mirror of https://github.com/MISP/MISP
Merge remote-tracking branch 'MISP/2.4' into 2.4
commit
b9f1b5f026
|
@ -16,6 +16,7 @@
|
|||
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# 20200513: Ubuntu 20.04 tested and working. -- sCl
|
||||
# 20200412: Ubuntu 18.04.4 tested and working. -- sCl
|
||||
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
||||
# 20190208: Kali Linux tested and working. -- sCl
|
||||
|
@ -36,8 +37,9 @@
|
|||
# 2/ For Kali, download and run Installer Script |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# To install MISP on Kali copy paste the following to your r00t shell:
|
||||
# To install MISP on Kali copy paste the following to your shell:
|
||||
# # wget --no-cache -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh
|
||||
# NO other version then 2020.x supported, kthxbai.
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
#
|
||||
|
@ -274,7 +276,7 @@ checkFlavour () {
|
|||
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
|
||||
fi
|
||||
|
||||
case "$FLAVOUR" in
|
||||
case "${FLAVOUR}" in
|
||||
ubuntu)
|
||||
if command_exists lsb_release; then
|
||||
dist_version="$(lsb_release --codename | cut -f2)"
|
||||
|
@ -299,7 +301,7 @@ checkFlavour () {
|
|||
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
||||
dist_version=${dist_version:0:1}
|
||||
fi
|
||||
echo "$FLAVOUR support is experimental at the moment"
|
||||
echo "${FLAVOUR} support is experimental at the moment"
|
||||
;;
|
||||
rhel|ol|sles)
|
||||
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
||||
|
@ -307,7 +309,7 @@ checkFlavour () {
|
|||
dist_version=${dist_version:0:1} # Only interested about major version
|
||||
fi
|
||||
# Only tested for RHEL 7 so far
|
||||
echo "$FLAVOUR support is experimental at the moment"
|
||||
echo "${FLAVOUR} support is experimental at the moment"
|
||||
;;
|
||||
*)
|
||||
if command_exists lsb_release; then
|
||||
|
@ -320,7 +322,7 @@ checkFlavour () {
|
|||
esac
|
||||
|
||||
# FIXME: The below want to be refactored
|
||||
if [ "$FLAVOUR" == "ubuntu" ]; then
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r)
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
||||
else
|
||||
|
@ -343,7 +345,7 @@ check_forked () {
|
|||
if [ "$lsb_release_exit_code" = "0" ]; then
|
||||
# Print info about current distro
|
||||
cat <<-EOF
|
||||
You're using '$FLAVOUR' version '$dist_version'.
|
||||
You're using '${FLAVOUR}' version '${dist_version}'.
|
||||
EOF
|
||||
# Get the upstream release info
|
||||
FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
|
||||
|
@ -351,10 +353,10 @@ EOF
|
|||
|
||||
# Print info about upstream distro
|
||||
cat <<-EOF
|
||||
Upstream release is '$FLAVOUR' version '$dist_version'.
|
||||
Upstream release is '${FLAVOUR}' version '$dist_version'.
|
||||
EOF
|
||||
else
|
||||
if [ -r /etc/debian_version ] && [ "$FLAVOUR" != "ubuntu" ] && [ "$FLAVOUR" != "raspbian" ]; then
|
||||
if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then
|
||||
# We're Debian and don't even know it!
|
||||
FLAVOUR=debian
|
||||
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
||||
|
@ -376,7 +378,7 @@ EOF
|
|||
|
||||
checkInstaller () {
|
||||
# Workaround: shasum is not available on RHEL, only checking sha512
|
||||
if [[ $FLAVOUR == "rhel" ]] || [[ $FLAVOUR == "centos" ]]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
||||
INSTsum=$(sha512sum ${0} | cut -f1 -d\ )
|
||||
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512
|
||||
chsum=$(cat /tmp/INSTALL.sh.sha512)
|
||||
|
@ -388,8 +390,8 @@ checkInstaller () {
|
|||
fi
|
||||
else
|
||||
# TODO: Implement $FLAVOUR checks and install depending on the platform we are on
|
||||
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) != 0 ]]; then
|
||||
sudo apt update
|
||||
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then
|
||||
checkAptLock
|
||||
sudo apt install libdigest-sha-perl -qyy
|
||||
fi
|
||||
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
|
||||
|
@ -412,12 +414,12 @@ checkInstaller () {
|
|||
|
||||
# Extract manufacturer
|
||||
checkManufacturer () {
|
||||
if [ -z $(which dmidecode) ]; then
|
||||
if [[ -z $(which dmidecode) ]]; then
|
||||
checkAptLock
|
||||
sudo apt install dmidecode -qy
|
||||
fi
|
||||
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
||||
echo $MANUFACTURER
|
||||
debug ${MANUFACTURER}
|
||||
}
|
||||
|
||||
# Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static.
|
||||
|
@ -479,7 +481,7 @@ progress () {
|
|||
checkLocale () {
|
||||
debug "Checking Locale"
|
||||
# If locale is missing, generate and install a common UTF-8
|
||||
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) == "1" ]]; then
|
||||
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy
|
||||
sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
|
||||
|
@ -490,6 +492,7 @@ checkLocale () {
|
|||
|
||||
# Simple function to check command exit code
|
||||
checkFail () {
|
||||
# '-ne' checks for numerical differences, '==' used for strings
|
||||
if [[ $2 -ne 0 ]]; then
|
||||
echo "iAmError: $1"
|
||||
echo "The last command exited with error code: $2"
|
||||
|
@ -526,7 +529,7 @@ clean () {
|
|||
# Check if misp user is present and if run as root
|
||||
checkID () {
|
||||
debug "Checking if run as root and $MISP_USER is present"
|
||||
if [[ $EUID == 0 ]]; then
|
||||
if [[ $EUID -eq 0 ]]; then
|
||||
echo "This script cannot be run as a root"
|
||||
clean > /dev/null 2>&1
|
||||
exit 1
|
||||
|
@ -654,14 +657,25 @@ kaliSpaceSaver () {
|
|||
echo "${RED}Not implement${NC}"
|
||||
}
|
||||
|
||||
# Because Kali is l33t we make sure we run as root
|
||||
kaliOnRootR0ckz () {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
# Because Kali is l33t we make sure we DO NOT run as root
|
||||
kaliOnTheR0ckz () {
|
||||
totalRoot=$(df -k | grep /$ |awk '{ print $2 }')
|
||||
totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}')
|
||||
overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present
|
||||
|
||||
if [[ ${totalRoot} -lt 3059034 ]]; then
|
||||
echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space."
|
||||
echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough."
|
||||
echo "6-8Gb should be fine. (need >3Gb overlayFS)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ${EUID} -eq 0 ]]; then
|
||||
echo "This script must NOT be run as root"
|
||||
exit 1
|
||||
elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then
|
||||
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER}
|
||||
echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd
|
||||
else
|
||||
# TODO: Make sure we consider this further down the road
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
|
@ -670,20 +684,25 @@ kaliOnRootR0ckz () {
|
|||
|
||||
setBaseURL () {
|
||||
debug "Setting Base URL"
|
||||
|
||||
CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP")
|
||||
IFACE=`echo $CONN |awk {'print $1'}`
|
||||
IP=`echo $CONN |awk {'print $2'}| cut -f1 -d/`
|
||||
if [[ "$(checkManufacturer)" != "innotek GmbH" ]] && [[ "$(checkManufacturer)" != "VMware, Inc." ]] && [[ "$(checkManufacturer)" != "QEMU" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
IFACE=$(echo $CONN |awk {'print $1'})
|
||||
IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/)
|
||||
|
||||
[[ -n ${MANUFACTURER} ]] || checkManufacturer
|
||||
|
||||
if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be."
