mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
c0af417a43
|
@ -1,490 +0,0 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for FreeBSD 11.2-amd64
|
||||
|
||||
0/ WIP /!\ You are warned, this does not work yet! /!\
|
||||
|
||||
NOT working: pydeep, lief, py-yara, MAEC
|
||||
|
||||
1/ Minimal FreeBSD install
|
||||
--------------------------
|
||||
|
||||
# Install standard FreeBSD-amd64 with:
|
||||
- sshd
|
||||
- ntpd
|
||||
- ports
|
||||
|
||||
# System Hardening
|
||||
|
||||
- Clean /tmp
|
||||
- Disable Syslogd network socket
|
||||
- Disable Sendmail service
|
||||
|
||||
# Install pkg and point to latest
|
||||
|
||||
Install pkg by typing:
|
||||
```
|
||||
$ su -
|
||||
# pkg
|
||||
```
|
||||
|
||||
# Install sudo
|
||||
|
||||
pkg install sudo
|
||||
|
||||
# Install bash
|
||||
|
||||
sudo pkg install bash
|
||||
|
||||
Make sure users in group wheel can sudo, uncomment in /usr/local/etc/sudoers :
|
||||
```
|
||||
%wheel ALL=(ALL) ALL
|
||||
```
|
||||
|
||||
# Update system
|
||||
```
|
||||
sudo freebsd-update fetch install
|
||||
```
|
||||
|
||||
# Make python3 default
|
||||
|
||||
echo "DEFAULT_VERSIONS= python=3.6 python2=2.7 python3=3.6" >> /etc/make.conf
|
||||
sudo ln -s /usr/local/bin/python3 /usr/local/bin/python
|
||||
|
||||
# Install postfix
|
||||
```
|
||||
sudo pkg install postfix
|
||||
|
||||
# Optional but useful, add a local misp user
|
||||
sudo pw user add misp -s /usr/local/bin/bash -G wheel,www
|
||||
sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
|
||||
sudo passwd misp
|
||||
```
|
||||
|
||||
# FAMP
|
||||
## Install misc dependencies
|
||||
```
|
||||
sudo pkg install curl git python3 vim m4 help2man gmake automake libtool
|
||||
```
|
||||
|
||||
/!\ N.B: MariaDB 10.3 currently segfaults on 11.2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229219
|
||||
|
||||
```
|
||||
sudo pkg install apache24 \
|
||||
logrotate \
|
||||
gnupg \
|
||||
mariadb102-server mariadb102-client \
|
||||
php72 \
|
||||
php72-mysqli \
|
||||
php72-xml \
|
||||
php72-openssl \
|
||||
php72-pcntl \
|
||||
php72-mbstring \
|
||||
php72-pdo_mysql \
|
||||
php72-phar \
|
||||
php72-json \
|
||||
php72-filter \
|
||||
php72-dom \
|
||||
php72-opcache \
|
||||
php72-session \
|
||||
mod_php72
|
||||
|
||||
sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini
|
||||
|
||||
sudo sysrc apache24_enable="yes"
|
||||
sudo sysrc mysql_enable="yes"
|
||||
sudo sysrc mysql_args="--bind-address=127.0.0.1"
|
||||
sudo service apache24 start
|
||||
sudo service mysql-server start
|
||||
sudo /usr/local/bin/mysql_secure_installation
|
||||
```
|
||||
|
||||
```
|
||||
sudo vi /usr/local/etc/apache24/Includes/php.conf
|
||||
```
|
||||
|
||||
Add:
|
||||
```
|
||||
<IfModule dir_module>
|
||||
DirectoryIndex index.php index.html
|
||||
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.phps$">
|
||||
SetHandler application/x-httpd-php-source
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
```
|
||||
|
||||
|
||||
## Redis need to be installed via ports
|
||||
|
||||
```
|
||||
cd /usr/ports/databases/redis
|
||||
sudo make install clean
|
||||
sudo sysrc redis_enable="yes"
|
||||
```
|
||||
|
||||
### php-redis
|
||||
```
|
||||
cd /use/ports/databases/pecl-redis
|
||||
sudo make install clean
|
||||
```
|
||||
|
||||
## Maybe needed, had to add the path for php CLI to work…
|
||||
add this: PATH=$PATH:/usr/local/bin
|
||||
to: /usr/local/etc/apache24/envvars.d/php.env
|
||||
|
||||
|
||||
```
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
|
||||
# Download MISP using git in the /usr/local/www/ directory.
|
||||
sudo mkdir /usr/local/www/MISP
|
||||
sudo chown www:www /usr/local/www/MISP
|
||||
cd /usr/local/www/MISP
|
||||
sudo -u www git clone https://github.com/MISP/MISP.git /usr/local/www/MISP
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
##sudo apt-get install python-dev zlib1g-dev python-setuptools
|
||||
sudo pkg install py27-pip py36-pip libxml2 libxslt
|
||||
|
||||
cd /usr/local/www/MISP/app/files/scripts
|
||||
sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /usr/local/www/MISP/app/files/scripts/python-cybox
|
||||
sudo python3 setup.py install
|
||||
cd /usr/local/www/MISP/app/files/scripts/python-stix
|
||||
sudo python3 setup.py install
|
||||
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /usr/local/www/MISP/app/files/scripts/
|
||||
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd /usr/local/www/MISP/app/files/scripts/mixbox
|
||||
sudo python3 setup.py install
|
||||
|
||||
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd /usr/local/www/MISP
|
||||
sudo -u www git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /usr/local/www/MISP/app
|
||||
sudo -u www php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www php composer.phar config vendor-dir Vendor
|
||||
sudo -u www php composer.phar install
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www cp -fa /usr/local/www/MISP/INSTALL/setup/config.php /usr/local/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www:www /usr/local/www/MISP
|
||||
sudo chmod -R 750 /usr/local/www/MISP
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files/scripts/tmp
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www sh -c "mysql -u misp -p misp < /usr/local/www/MISP/INSTALL/MYSQL.sql"
|
||||
# enter the password you set previously
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
```
|
||||
# Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/
|
||||
|
||||
#2.4
|
||||
sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
sudo mkdir /etc/ssl/private/
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=<Country>/ST=<State>/L=<Locality>/O=<Organization>/OU=<Organizational Unit Name>/CN=<QDN.here>/emailAddress=admin@<your.FQDN.here>" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
sudo chmod 750 /etc/ssl/private/
|
||||
sudo chmod 640 /etc/ssl/private/*
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
sudo mkdir /var/log/apache24/
|
||||
```
|
||||
|
||||
Now edit: /usr/local/etc/apache24/sites-available/misp-ssl.conf to reflect the below.
|
||||
Make sure the ssl fqdn will reflect what you entered as a CN in the SSL-Cert.
