diff --git a/INSTALL/CONFIG.SMIME.txt b/INSTALL/CONFIG.SMIME.txt deleted file mode 100644 index 526ca8ab3..000000000 --- a/INSTALL/CONFIG.SMIME.txt +++ /dev/null @@ -1,32 +0,0 @@ -#SMIME patch - -## Create SMIME directory - -mkdir /var/www/MISP/.smime - -## Copy your public x509 certificate (for signing) in PEM format - -cp email@address.com.pem /var/www/MISP/.smime/email@address.com.pem - -## Copy your private key for signing email - -cp email@address.com.key /var/www/MISP/.smime/email@address.com.key - -### Set permissions - -chown www-data:www-data /var/www/MISP/.smime -chmod 500 /var/www/MISP/.smime -chmod 440 /var/www/MISP/.smime/* - -## Export the public certificate (for Encipherment) to the webroot - -cp public_certificate.pem /var/www/MISP/app/webroot/public_certificate.pem - -Due to this action, the MISP users will be able to download your public certificate (for Encipherment) by clicking on the footer - -### Set permissions - -chown www-data:www-data /var/www/MISP/app/webroot/public_certificate.pem -chmod 440 /var/www/MISP/app/webroot/public_certificate.pem - -## Configure the section "SMIME" in the server settings (Administration -> Server settings -> Encryption tab) diff --git a/INSTALL/CONFIG.elasticsearch-logging.txt b/INSTALL/CONFIG.elasticsearch-logging.txt deleted file mode 100644 index be4bfbab3..000000000 --- a/INSTALL/CONFIG.elasticsearch-logging.txt +++ /dev/null @@ -1,67 +0,0 @@ -# It's possible to send all logs from MISP to an elasticsearch -# endpoint - -# First, we'll need an ES PHP library - -# Replace according to your requirements -export MISP_DIR=/var/www/MISP -cd $MISP_DIR/app -sudo -u www-data php composer.phar require elasticsearch/elasticsearch - -# Ok now we need to configure where we log to -# -# In Administration -> Server Settings & Maintenance -> Plugin Settings -# Under the elasticsearch tab, enable elasticsearch logging, and input -# your connection string -# Note that explicitly specifying the port may be needed, e.g. for AWS instances -# running on 443. -# Also input a log index - all logs will be thrown at this index. - -# Now give ES a template to work from -cat << EOF > misp_es_template.json -{ - "template": "misp_logging", - "mappings": { - "log": { - "_source": { - "enabled": true - }, - "properties": { - "Log.email": { - "type": "keyword" - }, - "Log.title": { - "type": "text" - }, - "Log.ip": { - "type": "ip" - }, - "Log.created": { - "format": "YYYY-MM-dd HH:mm:ss", - "type": "date" - }, - "Log.description": { - "type": "text" - }, - "Log.org": { - "type": "text" - }, - "Log.action": { - "type": "text" - }, - "Log.model": { - "type": "text" - }, - "Log.change": { - "type": "text" - } - } - } - } -} -EOF - -# And put it to ES -curl -XPUT https://my_es/_template/misp_logging --data-binary @misp_es_template.json - -# Now MISP will start sending logs to ES! Hooray! diff --git a/INSTALL/CONFIG.s3-attachments.txt b/INSTALL/CONFIG.s3-attachments.txt deleted file mode 100644 index 98179df9c..000000000 --- a/INSTALL/CONFIG.s3-attachments.txt +++ /dev/null @@ -1,97 +0,0 @@ -Using S3 as an attachment store -=============================== - -It is possible to use Amazon's Simple Storage Service (S3) to store event attachments -to allow for a stateless MISP setup (i.e for containerisation) - -There's a massive caveat here so let me make this incredibly clear - -############################################## -# WARNING WARNING WARNING # -# # -# Storing malware is against amazon's # -# terms of service. # -# # -# DO NOT USE THIS UNLESS YOU HAVE # -# THEIR EXPLICIT PERMISSION # -############################################## - -0. Installing Dependencies --------------------------- - -Install the AWS PHP SDK - -```bash -cd /var/www/MISP/app -sudo -u www-data php composer.phar config vendor-dir Vendor -sudo -u www-data php composer.phar require aws/aws-sdk-php -``` - -1. Creating an S3 bucket -------------------------- - -Go to https://s3.console.aws.amazon.com/s3/home - -And create a bucket. It has to have a globally unique name, and -this cannot be changed later on. - -2a. Using an EC2 instance for MISP ------------------------------------ - -If you run MISP on EC2, this will be super duper easy peasy. - -Simply create an IAM role with the following permissions and assign it to the instance -by right-clicking and selecting "Instance Settings -> Attach/Replace IAM role" - -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PermitMISPAttachmentsToS3", - "Effect": "Allow", - "Action": [ - "s3:*" - ], - "Resource": [ - "arn:aws:s3:::your-bucket-name" - ] - } - ] -} -``` - -2b. Using AWS access keys -------------------------- - -This is not recommended, but it works I think. - -Create a new programmatic access user via IAM and apply the same -policy outlined above. - -Copy the access keys and save them for the next step - -3. Setting up MISP ------------------- - -In Administration -> Server Settings & Maintenance -> MISP settings - - Set MISP.attachments_dir to "s3://" - -In Administration -> Server Settings & Maintenance -> Plugin Settings -> S3 - - Set S3_enable to True - Set S3_bucket-name to the bucket you created earlier - Set S3_region to your region - - ONLY IF YOU DID NOT USE THE EC2 METHOD - Set aws_access_key and aws_secret_key to the ones you created in 2b - -Now theoretically it should work. - -Addendum -======== - -If you are migrating a server currently in use, simply copy the directory structure from -the attachments folder (usually /var/www/MISP/app/files) to S3 and everything should -continue to work. diff --git a/INSTALL/INSTALL.rhel7.txt b/INSTALL/INSTALL.rhel7.txt deleted file mode 100644 index 3eff62555..000000000 --- a/INSTALL/INSTALL.rhel7.txt +++ /dev/null @@ -1,435 +0,0 @@ -INSTALLATION INSTRUCTIONS for RHEL 7.x -------------------------- - -+----------------------------------------+ -| 0/ Overview and Assumptions | -+----------------------------------------+ -This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x). At time of this writing it -was tested on version 7.4. - -The following assumptions with regard to this installation have been made. - -0.1/ A valid support agreement allowing the system to register to the Red Hat Customer Portal and receive updates -0.2/ The ability to enable additional RPM repositories, specifically the EPEL and Software Collections (SCL) repos -0.3/ This system will have direct or proxy access to the Internet for updates. Or connected to a Red Hat Satellite Server -0.4/ This document is to get a MISP instance up and running over HTTP. I haven't done a full test of all features - -+----------------------------------------------+ -| 1/ OS Install and additional repositories | -+----------------------------------------------+ - -1.1/ Complete a minimal RHEL installation, configure IP address to connect automatically. - -1.2/ Configure system hostname -hostnamectl set-hostname misp # You're choice, in a production environment, it's best to use a FQDN - -1.3/ Register the system for updates with Red Hat Subscription Manager -subscription-manager register # register your system to an account -subscription-manager attach # attach your system to a current subscription - -1.4/ Enable the optional, extras and Software Collections (SCL) repos -subscription-manager repos --enable rhel-7-server-optional-rpms -subscription-manager repos --enable rhel-7-server-extras-rpms -subscription-manager repos --enable rhel-server-rhscl-7-rpms - -1.5a/ OPTIONAL: Install the deltarpm package to help reduce download size when installing updates -yum install deltarpm - -1.5/ Update the system and reboot -yum update - -## NOTE: As time of writing performing a yum update results in the rhel-7-server-rt-beta-rpms being forbidden -## The repo can be disabled using the following command -subscription-manager repos --disable rhel-7-server-rt-beta-rpms - -1.6/ Install the EPEL repo -yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - -1.7/ Install the SCL repo -yum install centos-release-scl - -+-----------------------------+ -| 2/ Install Dependencies | -+-----------------------------+ -Once the system is installed and updated, the following steps can be performed as root - -2.01/ Install some base system dependencies -yum install gcc git httpd zip python-devel libxslt-devel zlib-devel python-pip ssdeep-devel - -2.02/ Install MariaDB 10.2 from SCL -yum install rh-mariadb102 - -2.03/ Start the MariaDB service and enable it to start on boot -systemctl start rh-mariadb102-mariadb.service -systemctl enable rh-mariadb102-mariadb.service - -## MISP 2.4 requires PHP 5.5 as a minimum, we need a higher version than base RHEL provides. -## This guide installs PHP 7.1 from SCL - -2.04/ Install PHP 7.1 from SCL -yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache - -## If we want to use httpd from RHEL base we can use the rh-php71-php-fpm service instead -2.05/ Start the PHP FPM service and enable to start on boot -systemctl start rh-php71-php-fpm.service -systemctl enable rh-php71-php-fpm.service - -2.06/ Install redis 3.2 from SCL -yum