|
||||
|
||||
if [[ "${UNATTENDED}" != "1" ]]; then
|
||||
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
||||
echo "Do you want to change it now? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
|
||||
if [[ "$ANSWER" == "y" ]]; then
|
||||
if [[ ! -z $IP ]]; then
|
||||
echo "It seems you have an interface called $IFACE UP with the following IP: $IP - FYI"
|
||||
echo "Thus your Base URL could be: https://$IP"
|
||||
ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]')
|
||||
if [[ "${ANSWER}" == "y" ]]; then
|
||||
if [[ ! -z ${IP} ]]; then
|
||||
echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI"
|
||||
echo "Thus your Base URL could be: https://${IP}"
|
||||
fi
|
||||
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
||||
echo ""
|
||||
|
@ -697,17 +716,17 @@ setBaseURL () {
|
|||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
fi
|
||||
elif [[ $KALI == "1" ]]; then
|
||||
elif [[ "${KALI}" == "1" ]]; then
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
elif [[ "$(checkManufacturer)" == "innotek GmbH" ]]; then
|
||||
elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then
|
||||
MISP_BASEURL='https://localhost:8443'
|
||||
IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1)
|
||||
sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443
|
||||
# Webserver configuration
|
||||
FQDN='localhost.localdomain'
|
||||
elif [[ "$(checkManufacturer)" == "VMware, Inc." ]]; then
|
||||
elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then
|
||||
MISP_BASEURL='""'
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
@ -738,7 +757,6 @@ installRNG () {
|
|||
# Kali upgrade
|
||||
kaliUpgrade () {
|
||||
debug "Running various Kali upgrade tasks"
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
||||
|
@ -768,6 +786,9 @@ if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
|||
# Simple function to make sure APT is not locked
|
||||
checkAptLock () {
|
||||
SLEEP=3
|
||||
if [[ -n ${APT_UPDATED} ]]; then
|
||||
sudo apt update && APT_UPDATED=1
|
||||
fi
|
||||
while [ "$DONE" != "0" ]; do
|
||||
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
||||
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
||||
|
@ -782,7 +803,7 @@ installDepsPhp70 () {
|
|||
debug "Installing PHP 7.0 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.0
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
@ -802,22 +823,36 @@ installDepsPhp73 () {
|
|||
debug "Installing PHP 7.3 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.3
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
if [[ ! -n ${KALI} ]]; then
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
else
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
libgpgme-dev \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php7.3-gd
|
||||
sudo pecl channel-update pecl.php.net
|
||||
#sudo pear config-set php_ini ${PHP_INI}
|
||||
echo "" |sudo pecl install redis
|
||||
sudo pecl install gnupg
|
||||
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
|
||||
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
|
||||
fi
|
||||
}
|
||||
|
||||
# Installing core dependencies
|
||||
installDeps () {
|
||||
debug "Installing core dependencies"
|
||||
checkAptLock
|
||||
sudo apt update
|
||||
sudo apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
|
@ -949,64 +984,56 @@ genApacheConf () {
|
|||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
}
|
||||
|
||||
# Add git pull update mechanism to rc.local - TODO: Make this better
|
||||
gitPullAllRCLOCAL () {
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \done\n' /etc/rc.local
|
||||
}
|
||||
|
||||
|
||||
# Main composer function
|
||||
composer () {
|
||||
sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
|
||||
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install"
|
||||
}
|
||||
|
||||
|
||||
# TODO: FIX somehow the alias of the function does not work
|
||||
# Composer on php 7.0 does not need any special treatment the provided phar works well
|
||||
alias composer70='composer72'
|
||||
|
||||
alias composer70=composer
|
||||
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
||||
composer72 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Composer on php 7.3 needs a recent version of composer.phar
|
||||
composer73 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
||||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
$SUDO_WWW php composer-setup.php
|
||||
$SUDO_WWW php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
alias composer72=composer
|
||||
# Composer on php 7.3 does not need any special treatment the provided phar works well
|
||||
alias composer73=composer
|
||||
|
||||
# TODO: this is probably a useless function
|
||||
# Enable various core services
|
||||
enableServices () {
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now mysql
|
||||
sudo systemctl enable --now apache2
|
||||
sudo systemctl enable --now redis-server
|
||||
}
|
||||
|
||||
# TODO: check if this makes sense
|
||||
# Generate rc.local
|
||||
genRCLOCAL () {
|
||||
if [ ! -e /etc/rc.local ]; then
|
||||
if [[ ! -e /etc/rc.local ]]; then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Run PyMISP tests
|
||||
|
@ -1015,9 +1042,9 @@ runTests () {
|
|||
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
|
||||
|
||||
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
|
||||
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
||||
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
||||
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
||||
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
||||
}
|
||||
|
||||
# Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster
|
||||
|
@ -1095,7 +1122,6 @@ theEnd () {
|
|||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
sudo apt-get update
|
||||
|
||||
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
||||
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
||||
|
@ -1150,7 +1176,7 @@ installDepsPhp74 () {
|
|||
debug "Installing PHP 7.4 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.4
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
@ -1170,15 +1196,30 @@ installDepsPhp73 () {
|
|||
debug "Installing PHP 7.3 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.3
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
if [[ ! -n ${KALI} ]]; then
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
else
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
libgpgme-dev \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php7.3-gd
|
||||
sudo pecl channel-update pecl.php.net
|
||||
#sudo pear config-set php_ini ${PHP_INI}
|
||||
echo "" |sudo pecl install redis
|
||||
sudo pecl install gnupg
|
||||
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
|
||||
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
|
||||
fi
|
||||
}
|
||||
|
||||
# Install Php 7.2 dependencies
|
||||
|
@ -1186,7 +1227,7 @@ installDepsPhp72 () {
|
|||
debug "Installing PHP 7.2 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
@ -1206,7 +1247,7 @@ installDepsPhp70 () {
|
|||
debug "Installing PHP 7.0 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.0
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
@ -2544,7 +2585,7 @@ mispmodulesRHEL () {
|
|||
### END AUTOMATED SECTION ###
|
||||
|
||||
# This function will generate the main installer.
|
||||
# It is a helper function for the maintainers for the installer.
|
||||
# It is a helper function for the maintainers of the installer.
|
||||
|
||||
colors () {
|
||||
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
||||
|
@ -2557,13 +2598,13 @@ colors () {
|
|||
}
|
||||
|
||||
generateInstaller () {
|
||||
if [ ! -f $(which xsnippet) ]; then
|
||||
if [[ ! -f $(which xsnippet) ]]; then
|
||||
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
||||
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.tpl.sh" ]]; then
|
||||
if [[ "$(echo $0 |grep -e '^\.\/')" != "./INSTALL.tpl.sh" ]]; then
|
||||
echo -e "${RED}iAmError!${NC}"
|
||||
echo -e "To generate the installer call it with './INSTALL.tpl.sh' otherwise things will break."
