MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/3892/head
chrisr3d 2018-11-14 09:23:00 +01:00
parent b4f9603a89 a28909d366
commit c0af417a43
24 changed files with 1048 additions and 739 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

490
INSTALL/old/xINSTALL.FreeBSD.txt
View File

@ -1,490 +0,0 @@
INSTALLATION INSTRUCTIONS
------------------------- for FreeBSD 11.2-amd64
0/ WIP /!\ You are warned, this does not work yet! /!\
NOT working: pydeep, lief, py-yara, MAEC
1/ Minimal FreeBSD install
--------------------------
# Install standard FreeBSD-amd64 with:
- sshd
- ntpd
- ports
# System Hardening
- Clean /tmp
- Disable Syslogd network socket
- Disable Sendmail service
# Install pkg and point to latest
Install pkg by typing:
```
$ su -
# pkg
```
# Install sudo
pkg install sudo
# Install bash
sudo pkg install bash
Make sure users in group wheel can sudo, uncomment in /usr/local/etc/sudoers :
```
%wheel ALL=(ALL) ALL
```
# Update system
```
sudo freebsd-update fetch install
```
# Make python3 default
echo "DEFAULT_VERSIONS= python=3.6 python2=2.7 python3=3.6" >> /etc/make.conf
sudo ln -s /usr/local/bin/python3 /usr/local/bin/python
# Install postfix
```
sudo pkg install postfix
# Optional but useful, add a local misp user
sudo pw user add misp -s /usr/local/bin/bash -G wheel,www
sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
sudo passwd misp
```
# FAMP
## Install misc dependencies
```
sudo pkg install curl git python3 vim m4 help2man gmake automake libtool
```
/!\ N.B: MariaDB 10.3 currently segfaults on 11.2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229219
```
sudo pkg install apache24 \
logrotate \
gnupg \
mariadb102-server mariadb102-client \
php72 \
php72-mysqli \
php72-xml \
php72-openssl \
php72-pcntl \
php72-mbstring \
php72-pdo_mysql \
php72-phar \
php72-json \
php72-filter \
php72-dom \
php72-opcache \
php72-session \
mod_php72
sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini
sudo sysrc apache24_enable="yes"
sudo sysrc mysql_enable="yes"
sudo sysrc mysql_args="--bind-address=127.0.0.1"
sudo service apache24 start
sudo service mysql-server start
sudo /usr/local/bin/mysql_secure_installation
```
```
sudo vi /usr/local/etc/apache24/Includes/php.conf
```
Add:
```
<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
```
## Redis need to be installed via ports
```
cd /usr/ports/databases/redis
sudo make install clean
sudo sysrc redis_enable="yes"
```
### php-redis
```
cd /use/ports/databases/pecl-redis
sudo make install clean
```
## Maybe needed, had to add the path for php CLI to work…
add this: PATH=$PATH:/usr/local/bin
to: /usr/local/etc/apache24/envvars.d/php.env
```
sudo service apache24 restart
```
3/ MISP code
------------
# Download MISP using git in the /usr/local/www/ directory.
sudo mkdir /usr/local/www/MISP
sudo chown www:www /usr/local/www/MISP
cd /usr/local/www/MISP
sudo -u www git clone https://github.com/MISP/MISP.git /usr/local/www/MISP
# Make git ignore filesystem permission differences
sudo -u www git config core.filemode false
# install Mitre's STIX and its dependencies by running the following commands:
##sudo apt-get install python-dev zlib1g-dev python-setuptools
sudo pkg install py27-pip py36-pip libxml2 libxslt
cd /usr/local/www/MISP/app/files/scripts
sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
sudo -u www git clone https://github.com/STIXProject/python-stix.git
cd /usr/local/www/MISP/app/files/scripts/python-cybox
sudo python3 setup.py install
cd /usr/local/www/MISP/app/files/scripts/python-stix
sudo python3 setup.py install
# install mixbox to accommodate the new STIX dependencies:
cd /usr/local/www/MISP/app/files/scripts/
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
cd /usr/local/www/MISP/app/files/scripts/mixbox
sudo python3 setup.py install
4/ CakePHP
-----------
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
cd /usr/local/www/MISP
sudo -u www git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www git submodule foreach --recursive git config core.filemode false
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd /usr/local/www/MISP/app
sudo -u www php composer.phar require kamisama/cake-resque:4.1.2
sudo -u www php composer.phar config vendor-dir Vendor
sudo -u www php composer.phar install
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www cp -fa /usr/local/www/MISP/INSTALL/setup/config.php /usr/local/www/MISP/app/Plugin/CakeResque/Config/config.php
5/ Set the permissions
----------------------
# Check if the permissions are set correctly using the following commands:
sudo chown -R www:www /usr/local/www/MISP
sudo chmod -R 750 /usr/local/www/MISP
sudo chmod -R g+ws /usr/local/www/MISP/app/tmp
sudo chmod -R g+ws /usr/local/www/MISP/app/files
sudo chmod -R g+ws /usr/local/www/MISP/app/files/scripts/tmp
6/ Create a database and user
-----------------------------
# Enter the mysql shell
sudo mysql -u root -p
MariaDB [(none)]> create database misp;
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
# Import the empty MISP database from MYSQL.sql
sudo -u www sh -c "mysql -u misp -p misp < /usr/local/www/MISP/INSTALL/MYSQL.sql"
# enter the password you set previously
7/ Apache configuration
-----------------------
```
# Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/
#2.4
sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/
# If the apache version is 2.4:
sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
sudo mkdir /etc/ssl/private/
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
sudo chmod 750 /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/*
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
sudo mkdir /var/log/apache24/
```
Now edit: /usr/local/etc/apache24/sites-available/misp-ssl.conf to reflect the below.
Make sure the ssl fqdn will reflect what you entered as a CN in the SSL-Cert.
You might see this: "AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message"
Edit:
```
============================================= Begin sample working SSL config for MISP
<VirtualHost <IP, FQDN, or *>:80>
ServerName <your.FQDN.here>
Redirect permanent / https://<your.FQDN.here>
LogLevel warn
ErrorLog /var/log/apache24/misp.local_error.log
CustomLog /var/log/apache24/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost <IP, FQDN, or *>:443>
ServerAdmin admin@<your.FQDN.here>
ServerName <your.FQDN.here>
DocumentRoot /usr/local/www/MISP/app/webroot
<Directory /usr/local/www/MISP/app/webroot>
Options -Indexes
AllowOverride all
Order allow,deny
allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
LogLevel warn
ErrorLog /var/log/apache24/misp.local_error.log
CustomLog /var/log/apache24/misp.local_access.log combined
ServerSignature Off
</VirtualHost>
============================================= End sample working SSL config for MISP
```
```
# activate new vhost
cd /usr/local/etc/apache24/sites-enabled/
sudo ln -s ../sites-available/misp-ssl.conf
echo "Include etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
echo "IncludeOptional etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
sudo vi /usr/local/etc/apache24/httpd.conf
/!\ Enable mod_rewrite in httpd.conf /!\
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
Listen 443
# Restart apache
sudo service apache24 restart
```
8/ Log rotation
---------------
# MISP saves the stdout and stderr of its workers in /usr/local/www/MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
chmod 0640 /usr/local/etc/logrotate.d/misp
9/ MISP configuration
---------------------
# There are 4 sample configuration files in /usr/local/www/MISP/app/Config that need to be copied
sudo -u www cp -a /usr/local/www/MISP/app/Config/bootstrap.default.php /usr/local/www/MISP/app/Config/bootstrap.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/database.default.php /usr/local/www/MISP/app/Config/database.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/core.default.php /usr/local/www/MISP/app/Config/core.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/config.default.php /usr/local/www/MISP/app/Config/config.php
# Configure the fields in the newly created files:
sudo -u www vim /usr/local/www/MISP/app/Config/database.php
# DATABASE_CONFIG has to be filled
# With the default values provided in section 6, this would look like:
# class DATABASE_CONFIG {
# public $default = array(
# 'datasource' => 'Database/Mysql',
# 'persistent' => false,
# 'host' => 'localhost',
# 'login' => 'misp', // grant usage on *.* to misp@localhost
# 'port' => 3306,
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
# 'database' => 'misp', // create database misp;
# 'prefix' => '',
# 'encoding' => 'utf8',
# );
#}
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
# The salt key must be a string at least 32 bytes long.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Change base url in config.php
sudo -u www vim /usr/local/www/MISP/app/Config/config.php
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# and make sure the file permissions are still OK
sudo chown -R www:www /usr/local/www/MISP/app/Config
sudo chmod -R 750 /usr/local/www/MISP/app/Config
# Generate a GPG encryption key.
sudo -u www mkdir /usr/local/www/MISP/.gnupg
sudo chmod 700 /usr/local/www/MISP/.gnupg
##### sudo -u www gpg --homedir /usr/local/www/MISP/.gnupg --gen-key <- Broken
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
# And export the public key to the webroot
sudo -u www sh -c "gpg --homedir /usr/local/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /usr/local/www/MISP/app/webroot/gpg.asc"
# To make the background workers start on boot
sudo chmod +x /usr/local/www/MISP/app/Console/worker/start.sh
sudo vim /etc/rc.local
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
sudo -u www bash /usr/local/www/MISP/app/Console/worker/start.sh
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!
# start the workers by navigating to the workers tab and clicking restart all workers
# Don't forget to change the email, password and authentication key after installation.
# Once done, have a look at the diagnostics
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
# you can do this by running the following commands:
sudo chmod -R 750 /usr/local/www/MISP/<directory path with an indicated issue>
sudo chown -R www:www /usr/local/www/MISP/<directory path with an indicated issue>
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
# If anything goes wrong, make sure that you check MISP's logs for errors:
# /usr/local/www/MISP/app/tmp/logs/error.log
# /usr/local/www/MISP/app/tmp/logs/resque-worker-error.log
# /usr/local/www/MISP/app/tmp/logs/resque-scheduler-error.log
# /usr/local/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
set PATH_TO_MISP='/usr/local/www/MISP'
set MISP_BASEURL=''
set MISP_LIVE='1'
set FQDN='localhost'
# Enable Enrichment set better timeouts
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_timeout" 300
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_timeout" 150
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_cve_enabled" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_dns_enabled" true
# Enable Import modules set better timout
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_timeout" 300
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_ocr_enabled" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_csvimport_enabled" true
# Enable Export modules set better timout
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_timeout" 300
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_pdfexport_enabled" true
sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
# Enable installer org and tune some configurables
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disable_emailing" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.contact" "info@admin.test"
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disablerestalert" true
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.showCorrelationsOnIndex" true
# Force defaults to make MISP Server Settings less RED
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.language" "eng"
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.proposals_block_attributes" false
## Redis block
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_port" 6379
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_database" 13
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_password" ""
# Tune global time outs
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.autoRegenerate" 0
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.timeout" 600
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.cookie_timeout" 3600
Recommended actions
-------------------
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
- You should really harden your OS
- You should really harden the configuration of Apache
- You should really harden the configuration of MySQL/MariaDB
- Keep your software up2date (OS, MISP, CakePHP and everything else)
- Log and audit
10/ MISP modulesß
sudo pkg install yara
sudo mkdir /usr/local/src/
cd /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip3 install
sudo pip-3.6 install -I -r REQUIREMENTS
sudo pip-3.6 install -I .
##sudo pip-3.6 install lief
sudo pip-3.6 install maec
sudo pip-3.6 install pymisp python-magic wand yara
##sudo pip-3.6 install git+https://github.com/kbandla/pydeep.git
# pip2 install
sudo pip-2.7 install pymisp python-magic wand yara
##sudo pip-2.7 install git+https://github.com/kbandla/pydeep.git
##sudo pip-2.7 install lief
# install STIX2.0 library to support STIX 2.0 export:
sudo pip-3.6 install stix2
Add this to rc.local:
```
sudo -u www misp-modules -l 0.0.0.0 -s &
```
Optional features
-------------------
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
sudo pkg install libzmq4
# ZeroMQ depends on the Python client for Redis

