diff --git a/INSTALL/INSTALL.FreeBSD.txt b/INSTALL/INSTALL.FreeBSD.txt index b98bba846..998685146 100644 --- a/INSTALL/INSTALL.FreeBSD.txt +++ b/INSTALL/INSTALL.FreeBSD.txt @@ -311,6 +311,7 @@ sudo service apache24 restart # To rotate these logs install the supplied logrotate script: sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp +chmod 0640 /usr/local/etc/logrotate.d/misp 9/ MISP configuration --------------------- diff --git a/INSTALL/INSTALL.debian9.txt b/INSTALL/INSTALL.debian9.txt index d537906cc..3cd44f465 100644 --- a/INSTALL/INSTALL.debian9.txt +++ b/INSTALL/INSTALL.debian9.txt @@ -302,6 +302,7 @@ sudo systemctl restart apache2 # To rotate these logs install the supplied logrotate script: sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp 9/ MISP configuration --------------------- diff --git a/INSTALL/INSTALL.debian_testing.txt b/INSTALL/INSTALL.debian_testing.txt index e34cd0086..3dce27e51 100644 --- a/INSTALL/INSTALL.debian_testing.txt +++ b/INSTALL/INSTALL.debian_testing.txt @@ -315,6 +315,7 @@ sudo systemctl restart apache2 # To rotate these logs install the supplied logrotate script: sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp 9/ MISP configuration --------------------- diff --git a/INSTALL/INSTALL.kali.txt b/INSTALL/INSTALL.kali.txt index cef228512..1d8b6f22c 100644 --- a/INSTALL/INSTALL.kali.txt +++ b/INSTALL/INSTALL.kali.txt @@ -350,6 +350,7 @@ function installMISPonKali() { systemctl restart apache2 cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp + chmod 0640 /etc/logrotate.d/misp $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php @@ -545,7 +546,6 @@ function installMISPonKali() { git clone git://github.com/stricaud/faup.git faup chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp cd faup - $SUDO git checkout 96f2a9a51428869cac2473422b70ace890d5d95d $SUDO mkdir -p build cd build $SUDO cmake .. && $SUDO make diff --git a/INSTALL/INSTALL.rhel7.txt b/INSTALL/INSTALL.rhel7.txt index 71452acb3..1c33ce36e 100644 --- a/INSTALL/INSTALL.rhel7.txt +++ b/INSTALL/INSTALL.rhel7.txt @@ -251,6 +251,7 @@ firewall-cmd --reload # To rotate these logs install the supplied logrotate script: cp INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp 8.01/ Allow logrotate to work under SELinux and modify the log files semanage fcontext -a -t httpd_log_t "/var/www/MISP/app/tmp/logs(/.*)?" diff --git a/INSTALL/INSTALL.ubuntu1804.txt b/INSTALL/INSTALL.ubuntu1804.txt index 8dc659721..8b416746e 100644 --- a/INSTALL/INSTALL.ubuntu1804.txt +++ b/INSTALL/INSTALL.ubuntu1804.txt @@ -205,6 +205,7 @@ sudo systemctl restart apache2 # To rotate these logs install the supplied logrotate script: sudo cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp 9/ MISP configuration --------------------- diff --git a/INSTALL/xINSTALL.centos6.txt b/INSTALL/xINSTALL.centos6.txt index d102462a9..8ae2e4769 100644 --- a/INSTALL/xINSTALL.centos6.txt +++ b/INSTALL/xINSTALL.centos6.txt @@ -206,6 +206,7 @@ service iptables save # To rotate these logs install the supplied logrotate script: cp INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp 9/ MISP configuration --------------------- diff --git a/INSTALL/xINSTALL.centos7.txt b/INSTALL/xINSTALL.centos7.txt index a240f6a4b..e4d4e19d1 100644 --- a/INSTALL/xINSTALL.centos7.txt +++ b/INSTALL/xINSTALL.centos7.txt @@ -223,6 +223,7 @@ firewall-cmd --reload # To rotate these logs install the supplied logrotate script: cp INSTALL/misp.logrotate /etc/logrotate.d/misp +chmod 0640 /etc/logrotate.d/misp # Now make logrotate work under SELinux as well # Allow logrotate to modify the log files diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 1efb67e41..2246f4a4d 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -2335,7 +2335,7 @@ class EventsController extends AppController ), 'order' => array('Job.id' => 'desc') )); - $dir = new Folder(APP . 