|
||||
echo -e "You called: ${RED}$0${NC}"
|
||||
|
@ -2647,7 +2688,7 @@ generateInstaller () {
|
|||
[[ $(type -t debug) == "alias" ]] && unalias debug
|
||||
debug () {
|
||||
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
||||
if [ ! -z $DEBUG ]; then
|
||||
if [[ ! -z ${DEBUG} ]]; then
|
||||
NO_PROGRESS=1
|
||||
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
||||
exec 3>&1
|
||||
|
@ -2669,7 +2710,7 @@ installSupported () {
|
|||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||
progress 4
|
||||
|
||||
|
@ -2677,7 +2718,7 @@ installSupported () {
|
|||
checkLocale
|
||||
|
||||
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade
|
||||
progress 4
|
||||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
|
@ -2735,40 +2776,40 @@ installSupported () {
|
|||
progress 4
|
||||
|
||||
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions
|
||||
progress 4
|
||||
|
||||
# TODO: Mysql install functions, make it upgrade safe, double check
|
||||
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB
|
||||
progress 4
|
||||
|
||||
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig
|
||||
progress 4
|
||||
|
||||
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation
|
||||
progress 4
|
||||
|
||||
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP
|
||||
progress 4
|
||||
|
||||
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG
|
||||
progress 4
|
||||
|
||||
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers
|
||||
progress 4
|
||||
|
||||
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE
|
||||
progress 4
|
||||
|
||||
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT
|
||||
progress 4
|
||||
|
||||
# Disable spinner
|
||||
|
@ -2799,7 +2840,7 @@ installSupported () {
|
|||
|
||||
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
||||
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
||||
##[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
||||
##[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE
|
||||
##progress 4
|
||||
|
||||
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
||||
|
@ -2817,7 +2858,7 @@ installSupported () {
|
|||
# Main Kali Install function
|
||||
installMISPonKali () {
|
||||
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
||||
kaliUpgrade 2> /dev/null > /dev/null
|
||||
kaliUpgrade
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
@ -2826,13 +2867,13 @@ installMISPonKali () {
|
|||
setBaseURL
|
||||
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
installDepsPhp73 2> /dev/null > /dev/null
|
||||
installDepsPhp73
|
||||
|
||||
# Set custom Kali only variables and tweaks
|
||||
space
|
||||
# The following disables sleep on kali/gnome
|
||||
### FIXME: Disabling for now, maybe source of some issues.
|
||||
##disableSleep 2> /dev/null > /dev/null
|
||||
##disableSleep
|
||||
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
||||
##sleep 3
|
||||
|
||||
|
@ -2844,51 +2885,50 @@ installMISPonKali () {
|
|||
installCoreDeps
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
sudo phpenmod -v 7.3 redis
|
||||
sudo phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status 2> /dev/null > /dev/null
|
||||
a2dismod php7.2 2> /dev/null > /dev/null
|
||||
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
||||
a2dissite 000-default 2> /dev/null > /dev/null
|
||||
a2ensite default-ssl 2> /dev/null > /dev/null
|
||||
debug "Apache2 ops: dismod: status - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite headers php7.3
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service 2> /dev/null > /dev/null
|
||||
sudo systemctl restart mysql.service
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
fixRedis 2> /dev/null > /dev/null
|
||||
fixRedis
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP; done
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git submodule update --progress --init --recursive; done
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MAECProject/python-maec.git; done
|
||||
|
||||
|
||||
mkdir /var/www/.cache/
|
||||
sudo mkdir /var/www/.cache/
|
||||
|
||||
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
||||
mkdir $MISP_USER_HOME/.cache
|
||||
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
chown $WWW_USER:$WWW_USER /var/www/.cache
|
||||
sudo mkdir $MISP_USER_HOME/.cache
|
||||
sudo chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
sudo chown $WWW_USER:$WWW_USER /var/www/.cache
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
## Not really needed...
|
||||
## debug "Generating rc.local"
|
||||
## genRCLOCAL
|
||||
|
||||
debug "Setting up main MISP virtualenv"
|
||||
# Needs virtualenv
|
||||
|
@ -2900,69 +2940,62 @@ installMISPonKali () {
|
|||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Install maec"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export
|
||||
debug "Installing cti-python-stix2"
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I antlr4-python3-runtime==4.7.2 2> /dev/null > /dev/null
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||
|
||||
# install plyara
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
|
||||
|
||||
# install zmq needed by mispzmq
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
debug "Installing cake"
|
||||
composer
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
spawn sudo mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
|
@ -2981,13 +3014,14 @@ installMISPonKali () {
|
|||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
||||
|
||||
enableServices
|
||||
|
||||
debug "Populating database"
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
|
@ -3005,7 +3039,7 @@ installMISPonKali () {
|
|||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
|
@ -3013,56 +3047,55 @@ installMISPonKali () {
|
|||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
echo "127.0.0.1 misp.local" | sudo tee -a /etc/hosts
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
sudo systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG 2> /dev/null > /dev/null
|
||||
setupGnuPG
|
||||
|
||||
debug "Adding workers to systemd"
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now misp-workers
|
||||
backgroundWorkers
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE 2> /dev/null > /dev/null
|
||||
coreCAKE
|
||||
|
||||
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
||||
##dashboardCAKE 2> /dev/null > /dev/null
|
||||
##dashboardCAKE
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT 2> /dev/null > /dev/null
|
||||
updateGOWNT
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
# This is not needed atm...
|
||||
##gitPullAllRCLOCAL
|
||||
|
||||
checkUsrLocalSrc
|
||||
|
||||
|
@ -3075,7 +3108,7 @@ installMISPonKali () {
|
|||
|
||||
debug "Installing ssdeep"
|
||||
ssdeep
|
||||
phpenmod -v 7.3 ssdeep
|
||||
sudo phpenmod -v 7.3 ssdeep
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
@ -3094,17 +3127,17 @@ installMISPRHEL () {
|
|||
|
||||
if [[ -n $CORE ]] || [[ -n $ALL ]]; then
|
||||
space
|
||||
echo "Proceeding with MISP core installation on RHEL $dist_version"
|
||||
echo "Proceeding with MISP core installation on RHEL ${dist_version}"
|
||||
space
|
||||
|
||||
id -u "$MISP_USER" > /dev/null
|
||||
if [ $? -eq 1 ]; then
|
||||
id -u "${MISP_USER}" > /dev/null
|
||||
if [[ $? -eq 1 ]]; then
|
||||
debug "Creating MISP user"
|
||||
sudo useradd -r "$MISP_USER"
|
||||
sudo useradd -r "${MISP_USER}"
|
||||
fi
|
||||
|
||||
debug "Enabling Extras Repos (SCL)"
|
||||
if [[ $FLAVOUR == "rhel" ]]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]]; then
|
||||