|
||||
You might see this: "AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message"
|
||||
Edit:
|
||||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
Redirect permanent / https://<your.FQDN.here>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache24/misp.local_error.log
|
||||
CustomLog /var/log/apache24/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot /usr/local/www/MISP/app/webroot
|
||||
<Directory /usr/local/www/MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache24/misp.local_error.log
|
||||
CustomLog /var/log/apache24/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
```
|
||||
# activate new vhost
|
||||
cd /usr/local/etc/apache24/sites-enabled/
|
||||
sudo ln -s ../sites-available/misp-ssl.conf
|
||||
echo "Include etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
|
||||
echo "IncludeOptional etc/apache24/sites-enabled/*.conf" >> /usr/local/etc/apache24/httpd.conf
|
||||
|
||||
sudo vi /usr/local/etc/apache24/httpd.conf
|
||||
/!\ Enable mod_rewrite in httpd.conf /!\
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
LoadModule ssl_module libexec/apache24/mod_ssl.so
|
||||
Listen 443
|
||||
|
||||
# Restart apache
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
8/ Log rotation
|
||||
---------------
|
||||
# MISP saves the stdout and stderr of its workers in /usr/local/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
|
||||
chmod 0640 /usr/local/etc/logrotate.d/misp
|
||||
|
||||
9/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /usr/local/www/MISP/app/Config that need to be copied
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/bootstrap.default.php /usr/local/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/database.default.php /usr/local/www/MISP/app/Config/database.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/core.default.php /usr/local/www/MISP/app/Config/core.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/config.default.php /usr/local/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
sudo -u www vim /usr/local/www/MISP/app/Config/database.php
|
||||
# DATABASE_CONFIG has to be filled
|
||||
# With the default values provided in section 6, this would look like:
|
||||
# class DATABASE_CONFIG {
|
||||
# public $default = array(
|
||||
# 'datasource' => 'Database/Mysql',
|
||||
# 'persistent' => false,
|
||||
# 'host' => 'localhost',
|
||||
# 'login' => 'misp', // grant usage on *.* to misp@localhost
|
||||
# 'port' => 3306,
|
||||
# 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX';
|
||||
# 'database' => 'misp', // create database misp;
|
||||
# 'prefix' => '',
|
||||
# 'encoding' => 'utf8',
|
||||
# );
|
||||
#}
|
||||
|
||||
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
sudo -u www vim /usr/local/www/MISP/app/Config/config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www:www /usr/local/www/MISP/app/Config
|
||||
sudo chmod -R 750 /usr/local/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
sudo -u www mkdir /usr/local/www/MISP/.gnupg
|
||||
sudo chmod 700 /usr/local/www/MISP/.gnupg
|
||||
##### sudo -u www gpg --homedir /usr/local/www/MISP/.gnupg --gen-key <- Broken
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www sh -c "gpg --homedir /usr/local/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /usr/local/www/MISP/app/webroot/gpg.asc"
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /usr/local/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www with your apache user:
|
||||
sudo -u www bash /usr/local/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
# Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
sudo chmod -R 750 /usr/local/www/MISP/<directory path with an indicated issue>
|
||||
sudo chown -R www:www /usr/local/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /usr/local/www/MISP/app/tmp/logs/error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /usr/local/www/MISP/app/tmp/logs/resque-2015-01-01.log // where the actual date is the current date
|
||||
|
||||
set PATH_TO_MISP='/usr/local/www/MISP'
|
||||
set MISP_BASEURL=''
|
||||
set MISP_LIVE='1'
|
||||
set FQDN='localhost'
|
||||
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
|
||||
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.language" "eng"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.proposals_block_attributes" false
|
||||
## Redis block
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_database" 13
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Tune global time outs
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.timeout" 600
|
||||
sudo $PATH_TO_MISP/app/Console/cake Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL/MariaDB
|
||||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
10/ MISP modulesß
|
||||
|
||||
sudo pkg install yara
|
||||
sudo mkdir /usr/local/src/
|
||||
cd /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip3 install
|
||||
sudo pip-3.6 install -I -r REQUIREMENTS
|
||||
sudo pip-3.6 install -I .
|
||||
##sudo pip-3.6 install lief
|
||||
sudo pip-3.6 install maec
|
||||
sudo pip-3.6 install pymisp python-magic wand yara
|
||||
##sudo pip-3.6 install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# pip2 install
|
||||
sudo pip-2.7 install pymisp python-magic wand yara
|
||||
##sudo pip-2.7 install git+https://github.com/kbandla/pydeep.git
|
||||
##sudo pip-2.7 install lief
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo pip-3.6 install stix2
|
||||
|
||||
Add this to rc.local:
|
||||
|
||||
```
|
||||
sudo -u www misp-modules -l 0.0.0.0 -s &
|
||||
```
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
sudo pkg install libzmq4
|
||||
# ZeroMQ depends on the Python client for Redis
|
|
@ -0,0 +1 @@
|
|||
../../docs/archive/xINSTALL.FreeBSD.md
|
|
@ -46,7 +46,7 @@ class AppController extends Controller
|
|||
|
||||
public $helpers = array('Utility', 'OrgImg');
|
||||
|
||||
private $__queryVersion = '49';
|
||||
private $__queryVersion = '50';
|
||||
public $pyMispVersion = '2.4.96';
|
||||
public $phpmin = '5.6.5';
|
||||
public $phprec = '7.0.16';
|
||||
|
@ -631,6 +631,11 @@ class AppController extends Controller
|
|||
}
|
||||
}
|
||||
}
|
||||
foreach ($data as $k => $v) {
|
||||
if (!is_array($data[$k])) {
|
||||
$data[$k] = trim($data[$k]);
|
||||
}
|
||||
}
|
||||
if (!empty($options['additional_delimiters'])) {
|
||||
if (!is_array($options['additional_delimiters'])) {
|
||||
$options['additional_delimiters'] = array($options['additional_delimiters']);
|
||||
|
|
|
@ -59,15 +59,18 @@ class AttributesController extends AppController
|
|||
{
|
||||
$this->Attribute->recursive = -1;
|
||||
if (!$this->_isRest()) {
|
||||
$this->paginate['contain'] = array(
|
||||
'Event' => array(
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id')
|
||||
$this->paginate['recursive'] = -1;
|
||||
$this->paginate['contain'] = array(
|
||||
'Event' => array(
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
|
||||
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
|
||||
'Org' => array('fields' => array('Org.id', 'Org.name'))
|
||||
),
|
||||
'Object' => array(
|
||||
'AttributeTag' => array('Tag'),