'tmp/cached_exports/' . $k); + $dir = new Folder(APP . 'tmp/cached_exports/' . $k, true); if ($k === 'text') { // Since all of the text export files are generated together, we might as well just check for a single one md5. $file = new File($dir->pwd() . DS . 'misp.text_md5.' . $org_name . $type['extension']); diff --git a/app/files/scripts/stix2/misp2stix2.py b/app/files/scripts/stix2/misp2stix2.py index 142bcb128..21dede760 100644 --- a/app/files/scripts/stix2/misp2stix2.py +++ b/app/files/scripts/stix2/misp2stix2.py @@ -464,6 +464,11 @@ class StixBuilder(): pattern = mispTypesMapping[attribute_type]['pattern'](attribute_type, attribute_value, b64encode(attribute.data.getbuffer()).decode()[1:-1]) if ('data' in attribute and attribute.data) else self.define_pattern(attribute_type, attribute_value) indicator_args = {'id': indicator_id, 'type': 'indicator', 'labels': labels, 'kill_chain_phases': killchain, 'valid_from': self.misp_event.date, 'created_by_ref': self.identity_id, 'pattern': pattern} + if hasattr(attribute, 'Sighting'): + for sighting in attribute.Sighting: + if sighting['Organisation']['name'] == self.misp_event.Orgc.name and sighting['type'] == "2": + indicator_args['valid_until'] = datetime.datetime.fromtimestamp(int(sighting['date_sighting']), datetime.timezone.utc).isoformat() + break if hasattr(attribute, 'comment') and attribute.comment: indicator_args['description'] = attribute.comment indicator = Indicator(**indicator_args) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index e6c501519..3c17b893c 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -237,9 +237,10 @@ class StixParser(): self.misp_event.add_object(**misp_object) def parse_attribute(self, o, labels): + attribute_uuid = o['id'].split('--')[1] attribute_type = self.get_misp_type(labels) attribute_category = self.get_misp_category(labels) - attribute = {'type': attribute_type, 'category': attribute_category} + attribute = {'uuid': attribute_uuid, 'type': attribute_type, 'category': attribute_category} tags = [{'name': label} for label in labels[3:]] if tags: attribute['Tag'] = tags @@ -248,19 +249,21 @@ class StixParser(): value = o.get('name') else: if stix_type == 'indicator': - o_date = o.get('valid_from') + if hasattr(o, 'valid_until'): + org_uuid = o['created_by_ref'].split('--')[1] + attribute['Sighting'] = [{'type': '2', 'date_sighting': str(self.getTimestampfromDate(o['valid_until'])), + 'Organisation': {'uuid': org_uuid, 'name': self.event['identity'][org_uuid]['name']}}] pattern = o.get('pattern').replace('\\\\', '\\') value = self.parse_pattern_with_data(pattern) if attribute_type in ('malware-sample', 'attachment') else self.parse_pattern(pattern) attribute['to_ids'] = True else: - o_date = o.get('first_observed') + attribute['timestamp'] = self.getTimestampfromDate(o.get('last_observed')) observable = o.get('objects') try: value = self.parse_observable(observable, attribute_type) except Exception: print('Error with attribute type {}:\n{}'.format(attribute_type, observable), file=sys.stderr) attribute['to_ids'] = False - attribute['timestamp'] = self.getTimestampfromDate(o_date) if 'description' in o: attribute['comment'] = o.get('description') if isinstance(value, tuple):