sudo subscription-manager register --auto-attach
|
||||
enableReposRHEL
|
||||
enableEPEL
|
||||
|
@ -3185,7 +3218,7 @@ debug "Setting MISP variables"
|
|||
MISPvars
|
||||
|
||||
debug "Checking for parameters or Unattended Kali Install"
|
||||
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
if [[ $# -eq 0 && "$0" != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
else
|
||||
|
@ -3230,10 +3263,6 @@ x86_64-debian-stretch
|
|||
x86_64-debian-buster
|
||||
x86_64-ubuntu-bionic
|
||||
x86_64-ubuntu-focal
|
||||
x86_64-kali-2019.1
|
||||
x86_64-kali-2019.2
|
||||
x86_64-kali-2019.3
|
||||
x86_64-kali-2019.4
|
||||
x86_64-kali-2020.1
|
||||
x86_64-kali-2020.2
|
||||
x86_64-kali-2020.3
|
||||
|
@ -3259,30 +3288,30 @@ EOF
|
|||
fi
|
||||
|
||||
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
if [[ "${FLAVOUR}" == "ubuntu" ]]; then
|
||||
RELEASE=$(lsb_release -s -r| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${RELEASE}" == "18.04" ]; then
|
||||
if [[ "${RELEASE}" == "18.04" ]]; then
|
||||
echo "Install on Ubuntu 18.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "20.04" ]; then
|
||||
if [[ "${RELEASE}" == "20.04" ]]; then
|
||||
echo "Install on Ubuntu 20.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP="7.4" && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "18.10" ]; then
|
||||
if [[ "${RELEASE}" == "18.10" ]]; then
|
||||
echo "Install on Ubuntu 18.10 partially supported, bye."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.04" ]; then
|
||||
if [[ "${RELEASE}" == "19.04" ]]; then
|
||||
echo "Install on Ubuntu 19.04 partially supported bye."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
exit 1
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.10" ]; then
|
||||
if [[ "${RELEASE}" == "19.10" ]]; then
|
||||
echo "Install on Ubuntu 19.10 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -3291,19 +3320,19 @@ if [ "${FLAVOUR}" == "ubuntu" ]; then
|
|||
fi
|
||||
|
||||
# If Debian is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "debian" ]; then
|
||||
if [[ "${FLAVOUR}" == "debian" ]]; then
|
||||
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${CODE}" == "buster" ]; then
|
||||
if [[ "${CODE}" == "buster" ]]; then
|
||||
echo "Install on Debian testing fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "sid" ]; then
|
||||
if [[ "${CODE}" == "sid" ]]; then
|
||||
echo "Install on Debian unstable not fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "stretch" ]; then
|
||||
if [[ "${CODE}" == "stretch" ]]; then
|
||||
echo "Install on Debian stable fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.0 && exit || exit
|
||||
|
@ -3313,13 +3342,13 @@ if [ "${FLAVOUR}" == "debian" ]; then
|
|||
fi
|
||||
|
||||
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
||||
if [[ "${FLAVOUR}" == "tsurugi" ]]; then
|
||||
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${CODE}" == "bamboo" ]; then
|
||||
if [[ "${CODE}" == "bamboo" ]]; then
|
||||
echo "Install on Tsurugi Lab partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
if [ "${CODE}" == "soy sauce" ]; then
|
||||
if [[ "${CODE}" == "soy sauce" ]]; then
|
||||
echo "Install on Tsurugi Acquire partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
|
@ -3328,16 +3357,16 @@ if [ "${FLAVOUR}" == "tsurugi" ]; then
|
|||
fi
|
||||
|
||||
# If Kali Linux is detected, run the acccording scripts
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
if [[ "${FLAVOUR}" == "kali" ]]; then
|
||||
KALI=1
|
||||
kaliOnRootR0ckz
|
||||
kaliOnTheR0ckz
|
||||
installMISPonKali
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
||||
|
||||
# If RHEL/CentOS is detected, run appropriate script
|
||||
if [ "${FLAVOUR}" == "rhel" ] || [ "${FLAVOUR}" == "centos" ]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
||||
installMISPRHEL
|
||||
echo "Installation done !"
|
||||
exit
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
; Generated by RHash v1.3.9 on 2020-05-13 at 12:47.53
|
||||
; Generated by RHash v1.3.9 on 2020-05-17 at 03:12.57
|
||||
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
|
||||
;
|
||||
; 132625 12:47.53 2020-05-13 INSTALL.sh
|
||||
INSTALL.sh 39D54E983C460248BD68CEE97BA24736DDF9A479 016DDE3CF5F0199C66A23B72F8F6D5951972C2B9CF1B5AE5159D650695442D8A D245A7EB12AEC9BCEC2C391C9B7023F6C8AE3713324FC410DC42A9A9620C13E4BC9CA456F62A40AE17F864D021492750 BE6ACAE2DFD1BA7FD29ED7F73098EE54552DB91EBEE3B58E239D54D4AD7AFDD3FDB212689D550B990A253A17A37E2E8BA3C4C41C129ECBD78E0EACB97F0085D5
|
||||
; 132940 03:12.57 2020-05-17 INSTALL.sh
|
||||
INSTALL.sh 89D2EC44902AE611FB65EC5CF30FD8685F713ECD 4D2C48FBF6D668A0FF35B01DE88BAA656943C13A1CEB148C09DD333299E894B3 9BC9C39F584346C8EC1DBF87DBF0E1952EF1736DF22E6BE233A60968F751E2C1C5A8E36CE34BE5696D6EE61D8E1079FA 0AD43002838AF3EB559FC2493A9F9B9FFC1E9592311E0866A46ADA3FB3D0D2AF419B06EB42454184E4DDEDDFAC281C07148E4C61277F933D942ABCEA7CF976CA
|
||||
|
|
|
@ -1 +1 @@
|
|||
39d54e983c460248bd68cee97ba24736ddf9a479 INSTALL.sh
|
||||
89d2ec44902ae611fb65ec5cf30fd8685f713ecd INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
016dde3cf5f0199c66a23b72f8f6d5951972c2b9cf1b5ae5159d650695442d8a INSTALL.sh
|
||||
4d2c48fbf6d668a0ff35b01de88baa656943c13a1ceb148c09dd333299e894b3 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
d245a7eb12aec9bcec2c391c9b7023f6c8ae3713324fc410dc42a9a9620c13e4bc9ca456f62a40ae17f864d021492750 INSTALL.sh
|
||||
9bc9c39f584346c8ec1dbf87dbf0e1952ef1736df22e6be233a60968f751e2c1c5a8e36ce34be5696d6ee61d8e1079fa INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
be6acae2dfd1ba7fd29ed7f73098ee54552db91ebee3b58e239d54d4ad7afdd3fdb212689d550b990a253a17a37e2e8ba3c4c41c129ecbd78e0eacb97f0085d5 INSTALL.sh
|
||||
0ad43002838af3eb559fc2493a9f9b9ffc1e9592311e0866a46ada3fb3d0d2af419b06eb42454184e4ddeddfac281c07148e4c61277f933d942abcea7cf976ca INSTALL.sh
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# 20200513: Ubuntu 20.04 tested and working. -- sCl
|
||||
# 20200412: Ubuntu 18.04.4 tested and working. -- sCl
|
||||
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
||||
# 20190208: Kali Linux tested and working. -- sCl
|
||||
|
@ -36,8 +37,9 @@
|
|||
# 2/ For Kali, download and run Installer Script |
|
||||
#-------------------------------------------------------|
|
||||
#
|
||||
# To install MISP on Kali copy paste the following to your r00t shell:
|
||||
# To install MISP on Kali copy paste the following to your shell:
|
||||
# # wget --no-cache -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh
|
||||
# NO other version then 2020.x supported, kthxbai.
|
||||
# /!\ Please read the installer script before randomly doing the above.
|
||||
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
||||
#
|
||||
|
@ -115,7 +117,7 @@
|
|||
### END AUTOMATED SECTION ###
|
||||
|
||||
# This function will generate the main installer.
|
||||
# It is a helper function for the maintainers for the installer.
|
||||
# It is a helper function for the maintainers of the installer.
|
||||
|
||||
colors () {
|
||||
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
||||
|
@ -128,13 +130,13 @@ colors () {
|
|||
}
|
||||
|
||||
generateInstaller () {
|
||||
if [ ! -f $(which xsnippet) ]; then
|
||||
if [[ ! -f $(which xsnippet) ]]; then
|
||||
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
||||
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.tpl.sh" ]]; then
|
||||
if [[ "$(echo $0 |grep -e '^\.\/')" != "./INSTALL.tpl.sh" ]]; then
|
||||
echo -e "${RED}iAmError!${NC}"
|
||||
echo -e "To generate the installer call it with './INSTALL.tpl.sh' otherwise things will break."
