
$fields = array('id', 'input_source', 'source_format', 'url', 'provider', 'name', 'default');
|
||||
$feeds = $this->find('all', array(
|
||||
'recursive' => -1,
|
||||
'fields' => $fields
|
||||
'fields' => $fields,
|
||||
'conditions' => array('Feed.caching_enabled' => 1)
|
||||
));
|
||||
// we'll use this later for the intersect
|
||||
$fields[] = 'values';
|
||||
|
|
|
@ -96,6 +96,7 @@ class Sighting extends AppModel
|
|||
$sighting['org_id'] = $org_id;
|
||||
$sighting['event_id'] = $event_id;
|
||||
$sighting['attribute_id'] = $attribute_id;
|
||||
$this->create();
|
||||
return $this->save($sighting);
|
||||
}
|
||||
|
||||
|
|
|
@ -2,22 +2,29 @@
|
|||
<?php
|
||||
echo $this->Form->create('Event', array('type' => 'file'));
|
||||
?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Import %s file', $stix_version); ?></legend>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Import %s file', $stix_version); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->input('Event.stix', array(
|
||||
'label' => '<b>' . __('%s file', $stix_version) . '</b>',
|
||||
'type' => 'file',
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('publish', array(
|
||||
'checked' => false,
|
||||
'label' => __('Publish imported events'),
|
||||
));
|
||||
?>
|
||||
</fieldset>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('original_file', array(
|
||||
'checked' => true,
|
||||
'label' => __('Include the original imported file as attachment')
|
||||
));
|
||||
?>
|
||||
</fieldset>
|
||||
<?php
|
||||
echo $this->Form->button(__('Upload'), array('class' => 'btn btn-primary'));
|
||||
echo $this->Form->end();
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<div class="feed index">
|
||||
<h2><?php echo __('Feed overlap analysis matrix');?></h2>
|
||||
<?php
|
||||
if (count($feeds) > 2):
|
||||
if (count($feeds) >= 2):
|
||||
?>
|
||||
<div>
|
||||
<table class="table table-striped table-hover table-condensed" style="width:100px;">
|
||||
|
|
|
@ -28,6 +28,13 @@
|
|||
'label' => __('Relative path to query'),
|
||||
'class' => 'input-xxlarge'
|
||||
));
|
||||
?>
|
||||
<div class="input clear" style="width:100%;">
|
||||
<?php
|
||||
echo $this->Form->input('use_full_path', array(
|
||||
'label' => 'Use full path - disclose my apikey',
|
||||
'type' => 'checkbox'
|
||||
));
|
||||
?>
|
||||
<div class="input clear" style="width:100%;">
|
||||
<?php
|
||||
|
@ -38,6 +45,7 @@
|
|||
'type' => 'checkbox',
|
||||
'label' => 'Skip SSL validation'
|
||||
));
|
||||
|
||||
?>
|
||||
<div class="input clear" style="width:100%;">
|
||||
<?php
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit e90b1ce4575c122d410f143d5205771614004d9f
|
||||
Subproject commit 38071f4bd9e3de1138a096cbbf66089f5105d798
|
|
@ -23,6 +23,7 @@ import time
|
|||
import uuid
|
||||
import io
|
||||
import stix2
|
||||
from base64 import b64encode
|
||||
from pymisp import MISPEvent, MISPObject, __path__
|
||||
from stix2misp_mapping import *
|
||||
from collections import defaultdict
|
||||
|
@ -43,7 +44,7 @@ class StixParser():
|
|||
with open(filename, 'r', encoding='utf-8') as f:
|
||||
event = json.loads(f.read())
|
||||
self.filename = filename
|
||||
self.stix_version = 'stix {}'.format(event.get('spec_version'))
|
||||
self.stix_version = 'STIX {}'.format(event.get('spec_version'))
|
||||
for o in event.get('objects'):
|
||||
parsed_object = stix2.parse(o, allow_custom=True)
|
||||
try:
|
||||
|
@ -57,14 +58,16 @@ class StixParser():
|
|||
if not self.event:
|
||||
print(json.dumps({'success': 0, 'message': 'There is no valid STIX object to import'}))
|
||||
sys.exit(1)
|
||||
if args[2] is not None:
|
||||
self.add_original_file(args[2])
|
||||
try:
|
||||
event_distribution = args[2]
|
||||
event_distribution = args[3]
|
||||
if not isinstance(event_distribution, int):
|
||||
event_distribution = int(event_distribution) if event_distribution.isdigit() else 5
|
||||
except IndexError:
|
||||
event_distribution = 5
|
||||
try:
|
||||
attribute_distribution = args[3]
|
||||
attribute_distribution = args[4]
|
||||