install rh-redis32 - -2.07/ Start redis service and enable to start on boot -systemctl start rh-redis32-redis.service -systemctl enable rh-redis32-redis.service - -2.08/ Start a SCL shell with rh-mariadb102 rh-php71 and rh-redis32 enabled -scl enable rh-mariadb102 rh-php71 rh-redis32 bash - -2.08/ Secure the MariaDB installation, run the following command and follow the prompts -mysql_secure_installation - -2.10/ Update the PHP extension repository and install required package -pear channel-update pear.php.net -pear install Crypt_GPG - -2.11/ Install haveged and enable to start on boot to provide entropy for GPG -yum install haveged -systemctl start haveged -systemctl enable haveged - -2.12/ Install Python 3.6 from SCL -yum install rh-python36 - -+---------------------+ -| 3/ MISP Download | -+---------------------+ - -3.01/ Download MISP code using git in /var/www/ directory -cd /var/www -git clone https://github.com/MISP/MISP.git -git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) -# if the last shortcut doesn't work, specify the latest version manually -# example: git checkout tags/v2.4.XY -# the message regarding a "detached HEAD state" is expected behaviour -# (you only have to create a new branch, if you want to change stuff and do a pull request for example) - -3.02/ Make git ignore filesystem permission differences -git config core.filemode false - -3.03/ Install Mitre's STIX and its dependencies by running the following commands: -pip install importlib -yum install python-six -cd /var/www/MISP/app/files/scripts -git clone https://github.com/CybOXProject/python-cybox.git -git clone https://github.com/STIXProject/python-stix.git -cd /var/www/MISP/app/files/scripts/python-cybox -git config core.filemode false -# If your umask has been changed from the default, it is a good idea to reset it to 0022 before installing python modules -UMASK=$(umask) -umask 0022 -scl enable rh-python36 'python3 setup.py install' -cd /var/www/MISP/app/files/scripts/python-stix -git config core.filemode false -scl enable rh-python36 'python3 setup.py install' - -3.04/ Install mixbox to accomodate the new STIX dependencies: -cd /var/www/MISP/app/files/scripts/ -git clone https://github.com/CybOXProject/mixbox.git -cd /var/www/MISP/app/files/scripts/mixbox -git config core.filemode false -scl enable rh-python36 'python3 setup.py install' -umask $UMASK - -3.05/ Enable python3 for php-fpm - -echo 'source scl_source enable rh-python36' >> /etc/opt/rh/rh-php71/sysconfig/php-fpm -sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php71/php-fpm.d/www.conf -systemctl restart rh-php71-php-fpm.service - -+---------------------+ -| 4/ CakePHP | -+---------------------+ - -4.01/ CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it ignore this -message: No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque' -cd /var/www/MISP -git submodule update --init --recursive -# Make git ignore filesystem permission differences for submodules -git submodule foreach --recursive git config core.filemode false - -4.02/ Install CakeResque along with its dependencies if you intend to use the built in background jobs -cd /var/www/MISP/app -php composer.phar require kamisama/cake-resque:4.1.2 -php composer.phar config vendor-dir Vendor -php composer.phar install - -4.03/ Install and configure php redis connector through pecl -pecl install redis -echo "extension=redis.so" > /etc/opt/rh/rh-php71/php-fpm.d/redis.ini -ln -s ../php-fpm.d/redis.ini /etc/opt/rh/rh-php71/php.d/99-redis.ini -systemctl restart rh-php71-php-fpm.service - -4.04/ Set a timezone in php.ini -echo 'date.timezone = "Australia/Sydney"' > /etc/opt/rh/rh-php71/php-fpm.d/timezone.ini -ln -s ../php-fpm.d/timezone.ini /etc/opt/rh/rh-php71/php.d/99-timezone.ini - -4.05/ To use the scheduler worker for scheduled tasks, do the following: -cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php - -+----------------------------+ -| 5/ Set file permissions | -+----------------------------+ - -5.01/ Make sure the permissions are set correctly using the following commands as root: -chown -R root:apache /var/www/MISP -find /var/www/MISP -type d -exec chmod g=rx {} \; -chmod -R g+r,o= /var/www/MISP -chown apache:apache /var/www/MISP/app/files -chown apache:apache /var/www/MISP/app/files/terms -chown apache:apache /var/www/MISP/app/files/scripts/tmp -chown apache:apache /var/www/MISP/app/Plugin/CakeResque/tmp -chown -R apache:apache /var/www/MISP/app/tmp -chown -R apache:apache /var/www/MISP/app/webroot/img/orgs -chown -R apache:apache /var/www/MISP/app/webroot/img/custom - -+--------------------------------+ -| 6/ Create database and user | -+--------------------------------+ - -6.01/ Set database to listen on localhost only -echo [mysqld] > /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf -echo bind-address=127.0.0.1 >> /etc/opt/rh/rh-mariadb102/my.cnf.d/bind-address.cnf -systemctl restart rh-mariadb102-mariadb - -6.02/ Start MariaDB shell and create database -mysql -u root -p - -MariaDB [(none)]> create database misp; -MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX'; -MariaDB [(none)]> grant all privileges on misp.