|
||||
'Object' => array(
|
||||
'fields' => array('Object.id', 'Object.distribution', 'Object.sharing_group_id')
|
||||
),
|
||||
'AttributeTag'
|
||||
);
|
||||
)
|
||||
);
|
||||
$this->Attribute->contain(array('AttributeTag' => array('Tag')));
|
||||
}
|
||||
$this->set('isSearch', 0);
|
||||
|
@ -77,28 +80,6 @@ class AttributesController extends AppController
|
|||
}
|
||||
$org_ids = array();
|
||||
$tag_ids = array();
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
if (empty($attribute['Event']['id'])) {
|
||||
unset($attribute[$k]);
|
||||
continue;
|
||||
}
|
||||
if ($attribute['Attribute']['type'] == 'attachment' && preg_match('/.*\.(jpg|png|jpeg|gif)$/i', $attribute['Attribute']['value'])) {
|
||||
$attributes[$k]['Attribute']['image'] = $this->Attribute->base64EncodeAttachment($attribute['Attribute']);
|
||||
}
|
||||
if (!in_array($attribute['Event']['orgc_id'], $org_ids)) {
|
||||
$org_ids[] = $attribute['Event']['orgc_id'];
|
||||
}
|
||||
if (!in_array($attribute['Event']['org_id'], $org_ids)) {
|
||||
$org_ids[] = $attribute['Event']['org_id'];
|
||||
}
|
||||
if (!empty($attribute['AttributeTag'])) {
|
||||
foreach ($attribute['AttributeTag'] as $k => $v) {
|
||||
if (!in_array($v['tag_id'], $tag_ids)) {
|
||||
$tag_ids[] = $v['tag_id'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$orgs = $this->Attribute->Event->Orgc->find('list', array(
|
||||
'conditions' => array('Orgc.id' => $org_ids),
|
||||
'fields' => array('Orgc.id', 'Orgc.name')
|
||||
|
@ -110,21 +91,16 @@ class AttributesController extends AppController
|
|||
'fields' => array('Tag.id', 'Tag.name', 'Tag.colour')
|
||||
));
|
||||
}
|
||||
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
$attributes[$k]['Event']['Orgc'] = array('id' => $attribute['Event']['orgc_id'], 'name' => $orgs[$attribute['Event']['orgc_id']]);
|
||||
$attributes[$k]['Event']['Org'] = array('id' => $attribute['Event']['org_id'], 'name' => $orgs[$attribute['Event']['org_id']]);
|
||||
if (!empty($attribute['AttributeTag'])) {
|
||||
foreach ($attribute['AttributeTag'] as $kat => $at) {
|
||||
foreach ($tags as $ktag => $tag) {
|
||||
if ($tag['Tag']['id'] == $at['tag_id']) {
|
||||
$attributes[$k]['AttributeTag'][$kat]['Tag'] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!$this->_isRest()) {
|
||||
$temp = $this->__searchUI($attributes);
|
||||
$this->loadModel('Galaxy');
|
||||
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
|
||||
$attributes = $temp[0];
|
||||
$sightingsData = $temp[1];
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
}
|
||||
$this->set('orgs', $orgs);
|
||||
$this->set('shortDist', $this->Attribute->shortDist);
|
||||
$this->set('attributes', $attributes);
|
||||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
|
@ -190,9 +166,10 @@ class AttributesController extends AppController
|
|||
} else {
|
||||
$values = explode("\n", $this->request->data['Attribute']['value']);
|
||||
}
|
||||
$temp = $this->request->data['Attribute'];
|
||||
foreach ($values as $value) {
|
||||
$this->request->data['Attribute']['value'] = $value;
|
||||
$attributes[] = $this->request->data['Attribute'];
|
||||
$temp['value'] = $value;
|
||||
$attributes[] = $temp;
|
||||
}
|
||||
} else {
|
||||
$attributes = $this->request->data['Attribute'];
|
||||
|
@ -318,18 +295,19 @@ class AttributesController extends AppController
|
|||
if (empty($fails)) {
|
||||
$message = 'Attributes saved.';
|
||||
} else {
|
||||
if (count($attributes) > 1) {
|
||||
if ($attributeCount > 1) {
|
||||
$failKeys = array_keys($fails);
|
||||
foreach ($failKeys as $k => $v) {
|
||||
$v = explode('_', $v);
|
||||
$failKeys[$k] = intval($v[1]) + 1;
|
||||
$failKeys[$k] = intval($v[1]);
|
||||
}
|
||||
$message = 'Attributes saved, however, attributes ' . implode(', ', $failKeys) . ' could not be saved.';
|
||||
$failed = 1;
|
||||
$message = sprintf('Attributes saved, however, %s attributes could not be saved. Click %s for more info', count($fails), '$flashErrorMessage');
|
||||
} else {
|
||||
if (!empty($fails["attribute_0"])) {
|
||||
foreach ($fails["attribute_0"] as $k => $v) {
|
||||
$failed = 1;
|
||||
$message = '$this->Flash->info [' . $k . ']: ' . $v[0];
|
||||
$message = $k . ': ' . $v[0];
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
|
@ -338,6 +316,25 @@ class AttributesController extends AppController
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!empty($failKeys)) {
|
||||
$flashErrorMessage = array();
|
||||
$original_values = trim($this->request->data['Attribute']['value']);
|
||||
$original_values = explode("\n", $original_values);
|
||||
foreach ($original_values as $k => $original_value) {
|
||||
$original_value = trim($original_value);
|
||||
if (in_array($k, $failKeys)) {
|
||||
$reason = '';
|
||||
foreach ($fails["attribute_" . $k] as $failKey => $failData) {
|
||||
$reason = $failKey . ': ' . $failData[0];
|
||||
}
|
||||
$flashErrorMessage[] = '<span class="red bold">' . h($original_value) . '</span> (' . h($reason) . ')';
|
||||
} else {
|
||||
$flashErrorMessage[] = '<span class="green bold">' . h($original_value) . '</span>';
|
||||
}
|
||||
}
|
||||
$flashErrorMessage = implode('<br />', $flashErrorMessage);
|
||||
$this->Session->write('flashErrorMessage', $flashErrorMessage);
|
||||
}
|
||||
if ($this->request->is('ajax')) {
|
||||
$this->autoRender = false;
|
||||
$errors = ($attributeCount > 1) ? $message : $this->Attribute->validationErrors;
|
||||
|
@ -1574,6 +1571,7 @@ class AttributesController extends AppController
|
|||
$this->set('attrDescriptions', $this->Attribute->fieldDescriptions);
|
||||
$this->set('typeDefinitions', $this->Attribute->typeDefinitions);
|
||||
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
|
||||
$this->set('shortDist', $this->Attribute->shortDist);
|
||||
if ($this->request->is('post')) {
|
||||
if (isset($this->request->data['Attribute'])) {
|
||||
$this->request->data = $this->request->data['Attribute'];
|
||||
|
@ -1622,6 +1620,9 @@ class AttributesController extends AppController
|
|||
}
|
||||
if (isset($filters)) {
|
||||
$params = $this->Attribute->restSearch($this->Auth->user(), 'json', $filters, true);
|
||||
if (!isset($params['conditions']['Attribute.deleted'])) {
|
||||
$params['conditions']['Attribute.deleted'] = 0;
|
||||
}
|
||||
$this->paginate = $params;
|
||||
if (empty($this->paginate['limit'])) {
|
||||
$this->paginate['limit'] = 60;
|
||||
|
@ -1632,7 +1633,7 @@ class AttributesController extends AppController
|
|||
$this->paginate['recursive'] = -1;
|
||||
$this->paginate['contain'] = array(
|
||||
'Event' => array(
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id'),
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.info', 'Event.user_id', 'Event.date'),
|
||||
'Orgc' => array('fields' => array('Orgc.id', 'Orgc.name')),
|
||||
'Org' => array('fields' => array('Org.id', 'Org.name'))
|
||||
),
|
||||
|
@ -1642,6 +1643,16 @@ class AttributesController extends AppController
|
|||
)
|
||||
);
|
||||
$attributes = $this->paginate();
|
||||
if (!$this->_isRest()) {
|
||||
$temp = $this->__searchUI($attributes);
|
||||