1
INSTALL/old/xINSTALL.FreeBSD.txt Symbolic link
View File

@ -0,0 +1 @@
../../docs/archive/xINSTALL.FreeBSD.md

7
app/Controller/AppController.php
View File

@ -46,7 +46,7 @@ class AppController extends Controller
public $helpers = array('Utility', 'OrgImg');
private $__queryVersion = '49';
private $__queryVersion = '50';
public $pyMispVersion = '2.4.96';
public $phpmin = '5.6.5';
public $phprec = '7.0.16';
@ -631,6 +631,11 @@ class AppController extends Controller
}
}
}
foreach ($data as $k => $v) {
if (!is_array($data[$k])) {
$data[$k] = trim($data[$k]);
}
}
if (!empty($options['additional_delimiters'])) {
if (!is_array($options['additional_delimiters'])) {
$options['additional_delimiters'] = array($options['additional_delimiters']);

149
app/Controller/AttributesController.php
View File

@ -59,15 +59,18 @@ class AttributesController extends AppController
{
$this->Attribute->recursive = -1;
if (!$this->_isRest()) {
$this->paginate['contain'] = array(
'Event' => array(
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id')
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
),
'Object' => array(
'AttributeTag' => array('Tag'),
'Object' => array(
'fields' => array('Object.id', 'Object.distribution', 'Object.sharing_group_id')
),
'AttributeTag'
);
)
);
$this->Attribute->contain(array('AttributeTag' => array('Tag')));
}
$this->set('isSearch', 0);
@ -77,28 +80,6 @@ class AttributesController extends AppController
}
$org_ids = array();
$tag_ids = array();
foreach ($attributes as $k => $attribute) {
if (empty($attribute['Event']['id'])) {
unset($attribute[$k]);
continue;
}
if ($attribute['Attribute']['type'] == 'attachment' && preg_match('/.*\.(jpg|png|jpeg|gif)$/i', $attribute['Attribute']['value'])) {
$attributes[$k]['Attribute']['image'] = $this->Attribute->base64EncodeAttachment($attribute['Attribute']);
}
if (!in_array($attribute['Event']['orgc_id'], $org_ids)) {
$org_ids[] = $attribute['Event']['orgc_id'];
}
if (!in_array($attribute['Event']['org_id'], $org_ids)) {
$org_ids[] = $attribute['Event']['org_id'];
}
if (!empty($attribute['AttributeTag'])) {
foreach ($attribute['AttributeTag'] as $k => $v) {
if (!in_array($v['tag_id'], $tag_ids)) {
$tag_ids[] = $v['tag_id'];
}
}
}
}
$orgs = $this->Attribute->Event->Orgc->find('list', array(
'conditions' => array('Orgc.id' => $org_ids),
'fields' => array('Orgc.id', 'Orgc.name')
@ -110,21 +91,16 @@ class AttributesController extends AppController
'fields' => array('Tag.id', 'Tag.name', 'Tag.colour')
));
}
foreach ($attributes as $k => $attribute) {
$attributes[$k]['Event']['Orgc'] = array('id' => $attribute['Event']['orgc_id'], 'name' => $orgs[$attribute['Event']['orgc_id']]);
$attributes[$k]['Event']['Org'] = array('id' => $attribute['Event']['org_id'], 'name' => $orgs[$attribute['Event']['org_id']]);
if (!empty($attribute['AttributeTag'])) {
foreach ($attribute['AttributeTag'] as $kat => $at) {
foreach ($tags as $ktag => $tag) {
if ($tag['Tag']['id'] == $at['tag_id']) {
$attributes[$k]['AttributeTag'][$kat]['Tag'] = $tag['Tag'];
}
}
}
}
}
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
}
$this->set('orgs', $orgs);
$this->set('shortDist', $this->Attribute->shortDist);
$this->set('attributes', $attributes);
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
@ -190,9 +166,10 @@ class AttributesController extends AppController
} else {
$values = explode("\n", $this->request->data['Attribute']['value']);
}
$temp = $this->request->data['Attribute'];
foreach ($values as $value) {
$this->request->data['Attribute']['value'] = $value;
$attributes[] = $this->request->data['Attribute'];
$temp['value'] = $value;
$attributes[] = $temp;
}
} else {
$attributes = $this->request->data['Attribute'];
@ -318,18 +295,19 @@ class AttributesController extends AppController
if (empty($fails)) {
$message = 'Attributes saved.';
} else {
if (count($attributes) > 1) {
if ($attributeCount > 1) {
$failKeys = array_keys($fails);
foreach ($failKeys as $k => $v) {
$v = explode('_', $v);
$failKeys[$k] = intval($v[1]) + 1;
$failKeys[$k] = intval($v[1]);
}
$message = 'Attributes saved, however, attributes ' . implode(', ', $failKeys) . ' could not be saved.';
$failed = 1;
$message = sprintf('Attributes saved, however, %s attributes could not be saved. Click %s for more info', count($fails), '$flashErrorMessage');
} else {
if (!empty($fails["attribute_0"])) {
foreach ($fails["attribute_0"] as $k => $v) {
$failed = 1;
$message = '$this->Flash->info [' . $k . ']: ' . $v[0];
$message = $k . ': ' . $v[0];
break;
}
} else {
@ -338,6 +316,25 @@ class AttributesController extends AppController
}
}
}
if (!empty($failKeys)) {
$flashErrorMessage = array();
$original_values = trim($this->request->data['Attribute']['value']);
$original_values = explode("\n", $original_values);
foreach ($original_values as $k => $original_value) {
$original_value = trim($original_value);
if (in_array($k, $failKeys)) {
$reason = '';
foreach ($fails["attribute_" . $k] as $failKey => $failData) {
$reason = $failKey . ': ' . $failData[0];
}
$flashErrorMessage[] = '<span class="red bold">' . h($original_value) . '</span> (' . h($reason) . ')';
} else {
$flashErrorMessage[] = '<span class="green bold">' . h($original_value) . '</span>';
}
}
$flashErrorMessage = implode('<br />', $flashErrorMessage);
$this->Session->write('flashErrorMessage', $flashErrorMessage);
}
if ($this->request->is('ajax')) {
$this->autoRender = false;
$errors = ($attributeCount > 1) ? $message : $this->Attribute->validationErrors;
@ -1574,6 +1571,7 @@ class AttributesController extends AppController
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
$this->set('shortDist', $this->Attribute->shortDist);
if ($this->request->is('post')) {
if (isset($this->request->data['Attribute'])) {
$this->request->data = $this->request->data['Attribute'];
@ -1622,6 +1620,9 @@ class AttributesController extends AppController
}
if (isset($filters)) {
$params = $this->Attribute->restSearch($this->Auth->user(), 'json', $filters, true);
if (!isset($params['conditions']['Attribute.deleted'])) {
$params['conditions']['Attribute.deleted'] = 0;
}
$this->paginate = $params;
if (empty($this->paginate['limit'])) {
$this->paginate['limit'] = 60;
@ -1632,7 +1633,7 @@ class AttributesController extends AppController
$this->paginate['recursive'] = -1;
$this->paginate['contain'] = array(
'Event' => array(
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id'),
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
'Org' => array('fields' => array('Org.id', 'Org.name'))
),
@ -1642,6 +1643,16 @@ class AttributesController extends AppController
)
);
$attributes = $this->paginate();
if (!$this->_isRest()) {
$temp = $this->__searchUI($attributes);
$this->loadModel('Galaxy');
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
$attributes = $temp[0];