* to misp@localhost ; -MariaDB [(none)]> exit - -6.03/ Import the empty MySQL database from MYSQL.sql -cd /var/www/MISP -mysql -u misp -p misp < INSTALL/MYSQL.sql - -+--------------------------------+ -| 7/ Apache Configuration | -+--------------------------------+ - -7.01/ Copy a sample vhost config to Apache configuration directory -cp /var/www/MISP/INSTALL/apache.misp.centos7 /etc/httpd/conf.d/misp.conf - -7.02/ Since SELinux is enabled, we need to allow httpd to write to certain directories -chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files -chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/terms -chcon -t httpd_sys_rw_content_t /var/www/MISP/app/files/scripts/tmp -chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Plugin/CakeResque/tmp -chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp -chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/orgs -chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/webroot/img/custom - -7.02/ Allow httpd to connect to the redis server and php-fpm over tcp/ip -setsebool -P httpd_can_network_connect on - -7.03/ Enable and start the httpd service -systemctl enable httpd.service -systemctl start httpd.service - -7.04/ Open a hole in the firewalld service -firewall-cmd --zone=public --add-port=80/tcp --permanent -firewall-cmd --reload - -# We seriously recommend using only HTTPS / SSL ! -# Add SSL support by running: yum install mod_ssl -# Check out the apache.misp.ssl file for an example - -+--------------------------------+ -| 8/ Log Rotation | -+--------------------------------+ -# MISP saves the stdout and stderr of it's workers in /var/www/MISP/app/tmp/logs -# To rotate these logs install the supplied logrotate script: - -cp INSTALL/misp.logrotate /etc/logrotate.d/misp -chmod 0640 /etc/logrotate.d/misp - -8.01/ Allow logrotate to work under SELinux and modify the log files -semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?" -chcon -R -t httpd_log_t /var/www/MISP/app/tmp/logs - -8.02/ Allow logrotate to read /var/www -checkmodule -M -m -o /tmp/misplogrotate.mod INSTALL/misplogrotate.te -semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod -semodule -i /tmp/misplogrotate.pp - -+--------------------------------+ -| 9/ MISP Configuration | -+--------------------------------+ - -9.01/ There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied -cd /var/www/MISP/app/Config -cp -a bootstrap.default.php bootstrap.php -cp -a database.default.php database.php -cp -a core.default.php core.php -cp -a config.default.php config.php - -9.02/ Configure the fields in the newly created files -# Configure the fields in the newly created files: -# config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally -# core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');` -# database.php : login, port, password, database -# DATABASE_CONFIG has to be filled -# With the default values provided in section 6, this would look like: -# class DATABASE_CONFIG { -# public $default = array( -# 'datasource' => 'Database/Mysql', -# 'persistent' => false, -# 'host' => 'localhost', -# 'login' => 'misp', // grant usage on *.* to misp@localhost -# 'port' => 3306, -# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX'; -# 'database' => 'misp', // create database misp; -# 'prefix' => '', -# 'encoding' => 'utf8', -# ); -#} - -# Important! Change the salt key in /var/www/MISP/app/Config/config.php -# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user -# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, -# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) - -9.03/ If you want to be able to change configuration parameters from the webinterface: -chown apache:apache /var/www/MISP/app/Config/config.php -chcon -t httpd_sys_rw_content_t /var/www/MISP/app/Config/config.php - -9.04/ Generate an encryption key -gpg --gen-key -mv ~/.gnupg /var/www/MISP/ -chown -R apache:apache /var/www/MISP/.gnupg -chcon -R -t httpd_sys_rw_content_t /var/www/MISP/.gnupg -## NOTE: There is a bug that if a passphrase is added MISP will produce an error on the diagnostic page. - -# The email address should match the one set in the config.php configuration file -# Make sure that you use the same settings in the MISP Server Settings tool - -9.05/ export the public key to the webroot -sudo -u apache gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc - -9.06/ Start the workers to enable background jobs -chmod +x /var/www/MISP/app/Console/worker/start.sh -su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh' - -9.07a/ To make the background workers start on boot -vi /etc/rc.local -9.07b/ Add the following line at the end -su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh' -9.07c/ and make sure it will execute -chmod +x /etc/rc.local - -# Now log in using the webinterface: http://misp/users/login -# The default user/pass = admin@admin.test/admin - -# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference -# It is especially vital that no critical issues remain! - -Don't forget to change the email, password and authentication key after installation. - -# Once done, have a look at the diagnostics - -# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions -# you can do this by running the following commands: - -chmod -R 750 /var/www/MISP/ -chown -R apache:apache /var/www/MISP/ - -# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items - -# If anything goes wrong, make sure that you check MISP's logs for errors: -# /var/www/MISP/app/tmp/logs/error.log -# /var/www/MISP/app/tmp/logs/resque-worker-error.log -# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log -# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date - -+---------------------------+ -| 10/ Post Install | -+---------------------------+ - -10.01/ Allow apache to write to /var/www/MISP/app/tmp/logs -# Result from diagnostic is that the directory is not writable. -chcon -R -t httpd_sys_rw_content_t /var/www/MISP/app/tmp/logs/ -# NOTE: This may mean that logrotate cannot access the logs directory, will require further investigation - -10.02/ Change php.ini settings to suggested limits from diagnostic page. -# Edit /etc/opt/rh/rh-php71/php.ini and set the following settings -max_execution_time = 300 -memory_limit = 512M -upload_max_filesize = 50M -post_max_size = 50M - -10.03/ Restart rh-php71 for settings to take effect -systemctl restart rh-php71-php-fpm - -10.04/ Install pymisp and pydeep for Advanced Attachment handler -pip install pymisp -pip install git+https://github.com/kbandla/pydeep.git - -10.05/ Install pymisp also in Python 3 -scl enable rh-python36 pip3 install pymisp - -+---------------------------+ -| 11/ LIEF Installation | -+---------------------------+ -# lief is required for the Advanced Attachment Handler and requires manual compilation - -11.01/ Install cmake3 devtoolset-7 from SCL -yum install devtoolset-7 cmake3 - -11.02/ Enable devtoolset-7 -scl enable devtoolset-7 bash - -11.03/ Set env variable, create directories and download source code -mkdir -p /tmp/LIEF -mkdir -p /tmp/LIEF_INSTALL -export LIEF_TMP=/tmp/LIEF -export LIEF_INSTALL=/tmp/LIEF_INSTALL -export LIEF_BRANCH=master -cd $LIEF_TMP -git clone --branch $LIEF_BRANCH --single-branch https://github.com/lief-project/LIEF.git LIEF - -11.04/ Compile lief and install -cd $LIEF_TMP/LIEF -mkdir -p build -cd build -scl enable devtoolset-7 'bash -c "cmake3 \ --DLIEF_PYTHON_API=on \ --DLIEF_DOC=off \ --DCMAKE_INSTALL_PREFIX=$LIEF_INSTALL \ --DCMAKE_BUILD_TYPE=Release \ --DPYTHON_VERSION=2.7 \ -.."' -make -j3 -cd api/python -scl enable rh-python36 python3 setup.py install || : -# you can ignore the error about finding suitable distribution -cd $LIEF_TMP/LIEF/build -make install -make package - -11.05/ Test lief installation, if no error, package installed -python ->> import lief - -+---------------------------+ -| 12/ Known Issues | -+---------------------------+ - -12.01/ PHP CLI cannot determine version -# PHP CLI Version cannot be determined. Possibly due to PHP being installed through SCL - -12.02/ Workers cannot be started or restarted from the web page -# Possible also due to package being installed via SCL, attempting to start workers through the web page will result in -# error. Worker's can be restarted via the CLI using the following command. -su -s /bin/bash apache -c 'scl enable rh-php71 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh' - -## NOTE: No other functions were tested after