if attribute_distribution != 'event' and not isinstance(attribute_distribution, int):
|
||||
attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5
|
||||
except IndexError:
|
||||
|
@ -73,6 +76,16 @@ class StixParser():
|
|||
self.__attribute_distribution = event_distribution if attribute_distribution == 'event' else attribute_distribution
|
||||
self.load_mapping()
|
||||
|
||||
def add_original_file(self, original_filename):
|
||||
with open(self.filename, 'rb') as f:
|
||||
sample = b64encode(f.read()).decode('utf-8')
|
||||
original_file = MISPObject('original-imported-file')
|
||||
original_file.add_attribute(**{'type': 'attachment', 'value': original_filename,
|
||||
'object_relation': 'imported-sample', 'data': sample})
|
||||
original_file.add_attribute(**{'type': 'text', 'object_relation': 'format',
|
||||
'value': self.stix_version})
|
||||
self.misp_event.add_object(**original_file)
|
||||
|
||||
def load_mapping(self):
|
||||
self.objects_mapping = {'asn': {'observable': observable_asn, 'pattern': pattern_asn},
|
||||
'domain-ip': {'observable': observable_domain_ip, 'pattern': pattern_domain_ip},
|
||||
|
|
|
@ -20,6 +20,7 @@ import json
|
|||
import os
|
||||
import time
|
||||
import uuid
|
||||
import base64
|
||||
import stix2misp_mapping
|
||||
from operator import attrgetter
|
||||
from pymisp import MISPEvent, MISPObject, MISPAttribute, __path__
|
||||
|
@ -57,6 +58,7 @@ class StixParser():
|
|||
except ModuleNotFoundError:
|
||||
print(3)
|
||||
sys.exit(0)
|
||||
self.filename = filename
|
||||
title = event.stix_header.title
|
||||
fromMISP = (title is not None and "Export from " in title and "MISP" in title)
|
||||
if fromMISP:
|
||||
|
@ -65,14 +67,16 @@ class StixParser():
|
|||
self.ttps = package.ttps.ttps if package.ttps else None
|
||||
else:
|
||||
self.event = event
|
||||
if args[2] is not None:
|
||||
self.add_original_file(args[2])
|
||||
try:
|
||||
event_distribution = args[2]
|
||||
event_distribution = args[3]
|
||||
if not isinstance(event_distribution, int):
|
||||
event_distribution = int(event_distribution) if event_distribution.isdigit() else 5
|
||||
except IndexError:
|
||||
event_distribution = 5
|
||||
try:
|
||||
attribute_distribution = args[3]
|
||||
attribute_distribution = args[4]
|
||||
if attribute_distribution != 'event' and not isinstance(attribute_distribution, int):
|
||||
attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5
|
||||
except IndexError:
|
||||
|
@ -80,9 +84,18 @@ class StixParser():
|
|||
self.misp_event.distribution = event_distribution
|
||||
self.__attribute_distribution = event_distribution if attribute_distribution == 'event' else attribute_distribution
|
||||
self.fromMISP = fromMISP
|
||||
self.filename = filename
|
||||
self.load_mapping()
|
||||
|
||||
def add_original_file(self, original_filename):
|
||||
with open(self.filename, 'rb') as f:
|
||||
sample = base64.b64encode(f.read()).decode('utf-8')
|
||||
original_file = MISPObject('original-imported_file')
|
||||
original_file.add_attribute(**{'type': 'attachment', 'value': original_filename,
|
||||
'object_relation': 'imported-sample', 'data': sample})
|
||||
original_file.add_attribute(**{'type': 'text', 'object_relation': 'format',
|
||||
'value': 'STIX {}'.format(self.event.version)})
|
||||
self.misp_event.add_object(**original_file)
|
||||
|
||||
# Load the mapping dictionary for STIX object types
|
||||
def load_mapping(self):
|
||||
self.attribute_types_mapping = {
|
||||
|
@ -465,9 +478,10 @@ class StixParser():
|
|||
b_file = True
|
||||
attribute_type, relation = stix2misp_mapping.eventTypes[properties._XSI_TYPE]
|
||||
attributes.append([attribute_type, value, relation])
|
||||
self.fetch_attributes_with_keys(properties, stix2misp_mapping._file_mapping, attributes)
|
||||
attributes.extend(self.fetch_attributes_with_keys(properties, stix2misp_mapping._file_mapping))
|
||||
if len(attributes) == 1:
|
||||
return attributes[0]
|
||||
attribute = attributes[0]
|
||||
return attribute if attribute[2] != "fullpath" else "filename", attribute[1], ""