$this->loadModel('Galaxy');
|
||||
$this->set('mitreAttackGalaxyId', $this->Galaxy->getMitreAttackGalaxyId());
|
||||
$attributes = $temp[0];
|
||||
$sightingsData = $temp[1];
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
} else {
|
||||
return $this->RestResponse->viewData($attributes, $this->response->type());
|
||||
}
|
||||
$this->set('filters', $filters);
|
||||
$this->set('attributes', $attributes);
|
||||
$this->set('isSearch', 1);
|
||||
|
@ -1652,6 +1663,44 @@ class AttributesController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
private function __searchUI($attributes) {
|
||||
$sightingsData = array();
|
||||
$sgids = $this->Attribute->Event->cacheSgids($this->Auth->user(), true);
|
||||
$this->Feed = ClassRegistry::init('Feed');
|
||||
if (!empty($options['overrideLimit'])) {
|
||||
$overrideLimit = true;
|
||||
} else {
|
||||
$overrideLimit = false;
|
||||
}
|
||||
$this->loadModel('GalaxyCluster');
|
||||
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
|
||||
$this->loadModel('Sighting');
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
$attributes[$k]['Attribute']['AttributeTag'] = $attributes[$k]['AttributeTag'];
|
||||
$attributes[$k]['Attribute'] = $this->Attribute->Event->massageTags($attributes[$k]['Attribute'], 'Attribute');
|
||||
unset($attributes[$k]['AttributeTag']);
|
||||
foreach ($attributes[$k]['Attribute']['AttributeTag'] as $k2 => $attributeTag) {
|
||||
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
|
||||
unset($attributes[$k]['Attribute']['AttributeTag'][$k2]);
|
||||
}
|
||||
}
|
||||
$sightingsData = array_merge(
|
||||
$sightingsData,
|
||||
$this->Sighting->attachToEvent($attribute, $this->Auth->user(), $attributes[$k]['Attribute']['id'], $extraConditions = false)
|
||||
);
|
||||
$correlations = $this->Attribute->Event->getRelatedAttributes($this->Auth->user(), $attributes[$k]['Attribute']['id'], false, false, 'attribute');
|
||||
if (!empty($correlations)) {
|
||||
$attributes[$k]['Attribute']['RelatedAttribute'] = $correlations[$attributes[$k]['Attribute']['id']];
|
||||
}
|
||||
$temp = $this->Feed->attachFeedCorrelations(array($attributes[$k]['Attribute']), $this->Auth->user, $attributes[$k]['Event'], $overrideLimit);
|
||||
if (!empty($temp)) {
|
||||
$attributes[$k]['Attribute'] = $temp[0];
|
||||
}
|
||||
}
|
||||
$sightingsData = $this->Attribute->Event->getSightingData(array('Sighting' => $sightingsData));
|
||||
return array($attributes, $sightingsData);
|
||||
}
|
||||
|
||||
// If the checkbox for the alternate search is ticked, then this method is called to return the data to be represented
|
||||
// This alternate view will show a list of events with matching search results and the percentage of those matched attributes being marked as to_ids
|
||||
// events are sorted based on relevance (as in the percentage of matches being flagged as indicators for IDS)
|
||||
|
|
|
@ -1268,7 +1268,8 @@ class EventsController extends AppController
|
|||
}
|
||||
}
|
||||
}
|
||||
$params = $this->Event->rearrangeEventForView($event);
|
||||
$passedArgs = array('sort' => 'timestamp', 'direction' => 'desc');
|
||||
$params = $this->Event->rearrangeEventForView($event, $passedArgs);
|
||||
$this->params->params['paging'] = array($this->modelClass => $params);
|
||||
$this->set('event', $event);
|
||||
$dataForView = array(
|
||||
|
|
|
@ -500,6 +500,13 @@ class TagsController extends AppController
|
|||
'contain' => array('Tag'),
|
||||
'fields' => array('Tag.id', 'Tag.colour', 'Tag.name'),
|
||||
));
|
||||
$this->loadModel('GalaxyCluster');
|
||||
$cluster_names = $this->GalaxyCluster->find('list', array('fields' => array('GalaxyCluster.tag_name'), 'group' => array('GalaxyCluster.tag_name', 'GalaxyCluster.id')));
|
||||
foreach ($attributeTags as $k => $attributeTag) {
|
||||
if (in_array($attributeTag['Tag']['name'], $cluster_names)) {
|
||||
unset($attributeTags[$k]);
|
||||
}
|
||||
}
|
||||
$event = $this->Tag->AttributeTag->Attribute->Event->find('first', array(
|
||||
'recursive' => -1,
|
||||
'fields' => array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.user_id'),
|
||||
|
|
|
@ -228,7 +228,7 @@ class ComplexTypeTool
|
|||
);
|
||||
|
||||
// algorithms to run through in order
|
||||
private $__checks = array('Hashes', 'Email', 'IP', 'DomainOrFilename', 'SimpleRegex', 'AS');
|
||||
private $__checks = array('Hashes', 'Email', 'IP', 'DomainOrFilename', 'SimpleRegex', 'AS', 'BTC');
|
||||
|
||||
private function __resolveType($raw_input)
|
||||
{
|
||||
|
@ -247,6 +247,14 @@ class ComplexTypeTool
|
|||
return false;
|
||||
}
|
||||
|
||||
private function __checkForBTC($input)
|
||||
{
|
||||
if (preg_match("#^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$#i", $input['raw'])) {
|
||||
return array('types' => array('btc'), 'categories' => array('Financial fraud'), 'to_ids' => true, 'default_type' => 'btc', 'value' => $input['raw']);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private function __checkForEmail($input)
|
||||
{
|
||||
// quick filter for an @ to see if we should validate a potential e-mail address
|
||||
|
|
|
@ -1774,11 +1774,13 @@ class AppModel extends Model
|
|||
if (!isset($filter['OR']) && !isset($filter['NOT']) && !isset($filter['AND'])) {
|
||||
$temp = array();
|
||||
foreach ($filter as $param) {
|
||||
if ($param[0] === '!') {
|
||||
$temp['NOT'][] = substr($param, 1);
|
||||
} else {
|
||||
$temp['OR'][] = $param;
|
||||
}
|
||||
if (!empty($param)) {
|
||||
if ($param[0] === '!') {
|
||||
$temp['NOT'][] = substr($param, 1);
|
||||
} else {
|
||||
$temp['OR'][] = $param;
|
||||
}
|
||||
}
|
||||
}
|
||||
$filter = $temp;
|
||||
}
|
||||
|
|
|
@ -3852,4 +3852,5 @@ class Attribute extends AppModel
|
|||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -740,16 +740,18 @@ class Event extends AppModel
|
|||
return $relatedEvents;
|
||||
}
|
||||
|
||||
public function getRelatedAttributes($user, $id = null, $sgids, $shadowAttribute = false)
|
||||
public function getRelatedAttributes($user, $id = null, $sgids, $shadowAttribute = false, $scope = 'event')
|
||||
{
|
||||
$context = $shadowAttribute ? 'ShadowAttribute' : 'Attribute';
|
||||
$settings = array(
|
||||
'Attribute' => array('model' => 'Attribute', 'correlationModel' => 'Correlation', 'parentIdField' => '1_attribute_id'),
|
||||
'ShadowAttribute' => array('model' => 'ShadowAttribute', 'correlationModel' => 'ShadowAttributeCorrelation', 'parentIdField' => '1_shadow_attribute_id')
|
||||
);
|
||||
if ($id == null) {
|
||||
if ($scope === 'event' && $id == null) {
|
||||
$id = $this->data['Event']['id'];
|
||||
}
|
||||
} else if ($scope === 'attribute' && $id == null) {
|
||||
$id = $this->data['Attribute']['id'];
|
||||
}
|
||||
if (!isset($sgids) || empty($sgids)) {
|
||||
$sgids = array(-1);
|
||||
}
|
||||
|
@ -757,7 +759,7 @@ class Event extends AppModel
|
|||
if (!$user['Role']['perm_site_admin']) {
|
||||
$conditionsCorrelation = array(
|
||||
'AND' => array(
|
||||
$settings[$context]['correlationModel'] . '.1_event_id' => $id,
|
||||
$settings[$context]['correlationModel'] . '.1_' . $scope . '_id' => $id,