the conclusion of this install. There may be issue that aren't addressed -## via this guide and will need additional investigation. diff --git a/INSTALL/INSTALL.ubuntu1804.txt b/INSTALL/INSTALL.ubuntu1804.txt deleted file mode 100644 index 89529ac18..000000000 --- a/INSTALL/INSTALL.ubuntu1804.txt +++ /dev/null @@ -1,338 +0,0 @@ -INSTALLATION INSTRUCTIONS -------------------------- for Ubuntu 18.04-server - -1/ Minimal Ubuntu install -------------------------- - -# Install a minimal Ubuntu 18.04-server system with the software: -- OpenSSH server - -# Make sure your system is up2date: -sudo apt-get update -sudo apt-get upgrade - -# install postfix, there will be some questions. -sudo apt-get install postfix -# Postfix Configuration: Satellite system -# change the relay server later with: -sudo postconf -e 'relayhost = example.com' -sudo postfix reload - - -2/ Install LAMP & dependencies ------------------------------- -Once the system is installed you can perform the following steps: - -# Make sure you have enabled the Universe repository (fe. for redis-server), enable it with -# sudo add-apt-repository universe - -# Install the dependencies: (some might already be installed) -sudo apt-get install curl gcc git gnupg-agent make python python3 openssl redis-server sudo vim zip - -# Install MariaDB (a MySQL fork/alternative) -sudo apt-get install mariadb-client mariadb-server - -# Secure the MariaDB installation (especially by setting a strong root password) -sudo mysql_secure_installation - -# Install Apache2 -sudo apt-get install apache2 apache2-doc apache2-utils - -# Enable modules, settings, and default of SSL in Apache -sudo a2dismod status -sudo a2enmod ssl -sudo a2enmod rewrite -sudo a2enmod headers -sudo a2dissite 000-default -sudo a2ensite default-ssl - -# Install PHP and dependencies -sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring - -# Apply all changes -sudo systemctl restart apache2 - -3/ MISP code ------------- -# Download MISP using git in the /var/www/ directory. -sudo mkdir /var/www/MISP -sudo chown www-data:www-data /var/www/MISP -cd /var/www/MISP -sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP -sudo -u www-data git submodule update --init --recursive -# Make git ignore filesystem permission differences for submodules -sudo -u www-data git submodule foreach --recursive git config core.filemode false - -# Make git ignore filesystem permission differences -sudo -u www-data git config core.filemode false - -# install Mitre's STIX and its dependencies by running the following commands: -sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -cd /var/www/MISP/app/files/scripts -sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git -sudo -u www-data git clone https://github.com/STIXProject/python-stix.git -sudo -u www-data git clone https://github.com/MAECProject/python-maec.git -cd /var/www/MISP/app/files/scripts/python-cybox -sudo python3 setup.py install -cd /var/www/MISP/app/files/scripts/python-stix -sudo python3 setup.py install -cd /var/www/MISP/app/files/scripts/python-maec -sudo python3 setup.py install - -# install mixbox to accomodate the new STIX dependencies: -cd /var/www/MISP/app/files/scripts/ -sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git -cd /var/www/MISP/app/files/scripts/mixbox -sudo python3 setup.py install - -# install PyMISP -cd /var/www/MISP/PyMISP -sudo python3 setup.py install - -# install support for STIX 2.0 -sudo pip3 install stix2 - -4/ CakePHP ------------ - -# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs: -cd /var/www/MISP/app -sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2 -sudo -u www-data php composer.phar config vendor-dir Vendor -sudo -u www-data php composer.phar install - -# Enable CakeResque with php-redis -sudo phpenmod redis - -# To use the scheduler worker for scheduled tasks, do the following: -sudo -u www-data cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php - -# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers -# The default Redis port can be updated in Plugin/CakeResque/Config/config.php - -5/ Set the permissions ----------------------- - -# Check if the permissions are set correctly using the following commands: -sudo chown -R www-data:www-data /var/www/MISP -sudo chmod -R 750 /var/www/MISP -sudo chmod -R g+ws /var/www/MISP/app/tmp -sudo chmod -R g+ws /var/www/MISP/app/files -sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp - - -6/ Create a database and user ------------------------------ -# Enter the mysql shell -sudo mysql -u root -p - -MariaDB [(none)]> create database misp; -MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX'; -MariaDB [(none)]> grant all privileges on misp.