|
||||
if len(attributes) == 2:
|
||||
if b_hash and b_file:
|
||||
return self.handle_filename_object(attributes, is_object)
|
||||
|
@ -558,7 +572,7 @@ class StixParser():
|
|||
# Return type & attributes of a network socket objet
|
||||
def handle_network_socket(self, properties):
|
||||
attributes = self.fetch_attributes_from_sockets(properties, stix2misp_mapping._network_socket_addresses)
|
||||
self.fetch_attributes_with_keys(properties, stix2misp_mapping._network_socket_mapping, attributes)
|
||||
attributes.extend(self.fetch_attributes_with_keys(properties, stix2misp_mapping._network_socket_mapping))
|
||||
for prop in ('is_listening', 'is_blocking'):
|
||||
if getattr(properties, prop):
|
||||
attributes.append(["text", prop.split('_')[1], "state"])
|
||||
|
@ -947,11 +961,13 @@ class StixParser():
|
|||
return attributes
|
||||
|
||||
@staticmethod
|
||||
def fetch_attributes_with_keys(properties, mapping_dict, attributes):
|
||||
def fetch_attributes_with_keys(properties, mapping_dict):
|
||||
attributes = []
|
||||
for prop, mapping in mapping_dict.items():
|
||||
if getattr(properties,prop):
|
||||
attribute_type, properties_key, relation = mapping
|
||||
attributes.append([attribute_type, attrgetter(properties_key)(properties), relation])
|
||||
return attributes
|
||||
|
||||
@staticmethod
|
||||
def fetch_attributes_with_key_parsing(properties, mapping_dict):
|
||||
|
|
|
@ -11,6 +11,7 @@ eventTypes = {"ArtifactObjectType": {"type": "attachment", "relation": "attachme
|
|||
"PDFFileObjectType": _file_attribute_type,
|
||||
"PortObjectType": {"type": "port", "relation": "port"},
|
||||
"URIObjectType": {"type": "url", "relation": "url"},
|
||||
"WindowsFileObjectType": _file_attribute_type,
|
||||
"WindowsExecutableFileObjectType": _file_attribute_type,
|
||||
"WindowsRegistryKeyObjectType": {"type": "regkey", "relation": ""}}
|
||||
|
||||
|
@ -30,10 +31,11 @@ _email_mapping = {'from_': ("email-src", "address_value.value", "from"),
|
|||
'boundary': ("email-mime-boundary", 'value', "mime-boundary"),
|
||||
'user_agent': ("text", 'value', "user-agent")}
|
||||
_file_mapping = {'file_path': ('text', 'file_path.value', 'path'),
|
||||
'file_format': ('mime-type', 'file_format.value', 'mimetype'),
|
||||
'byte_runs': ('pattern-in-file', 'byte_runs[0].byte_run_data', 'pattern-in-file'),
|
||||
'size_in_bytes': ('size-in-bytes', 'size_in_bytes.value', 'size-in-bytes'),
|
||||
'peak_entropy': ('float', 'peak_entropy.value', 'entropy')}
|
||||
'full_path': ('text', 'full_path.value', 'fullpath'),
|
||||
'file_format': ('mime-type', 'file_format.value', 'mimetype'),
|
||||
'byte_runs': ('pattern-in-file', 'byte_runs[0].byte_run_data', 'pattern-in-file'),
|
||||
'size_in_bytes': ('size-in-bytes', 'size_in_bytes.value', 'size-in-bytes'),
|
||||
'peak_entropy': ('float', 'peak_entropy.value', 'entropy')}
|
||||
_network_socket_mapping = {'protocol': ('text', 'protocol.value', 'protocol'),
|
||||
'address_family': ('text', 'address_family.value', 'address-family'),
|
||||
'domain': ('text', 'domain.value', 'domain-family')}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit f582c7ee188abf294fd401066ddd5962e58b3610
|
||||
Subproject commit 9d0db55e795f45ca814c7900311c6b91a6e51cca
|
|
@ -1319,11 +1319,11 @@ function choicePopup(legend, list) {
|
|||
popupHtml += '<div class="popover_choice_main" id ="popover_choice_main">';
|
||||
popupHtml += '<table style="width:100%;" id="MainTable">';
|
||||
popupHtml += '<tbody>';
|
||||
for (var item in list) {
|
||||
list.forEach(function(item) {
|
||||
popupHtml += '<tr style="border-bottom:1px solid black;" class="templateChoiceButton">';
|
||||
popupHtml += '<td role="button" tabindex="0" aria-label="All meta-categories" title="'+item.text+'" style="padding-left:10px;padding-right:10px; text-align:center;width:100%;" onClick="'+item.onclick+';">'+item.text+'</td>';
|
||||
popupHtml += '</tr>';
|
||||
}
|
||||
});
|
||||
popupHtml += '</tbody>';
|
||||
popupHtml += '</table>';
|
||||
popupHtml += '</div>';
|
||||
|
|
Loading…
Reference in New Issue