$sightingsData = $temp[1];
$this->set('sightingsData', $sightingsData);
} else {
return $this->RestResponse->viewData($attributes, $this->response->type());
}
$this->set('filters', $filters);
$this->set('attributes', $attributes);
$this->set('isSearch', 1);
@ -1652,6 +1663,44 @@ class AttributesController extends AppController
}
}
private function __searchUI($attributes) {
$sightingsData = array();
$sgids = $this->Attribute->Event->cacheSgids($this->Auth->user(), true);
$this->Feed = ClassRegistry::init('Feed');
if (!empty($options['overrideLimit'])) {
$overrideLimit = true;
} else {
$overrideLimit = false;
}
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
$this->loadModel('Sighting');
foreach ($attributes as $k => $attribute) {
$attributes[$k]['Attribute']['AttributeTag'] = $attributes[$k]['AttributeTag'];
$attributes[$k]['Attribute'] = $this->Attribute->Event->massageTags($attributes[$k]['Attribute'], 'Attribute');
unset($attributes[$k]['AttributeTag']);
foreach ($attributes[$k]['Attribute']['AttributeTag'] as $k2 => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributes[$k]['Attribute']['AttributeTag'][$k2]);
}
}
$sightingsData = array_merge(
$sightingsData,
$this->Sighting->attachToEvent($attribute, $this->Auth->user(), $attributes[$k]['Attribute']['id'], $extraConditions = false)
);
$correlations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $attributes[$k]['Attribute']['id'], false, false, 'attribute');
if (!empty($correlations)) {
$attributes[$k]['Attribute']['RelatedAttribute'] = $correlations[$attributes[$k]['Attribute']['id']];
}
$temp = $this->Feed->attachFeedCorrelations(array($attributes[$k]['Attribute']), $this->Auth->user, $attributes[$k]['Event'], $overrideLimit);
if (!empty($temp)) {
$attributes[$k]['Attribute'] = $temp[0];
}
}
$sightingsData = $this->Attribute->Event->getSightingData(array('Sighting' => $sightingsData));
return array($attributes, $sightingsData);
}
// If the checkbox for the alternate search is ticked, then this method is called to return the data to be represented
// This alternate view will show a list of events with matching search results and the percentage of those matched attributes being marked as to_ids
// events are sorted based on relevance (as in the percentage of matches being flagged as indicators for IDS)

3
app/Controller/EventsController.php
View File

@ -1268,7 +1268,8 @@ class EventsController extends AppController
}
}
}
$params = $this->Event->rearrangeEventForView($event);
$passedArgs = array('sort' => 'timestamp', 'direction' => 'desc');
$params = $this->Event->rearrangeEventForView($event, $passedArgs);
$this->params->params['paging'] = array($this->modelClass => $params);
$this->set('event', $event);
$dataForView = array(

7
app/Controller/TagsController.php
View File

@ -500,6 +500,13 @@ class TagsController extends AppController
'contain' => array('Tag'),
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name'),
));
$this->loadModel('GalaxyCluster');
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
foreach ($attributeTags as $k => $attributeTag) {
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
unset($attributeTags[$k]);
}
}
$event = $this->Tag->AttributeTag->Attribute->Event->find('first', array(
'recursive' => -1,
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.user_id'),

10
app/Lib/Tools/ComplexTypeTool.php
View File

@ -228,7 +228,7 @@ class ComplexTypeTool
);
// algorithms to run through in order
private $__checks = array('Hashes', 'Email', 'IP', 'DomainOrFilename', 'SimpleRegex', 'AS');
private $__checks = array('Hashes', 'Email', 'IP', 'DomainOrFilename', 'SimpleRegex', 'AS', 'BTC');
private function __resolveType($raw_input)
{
@ -247,6 +247,14 @@ class ComplexTypeTool
return false;
}
private function __checkForBTC($input)
{
if (preg_match("#^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$#i", $input['raw'])) {
return array('types' => array('btc'), 'categories' => array('Financial fraud'), 'to_ids' => true, 'default_type' => 'btc', 'value' => $input['raw']);
}
return false;
}
private function __checkForEmail($input)
{
// quick filter for an @ to see if we should validate a potential e-mail address

12
app/Model/AppModel.php
View File

@ -1774,11 +1774,13 @@ class AppModel extends Model
if (!isset($filter['OR']) && !isset($filter['NOT']) && !isset($filter['AND'])) {
$temp = array();
foreach ($filter as $param) {
if ($param[0] === '!') {
$temp['NOT'][] = substr($param, 1);
} else {
$temp['OR'][] = $param;
}
if (!empty($param)) {
if ($param[0] === '!') {
$temp['NOT'][] = substr($param, 1);
} else {
$temp['OR'][] = $param;
}
}
}
$filter = $temp;
}

1
app/Model/Attribute.php
View File

@ -3852,4 +3852,5 @@ class Attribute extends AppModel
}
return true;
}
}

15
app/Model/Event.php
View File

@ -740,16 +740,18 @@ class Event extends AppModel
return $relatedEvents;
}
public function getRelatedAttributes($user, $id = null, $sgids, $shadowAttribute = false)
public function getRelatedAttributes($user, $id = null, $sgids, $shadowAttribute = false, $scope = 'event')
{
$context = $shadowAttribute ? 'ShadowAttribute' : 'Attribute';
$settings = array(
'Attribute' => array('model' => 'Attribute', 'correlationModel' => 'Correlation', 'parentIdField' => '1_attribute_id'),
'ShadowAttribute' => array('model' => 'ShadowAttribute', 'correlationModel' => 'ShadowAttributeCorrelation', 'parentIdField' => '1_shadow_attribute_id')
);
if ($id == null) {
if ($scope === 'event' && $id == null) {
$id = $this->data['Event']['id'];
}
} else if ($scope === 'attribute' && $id == null) {
$id = $this->data['Attribute']['id'];
}
if (!isset($sgids) || empty($sgids)) {
$sgids = array(-1);
}
@ -757,7 +759,7 @@ class Event extends AppModel
if (!$user['Role']['perm_site_admin']) {
$conditionsCorrelation = array(
'AND' => array(
$settings[$context]['correlationModel'] . '.1_event_id' => $id,
$settings[$context]['correlationModel'] . '.1_' . $scope . '_id' => $id,
array(
'OR' => array(
$settings[$context]['correlationModel'] . '.org_id' => $user['org_id'],
@ -802,7 +804,7 @@ class Event extends AppModel
)
);
} else {
$conditionsCorrelation = array($settings[$context]['correlationModel'] . '.1_event_id' => $id);
$conditionsCorrelation = array($settings[$context]['correlationModel'] . '.1_' . $scope . '_id' => $id);
}
$max_correlations = Configure::read('MISP.max_correlations_per_event');
if (empty($max_correlations)) {
@ -5152,6 +5154,9 @@ class Event extends AppModel
public function massageTags($data, $dataType = 'Event', $excludeGalaxy = false)
{
$data['Galaxy'] = array();
if (empty($this->GalaxyCluster)) {
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
}
// unset empty event tags that got added because the tag wasn't exportable
if (!empty($data[$dataType . 'Tag'])) {
foreach ($data[$dataType . 'Tag'] as $k => &$dataTag) {