|
||||
array(
|
||||
'OR' => array(
|
||||
$settings[$context]['correlationModel'] . '.org_id' => $user['org_id'],
|
||||
|
@ -802,7 +804,7 @@ class Event extends AppModel
|
|||
)
|
||||
);
|
||||
} else {
|
||||
$conditionsCorrelation = array($settings[$context]['correlationModel'] . '.1_event_id' => $id);
|
||||
$conditionsCorrelation = array($settings[$context]['correlationModel'] . '.1_' . $scope . '_id' => $id);
|
||||
}
|
||||
$max_correlations = Configure::read('MISP.max_correlations_per_event');
|
||||
if (empty($max_correlations)) {
|
||||
|
@ -5152,6 +5154,9 @@ class Event extends AppModel
|
|||
public function massageTags($data, $dataType = 'Event', $excludeGalaxy = false)
|
||||
{
|
||||
$data['Galaxy'] = array();
|
||||
if (empty($this->GalaxyCluster)) {
|
||||
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
|
||||
}
|
||||
// unset empty event tags that got added because the tag wasn't exportable
|
||||
if (!empty($data[$dataType . 'Tag'])) {
|
||||
foreach ($data[$dataType . 'Tag'] as $k => &$dataTag) {
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<span id="PromptYesButton" title="<?php echo __('Toggle correlation for attribute'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle correlation for attribute'); ?>" class="btn btn-primary" onClick="toggleCorrelation(<?php echo h($attribute['Attribute']['id']); ?>);"><?php echo __('Yes'); ?></span>
|
||||
<span id="PromptYesButton" title="<?php echo __('Toggle correlation for attribute'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle correlation for attribute'); ?>" class="btn btn-primary" onClick="toggleCorrelation(<?php echo h($attribute['Attribute']['id']); ?>, 1);"><?php echo __('Yes'); ?></span>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
</td>
|
||||
|
|
|
@ -42,147 +42,83 @@
|
|||
?>
|
||||
</ul>
|
||||
</div>
|
||||
<table class="table table-striped table-hover table-condensed">
|
||||
<tr>
|
||||
<th><?php echo $this->Paginator->sort('event_id');?></th>
|
||||
<?php if (Configure::read('MISP.showorg') || $isAdmin): ?>
|
||||
<th><?php echo $this->Paginator->sort('Event.orgc_id', 'Org');?></th>
|
||||
<?php endif; ?>
|
||||
<th><?php echo $this->Paginator->sort('category');?></th>
|
||||
<th><?php echo $this->Paginator->sort('type');?></th>
|
||||
<th><?php echo $this->Paginator->sort('value');?></th>
|
||||
<th>Tags</th>
|
||||
<th><?php echo $this->Paginator->sort('comment');?></th>
|
||||
<th<?php echo ' title="' . $attrDescriptions['signature']['desc'] . '"';?>>
|
||||
<?php echo $this->Paginator->sort('IDS');?></th>
|
||||
<th class="actions">Actions</th>
|
||||
</tr>
|
||||
<?php
|
||||
$currentCount = 0;
|
||||
if ($isSearch == 1) {
|
||||
// sanitize data
|
||||
$toHighlight = array('value', 'comment');
|
||||
$keywordArray = array();
|
||||
foreach ($toHighlight as $highlightedElement) {
|
||||
if (!empty($filters[$highlightedElement])) {
|
||||
if (!is_array($filters[$highlightedElement])) {
|
||||
$filters[$highlightedElement] = array($filters[$highlightedElement]);
|
||||
}
|
||||
foreach ($filters[$highlightedElement] as $highlightedString) {
|
||||
$keywordArray[] = $highlightedString;
|
||||
<?php
|
||||
$headers = array(
|
||||
$this->Paginator->sort('date'),
|
||||
$this->Paginator->sort('event_id'),
|
||||
$this->Paginator->sort('Event.orgc_id', 'Org'),
|
||||
$this->Paginator->sort('category'),
|
||||
$this->Paginator->sort('type'),
|
||||
$this->Paginator->sort('value'),
|
||||
__('Tags'),
|
||||
__('Galaxies'),
|
||||
$this->Paginator->sort('comment'),
|
||||
__('Correlate'),
|
||||
__('Related Events'),
|
||||
__('Feed hits'),
|
||||
sprintf('<span title="%s">%s</th>', $attrDescriptions['signature']['desc'], $this->Paginator->sort('IDS')),
|
||||
$this->Paginator->sort('distribution'),
|
||||
__('Sightings'),
|
||||
__('Activity'),
|
||||
__('Actions')
|
||||
);
|
||||
foreach ($headers as $k => &$header) {
|
||||
if ($k == (count($headers)-1)) {
|
||||
$header = sprintf('<th title="%s">%s</th>', $attrDescriptions['signature']['desc'], $header);
|
||||
} else {
|
||||
$header = sprintf('<th>%s</th>', $header);
|
||||
}
|
||||
}
|
||||
$rows = array(
|
||||
sprintf('<tr>%s</tr>', implode('', $headers))
|
||||
);
|
||||
$currentCount = 0;
|
||||
if ($isSearch == 1) {
|
||||
// sanitize data
|
||||
$toHighlight = array('value', 'comment');
|
||||
$keywordArray = array();
|
||||
foreach ($toHighlight as $highlightedElement) {
|
||||
if (!empty($filters[$highlightedElement])) {
|
||||
if (!is_array($filters[$highlightedElement])) {
|
||||
$filters[$highlightedElement] = array($filters[$highlightedElement]);
|
||||
}
|
||||
foreach ($filters[$highlightedElement] as $highlightedString) {
|
||||
$keywordArray[] = $highlightedString;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// build the $replacePairs variable used to highlight the keywords
|
||||
$replacePairs = $this->Highlight->build_replace_pairs($keywordArray);
|
||||
}
|
||||
|
||||
foreach ($attributes as $attribute):
|
||||
// build the $replacePairs variable used to highlight the keywords
|
||||
$replacePairs = $this->Highlight->build_replace_pairs($keywordArray);
|
||||
}
|
||||
foreach ($attributes as $k => $attribute) {
|
||||
$event = array(
|
||||
'Event' => $attribute['Event'],
|
||||
'Orgc' => $attribute['Event']['Orgc'],
|
||||
);
|
||||
$mayModify = ($isSiteAdmin || ($isAclModify && $event['Event']['user_id'] == $me['id'] && $attribute['Event']['orgc_id'] == $me['org_id']) || ($isAclModifyOrg && $attribute['Event']['orgc_id'] == $me['org_id']));
|
||||
$mayPublish = ($isAclPublish && $attribute['Event']['orgc_id'] == $me['org_id']);
|
||||
$mayChangeCorrelation = !Configure::read('MISP.completely_disable_correlation') && ($isSiteAdmin || ($mayModify && Configure::read('MISP.allow_disabling_correlation')));
|
||||
$mayModify = $attribute['Event']['orgc_id'] === $me['org_id'] ? true : false;
|
||||
if (!empty($attribute['Attribute']['RelatedAttribute'])) {
|
||||
$event['RelatedAttribute'] = array($attribute['Attribute']['id'] => $attribute['Attribute']['RelatedAttribute']);
|
||||
}
|
||||
$rows[] = $this->element('/Events/View/row_attribute', array(
|
||||
'object' => $attribute['Attribute'],
|
||||
'k' => $k,
|
||||
'mayModify' => $mayModify,
|
||||
'mayChangeCorrelation' => $mayChangeCorrelation,
|
||||
'page' => 1,
|
||||
'fieldCount' => 11,
|
||||
'includeRelatedTags' => 0,
|
||||
'event' => $event,
|
||||
'me' => $me,
|
||||
'extended' => 1,
|
||||
'disable_multi_select' => 1,
|
||||
'context' => 'list'
|
||||
));
|
||||
}
|
||||
echo sprintf('<table class="table table-striped table-hover table-condensed">%s</table>', implode('', $rows));
|
||||
?>
|
||||
<tr>
|
||||
<td class="short">
|
||||
<div ondblclick="document.location='<?php echo $baseurl?>/events/view/<?php echo $attribute['Event']['id'];?>';" title="<?php echo h($attribute['Event']['info']); ?>">
|
||||
<?php
|
||||
if ($attribute['Event']['orgc_id'] == $me['org_id']) {
|
||||
$style='style="color:red;"';
|
||||
} else {
|
||||
$style='';
|
||||
}
|
||||
$currentCount++;
|
||||
?>
|
||||