* to misp@localhost; -MariaDB [(none)]> flush privileges; -MariaDB [(none)]> exit - -# Import the empty MISP database from MYSQL.sql -sudo -u www-data sh -c "mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sql" -# enter the password you've set in line 129 when prompted - - -7/ Apache configuration ------------------------ -# Now configure your Apache webserver with the DocumentRoot /var/www/MISP/app/webroot/ - -# If the apache version is 2.2: -sudo cp /var/www/MISP/INSTALL/apache.22.misp.ssl /etc/apache2/sites-available/misp-ssl.conf - -# If the apache version is 2.4: -sudo cp /var/www/MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf - -# Be aware that the configuration files for apache 2.4 and up have changed. -# The configuration file has to have the .conf extension in the sites-available directory -# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html - -# If a valid SSL certificate is not already created for the server, create a self-signed certificate: -sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ --subj "/C=/ST=/L=/O=/OU=/CN=/emailAddress=admin@" \ --keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt - -# Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL - -# Also remember to verify the SSLCertificateChainFile property in your config file - this is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below. - -# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment) - -============================================= Begin sample working SSL config for MISP -:80> - ServerName - - Redirect permanent / https:// - - LogLevel warn - ErrorLog /var/log/apache2/misp.local_error.log - CustomLog /var/log/apache2/misp.local_access.log combined - ServerSignature Off - - -:443> - ServerAdmin admin@ - ServerName - DocumentRoot /var/www/MISP/app/webroot - - Options -Indexes - AllowOverride all - Order allow,deny - allow from all - - - SSLEngine On - SSLCertificateFile /etc/ssl/private/misp.local.crt - SSLCertificateKeyFile /etc/ssl/private/misp.local.key -# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt - - LogLevel warn - ErrorLog /var/log/apache2/misp.local_error.log - CustomLog /var/log/apache2/misp.local_access.log combined - ServerSignature Off - -============================================= End sample working SSL config for MISP - -# activate new vhost -sudo a2dissite default-ssl -sudo a2ensite misp-ssl - -# Restart apache -sudo systemctl restart apache2 - -8/ Log rotation ---------------- -# MISP saves the stdout and stderr of its workers in /var/www/MISP/app/tmp/logs -# To rotate these logs install the supplied logrotate script: - -sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp -sudo chmod 0640 /etc/logrotate.d/misp - -9/ MISP configuration ---------------------- -# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied -sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php -sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php -sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php -sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php - -# Configure the fields in the newly created files: -sudo -u www-data vim /var/www/MISP/app/Config/database.php -# DATABASE_CONFIG has to be filled -# With the default values provided in section 6, this would look like: -# class DATABASE_CONFIG { -# public $default = array( -# 'datasource' => 'Database/Mysql', -# 'persistent' => false, -# 'host' => 'localhost', -# 'login' => 'misp', // grant usage on *.* to misp@localhost -# 'port' => 3306, -# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX'; -# 'database' => 'misp', // create database misp; -# 'prefix' => '', -# 'encoding' => 'utf8', -# ); -#} - -# Important! Change the salt key in /var/www/MISP/app/Config/config.php -# The salt key must be a string at least 32 bytes long. -# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user -# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, -# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) - -# Change base url in config.php -/var/www/MISP/app/Console/cake Baseurl https:// -# alternatively, you can leave this field empty if you would like to use relative pathing in MISP - -# and make sure the file permissions are still OK -sudo chown -R www-data:www-data /var/www/MISP/app/Config -sudo chmod -R 750 /var/www/MISP/app/Config - -# Generate a GPG encryption key. -sudo -u www-data