2
app/View/Attributes/ajax/toggle_correlation.ctp
View File

@ -17,7 +17,7 @@
<table>
<tr>
<td style="vertical-align:top">
<span id="PromptYesButton" title="<?php echo __('Toggle correlation for attribute'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle correlation for attribute'); ?>" class="btn btn-primary" onClick="toggleCorrelation(<?php echo h($attribute['Attribute']['id']); ?>);"><?php echo __('Yes'); ?></span>
<span id="PromptYesButton" title="<?php echo __('Toggle correlation for attribute'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle correlation for attribute'); ?>" class="btn btn-primary" onClick="toggleCorrelation(<?php echo h($attribute['Attribute']['id']); ?>, 1);"><?php echo __('Yes'); ?></span>
</td>
<td style="width:540px;">
</td>

239
app/View/Attributes/index.ctp
View File

@ -42,147 +42,83 @@
?>
</ul>
</div>
<table class="table table-striped table-hover table-condensed">
<tr>
<th><?php echo $this->Paginator->sort('event_id');?></th>
<?php if (Configure::read('MISP.showorg') || $isAdmin): ?>
<th><?php echo $this->Paginator->sort('Event.orgc_id', 'Org');?></th>
<?php endif; ?>
<th><?php echo $this->Paginator->sort('category');?></th>
<th><?php echo $this->Paginator->sort('type');?></th>
<th><?php echo $this->Paginator->sort('value');?></th>
<th>Tags</th>
<th><?php echo $this->Paginator->sort('comment');?></th>
<th<?php echo ' title="' . $attrDescriptions['signature']['desc'] . '"';?>>
<?php echo $this->Paginator->sort('IDS');?></th>
<th class="actions">Actions</th>
</tr>
<?php
$currentCount = 0;
if ($isSearch == 1) {
// sanitize data
$toHighlight = array('value', 'comment');
$keywordArray = array();
foreach ($toHighlight as $highlightedElement) {
if (!empty($filters[$highlightedElement])) {
if (!is_array($filters[$highlightedElement])) {
$filters[$highlightedElement] = array($filters[$highlightedElement]);
}
foreach ($filters[$highlightedElement] as $highlightedString) {
$keywordArray[] = $highlightedString;
<?php
$headers = array(
$this->Paginator->sort('date'),
$this->Paginator->sort('event_id'),
$this->Paginator->sort('Event.orgc_id', 'Org'),
$this->Paginator->sort('category'),
$this->Paginator->sort('type'),
$this->Paginator->sort('value'),
__('Tags'),
__('Galaxies'),
$this->Paginator->sort('comment'),
__('Correlate'),
__('Related Events'),
__('Feed hits'),
sprintf('<span title="%s">%s</th>', $attrDescriptions['signature']['desc'], $this->Paginator->sort('IDS')),
$this->Paginator->sort('distribution'),
__('Sightings'),
__('Activity'),
__('Actions')
);
foreach ($headers as $k => &$header) {
if ($k == (count($headers)-1)) {
$header = sprintf('<th title="%s">%s</th>', $attrDescriptions['signature']['desc'], $header);
} else {
$header = sprintf('<th>%s</th>', $header);
}
}
$rows = array(
sprintf('<tr>%s</tr>', implode('', $headers))
);
$currentCount = 0;
if ($isSearch == 1) {
// sanitize data
$toHighlight = array('value', 'comment');
$keywordArray = array();
foreach ($toHighlight as $highlightedElement) {
if (!empty($filters[$highlightedElement])) {
if (!is_array($filters[$highlightedElement])) {
$filters[$highlightedElement] = array($filters[$highlightedElement]);
}
foreach ($filters[$highlightedElement] as $highlightedString) {
$keywordArray[] = $highlightedString;
}
}
}
}
// build the $replacePairs variable used to highlight the keywords
$replacePairs = $this->Highlight->build_replace_pairs($keywordArray);
}
foreach ($attributes as $attribute):
// build the $replacePairs variable used to highlight the keywords
$replacePairs = $this->Highlight->build_replace_pairs($keywordArray);
}
foreach ($attributes as $k => $attribute) {
$event = array(
'Event' => $attribute['Event'],
'Orgc' => $attribute['Event']['Orgc'],
);
$mayModify = ($isSiteAdmin || ($isAclModify && $event['Event']['user_id'] == $me['id'] && $attribute['Event']['orgc_id'] == $me['org_id']) || ($isAclModifyOrg && $attribute['Event']['orgc_id'] == $me['org_id']));
$mayPublish = ($isAclPublish && $attribute['Event']['orgc_id'] == $me['org_id']);
$mayChangeCorrelation = !Configure::read('MISP.completely_disable_correlation') && ($isSiteAdmin || ($mayModify && Configure::read('MISP.allow_disabling_correlation')));
$mayModify = $attribute['Event']['orgc_id'] === $me['org_id'] ? true : false;
if (!empty($attribute['Attribute']['RelatedAttribute'])) {
$event['RelatedAttribute'] = array($attribute['Attribute']['id'] => $attribute['Attribute']['RelatedAttribute']);
}
$rows[] = $this->element('/Events/View/row_attribute', array(
'object' => $attribute['Attribute'],
'k' => $k,
'mayModify' => $mayModify,
'mayChangeCorrelation' => $mayChangeCorrelation,
'page' => 1,
'fieldCount' => 11,
'includeRelatedTags' => 0,
'event' => $event,
'me' => $me,
'extended' => 1,
'disable_multi_select' => 1,
'context' => 'list'
));
}
echo sprintf('<table class="table table-striped table-hover table-condensed">%s</table>', implode('', $rows));
?>
<tr>
<td class="short">
<div ondblclick="document.location='<?php echo $baseurl?>/events/view/<?php echo $attribute['Event']['id'];?>';" title="<?php echo h($attribute['Event']['info']); ?>">
<?php
if ($attribute['Event']['orgc_id'] == $me['org_id']) {
$style='style="color:red;"';
} else {
$style='';
}
$currentCount++;
?>
<a href="<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>" <?php echo $style;?>><?php echo $attribute['Event']['id'];?></a>
</div>
</td>
<?php if (Configure::read('MISP.showorg') || $isAdmin): ?>
<td class="short" ondblclick="document.location.href ='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>'">
<?php
echo $this->OrgImg->getOrgImg(array('name' => $attribute['Event']['Orgc']['name'], 'id' => $attribute['Event']['orgc_id'], 'size' => 24));
?>
&nbsp;
</td>
<?php endif;?>
<td title="<?php echo $categoryDefinitions[$attribute['Attribute']['category']]['desc'];?>" class="short" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
<?php echo h($attribute['Attribute']['category']); ?>&nbsp;</td>
<td title="<?php if (isset($typeDefinitions[$attribute['Attribute']['type']])) echo $typeDefinitions[$attribute['Attribute']['type']]['desc'];?>" class="short" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
<?php echo h($attribute['Attribute']['type']); ?>&nbsp;</td>
<td class="showspaces" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';"><?php
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
if ($isSearch == 1 && !empty($replacePairs)) {
// highlight the keywords if there are any
$sigDisplay = $this->Highlight->highlighter($sigDisplay, $replacePairs);
}
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
if ($attribute['Attribute']['type'] == 'attachment' && isset($attribute['Attribute']['image'])):
$extension = explode('.', $attribute['Attribute']['value']);
$extension = end($extension);
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($attribute['Attribute']['image']);
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($attribute['Attribute']['value']) . '" />';
else:
?>
<a href="<?php echo $baseurl;?>/attributes/download/<?php echo $attribute['Attribute']['id'];?>"><?php echo $sigDisplay; ?></a>
<?php
endif;
} else if ('link' == $attribute['Attribute']['type']) {
?><a href="<?php echo h($attribute['Attribute']['value']);?>"><?php echo $sigDisplay; ?></a><?php
} else {
echo $sigDisplay;
}
?>
</td>
<td style = "max-width:200px;width:10px;">
<?php foreach ($attribute['AttributeTag'] as $tag):
$tagText = "&nbsp;";
if (Configure::read('MISP.full_tags_on_attribute_index') == 1) $tagText = h($tag['Tag']['name']);
else if (Configure::read('MISP.full_tags_on_attribute_index') == 2) {
if (strpos($tag['Tag']['name'], '=')) {
$tagText = explode('=', $tag['Tag']['name']);
$tagText = h(trim(end($tagText), "\""));
}
else $tagText = h($tag['Tag']['name']);
}
?>
<span class="tag useCursorPointer" style="margin-bottom:3px;background-color:<?php echo h($tag['Tag']['colour']);?>;color:<?php echo $this->TextColour->getTextColour($tag['Tag']['colour']);?>;" title="<?php echo h($tag['Tag']['name']); ?>" role="button" tabindex="0" aria-label="Search events tagged <?php echo h($tag['Tag']['name'])?>" onClick="document.location.href='<?php echo $baseurl; ?>/attributes/search/attributetag:<?php echo h($tag['Tag']['id']);?>';"><?php echo $tagText; ?></span>
<?php endforeach; ?>
</td>
<td ondblclick="document.location ='document.location ='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
<?php
$sigDisplay = nl2br(h($attribute['Attribute']['comment']));
if ($isSearch == 1 && !empty($replacePairs)) {
// highlight the keywords if there are any
$sigDisplay = $this->Highlight->highlighter($sigDisplay, $replacePairs);
}
echo $sigDisplay;
?>&nbsp;
</td>
<td class="short" ondblclick="document.location ='document.location ='/events/view/<?php echo $attribute['Event']['id'];?>';">
<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?>&nbsp;
</td>
<td class="short action-links">
<?php
if ($isSiteAdmin || ($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org_id'] == $me['org_id'])):
?>
<a href="<?php echo $baseurl;?>/attributes/edit/<?php echo $attribute['Attribute']['id'];?>" class="icon-edit" title="Edit"></a><?php
echo $this->Form->postLink('',array('action' => 'delete', $attribute['Attribute']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete this attribute?'));
elseif ($isAclModify):
?>
<a href="<?php echo $baseurl;?>/shadow_attributes/edit/<?php echo $attribute['Attribute']['id'];?>" class="icon-share" title="<?php echo __('Propose an edit'); ?>"></a>
<?php
endif;
if ($me['Role']['perm_sighting']):
?>
<span class="icon-eye useCursorPointer fa fa-eye" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" data-toggle="popover" onClick="quickAddSighting(this, <?php echo h($attribute['Attribute']['id']); ?>, '<?php echo h($attribute['Attribute']['value']);?>');">&nbsp;</span>
<?php
endif;
?>
<a href="<?php echo $baseurl;?>/events/view/<?php echo $attribute['Attribute']['event_id'];?>" class="icon-list-alt" title="<?php echo __('View'); ?>"></a>
</td>
</tr>
<?php
endforeach;
?>
</table>
<p>
<?php
echo $this->Paginator->counter(array(
@ -221,6 +157,32 @@ $(document).ready(function () {
$('.screenshot').click(function() {
screenshotPopup($(this).attr('src'), $(this).attr('title'));
});
<<<<<<< HEAD
$('.addGalaxy').click(function() {
addGalaxyListener(this);
});
$('.sightings_advanced_add').click(function() {
var selected = [];
var object_context = $(this).data('object-context');
var object_id = $(this).data('object-id');
if (object_id == 'selected') {
$(".select_attribute").each(function() {
if ($(this).is(":checked")) {
selected.push($(this).data("id"));
}
});
object_id = selected.join('|');
}
url = "<?php echo $baseurl; ?>" + "/sightings/advanced/" + object_id + "/" + object_context;
genericPopup(url, '#screenshot_box');
});
$('.correlation-toggle').click(function() {
var attribute_id = $(this).data('attribute-id');
getPopup(attribute_id, 'attributes', 'toggleCorrelation', '', '#confirmation_box');
return false;
});
popoverStartup();
=======
$(document).on('click', function (e) {
//did not click a popover toggle or popover
if ($(e.target).data('toggle') !== 'popover'
@ -232,5 +194,6 @@ $(document).ready(function () {
definedPopovers.popover('hide');
}
});
>>>>>>> 2adef5897cdb233c1541461a97b9b08f15ae5134
});
</script>