<a href="<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>" <?php echo $style;?>><?php echo $attribute['Event']['id'];?></a>
|
||||
</div>
|
||||
</td>
|
||||
<?php if (Configure::read('MISP.showorg') || $isAdmin): ?>
|
||||
<td class="short" ondblclick="document.location.href ='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>'">
|
||||
<?php
|
||||
echo $this->OrgImg->getOrgImg(array('name' => $attribute['Event']['Orgc']['name'], 'id' => $attribute['Event']['orgc_id'], 'size' => 24));
|
||||
?>
|
||||
|
||||
</td>
|
||||
<?php endif;?>
|
||||
<td title="<?php echo $categoryDefinitions[$attribute['Attribute']['category']]['desc'];?>" class="short" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
|
||||
<?php echo h($attribute['Attribute']['category']); ?> </td>
|
||||
<td title="<?php if (isset($typeDefinitions[$attribute['Attribute']['type']])) echo $typeDefinitions[$attribute['Attribute']['type']]['desc'];?>" class="short" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
|
||||
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
||||
<td class="showspaces" ondblclick="document.location='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';"><?php
|
||||
$sigDisplay = nl2br(h($attribute['Attribute']['value']));
|
||||
if ($isSearch == 1 && !empty($replacePairs)) {
|
||||
// highlight the keywords if there are any
|
||||
$sigDisplay = $this->Highlight->highlighter($sigDisplay, $replacePairs);
|
||||
}
|
||||
if ('attachment' == $attribute['Attribute']['type'] || 'malware-sample' == $attribute['Attribute']['type']) {
|
||||
if ($attribute['Attribute']['type'] == 'attachment' && isset($attribute['Attribute']['image'])):
|
||||
$extension = explode('.', $attribute['Attribute']['value']);
|
||||
$extension = end($extension);
|
||||
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($attribute['Attribute']['image']);
|
||||
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($attribute['Attribute']['value']) . '" />';
|
||||
else:
|
||||
?>
|
||||
<a href="<?php echo $baseurl;?>/attributes/download/<?php echo $attribute['Attribute']['id'];?>"><?php echo $sigDisplay; ?></a>
|
||||
<?php
|
||||
endif;
|
||||
} else if ('link' == $attribute['Attribute']['type']) {
|
||||
?><a href="<?php echo h($attribute['Attribute']['value']);?>"><?php echo $sigDisplay; ?></a><?php
|
||||
} else {
|
||||
echo $sigDisplay;
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
<td style = "max-width:200px;width:10px;">
|
||||
<?php foreach ($attribute['AttributeTag'] as $tag):
|
||||
$tagText = " ";
|
||||
if (Configure::read('MISP.full_tags_on_attribute_index') == 1) $tagText = h($tag['Tag']['name']);
|
||||
else if (Configure::read('MISP.full_tags_on_attribute_index') == 2) {
|
||||
if (strpos($tag['Tag']['name'], '=')) {
|
||||
$tagText = explode('=', $tag['Tag']['name']);
|
||||
$tagText = h(trim(end($tagText), "\""));
|
||||
}
|
||||
else $tagText = h($tag['Tag']['name']);
|
||||
}
|
||||
?>
|
||||
<span class="tag useCursorPointer" style="margin-bottom:3px;background-color:<?php echo h($tag['Tag']['colour']);?>;color:<?php echo $this->TextColour->getTextColour($tag['Tag']['colour']);?>;" title="<?php echo h($tag['Tag']['name']); ?>" role="button" tabindex="0" aria-label="Search events tagged <?php echo h($tag['Tag']['name'])?>" onClick="document.location.href='<?php echo $baseurl; ?>/attributes/search/attributetag:<?php echo h($tag['Tag']['id']);?>';"><?php echo $tagText; ?></span>
|
||||
<?php endforeach; ?>
|
||||
</td>
|
||||
<td ondblclick="document.location ='document.location ='<?php echo $baseurl;?>/events/view/<?php echo $attribute['Event']['id'];?>';">
|
||||
<?php
|
||||
$sigDisplay = nl2br(h($attribute['Attribute']['comment']));
|
||||
if ($isSearch == 1 && !empty($replacePairs)) {
|
||||
// highlight the keywords if there are any
|
||||
$sigDisplay = $this->Highlight->highlighter($sigDisplay, $replacePairs);
|
||||
}
|
||||
echo $sigDisplay;
|
||||
?>
|
||||
</td>
|
||||
<td class="short" ondblclick="document.location ='document.location ='/events/view/<?php echo $attribute['Event']['id'];?>';">
|
||||
<?php echo $attribute['Attribute']['to_ids'] ? 'Yes' : 'No'; ?>
|
||||
</td>
|
||||
<td class="short action-links">
|
||||
<?php
|
||||
if ($isSiteAdmin || ($isAclModify && $attribute['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $attribute['Event']['org_id'] == $me['org_id'])):
|
||||
?>
|
||||
<a href="<?php echo $baseurl;?>/attributes/edit/<?php echo $attribute['Attribute']['id'];?>" class="icon-edit" title="Edit"></a><?php
|
||||
echo $this->Form->postLink('',array('action' => 'delete', $attribute['Attribute']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete this attribute?'));
|
||||
elseif ($isAclModify):
|
||||
?>
|
||||
<a href="<?php echo $baseurl;?>/shadow_attributes/edit/<?php echo $attribute['Attribute']['id'];?>" class="icon-share" title="<?php echo __('Propose an edit'); ?>"></a>
|
||||
<?php
|
||||
endif;
|
||||
|
||||
if ($me['Role']['perm_sighting']):
|
||||
?>
|
||||
<span class="icon-eye useCursorPointer fa fa-eye" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" data-toggle="popover" onClick="quickAddSighting(this, <?php echo h($attribute['Attribute']['id']); ?>, '<?php echo h($attribute['Attribute']['value']);?>');"> </span>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
<a href="<?php echo $baseurl;?>/events/view/<?php echo $attribute['Attribute']['event_id'];?>" class="icon-list-alt" title="<?php echo __('View'); ?>"></a>
|
||||
</td>
|
||||
</tr>
|
||||
<?php
|
||||
endforeach;
|
||||
?>
|
||||
</table>
|
||||
|
||||
<p>
|
||||
<?php
|
||||
echo $this->Paginator->counter(array(
|
||||
|
@ -221,6 +157,32 @@ $(document).ready(function () {
|
|||
$('.screenshot').click(function() {
|
||||
screenshotPopup($(this).attr('src'), $(this).attr('title'));
|
||||
});
|
||||
<<<<<<< HEAD
|
||||
$('.addGalaxy').click(function() {
|
||||
addGalaxyListener(this);
|
||||
});
|
||||
$('.sightings_advanced_add').click(function() {
|
||||
var selected = [];
|
||||
var object_context = $(this).data('object-context');
|
||||
var object_id = $(this).data('object-id');
|
||||
if (object_id == 'selected') {
|
||||
$(".select_attribute").each(function() {
|
||||
if ($(this).is(":checked")) {
|
||||
selected.push($(this).data("id"));
|
||||
}
|
||||
});
|
||||
object_id = selected.join('|');
|
||||
}
|
||||
url = "<?php echo $baseurl; ?>" + "/sightings/advanced/" + object_id + "/" + object_context;
|
||||
genericPopup(url, '#screenshot_box');
|
||||
});
|
||||
$('.correlation-toggle').click(function() {
|
||||
var attribute_id = $(this).data('attribute-id');
|
||||
getPopup(attribute_id, 'attributes', 'toggleCorrelation', '', '#confirmation_box');
|
||||
return false;
|
||||
});
|
||||
popoverStartup();
|
||||
=======
|
||||
$(document).on('click', function (e) {
|
||||
//did not click a popover toggle or popover
|
||||
if ($(e.target).data('toggle') !== 'popover'
|
||||
|
@ -232,5 +194,6 @@ $(document).ready(function () {
|
|||
definedPopovers.popover('hide');
|
||||
}
|
||||
});
|
||||
>>>>>>> 2adef5897cdb233c1541461a97b9b08f15ae5134
|
||||
});
|
||||
</script>
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