mkdir /var/www/MISP/.gnupg -sudo chmod 700 /var/www/MISP/.gnupg -sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key -# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file - -# NOTE: if entropy is not high enough, you can install rng-tools and then run rngd -r /dev/urandom do fix it quickly - -# And export the public key to the webroot -sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc" - -# To make the background workers start on boot -sudo chmod +x /var/www/MISP/app/Console/worker/start.sh -sudo vim /etc/rc.local -# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user: -sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh - -# Now log in using the webinterface: -# The default user/pass = admin@admin.test/admin - -# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference -# It is especially vital that no critical issues remain! -# start the workers by navigating to the workers tab and clicking restart all workers - -# Don't forget to change the email, password and authentication key after installation. - -# Once done, have a look at the diagnostics - -# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions -# you can do this by running the following commands: - -sudo chmod -R 750 /var/www/MISP/ -sudo chown -R www-data:www-data /var/www/MISP/ - -# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items - -# If anything goes wrong, make sure that you check MISP's logs for errors: -# /var/www/MISP/app/tmp/logs/error.log -# /var/www/MISP/app/tmp/logs/resque-worker-error.log -# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log -# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date - - -Recommended actions -------------------- -- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior. - -- You should really harden your OS -- You should really harden the configuration of Apache -- You should really harden the configuration of MySQL/MariaDB -- Keep your software up2date (OS, MISP, CakePHP and everything else) -- Log and audit - - -Optional features ------------------ -# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command -sudo pip3 install pyzmq -# ZeroMQ depends on the Python client for Redis -sudo pip3 install redis - -# For the experimental ssdeep correlations, run the following installation: -# installing ssdeep -wget http://downloads.sourceforge.net/project/ssdeep/ssdeep-2.13/ssdeep-2.13.tar.gz -tar zxvf ssdeep-2.13.tar.gz -cd ssdeep-2.13 -./configure -make -sudo make install -ssdeep -h # test - -#installing ssdeep_php -sudo pecl install ssdeep - -# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version -echo "extension=ssdeep.so" | sudo tee /etc/php/7.2/mods-available/ssdeep.ini -sudo phpenmod ssdeep -sudo service apache2 restart - -Optional features: misp-modules -------------------------------- -# If you want to add the misp modules functionality, follow the setup procedure described in misp-modules: -# https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules -# Then the enrichment, export and import modules can be enabled in MISP via the settings. diff --git a/INSTALL/UPDATE.txt b/INSTALL/UPDATE.txt new file mode 120000 index 000000000..f35acabc4 --- /dev/null +++ b/INSTALL/UPDATE.txt @@ -0,0 +1 @@ +../docs/UPDATE.md \ No newline at end of file diff --git a/INSTALL/xINSTALL.debian8-postgresql.txt b/INSTALL/old/xINSTALL.debian8-postgresql.txt similarity index 100% rename from INSTALL/xINSTALL.debian8-postgresql.txt rename to INSTALL/old/xINSTALL.debian8-postgresql.txt diff --git a/INSTALL/INSTALL.ubuntu1804.with.webmin.txt b/docs/INSTALL.ubuntu1804.with.webmin.md similarity index 100% rename from INSTALL/INSTALL.ubuntu1804.with.webmin.txt rename to docs/INSTALL.ubuntu1804.with.webmin.md diff --git a/INSTALL/xINSTALL.centos6.txt b/docs/xINSTALL.centos6.md similarity index 100% rename from INSTALL/xINSTALL.centos6.txt rename to docs/xINSTALL.centos6.md diff --git a/tools/gen_misp_install_docs.sh b/tools/gen_misp_install_docs.sh new file mode 100755 index 000000000..eddf6dd4e --- /dev/null +++ b/tools/gen_misp_install_docs.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e +# set -x + +if [ -e "/usr/bin/virtualenv" ]; then + echo "Python virtualenv exists, continuing with mkdocs build" +else + echo "NO virtualenv present, bye." + exit 1 +fi + +if [ -z "$VIRTUAL_ENV" ]; then + virtualenv -p python3 mkdocs + ${PWD}/mkdocs/bin/pip install mkdocs mkdocs-material +fi +wget -O ../docs/Changelog.md https://www.misp-project.org/Changelog.txt +cd ../ ; ${PWD}/tools/mkdocs/bin/mkdocs gh-deploy