15
app/View/Elements/Events/View/row_attribute.ctp
View File

@ -1,5 +1,8 @@
<?php
$tr_class = '';
if (empty($context)) {
$context = 'event';
}
$linkClass = 'blue';
if ($event['Event']['id'] != $object['event_id']) {
if (!$isSiteAdmin && $event['extensionEvents'][$object['event_id']]['Orgc']['id'] != $me['org_id']) {
@ -31,9 +34,9 @@
?>
<tr id = "Attribute_<?php echo h($object['id']); ?>_tr" class="<?php echo $tr_class; ?>" tabindex="0">
<?php
if ($mayModify || $extended):
if (($mayModify || !empty($extended)) && empty($disable_multi_select)):
?>
<td style="width:10px;" data-position="<?php echo h($object['objectType']) . '_' . h($object['id']); ?>">
<td style="width:10px;" data-position="<?php echo 'attribute_' . h($object['id']); ?>">
<?php
if ($mayModify):
?>
@ -55,7 +58,7 @@
<?php echo date('Y-m-d', $object['timestamp']); ?>
</td>
<?php
if ($extended):
if (!empty($extended)):
?>
<td class="short">
<?php echo '<a href="' . $baseurl . '/events/view/' . h($object['event_id']) . '">' . h($object['event_id']) . '</a>'; ?>
@ -65,7 +68,7 @@
?>
<td class="short">
<?php
if ($extended):
if (!empty($extended)):
if ($object['event_id'] != $event['Event']['id']):
$extensionOrg = $event['extensionEvents'][$object['event_id']]['Orgc'];
echo $this->OrgImg->getOrgImg(array('name' => $extensionOrg['name'], 'id' => $extensionOrg['id'], 'size' => 24));
@ -141,7 +144,7 @@
</td>
<td class="shortish">
<div class="attributeTagContainer" id="#Attribute_<?php echo h($object['id']);?>_tr .attributeTagContainer">
<?php echo $this->element('ajaxAttributeTags', array('attributeId' => $object['id'], 'attributeTags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']) )); ?>
<?php echo $this->element('ajaxAttributeTags', array('attributeId' => $object['id'], 'attributeTags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']), 'context' => $context)); ?>
</div>
</td>
<?php
@ -182,7 +185,7 @@
data-attribute-id="<?php echo h($object['id']); ?>"
<?php
echo $object['disable_correlation'] ? '' : ' checked';
echo ($mayChangeCorrelation && !$event['Event']['disable_correlation']) ? '' : ' disabled';
echo ($mayChangeCorrelation && empty($event['Event']['disable_correlation'])) ? '' : ' disabled';
?>
>
</td>

4
app/View/Elements/Events/View/sighting_field.ctp
View File

@ -9,8 +9,8 @@
<?php
if ($isAclAdd):
?>
<span class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onClick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onClick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onClick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onClick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');">&nbsp;</span>
<span class="icon-wrench useCursorPointer sightings_advanced_add" title="<?php echo __('Advanced sightings');?>" role="button" tabindex="0" aria-label="<?php echo __('Advanced sightings');?>" data-object-id="<?php echo h($object['id']); ?>" data-object-context="attribute">&nbsp;</span>
<?php
endif;

13
app/View/Elements/Flash/error.ctp
View File

@ -1,4 +1,13 @@
<div class="alert alert-error">
<button type="button" class="close" data-dismiss="alert">&times;</button>
<?php echo h($message); ?>
<button type="button" class="close" data-dismiss="alert">&times;</button>
<?php
$message = h($message);
if (strpos('$flashErrorMessage', $message) >= 0) {
$message = str_replace('$flashErrorMessage', '<span class="useCursorPointer underline bold" onClick="flashErrorPopover();">here</span>', $message);
}
echo $message;
if ($this->Session->read('flashErrorMessage')) {
echo sprintf('<div class="hidden" id="flashErrorMessage">%s</div>', $this->element('flashErrorMessage', array('message' => $this->Session->read('flashErrorMessage'))));
}
?>
</div>