|
||||
echo -e "You called: ${RED}$0${NC}"
|
||||
|
@ -218,7 +220,7 @@ generateInstaller () {
|
|||
[[ $(type -t debug) == "alias" ]] && unalias debug
|
||||
debug () {
|
||||
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
||||
if [ ! -z $DEBUG ]; then
|
||||
if [[ ! -z ${DEBUG} ]]; then
|
||||
NO_PROGRESS=1
|
||||
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
||||
exec 3>&1
|
||||
|
@ -240,7 +242,7 @@ installSupported () {
|
|||
progress 4
|
||||
|
||||
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
||||
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
||||
progress 4
|
||||
|
||||
|
@ -248,7 +250,7 @@ installSupported () {
|
|||
checkLocale
|
||||
|
||||
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade
|
||||
progress 4
|
||||
|
||||
# TODO: Double check how the user is added and subsequently used during the install.
|
||||
|
@ -306,40 +308,40 @@ installSupported () {
|
|||
progress 4
|
||||
|
||||
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions
|
||||
progress 4
|
||||
|
||||
# TODO: Mysql install functions, make it upgrade safe, double check
|
||||
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB
|
||||
progress 4
|
||||
|
||||
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig
|
||||
progress 4
|
||||
|
||||
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation
|
||||
progress 4
|
||||
|
||||
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP
|
||||
progress 4
|
||||
|
||||
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG
|
||||
progress 4
|
||||
|
||||
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers
|
||||
progress 4
|
||||
|
||||
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE
|
||||
progress 4
|
||||
|
||||
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
||||
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT
|
||||
progress 4
|
||||
|
||||
# Disable spinner
|
||||
|
@ -370,7 +372,7 @@ installSupported () {
|
|||
|
||||
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
||||
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
||||
##[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
||||
##[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE
|
||||
##progress 4
|
||||
|
||||
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
||||
|
@ -388,7 +390,7 @@ installSupported () {
|
|||
# Main Kali Install function
|
||||
installMISPonKali () {
|
||||
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
||||
kaliUpgrade 2> /dev/null > /dev/null
|
||||
kaliUpgrade
|
||||
|
||||
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
||||
checkLocale
|
||||
|
@ -397,13 +399,13 @@ installMISPonKali () {
|
|||
setBaseURL
|
||||
|
||||
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
||||
installDepsPhp73 2> /dev/null > /dev/null
|
||||
installDepsPhp73
|
||||
|
||||
# Set custom Kali only variables and tweaks
|
||||
space
|
||||
# The following disables sleep on kali/gnome
|
||||
### FIXME: Disabling for now, maybe source of some issues.
|
||||
##disableSleep 2> /dev/null > /dev/null
|
||||
##disableSleep
|
||||
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
||||
##sleep 3
|
||||
|
||||
|
@ -415,51 +417,50 @@ installMISPonKali () {
|
|||
installCoreDeps
|
||||
|
||||
debug "Enabling redis and gnupg modules"
|
||||
phpenmod -v 7.3 redis
|
||||
phpenmod -v 7.3 gnupg
|
||||
sudo phpenmod -v 7.3 redis
|
||||
sudo phpenmod -v 7.3 gnupg
|
||||
|
||||
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
a2dismod status 2> /dev/null > /dev/null
|
||||
a2dismod php7.2 2> /dev/null > /dev/null
|
||||
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
||||
a2dissite 000-default 2> /dev/null > /dev/null
|
||||
a2ensite default-ssl 2> /dev/null > /dev/null
|
||||
debug "Apache2 ops: dismod: status - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
||||
sudo a2dismod status
|
||||
sudo a2enmod ssl rewrite headers php7.3
|
||||
sudo a2dissite 000-default
|
||||
sudo a2ensite default-ssl
|
||||
|
||||
debug "Restarting mysql.service"
|
||||
systemctl restart mysql.service 2> /dev/null > /dev/null
|
||||
sudo systemctl restart mysql.service
|
||||
|
||||
debug "Fixing redis rc script on Kali"
|
||||
fixRedis 2> /dev/null > /dev/null
|
||||
fixRedis
|
||||
|
||||
debug "git clone, submodule update everything"
|
||||
mkdir $PATH_TO_MISP
|
||||
chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP; done
|
||||
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP
|
||||
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git submodule update --progress --init --recursive; done
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
||||
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MAECProject/python-maec.git; done
|
||||
|
||||
|
||||
mkdir /var/www/.cache/
|
||||
sudo mkdir /var/www/.cache/
|
||||
|
||||
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
||||
mkdir $MISP_USER_HOME/.cache
|
||||
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
chown $WWW_USER:$WWW_USER /var/www/.cache
|
||||
sudo mkdir $MISP_USER_HOME/.cache
|
||||
sudo chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
||||
sudo chown $WWW_USER:$WWW_USER /var/www/.cache
|
||||
|
||||
debug "Generating rc.local"
|
||||
genRCLOCAL
|
||||
## Not really needed...
|
||||
## debug "Generating rc.local"
|
||||
## genRCLOCAL
|
||||
|
||||
debug "Setting up main MISP virtualenv"
|
||||
# Needs virtualenv
|
||||
|
@ -471,69 +472,62 @@ installMISPonKali () {
|
|||
|
||||
debug "Installing python-cybox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Installing python-stix"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Install maec"
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export
|
||||
debug "Installing cti-python-stix2"
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I antlr4-python3-runtime==4.7.2 2> /dev/null > /dev/null
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
cd ${PATH_TO_MISP}/cti-python-stix2
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
debug "Installing mixbox"
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install PyMISP
|
||||
debug "Installing PyMISP"
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install pydeep
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
|
||||
|
||||
# install lief
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install lief
|
||||
|
||||
# install python-magic
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
||||
|
||||
# install plyara
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
|
||||
|
||||
# install zmq needed by mispzmq
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq 2> /dev/null > /dev/null
|
||||
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq
|
||||
|
||||
# Install Crypt_GPG and Console_CommandLine
|
||||
debug "Installing pear Console_CommandLine"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
||||
debug "Installing pear Crypt_GPG"
|
||||
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
||||
|
||||
|
||||
debug "Installing composer with php 7.3 updates"
|
||||
composer73
|
||||
debug "Installing cake"
|
||||
composer
|
||||
|
||||
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
chmod -R 750 $PATH_TO_MISP
|
||||
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
debug "Setting up database"
|
||||
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
||||
echo "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
spawn sudo mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send -- \"\r\"
|
||||
expect \"Set root password?\"
|
||||
|
@ -552,13 +546,14 @@ installMISPonKali () {
|
|||
send -- \"y\r\"
|
||||
expect eof" | expect -f -
|
||||
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
||||
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
||||
|
||||
enableServices
|
||||
|
||||
debug "Populating database"
|
||||
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
|
||||
echo "<?php
|
||||
|
@ -576,7 +571,7 @@ installMISPonKali () {
|
|||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
||||
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
||||
else
|
||||
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
||||
echo "Skipping any creations…"
|
||||
|
@ -584,56 +579,55 @@ installMISPonKali () {
|
|||
fi
|
||||
|
||||
debug "Generating Certificate"
|
||||
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
debug "Generating Apache Conf"
|
||||
genApacheConf
|
||||
|
||||
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
||||
echo "127.0.0.1 misp.local" | sudo tee -a /etc/hosts
|
||||
|
||||
debug "Disabling site default-ssl, enabling misp-ssl"
|
||||
a2dissite default-ssl
|
||||
a2ensite misp-ssl
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
debug "Restarting Apache2"
|
||||
systemctl restart apache2
|
||||
sudo systemctl restart apache2
|
||||
|
||||
debug "Setting up logrotate"
|
||||
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
sudo chmod 0640 /etc/logrotate.d/misp
|
||||
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
||||
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
|
||||
chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
|
||||
sudo chmod -R 750 $PATH_TO_MISP/app/Config
|
||||
|
||||
debug "Setting up GnuPG"
|
||||
setupGnuPG 2> /dev/null > /dev/null
|
||||
setupGnuPG
|
||||
|
||||
debug "Adding workers to systemd"
|
||||
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now misp-workers
|
||||
backgroundWorkers
|
||||
|
||||
debug "Running Core Cake commands"