<?php
|
||||
$tr_class = '';
|
||||
if (empty($context)) {
|
||||
$context = 'event';
|
||||
}
|
||||
$linkClass = 'blue';
|
||||
if ($event['Event']['id'] != $object['event_id']) {
|
||||
if (!$isSiteAdmin && $event['extensionEvents'][$object['event_id']]['Orgc']['id'] != $me['org_id']) {
|
||||
|
@ -31,9 +34,9 @@
|
|||
?>
|
||||
<tr id = "Attribute_<?php echo h($object['id']); ?>_tr" class="<?php echo $tr_class; ?>" tabindex="0">
|
||||
<?php
|
||||
if ($mayModify || $extended):
|
||||
if (($mayModify || !empty($extended)) && empty($disable_multi_select)):
|
||||
?>
|
||||
<td style="width:10px;" data-position="<?php echo h($object['objectType']) . '_' . h($object['id']); ?>">
|
||||
<td style="width:10px;" data-position="<?php echo 'attribute_' . h($object['id']); ?>">
|
||||
<?php
|
||||
if ($mayModify):
|
||||
?>
|
||||
|
@ -55,7 +58,7 @@
|
|||
<?php echo date('Y-m-d', $object['timestamp']); ?>
|
||||
</td>
|
||||
<?php
|
||||
if ($extended):
|
||||
if (!empty($extended)):
|
||||
?>
|
||||
<td class="short">
|
||||
<?php echo '<a href="' . $baseurl . '/events/view/' . h($object['event_id']) . '">' . h($object['event_id']) . '</a>'; ?>
|
||||
|
@ -65,7 +68,7 @@
|
|||
?>
|
||||
<td class="short">
|
||||
<?php
|
||||
if ($extended):
|
||||
if (!empty($extended)):
|
||||
if ($object['event_id'] != $event['Event']['id']):
|
||||
$extensionOrg = $event['extensionEvents'][$object['event_id']]['Orgc'];
|
||||
echo $this->OrgImg->getOrgImg(array('name' => $extensionOrg['name'], 'id' => $extensionOrg['id'], 'size' => 24));
|
||||
|
@ -141,7 +144,7 @@
|
|||
</td>
|
||||
<td class="shortish">
|
||||
<div class="attributeTagContainer" id="#Attribute_<?php echo h($object['id']);?>_tr .attributeTagContainer">
|
||||
<?php echo $this->element('ajaxAttributeTags', array('attributeId' => $object['id'], 'attributeTags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']) )); ?>
|
||||
<?php echo $this->element('ajaxAttributeTags', array('attributeId' => $object['id'], 'attributeTags' => $object['AttributeTag'], 'tagAccess' => ($isSiteAdmin || $mayModify || $me['org_id'] == $event['Event']['org_id']), 'context' => $context)); ?>
|
||||
</div>
|
||||
</td>
|
||||
<?php
|
||||
|
@ -182,7 +185,7 @@
|
|||
data-attribute-id="<?php echo h($object['id']); ?>"
|
||||
<?php
|
||||
echo $object['disable_correlation'] ? '' : ' checked';
|
||||
echo ($mayChangeCorrelation && !$event['Event']['disable_correlation']) ? '' : ' disabled';
|
||||
echo ($mayChangeCorrelation && empty($event['Event']['disable_correlation'])) ? '' : ' disabled';
|
||||
?>
|
||||
>
|
||||
</td>
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
<?php
|
||||
if ($isAclAdd):
|
||||
?>
|
||||
<span class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onClick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']);?>', '<?php echo h($page); ?>');"> </span>
|
||||
<span class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onClick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']);?>', '<?php echo h($page); ?>');"> </span>
|
||||
<span class="icon-thumbs-up useCursorPointer" title="<?php echo __('Add sighting');?>" role="button" tabindex="0" aria-label="<?php echo __('Add sighting');?>" onClick="addSighting('0', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');"> </span>
|
||||
<span class="icon-thumbs-down useCursorPointer" title="<?php echo __('Mark as false-positive');?>" role="button" tabindex="0" aria-label="<?php echo __('Mark as false-positive');?>" onClick="addSighting('1', '<?php echo h($object['id']); ?>', '<?php echo h($object['event_id']);?>', '<?php echo h($page); ?>');"> </span>
|
||||
<span class="icon-wrench useCursorPointer sightings_advanced_add" title="<?php echo __('Advanced sightings');?>" role="button" tabindex="0" aria-label="<?php echo __('Advanced sightings');?>" data-object-id="<?php echo h($object['id']); ?>" data-object-context="attribute"> </span>
|
||||
<?php
|
||||
endif;
|
||||
|
|
|
@ -1,4 +1,13 @@
|
|||
<div class="alert alert-error">
|
||||
<button type="button" class="close" data-dismiss="alert">×</button>
|
||||
<?php echo h($message); ?>
|
||||
<button type="button" class="close" data-dismiss="alert">×</button>
|
||||
<?php
|
||||
$message = h($message);
|
||||
if (strpos('$flashErrorMessage', $message) >= 0) {
|
||||
$message = str_replace('$flashErrorMessage', '<span class="useCursorPointer underline bold" onClick="flashErrorPopover();">here</span>', $message);
|
||||
}
|
||||
echo $message;
|
||||
if ($this->Session->read('flashErrorMessage')) {
|
||||
echo sprintf('<div class="hidden" id="flashErrorMessage">%s</div>', $this->element('flashErrorMessage', array('message' => $this->Session->read('flashErrorMessage'))));
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
<div style="width:100%;display:inline-block;">
|
||||
<?php
|
||||
if (empty($context)) {
|
||||
$context = 'event';
|
||||
}
|
||||
$full = $isAclTagger && $tagAccess;
|
||||
foreach ($attributeTags as $tag):
|
||||
if (!isset($tag['Tag'])) $tag = array('Tag' => $tag);
|
||||
|
@ -31,10 +34,15 @@
|
|||
endforeach;
|
||||
?>
|
||||
<div style="float:left">
|
||||
<?php if ($full): ?>
|
||||
<button id="addTagButton" class="btn btn-inverse noPrint" style="line-height:10px; padding: 4px 4px;" onClick="getPopup('<?php echo h($attributeId); ?>' + '/true', 'tags', 'selectTaxonomy');">+</button>
|
||||
<?php else:?>
|
||||
|
||||
<?php endif; ?>
|
||||
<?php
|
||||
$addTagButton = ' ';
|
||||
if ($full) {
|
||||
$addTagButton = sprintf(
|
||||
'<button id="addTagButton" class="btn btn-inverse noPrint" style="line-height:10px; padding: 4px 4px;" onClick="getPopup(%s);">+</button>',
|
||||
sprintf("'%s/true', 'tags', 'selectTaxonomy'", h($attributeId))
|
||||
);
|
||||
}
|
||||
echo $addTagButton;
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
<div class="confirmation">
|
||||
<legend><?php echo __('Errors');?></legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<div id="flashErrorMessageContent" style="overflow-y: auto;"><?php echo $message; ?></div>
|
||||
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPopoverForm();"><?php echo __('Close');?></span>
|
||||
</div>
|
||||
</div>
|
|
@ -1,7 +1,8 @@
|
|||
<div class="event index">
|
||||
<h2><?php echo __('Automation');?></h2>
|
||||
<p><?php echo __('Automation functionality is designed to automatically feed other tools and systems with the data in your MISP repository.
|
||||
To to make this functionality available for automated tools an authentication key is used.');?><br/>
|
||||
To to make this functionality available for automated tools an authentication key is used.');?>
|
||||
<br />You can use the <a href="<?php echo $baseurl;?>/servers/rest">ReST client</a> to test your API queries against your MISP and export the resulting tuned queries as curl or python scripts.
|
||||
<strong><?php echo __('Make sure you keep your API key secret as it gives access to the all of the data that you normally have access to in MISP.');?></strong>
|
||||
To view the old MISP automation page, click <a href="<?php echo $baseurl; ?>/events/automation/1">here</a>.