18
app/View/Elements/ajaxAttributeTags.ctp
View File

@ -1,5 +1,8 @@
<div style="width:100%;display:inline-block;">
<?php
if (empty($context)) {
$context = 'event';
}
$full = $isAclTagger && $tagAccess;
foreach ($attributeTags as $tag):
if (!isset($tag['Tag'])) $tag = array('Tag' => $tag);
@ -31,10 +34,15 @@
endforeach;
?>
<div style="float:left">
<?php if ($full): ?>
<button id="addTagButton" class="btn btn-inverse noPrint" style="line-height:10px; padding: 4px 4px;" onClick="getPopup('<?php echo h($attributeId); ?>' + '/true', 'tags', 'selectTaxonomy');">+</button>
<?php else:?>
&nbsp;
<?php endif; ?>
<?php
$addTagButton = '&nbsp;';
if ($full) {
$addTagButton = sprintf(
'<button id="addTagButton" class="btn btn-inverse noPrint" style="line-height:10px; padding: 4px 4px;" onClick="getPopup(%s);">+</button>',
sprintf("'%s/true', 'tags', 'selectTaxonomy'", h($attributeId))
);
}
echo $addTagButton;
?>
</div>
</div>

7
app/View/Elements/flashErrorMessage.ctp Normal file
View File

@ -0,0 +1,7 @@
<div class="confirmation">
<legend><?php echo __('Errors');?></legend>
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
<div id="flashErrorMessageContent" style="overflow-y: auto;"><?php echo $message; ?></div>
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPopoverForm();"><?php echo __('Close');?></span>
</div>
</div>

3
app/View/Events/automation.ctp
View File

@ -1,7 +1,8 @@
<div class="event index">
<h2><?php echo __('Automation');?></h2>
<p><?php echo __('Automation functionality is designed to automatically feed other tools and systems with the data in your MISP repository.
To to make this functionality available for automated tools an authentication key is used.');?><br/>
To to make this functionality available for automated tools an authentication key is used.');?>
<br />You can use the <a href="<?php echo $baseurl;?>/servers/rest">ReST client</a> to test your API queries against your MISP and export the resulting tuned queries as curl or python scripts.
<strong><?php echo __('Make sure you keep your API key secret as it gives access to the all of the data that you normally have access to in MISP.');?></strong>
To view the old MISP automation page, click <a href="<?php echo $baseurl; ?>/events/automation/1">here</a>.
</p>

33
app/View/GalaxyClusters/ajax/galaxy_cluster_delete_confirmation.ctp Normal file
View File

@ -0,0 +1,33 @@
<div class="confirmation">
<?php
echo $this->Form->create('GalaxyCluster', array(
'style' => 'margin:0px;',
'id' => 'PromptForm',
'url' => array('controller' => 'galaxy_clusters', 'action' => 'delete', $id)
));
?>
<legend><?php echo __('Galaxy Cluster Deletion');?></legend>
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
<p><?php echo __('Are you sure you want to delete Galaxy Cluster #<?php echo h($id); ?>?<br /> Associated tags will not be removed. You can reload the Galaxy Cluster at any time by force updating your galaxies.');?></p>
<table>
<tr>
<td style="vertical-align:top">
<?php
echo $this->Form->button(__('Yes'), array(
'type' => 'submit',
'class' => 'btn btn-primary'
));
?>
</td>
<td style="width:540px;">
</td>
<td style="vertical-align:top;">
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();"><?php echo __('No');?></span>
</td>
</tr>
</table>
</div>
<?php
echo $this->Form->end();
?>
</div>

11
app/View/Layouts/default.ctp
View File

@ -59,7 +59,9 @@
?>
</div>
<div>
<?php echo $this->fetch('content'); ?>
<?php
echo $this->fetch('content');
?>
</div>
<?php
echo $this->element('footer');
@ -104,12 +106,17 @@
tabIsActive = true;
});
<?php
if (!Configure::read('MISP.disable_auto_logout')):
if (!Configure::read('MISP.disable_auto_logout')):
?>
checkIfLoggedIn();
<?php
endif;
?>
if ($('.alert').text().indexOf("$flashErrorMessage") >= 0) {
//$('#flashErrorMessage').html()
var flashMessageLink = '<span class="useCursorPointer underline bold" onClick="flashErrorPopover();">here</span>';
$('.alert').html(($('.alert').html().replace("$flashErrorMessage", flashMessageLink)));
}
});
</script>
</body>

4
app/webroot/css/main.css
View File

@ -1257,6 +1257,10 @@ a.proposal_link_red:hover {
cursor: hand;
}
.underline {
text-decoration: underline;
}
.template_general {
display:inline-block;
width: 100%;

59
app/webroot/js/misp.js
View File

@ -298,14 +298,14 @@ function acceptObject(type, id, event) {
});
}
function toggleCorrelation(id) {
function toggleCorrelation(id, skip_reload = false) {
$.ajax({
beforeSend: function (XMLHttpRequest) {
$(".loading").show();
},
data: $('#PromptForm').serialize(),
success:function (data, textStatus) {
handleGenericAjaxResponse(data);
handleGenericAjaxResponse(data, skip_reload);
$("#correlation_toggle_" + id).prop('checked', !$("#correlation_toggle_" + id).is(':checked'));
},
complete:function() {
@ -330,6 +330,10 @@ function updateIndex(id, context, newPage) {
if (typeof newPage !== 'undefined') page = newPage;
var url, div;
if (context == 'event') {
if (typeof currentUri == 'undefined') {
location.reload();
return true;
}
url = currentUri;
div = "#attributes_div";
}
@ -461,7 +465,11 @@ function addSighting(type, attribute_id, event_id, page) {
$('.sightingsCounter').each(function( counter ) {
$(this).html(parseInt($(this).html()) + 1);
});
updateIndex(event_id, 'event');
if (typeof currentUri == 'undefined') {
location.reload();
} else {
updateIndex(event_id, 'event');
}
}
},
error:function() {
@ -600,7 +608,7 @@ function handleAjaxEditResponse(data, name, type, id, field, event) {
}
}
function handleGenericAjaxResponse(data) {
function handleGenericAjaxResponse(data, skip_reload = false) {
if (typeof data == 'string') {
responseArray = JSON.parse(data);
} else {
@ -609,7 +617,7 @@ function handleGenericAjaxResponse(data) {
if (responseArray.saved) {
showMessage('success', responseArray.success);
if (responseArray.hasOwnProperty('check_publish')) {
checkAndSetPublishedInfo();
checkAndSetPublishedInfo(skip_reload);
}
return true;
} else {
@ -2848,16 +2856,25 @@ $(".eventViewAttributePopup").click(function() {
$('#screenshot_box').html('<div class="screenshot_content">' + enrichment_popover + '</div>');
$('#screenshot_box').show();
$("#gray_out").fadeIn();
$('#screenshot_box').css('top', '50px');
$('#screenshot_box').css('padding', '5px');
$('#screenshot_box').css("maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
$('.screenshot_content').css("maxHeight", ( $( window ).height() - 120 | 0 ) + "px" );
$('.screenshot_content').css("overflow-y", "auto");
$('#screenshot_box').css({'padding': '5px'});
$('#screenshot_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
$('#screenshot_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" );
$('#screenshot_box').css( "overflow-y", "auto");
var left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2);
$('#screenshot_box').css({'left': left + 'px'});
}
});
function flashErrorPopover() {
$('#popover_form').css( "minWidth", "200px");
$('#popover_form').html($('#flashErrorMessage').html());
$('#popover_form').show();
var left = ($(window).width() / 2) - ($('#popover_form').width() / 2);
$('#popover_form').css({'left': left + 'px'});
$("#gray_out").fadeIn();
}
$(".eventViewAttributeHover").mouseenter(function() {
$('.popover').remove();
type = $(this).attr('data-object-type');
@ -3179,17 +3196,19 @@ function quickSubmitGalaxyForm(event_id, cluster_id) {
return false;
}
function checkAndSetPublishedInfo() {
function checkAndSetPublishedInfo(skip_reload=false) {
var id = $('#hiddenSideMenuData').data('event-id');
$.get( "/events/checkPublishedStatus/" + id, function(data) {
if (data == 1) {
$('.published').removeClass('hidden');
$('.not-published').addClass('hidden');
} else {
$('.published').addClass('hidden');
$('.not-published').removeClass('hidden');
}
});
if (id !== 'undefined' && !skip_reload) {
$.get( "/events/checkPublishedStatus/" + id, function(data) {
if (data == 1) {
$('.published').removeClass('hidden');
$('.not-published').addClass('hidden');
} else {
$('.published').addClass('hidden');
$('.not-published').removeClass('hidden');
}
});
}
}
$(document).keyup(function(e){