|
||||
coreCAKE 2> /dev/null > /dev/null
|
||||
coreCAKE
|
||||
|
||||
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
||||
##dashboardCAKE 2> /dev/null > /dev/null
|
||||
##dashboardCAKE
|
||||
|
||||
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
||||
updateGOWNT 2> /dev/null > /dev/null
|
||||
updateGOWNT
|
||||
|
||||
gitPullAllRCLOCAL
|
||||
# This is not needed atm...
|
||||
##gitPullAllRCLOCAL
|
||||
|
||||
checkUsrLocalSrc
|
||||
|
||||
|
@ -646,7 +640,7 @@ installMISPonKali () {
|
|||
|
||||
debug "Installing ssdeep"
|
||||
ssdeep
|
||||
phpenmod -v 7.3 ssdeep
|
||||
sudo phpenmod -v 7.3 ssdeep
|
||||
|
||||
debug "Setting permissions"
|
||||
permissions
|
||||
|
@ -665,17 +659,17 @@ installMISPRHEL () {
|
|||
|
||||
if [[ -n $CORE ]] || [[ -n $ALL ]]; then
|
||||
space
|
||||
echo "Proceeding with MISP core installation on RHEL $dist_version"
|
||||
echo "Proceeding with MISP core installation on RHEL ${dist_version}"
|
||||
space
|
||||
|
||||
id -u "$MISP_USER" > /dev/null
|
||||
if [ $? -eq 1 ]; then
|
||||
id -u "${MISP_USER}" > /dev/null
|
||||
if [[ $? -eq 1 ]]; then
|
||||
debug "Creating MISP user"
|
||||
sudo useradd -r "$MISP_USER"
|
||||
sudo useradd -r "${MISP_USER}"
|
||||
fi
|
||||
|
||||
debug "Enabling Extras Repos (SCL)"
|
||||
if [[ $FLAVOUR == "rhel" ]]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]]; then
|
||||
sudo subscription-manager register --auto-attach
|
||||
enableReposRHEL
|
||||
enableEPEL
|
||||
|
@ -756,7 +750,7 @@ debug "Setting MISP variables"
|
|||
MISPvars
|
||||
|
||||
debug "Checking for parameters or Unattended Kali Install"
|
||||
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
||||
if [[ $# -eq 0 && "$0" != "/tmp/misp-kali.sh" ]]; then
|
||||
usage
|
||||
exit
|
||||
else
|
||||
|
@ -801,10 +795,6 @@ x86_64-debian-stretch
|
|||
x86_64-debian-buster
|
||||
x86_64-ubuntu-bionic
|
||||
x86_64-ubuntu-focal
|
||||
x86_64-kali-2019.1
|
||||
x86_64-kali-2019.2
|
||||
x86_64-kali-2019.3
|
||||
x86_64-kali-2019.4
|
||||
x86_64-kali-2020.1
|
||||
x86_64-kali-2020.2
|
||||
x86_64-kali-2020.3
|
||||
|
@ -830,30 +820,30 @@ EOF
|
|||
fi
|
||||
|
||||
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
if [[ "${FLAVOUR}" == "ubuntu" ]]; then
|
||||
RELEASE=$(lsb_release -s -r| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${RELEASE}" == "18.04" ]; then
|
||||
if [[ "${RELEASE}" == "18.04" ]]; then
|
||||
echo "Install on Ubuntu 18.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "20.04" ]; then
|
||||
if [[ "${RELEASE}" == "20.04" ]]; then
|
||||
echo "Install on Ubuntu 20.04 LTS fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP="7.4" && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "18.10" ]; then
|
||||
if [[ "${RELEASE}" == "18.10" ]]; then
|
||||
echo "Install on Ubuntu 18.10 partially supported, bye."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.04" ]; then
|
||||
if [[ "${RELEASE}" == "19.04" ]]; then
|
||||
echo "Install on Ubuntu 19.04 partially supported bye."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported && exit || exit
|
||||
exit 1
|
||||
fi
|
||||
if [ "${RELEASE}" == "19.10" ]; then
|
||||
if [[ "${RELEASE}" == "19.10" ]]; then
|
||||
echo "Install on Ubuntu 19.10 not supported, bye"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -862,19 +852,19 @@ if [ "${FLAVOUR}" == "ubuntu" ]; then
|
|||
fi
|
||||
|
||||
# If Debian is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "debian" ]; then
|
||||
if [[ "${FLAVOUR}" == "debian" ]]; then
|
||||
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${CODE}" == "buster" ]; then
|
||||
if [[ "${CODE}" == "buster" ]]; then
|
||||
echo "Install on Debian testing fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "sid" ]; then
|
||||
if [[ "${CODE}" == "sid" ]]; then
|
||||
echo "Install on Debian unstable not fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.3 && exit || exit
|
||||
fi
|
||||
if [ "${CODE}" == "stretch" ]; then
|
||||
if [[ "${CODE}" == "stretch" ]]; then
|
||||
echo "Install on Debian stable fully supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
installSupported PHP=7.0 && exit || exit
|
||||
|
@ -884,13 +874,13 @@ if [ "${FLAVOUR}" == "debian" ]; then
|
|||
fi
|
||||
|
||||
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
||||
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
||||
if [[ "${FLAVOUR}" == "tsurugi" ]]; then
|
||||
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
||||
if [ "${CODE}" == "bamboo" ]; then
|
||||
if [[ "${CODE}" == "bamboo" ]]; then
|
||||
echo "Install on Tsurugi Lab partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
if [ "${CODE}" == "soy sauce" ]; then
|
||||
if [[ "${CODE}" == "soy sauce" ]]; then
|
||||
echo "Install on Tsurugi Acquire partially supported."
|
||||
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
||||
fi
|
||||
|
@ -899,16 +889,16 @@ if [ "${FLAVOUR}" == "tsurugi" ]; then
|
|||
fi
|
||||
|
||||
# If Kali Linux is detected, run the acccording scripts
|
||||
if [ "${FLAVOUR}" == "kali" ]; then
|
||||
if [[ "${FLAVOUR}" == "kali" ]]; then
|
||||
KALI=1
|
||||
kaliOnRootR0ckz
|
||||
kaliOnTheR0ckz
|
||||
installMISPonKali
|
||||
echo "Installation done!"
|
||||
exit
|
||||
fi
|
||||
|
||||
# If RHEL/CentOS is detected, run appropriate script
|
||||
if [ "${FLAVOUR}" == "rhel" ] || [ "${FLAVOUR}" == "centos" ]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
||||
installMISPRHEL
|
||||
echo "Installation done !"
|
||||
exit
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Kali Linux 2019.1
|
||||
## for Kali Linux 2020.2
|
||||
# 0/ Quick MISP Instance on Kali Linux - Status
|
||||
|
||||
This has been tested by @SteveClement on 20190221
|
||||
This has been tested by @SteveClement on 20200513
|
||||
|
||||
# 1/ Prepare Kali with a MISP User
|
||||
|
||||
To install MISP on Kali copy paste this in your r00t shell:
|
||||
This only works on Kali 2020.x 2019.x was year(s) ago(tm).
|
||||
|
||||
To install MISP on Kali copy paste this in your shell:
|
||||
```bash
|
||||
wget -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh
|
||||
```
|
||||
|
|
|
@ -45,7 +45,6 @@ bash /tmp/INSTALL.sh -c
|
|||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
sudo apt-get update
|
||||
|
||||
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
||||
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
||||
|
@ -110,7 +109,7 @@ installDepsPhp72 () {
|
|||
debug "Installing PHP 7.2 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.2
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
|
|
@ -45,7 +45,6 @@ bash /tmp/INSTALL.sh -c
|
|||
aptUpgrade () {
|
||||
debug "Upgrading system"
|
||||
checkAptLock
|
||||
sudo apt-get update
|
||||
|
||||
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
||||
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
||||
|
@ -110,7 +109,7 @@ installDepsPhp74 () {
|
|||
debug "Installing PHP 7.4 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.4
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
|
|
@ -114,7 +114,7 @@ checkFlavour () {
|
|||
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
|
||||
fi
|
||||
|
||||
case "$FLAVOUR" in
|
||||
case "${FLAVOUR}" in
|
||||
ubuntu)
|
||||
if command_exists lsb_release; then
|
||||
dist_version="$(lsb_release --codename | cut -f2)"
|
||||
|
@ -139,7 +139,7 @@ checkFlavour () {
|
|||
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
||||
dist_version=${dist_version:0:1}
|
||||
fi
|
||||
echo "$FLAVOUR support is experimental at the moment"
|
||||
echo "${FLAVOUR} support is experimental at the moment"
|
||||
;;
|
||||
rhel|ol|sles)
|
||||
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
||||
|
@ -147,7 +147,7 @@ checkFlavour () {
|
|||
dist_version=${dist_version:0:1} # Only interested about major version
|
||||
fi
|
||||
# Only tested for RHEL 7 so far
|
||||
echo "$FLAVOUR support is experimental at the moment"
|
||||
echo "${FLAVOUR} support is experimental at the moment"
|
||||
;;
|
||||
*)
|
||||
if command_exists lsb_release; then
|
||||
|
@ -160,7 +160,7 @@ checkFlavour () {
|
|||
esac
|
||||
|
||||
# FIXME: The below want to be refactored
|
||||
if [ "$FLAVOUR" == "ubuntu" ]; then
|
||||
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
||||
RELEASE=$(lsb_release -s -r)
|
||||
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
||||
else
|
||||
|
@ -183,7 +183,7 @@ check_forked () {
|
|||
if [ "$lsb_release_exit_code" = "0" ]; then
|
||||
# Print info about current distro
|
||||
cat <<-EOF
|
||||
You're using '$FLAVOUR' version '$dist_version'.
|
||||
You're using '${FLAVOUR}' version '${dist_version}'.
|
||||
EOF
|
||||
# Get the upstream release info
|
||||
FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
|
||||
|
@ -191,10 +191,10 @@ EOF
|
|||
|
||||
# Print info about upstream distro
|
||||
cat <<-EOF
|
||||
Upstream release is '$FLAVOUR' version '$dist_version'.
|
||||
Upstream release is '${FLAVOUR}' version '$dist_version'.
|
||||
EOF
|
||||
else
|
||||
if [ -r /etc/debian_version ] && [ "$FLAVOUR" != "ubuntu" ] && [ "$FLAVOUR" != "raspbian" ]; then
|
||||
if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then
|
||||
# We're Debian and don't even know it!
|
||||
FLAVOUR=debian
|
||||
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
||||
|
@ -216,7 +216,7 @@ EOF
|
|||
|
||||
checkInstaller () {
|
||||
# Workaround: shasum is not available on RHEL, only checking sha512
|
||||
if [[ $FLAVOUR == "rhel" ]] || [[ $FLAVOUR == "centos" ]]; then
|
||||
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
||||
INSTsum=$(sha512sum ${0} | cut -f1 -d\ )
|
||||
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512
|
||||
chsum=$(cat /tmp/INSTALL.sh.sha512)
|
||||
|
@ -228,8 +228,8 @@ checkInstaller () {
|
|||
fi
|
||||
else
|
||||
# TODO: Implement $FLAVOUR checks and install depending on the platform we are on
|
||||
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) != 0 ]]; then
|
||||
sudo apt update
|
||||
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then
|
||||
checkAptLock
|
||||
sudo apt install libdigest-sha-perl -qyy
|
||||
fi
|
||||
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
|
||||
|
@ -252,12 +252,12 @@ checkInstaller () {
|
|||
|
||||
# Extract manufacturer
|
||||
checkManufacturer () {
|
||||
if [ -z $(which dmidecode) ]; then
|
||||
if [[ -z $(which dmidecode) ]]; then
|
||||
checkAptLock
|
||||
sudo apt install dmidecode -qy
|
||||
fi
|
||||
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
||||
echo $MANUFACTURER
|
||||
debug ${MANUFACTURER}
|
||||
}
|
||||
|
||||
# Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static.
|
||||
|
@ -319,7 +319,7 @@ progress () {
|
|||
checkLocale () {
|
||||
debug "Checking Locale"
|
||||
# If locale is missing, generate and install a common UTF-8
|
||||
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) == "1" ]]; then
|
||||
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy
|
||||
sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
|
||||
|
@ -330,6 +330,7 @@ checkLocale () {
|
|||
|
||||
# Simple function to check command exit code
|
||||
checkFail () {
|
||||
# '-ne' checks for numerical differences, '==' used for strings
|
||||
if [[ $2 -ne 0 ]]; then
|
||||
echo "iAmError: $1"
|
||||
echo "The last command exited with error code: $2"
|
||||
|
@ -366,7 +367,7 @@ clean () {
|
|||
# Check if misp user is present and if run as root
|
||||
checkID () {
|
||||
debug "Checking if run as root and $MISP_USER is present"
|
||||
if [[ $EUID == 0 ]]; then
|
||||
if [[ $EUID -eq 0 ]]; then
|
||||
echo "This script cannot be run as a root"
|
||||
clean > /dev/null 2>&1
|
||||
exit 1
|
||||
|
@ -494,14 +495,25 @@ kaliSpaceSaver () {
|
|||
echo "${RED}Not implement${NC}"
|
||||
}
|
||||
|
||||
# Because Kali is l33t we make sure we run as root
|
||||
kaliOnRootR0ckz () {
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
||||
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
||||
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
||||
# Because Kali is l33t we make sure we DO NOT run as root
|
||||
kaliOnTheR0ckz () {
|
||||
totalRoot=$(df -k | grep /$ |awk '{ print $2 }')
|
||||
totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}')
|
||||
overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present
|
||||
|
||||
if [[ ${totalRoot} -lt 3059034 ]]; then
|
||||
echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space."
|
||||
echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough."
|
||||
echo "6-8Gb should be fine. (need >3Gb overlayFS)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ${EUID} -eq 0 ]]; then
|
||||
echo "This script must NOT be run as root"
|
||||
exit 1
|
||||
elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then
|
||||
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER}
|
||||
echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd
|
||||
else
|
||||
# TODO: Make sure we consider this further down the road
|
||||
echo "User ${MISP_USER} exists, skipping creation"
|
||||
|
@ -510,20 +522,25 @@ kaliOnRootR0ckz () {
|
|||
|
||||
setBaseURL () {
|
||||
debug "Setting Base URL"
|
||||
|
||||
CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP")
|
||||
IFACE=`echo $CONN |awk {'print $1'}`
|
||||
IP=`echo $CONN |awk {'print $2'}| cut -f1 -d/`
|
||||
if [[ "$(checkManufacturer)" != "innotek GmbH" ]] && [[ "$(checkManufacturer)" != "VMware, Inc." ]] && [[ "$(checkManufacturer)" != "QEMU" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
|
||||
if [[ "$UNATTENDED" != "1" ]]; then
|
||||
IFACE=$(echo $CONN |awk {'print $1'})
|
||||
IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/)
|
||||
|
||||
[[ -n ${MANUFACTURER} ]] || checkManufacturer
|
||||
|
||||
if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then
|
||||
debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be."