610
docs/archive/xINSTALL.FreeBSD.md Normal file
View File

@ -0,0 +1,610 @@
# INSTALLATION INSTRUCTIONS
## for FreeBSD 12.0-amd64
### 0/ WIP /!\ You are warned, this does not work yet! /!\
!!! warning
NOT working: pydeep, lief
{!generic/globalVariables.md!}
```bash
PHP_ETC_BASE=/usr/local/etc
PHP_INI=${PHP_ETC_BASE}/php.ini
PATH_TO_MISP=/usr/local/www/MISP
CAKE="$PATH_TO_MISP/app/Console/cake"
```
### 1/ Minimal FreeBSD install
--------------------------
# Install standard FreeBSD-amd64 with:
- sshd
- ntpdate
- ntpd
- ports
# System Hardening
- Clean /tmp
- Disable Syslogd network socket
- Disable Sendmail service
# Install pkg and point to latest
```bash
$ su -
# pkg
```
#### Install sudo
```bash
pkg install -y sudo
```
!!! notice
Make sure users in group wheel can sudo, uncomment in **/usr/local/etc/sudoers**<br />
```
%wheel ALL=(ALL) ALL
```
#### Install bash
```bash
sudo pkg install -y bash
```
#### Optional but useful, add a local misp user
```bash
sudo pw user add misp -s /usr/local/bin/bash -G wheel,www,staff
sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
sudo passwd misp
```
```bash
# In case you already have a MISP User
sudo pw usermod misp -s /usr/local/bin/bash
sudo pw groupmod -n www -m misp
sudo pw groupmod -n staff -m misp
exit
```
#### Update system
```bash
sudo freebsd-update fetch install
```
#### Fetch ports or update ports
```bash
sudo portsnap fetch extract
# OR
sudo portsnap fetch update
```
#### Make python3 default *(optional)
```bash
echo "DEFAULT_VERSIONS= python=3.6 python2=2.7 python3=3.6" >> /etc/make.conf
sudo ln -s /usr/local/bin/python3 /usr/local/bin/python
```
#### Install postfix
```bash
sudo pkg install -y postfix
```
### FAMP
#### Install misc dependencies
```bash
sudo pkg install -y curl git python3 vim m4 help2man gmake automake libtool expect gsed
```
!!! warning
N.B: MariaDB 10.3 currently segfaults on 11.2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229219
```bash
sudo pkg install -y apache24 \
logrotate \
gnupg \
mariadb102-server mariadb102-client \
php72 \
php72-mysqli \
php72-xml \
php72-openssl \
php72-pcntl \
php72-mbstring \
php72-pdo_mysql \
php72-phar \
php72-json \
php72-filter \
php72-fileinfo \
php72-dom \
php72-opcache \
php72-session \
mod_php72
sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini
sudo sysrc apache24_enable="yes"
sudo sysrc mysql_enable="yes"
sudo sysrc mysql_args="--bind-address=127.0.0.1"
sudo service apache24 start
sudo service mysql-server start
### /!\ Needs Fixing /!\
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
pw="Password1234"
expect -f - <<-EOF
set timeout 10
spawn sudo mysql_secure_installation
expect "*?assword*"
send -- "$pw\r"
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
sudo pkg remove -R tcl86
echo "<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>" |sudo tee -a /usr/local/etc/apache24/Includes/php.conf
```
#### Redis needs to be installed via ports
```
cd /usr/ports/databases/redis
sudo make install clean
sudo sysrc redis_enable="yes"
```
##### php-redis
```
cd /usr/ports/databases/pecl-redis
sudo make install clean
```
##### php-gnupg
```
cd /usr/ports/security/pecl-gnupg
sudo make install clean
```
#### PHP CLI Tweak
```bash
echo "PATH=$PATH:/usr/local/bin" |sudo tee -a /usr/local/etc/apache24/envvars.d/php.env
sudo service apache24 restart
```
### 3/ MISP code
------------
```bash
# Download MISP using git in the /usr/local/www/ directory.
sudo mkdir ${PATH_TO_MISP}
sudo chown www:www ${PATH_TO_MISP}
cd ${PATH_TO_MISP}
sudo -u www git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
# Make git ignore filesystem permission differences
sudo -u www git config core.filemode false
sudo -u www git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
sudo -u www git submodule foreach --recursive git config core.filemode false
# install Mitre's STIX and its dependencies by running the following commands:
sudo pkg install -y py36-pip libxml2 libxslt
# Install virtualenv
sudo pip-3.6 install virtualenv
# Create a python3 virtualenv
sudo -u www virtualenv -p python3 ${PATH_TO_MISP}/venv
cd ${PATH_TO_MISP}/app/files/scripts
sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
sudo -u www git clone https://github.com/STIXProject/python-stix.git
sudo -u www git clone https://github.com/MAECProject/python-maec.git
# install mixbox to accommodate the new STIX dependencies:
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
# install PyMISP
cd ${PATH_TO_MISP}/PyMISP
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
```
### 4/ CakePHP
-----------
```bash
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd ${PATH_TO_MISP}/app
sudo -u www php composer.phar require kamisama/cake-resque:4.1.2
sudo -u www php composer.phar config vendor-dir Vendor
sudo -u www php composer.phar install
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www cp -fa /usr/local/www/MISP/INSTALL/setup/config.php /usr/local/www/MISP/app/Plugin/CakeResque/Config/config.php
```
### 5/ Set the permissions
----------------------
```
# Check if the permissions are set correctly using the following commands:
sudo chown -R www:www /usr/local/www/MISP
sudo chmod -R 750 /usr/local/www/MISP
sudo chmod -R g+ws /usr/local/www/MISP/app/tmp
sudo chmod -R g+ws /usr/local/www/MISP/app/files
sudo chmod -R g+ws /usr/local/www/MISP/app/files/scripts/tmp
```
### 6/ Create a database and user
-----------------------------
```
# Enter the mysql shell
sudo mysql -u root -p
MariaDB [(none)]> create database misp;
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
```
#### copy/paste
```
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
```bash
# Import the empty MISP database from MYSQL.sql
sudo -u www cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
```
### 7/ Apache configuration
-----------------------
```bash
# Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/
#2.4
sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/
# If the apache version is 2.4:
sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
sudo mkdir /etc/ssl/private/
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
sudo chmod 750 /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/*
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
sudo mkdir /var/log/apache24/
sudo gsed -i "s/apache2/apache24/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
sudo gsed -i "s/var\/www/usr\/local\/www/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
sudo gsed -i "s/SSLCertificateChainFile/#SSLCertificateChainFile/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
# activate new vhost
cd /usr/local/etc/apache24/sites-enabled/
sudo ln -s ../sites-available/misp-ssl.conf
echo "Include etc/apache24/sites-enabled/*.conf" |sudo tee -a /usr/local/etc/apache24/httpd.conf
echo "IncludeOptional etc/apache24/sites-enabled/*.conf" |sudo tee -a /usr/local/etc/apache24/httpd.conf
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo gsed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
sudo gsed -i "s/#LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/" /usr/local/etc/apache24/httpd.conf
sudo gsed -i "s/#LoadModule ssl_module libexec\/apache24\/mod_ssl.so/LoadModule ssl_module libexec\/apache24\/mod_ssl.so/" /usr/local/etc/apache24/httpd.conf
sudo gsed -i "s/Listen 80/Listen 80\nListen 443/" /usr/local/etc/apache24/httpd.conf
# Restart apache
sudo service apache24 restart
```
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of its workers in /usr/local/www/MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
sudo chmod 0640 /usr/local/etc/logrotate.d/misp
```
### 9/ MISP configuration
---------------------
```bash
# There are 4 sample configuration files in /usr/local/www/MISP/app/Config that need to be copied
sudo -u www cp -a /usr/local/www/MISP/app/Config/bootstrap.default.php /usr/local/www/MISP/app/Config/bootstrap.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/database.default.php /usr/local/www/MISP/app/Config/database.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/core.default.php /usr/local/www/MISP/app/Config/core.php
sudo -u www cp -a /usr/local/www/MISP/app/Config/config.default.php /usr/local/www/MISP/app/Config/config.php
# Configure the fields in the newly created files:
echo "<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}" | sudo -u www tee $PATH_TO_MISP/app/Config/database.php
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
# The salt key must be a string at least 32 bytes long.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Change base url in config.php
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# and make sure the file permissions are still OK
sudo chown -R www:www /usr/local/www/MISP/app/Config
sudo chmod -R 750 /usr/local/www/MISP/app/Config
# Generate a GPG encryption key.
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
# And export the public key to the webroot
sudo -u www sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www tee $PATH_TO_MISP/app/webroot/gpg.asc
# To make the background workers start on boot
sudo chmod +x /usr/local/www/MISP/app/Console/worker/start.sh
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
```
{!generic/MISP_CAKE_init.md!}
```bash
sudo gsed -i -e '$i \sudo -u www bash /usr/local/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
sudo gsed -i -e '$i \sudo -u www /usr/local/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local
```
### 10/ MISP modules
```bash
sudo pkg install -y yara
sudo mkdir /usr/local/src
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# lief broken...
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install maec python-magic
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
##sudo pip-3.6 install git+https://github.com/kbandla/pydeep.git
# install STIX2.0 library to support STIX 2.0 export:
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install stix2
```
{!generic/INSTALL.done.md!}
{!generic/recommended.actions.md!}
### Optional features
-----------------
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
```bash
sudo pkg install -y libzmq4
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install pyzmq
```
#### misp-dashboard (NOT WORKING)
!!! notice
Enable ZeroMQ for misp-dashboard
!!! warning
This is not working, still needs a working WSGI config.
!!! warning
The install_dependencies.sh script is for Linux ONLY. The following blurp will be a diff of a working OpenBSD version.
```diff
(DASHENV) fbsd# diff -u install_dependencies.sh install_dependencies_fbsd.sh
diff --git a/install_dependencies.sh b/install_dependencies.sh
index ca10fc0..bd5d415 100755
--- a/install_dependencies.sh
+++ b/install_dependencies.sh
@@ -1,9 +1,9 @@
-#!/bin/bash
+#!/usr/local/bin/bash
set -e
#set -x
-sudo apt-get install python3-virtualenv virtualenv screen redis-server unzip -y
+pkg install -y unzip wget screen
if [ -z "$VIRTUAL_ENV" ]; then
virtualenv -p python3 DASHENV
@@ -25,8 +25,8 @@ if [ -e "config/config.cfg" ]; then
else
cp -i config/config.cfg.default config/config.cfg
echo "Sanitizing MaxMindDB Path"
- sed -i "s|pathMaxMindDB=./data/GeoLite2-City/GeoLite2-City.mmdb|pathMaxMindDB=$PWD/data/GeoLite2-City/GeoLite2-City.mmdb|" config/config.cfg
- sed -i "s|path_countrycode_to_coord_JSON=./data/country_code_lat_long.json|path_countrycode_to_coord_JSON=$PWD/data/country_code_lat_long.json|" config/config.cfg
+ gsed -i "s|pathMaxMindDB=./data/GeoLite2-City/GeoLite2-City.mmdb|pathMaxMindDB=$PWD/data/GeoLite2-City/GeoLite2-City.mmdb|" config/config.cfg
+ gsed -i "s|path_countrycode_to_coord_JSON=./data/country_code_lat_long.json|path_countrycode_to_coord_JSON=$PWD/data/country_code_lat_long.json|" config/config.cfg
fi
## Web stuff
```
```
cd /usr/local/www
sudo mkdir misp-dashboard
sudo chown www:www misp-dashboard
sudo -u www git clone https://github.com/MISP/misp-dashboard.git
cd misp-dashboard
#/!\ Made on Linux, the next script will fail
#sudo /usr/local/www/misp-dashboard/install_dependencies.sh
sudo virtualenv -ppython3 /usr/local/www/misp-dashboard/DASHENV
sudo chown -R www DASHENV/
sudo -u www /usr/local/www/misp-dashboard/DASHENV/bin/pip install -U pip argparse redis zmq geoip2 flask phonenumbers pycountry
sudo gsed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /usr/local/www/misp-dashboard/config/config.cfg
sudo gsed -i -e '$i \sudo -u www bash /usr/local/www/misp-dashboard/start_all.sh\n' /etc/rc.local
#/!\ Add port 8001 as a listener
#sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
sudo pkg install -y ap24-py36-mod_wsgi
echo "<VirtualHost *:8001>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot /usr/local/www/misp-dashboard
WSGIDaemonProcess misp-dashboard \
user=misp group=misp \
python-home=/usr/local/www/misp-dashboard/DASHENV \
processes=1 \
threads=15 \
maximum-requests=5000 \
listen-backlog=100 \
queue-timeout=45 \
socket-timeout=60 \
connect-timeout=15 \
request-timeout=60 \
inactivity-timeout=0 \
deadlock-timeout=60 \
graceful-timeout=15 \
eviction-timeout=0 \
shutdown-timeout=5 \
send-buffer-size=0 \
receive-buffer-size=0 \
header-buffer-size=0 \
response-buffer-size=0 \
server-metrics=Off
WSGIScriptAlias / /usr/local/www/misp-dashboard/misp-dashboard.wsgi
<Directory /usr/local/www/misp-dashboard>
WSGIProcessGroup misp-dashboard
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
LogLevel info
ErrorLog /usr/local/log/apache2/misp-dashboard.local_error.log
CustomLog /usr/local/log/apache2/misp-dashboard.local_access.log combined
ServerSignature Off
</VirtualHost>" | sudo tee /usr/local/etc/apache24/sites-available/misp-dashboard.conf
sudo ln -s /usr/local/etc/apache24/sites-available/misp-dashboard.conf /usr/local/etc/apache24/sites-enabled/misp-dashboard.conf
```
Add this to /etc/httpd2.conf
```
LoadModule wsgi_module /usr/local/lib/apache2/mod_wsgi.so
Listen 8001
```
```
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
```
#### misp-modules (section deprecated)
-------------------------------
!!! notice
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
Then the enrichment, export and import modules can be enabled in MISP via the settings.