|
||||
|
||||
if [[ "${UNATTENDED}" != "1" ]]; then
|
||||
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
||||
echo "Do you want to change it now? (y/n) "
|
||||
read ANSWER
|
||||
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
|
||||
if [[ "$ANSWER" == "y" ]]; then
|
||||
if [[ ! -z $IP ]]; then
|
||||
echo "It seems you have an interface called $IFACE UP with the following IP: $IP - FYI"
|
||||
echo "Thus your Base URL could be: https://$IP"
|
||||
ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]')
|
||||
if [[ "${ANSWER}" == "y" ]]; then
|
||||
if [[ ! -z ${IP} ]]; then
|
||||
echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI"
|
||||
echo "Thus your Base URL could be: https://${IP}"
|
||||
fi
|
||||
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
||||
echo ""
|
||||
|
@ -537,17 +554,17 @@ setBaseURL () {
|
|||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
fi
|
||||
elif [[ $KALI == "1" ]]; then
|
||||
elif [[ "${KALI}" == "1" ]]; then
|
||||
MISP_BASEURL="https://misp.local"
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
elif [[ "$(checkManufacturer)" == "innotek GmbH" ]]; then
|
||||
elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then
|
||||
MISP_BASEURL='https://localhost:8443'
|
||||
IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1)
|
||||
sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443
|
||||
# Webserver configuration
|
||||
FQDN='localhost.localdomain'
|
||||
elif [[ "$(checkManufacturer)" == "VMware, Inc." ]]; then
|
||||
elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then
|
||||
MISP_BASEURL='""'
|
||||
# Webserver configuration
|
||||
FQDN='misp.local'
|
||||
|
@ -578,7 +595,6 @@ installRNG () {
|
|||
# Kali upgrade
|
||||
kaliUpgrade () {
|
||||
debug "Running various Kali upgrade tasks"
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
||||
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
||||
|
@ -608,6 +624,9 @@ if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
|||
# Simple function to make sure APT is not locked
|
||||
checkAptLock () {
|
||||
SLEEP=3
|
||||
if [[ -n ${APT_UPDATED} ]]; then
|
||||
sudo apt update && APT_UPDATED=1
|
||||
fi
|
||||
while [ "$DONE" != "0" ]; do
|
||||
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
||||
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
||||
|
@ -623,7 +642,7 @@ installDepsPhp70 () {
|
|||
debug "Installing PHP 7.0 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.0
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php \
|
||||
php php-cli \
|
||||
|
@ -645,15 +664,30 @@ installDepsPhp73 () {
|
|||
debug "Installing PHP 7.3 dependencies"
|
||||
PHP_ETC_BASE=/etc/php/7.3
|
||||
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
||||
sudo apt update
|
||||
checkAptLock
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
if [[ ! -n ${KALI} ]]; then
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php-redis php-gnupg \
|
||||
php-gd
|
||||
else
|
||||
sudo apt install -qy \
|
||||
libapache2-mod-php7.3 \
|
||||
libgpgme-dev \
|
||||
php7.3 php7.3-cli \
|
||||
php7.3-dev \
|
||||
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
||||
php7.3-gd
|
||||
sudo pecl channel-update pecl.php.net
|
||||
#sudo pear config-set php_ini ${PHP_INI}
|
||||
echo "" |sudo pecl install redis
|
||||
sudo pecl install gnupg
|
||||
echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini
|
||||
echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini
|
||||
fi
|
||||
}
|
||||
# <snippet-end 0_installDepsPhp73.sh>
|
||||
|
||||
|
@ -661,7 +695,6 @@ installDepsPhp73 () {
|
|||
installDeps () {
|
||||
debug "Installing core dependencies"
|
||||
checkAptLock
|
||||
sudo apt update
|
||||
sudo apt install -qy etckeeper
|
||||
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
||||
#sudo apt -y dist-upgrade
|
||||
|
@ -793,64 +826,56 @@ genApacheConf () {
|
|||
ServerSignature Off
|
||||
Header set X-Content-Type-Options nosniff
|
||||
Header set X-Frame-Options DENY
|
||||
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-ssl.conf
|
||||
}
|
||||
|
||||
# Add git pull update mechanism to rc.local - TODO: Make this better
|
||||
gitPullAllRCLOCAL () {
|
||||
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sed -i -e '$i \done\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \done\n' /etc/rc.local
|
||||
}
|
||||
|
||||
|
||||
# Main composer function
|
||||
composer () {
|
||||
sudo mkdir /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer
|
||||
${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install"
|
||||
}
|
||||
|
||||
|
||||
# TODO: FIX somehow the alias of the function does not work
|
||||
# Composer on php 7.0 does not need any special treatment the provided phar works well
|
||||
alias composer70='composer72'
|
||||
|
||||
alias composer70=composer
|
||||
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
||||
composer72 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
|
||||
# Composer on php 7.3 needs a recent version of composer.phar
|
||||
composer73 () {
|
||||
cd $PATH_TO_MISP/app
|
||||
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
||||
# Update composer.phar
|
||||
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
||||
# Current Sum for: v1.8.3
|
||||
SHA384_SUM="$(wget -q -O - https://composer.github.io/installer.sig)"
|
||||
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
||||
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
||||
$SUDO_WWW php composer-setup.php
|
||||
$SUDO_WWW php -r "unlink('composer-setup.php');"
|
||||
$SUDO_WWW php composer.phar install
|
||||
}
|
||||
alias composer72=composer
|
||||
# Composer on php 7.3 does not need any special treatment the provided phar works well
|
||||
alias composer73=composer
|
||||
|
||||
# TODO: this is probably a useless function
|
||||
# Enable various core services
|
||||
enableServices () {
|
||||
update-rc.d mysql enable
|
||||
update-rc.d apache2 enable
|
||||
update-rc.d redis-server enable
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now mysql
|
||||
sudo systemctl enable --now apache2
|
||||
sudo systemctl enable --now redis-server
|
||||
}
|
||||
|
||||
# TODO: check if this makes sense
|
||||
# Generate rc.local
|
||||
genRCLOCAL () {
|
||||
if [ ! -e /etc/rc.local ]; then
|
||||
if [[ ! -e /etc/rc.local ]]; then
|
||||
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
||||
}
|
||||
|
||||
# Run PyMISP tests
|
||||
|
@ -859,9 +884,9 @@ runTests () {
|
|||
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
|
||||
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
|
||||
|
||||
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
|
||||
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
||||
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
||||
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
|
||||
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
||||
${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
||||
}
|
||||
|
||||
# Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster
|
||||
|
|
|
@ -13,7 +13,7 @@ fi
|
|||
|
||||
if [ -z "$VIRTUAL_ENV" ]; then
|
||||
virtualenv -p python3 mkdocs || echo "You probably have the main Python(3) binary running exclusively somewhere, make sure it is killed."
|
||||
${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material markdown-include python-markdown-comments gitchangelog
|
||||
${PWD}/mkdocs/bin/pip install mkdocs==1.0.4 mkdocs-material==4.6.3 markdown-include python-markdown-comments gitchangelog
|
||||
fi
|
||||
|
||||
# Fixing ASCII aborration introduced in: https://github.com/MISP/MISP/commit/1b028ee15a3bd2f209102cd6204e6c4bb519be97
|
||||
|
|
Loading…
Reference in New Issue