73
docs/xINSTALL.centos7.md
View File

@ -5,7 +5,7 @@
--------------------------------------------
!!! notice
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20180906<br />
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113<br />
It is still considered experimental as not everything works seemlessly.
@ -55,7 +55,7 @@ sudo yum install centos-release-scl -y
sudo yum install vim -y
# Install the dependencies:
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel -y
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel ssdeep-devel -y
# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
@ -110,8 +110,8 @@ sudo -u apache git submodule foreach --recursive git config core.filemode false
# Create a python3 virtualenv
sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
sudo mkdir /var/www/.cache/
sudo chown apache:apache /var/www/.cache
sudo mkdir /usr/share/httpd/.cache
sudo chown apache:apache /usr/share/httpd/.cache
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U pip
# install Mitre's STIX and its dependencies by running the following commands:
@ -135,6 +135,9 @@ sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U zmq
# install redis
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U redis
# install magic, lief, pydeep
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U python-magic lief git+https://github.com/kbandla/pydeep.git
# install mixbox to accommodate the new STIX dependencies:
cd /var/www/MISP/app/files/scripts/
sudo -u apache git clone https://github.com/CybOXProject/mixbox.git
@ -143,6 +146,7 @@ sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
# install PyMISP
cd /var/www/MISP/PyMISP
sudo -u apache $PATH_TO_MISP/venv/bin/pip install enum34
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
# Enable python3 for php-fpm
@ -285,6 +289,18 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
### 7/ Apache configuration
-----------------------
!!! notice
SELinux note, to check if it is running:
```bash
$ sestatus
SELinux status: disabled
```
If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
!!! warning
This guide only copies a stock **NON-SSL** configuration file.
```bash
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
@ -331,6 +347,8 @@ sudo firewall-cmd --reload
To be fixed - Place holder
```bash
sudo mkdir /etc/ssl/private
sudo chmod 700 /etc/ssl/private
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
@ -360,7 +378,7 @@ sudo semodule -i /tmp/misplogrotate.pp
### 9/ MISP configuration
---------------------
```
```bash
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
sudo -u apache cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
sudo -u apache cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
@ -438,13 +456,50 @@ sudo gpg --homedir /var/www/MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sud
sudo chown apache:apache /var/www/MISP/app/webroot/gpg.asc
# Start the workers to enable background jobs
chmod +x /var/www/MISP/app/Console/worker/start.sh
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
sudo -u apache $RUN_PHP /var/www/MISP/app/Console/worker/start.sh
# Add the following line at the end
su -s /bin/bash apache -c 'scl enable rh-php71 /var/www/MISP/app/Console/worker/start.sh'
# and make sure it will execute
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
echo 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod u+x /etc/rc.local
fi
sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php71 /var/www/MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
# Make sure it will execute
sudo chmod +x /etc/rc.local
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
```
# some misp-modules dependencies
sudo yum install -y openjpeg-devel
sudo chmod 2777 /usr/local/src
sudo chown root:users /usr/local/src
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
cd misp-modules
# pip install
sudo $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
sudo yum install rubygem-rouge -y
##sudo gem install asciidoctor-pdf --pre
# install STIX2.0 library to support STIX 2.0 export:
sudo -u apache $PATH_TO_MISP/venv/bin/pip install stix2
# install additional dependencies for extended object generation and extraction
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
# Start misp-modules
sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
```
{!generic/MISP_CAKE_init_centos.md!}

1
mkdocs.yml
View File

@ -89,6 +89,7 @@ nav:
- Old guides:
- '2.3 to 2.4 upgrade': 'archive/old-2_3to2_4-UPGRADE.md'
- 'Ubuntu 16.04': 'archive/INSTALL.ubuntu1604.md'
- 'FreeBSD': 'archive/xINSTALL.FreeBSD.md'
- About:
- 'MISP Release Notes': 'Changelog.md'
- 'License': 'license.md'