|
||||
</p>
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
<div class="confirmation">
|
||||
<?php
|
||||
echo $this->Form->create('GalaxyCluster', array(
|
||||
'style' => 'margin:0px;',
|
||||
'id' => 'PromptForm',
|
||||
'url' => array('controller' => 'galaxy_clusters', 'action' => 'delete', $id)
|
||||
));
|
||||
?>
|
||||
<legend><?php echo __('Galaxy Cluster Deletion');?></legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<p><?php echo __('Are you sure you want to delete Galaxy Cluster #<?php echo h($id); ?>?<br /> Associated tags will not be removed. You can reload the Galaxy Cluster at any time by force updating your galaxies.');?></p>
|
||||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<?php
|
||||
echo $this->Form->button(__('Yes'), array(
|
||||
'type' => 'submit',
|
||||
'class' => 'btn btn-primary'
|
||||
));
|
||||
?>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
</td>
|
||||
<td style="vertical-align:top;">
|
||||
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();"><?php echo __('No');?></span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -59,7 +59,9 @@
|
|||
?>
|
||||
</div>
|
||||
<div>
|
||||
<?php echo $this->fetch('content'); ?>
|
||||
<?php
|
||||
echo $this->fetch('content');
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->element('footer');
|
||||
|
@ -104,12 +106,17 @@
|
|||
tabIsActive = true;
|
||||
});
|
||||
<?php
|
||||
if (!Configure::read('MISP.disable_auto_logout')):
|
||||
if (!Configure::read('MISP.disable_auto_logout')):
|
||||
?>
|
||||
checkIfLoggedIn();
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
if ($('.alert').text().indexOf("$flashErrorMessage") >= 0) {
|
||||
//$('#flashErrorMessage').html()
|
||||
var flashMessageLink = '<span class="useCursorPointer underline bold" onClick="flashErrorPopover();">here</span>';
|
||||
$('.alert').html(($('.alert').html().replace("$flashErrorMessage", flashMessageLink)));
|
||||
}
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
|
|
|
@ -1257,6 +1257,10 @@ a.proposal_link_red:hover {
|
|||
cursor: hand;
|
||||
}
|
||||
|
||||
.underline {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.template_general {
|
||||
display:inline-block;
|
||||
width: 100%;
|
||||
|
|
|
@ -298,14 +298,14 @@ function acceptObject(type, id, event) {
|
|||
});
|
||||
}
|
||||
|
||||
function toggleCorrelation(id) {
|
||||
function toggleCorrelation(id, skip_reload = false) {
|
||||
$.ajax({
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
data: $('#PromptForm').serialize(),
|
||||
success:function (data, textStatus) {
|
||||
handleGenericAjaxResponse(data);
|
||||
handleGenericAjaxResponse(data, skip_reload);
|
||||
$("#correlation_toggle_" + id).prop('checked', !$("#correlation_toggle_" + id).is(':checked'));
|
||||
},
|
||||
complete:function() {
|
||||
|
@ -330,6 +330,10 @@ function updateIndex(id, context, newPage) {
|
|||
if (typeof newPage !== 'undefined') page = newPage;
|
||||
var url, div;
|
||||
if (context == 'event') {
|
||||
if (typeof currentUri == 'undefined') {
|
||||
location.reload();
|
||||
return true;
|
||||
}
|
||||
url = currentUri;
|
||||
div = "#attributes_div";
|
||||
}
|
||||
|
@ -461,7 +465,11 @@ function addSighting(type, attribute_id, event_id, page) {
|
|||
$('.sightingsCounter').each(function( counter ) {
|
||||
$(this).html(parseInt($(this).html()) + 1);
|
||||
});
|
||||
updateIndex(event_id, 'event');
|
||||
if (typeof currentUri == 'undefined') {
|
||||
location.reload();
|
||||
} else {
|
||||
updateIndex(event_id, 'event');
|
||||
}
|
||||
}
|
||||
},
|
||||
error:function() {
|
||||
|
@ -600,7 +608,7 @@ function handleAjaxEditResponse(data, name, type, id, field, event) {
|
|||
}
|
||||
}
|
||||
|
||||
function handleGenericAjaxResponse(data) {
|
||||
function handleGenericAjaxResponse(data, skip_reload = false) {
|
||||
if (typeof data == 'string') {
|
||||
responseArray = JSON.parse(data);
|
||||
} else {
|
||||
|
@ -609,7 +617,7 @@ function handleGenericAjaxResponse(data) {
|
|||
if (responseArray.saved) {
|
||||
showMessage('success', responseArray.success);
|
||||
if (responseArray.hasOwnProperty('check_publish')) {
|
||||
checkAndSetPublishedInfo();
|
||||
checkAndSetPublishedInfo(skip_reload);
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
|
@ -2848,16 +2856,25 @@ $(".eventViewAttributePopup").click(function() {
|
|||
$('#screenshot_box').html('<div class="screenshot_content">' + enrichment_popover + '</div>');
|
||||
$('#screenshot_box').show();
|
||||
$("#gray_out").fadeIn();
|
||||
$('#screenshot_box').css('top', '50px');
|
||||
$('#screenshot_box').css('padding', '5px');
|
||||
$('#screenshot_box').css("maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
|
||||
$('.screenshot_content').css("maxHeight", ( $( window ).height() - 120 | 0 ) + "px" );
|
||||
$('.screenshot_content').css("overflow-y", "auto");
|
||||
$('#screenshot_box').css({'padding': '5px'});
|
||||
$('#screenshot_box').css( "maxWidth", ( $( window ).width() * 0.9 | 0 ) + "px" );
|
||||
$('#screenshot_box').css( "maxHeight", ( $( window ).width() - 300 | 0 ) + "px" );
|
||||
$('#screenshot_box').css( "overflow-y", "auto");
|
||||
|
||||
var left = ($(window).width() / 2) - ($('#screenshot_box').width() / 2);
|
||||
$('#screenshot_box').css({'left': left + 'px'});
|
||||
}
|
||||
});
|
||||
|
||||
function flashErrorPopover() {
|
||||
$('#popover_form').css( "minWidth", "200px");
|
||||
$('#popover_form').html($('#flashErrorMessage').html());
|
||||
$('#popover_form').show();
|
||||
var left = ($(window).width() / 2) - ($('#popover_form').width() / 2);
|
||||
$('#popover_form').css({'left': left + 'px'});
|
||||
$("#gray_out").fadeIn();
|
||||
}
|
||||
|
||||
$(".eventViewAttributeHover").mouseenter(function() {
|
||||
$('.popover').remove();
|
||||
type = $(this).attr('data-object-type');
|
||||
|
@ -3179,17 +3196,19 @@ function quickSubmitGalaxyForm(event_id, cluster_id) {
|
|||
return false;
|
||||
}
|
||||
|
||||
function checkAndSetPublishedInfo() {
|
||||
function checkAndSetPublishedInfo(skip_reload=false) {
|
||||
var id = $('#hiddenSideMenuData').data('event-id');
|
||||
$.get( "/events/checkPublishedStatus/" + id, function(data) {
|
||||
if (data == 1) {
|
||||
$('.published').removeClass('hidden');
|
||||
$('.not-published').addClass('hidden');
|
||||
} else {
|
||||
$('.published').addClass('hidden');
|
||||
$('.not-published').removeClass('hidden');
|
||||
}
|
||||
});
|
||||
if (id !== 'undefined' && !skip_reload) {
|
||||
$.get( "/events/checkPublishedStatus/" + id, function(data) {
|
||||
if (data == 1) {
|
||||
$('.published').removeClass('hidden');
|
||||
$('.not-published').addClass('hidden');
|
||||
} else {
|
||||
$('.published').addClass('hidden');
|
||||
$('.not-published').removeClass('hidden');
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
$(document).keyup(function(e){
|
||||
|
|
|
@ -0,0 +1,610 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for FreeBSD 12.0-amd64
|
||||
|
||||
### 0/ WIP /!\ You are warned, this does not work yet! /!\
|
||||
|
||||
!!! warning
|
||||
NOT working: pydeep, lief
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
PHP_ETC_BASE=/usr/local/etc
|
||||
PHP_INI=${PHP_ETC_BASE}/php.ini
|
||||
PATH_TO_MISP=/usr/local/www/MISP
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
```
|
||||
|
||||
### 1/ Minimal FreeBSD install
|
||||
--------------------------
|
||||
|
||||
# Install standard FreeBSD-amd64 with:
|
||||
- sshd
|
||||
- ntpdate
|
||||
- ntpd
|
||||
- ports
|
||||
|
||||
# System Hardening
|
||||
|
||||
- Clean /tmp
|
||||
- Disable Syslogd network socket
|
||||
- Disable Sendmail service
|
||||
|
||||
# Install pkg and point to latest
|
||||
```bash
|
||||
$ su -
|
||||
# pkg
|
||||
```
|
||||
|
||||
#### Install sudo
|
||||
```bash
|
||||
pkg install -y sudo
|
||||
```
|
||||
|
||||
!!! notice
|
||||
Make sure users in group wheel can sudo, uncomment in **/usr/local/etc/sudoers**<br />
|
||||
```
|
||||
%wheel ALL=(ALL) ALL
|
||||
```
|
||||
|
||||
#### Install bash
|
||||
```bash
|
||||
sudo pkg install -y bash
|
||||
```
|
||||
|
||||
#### Optional but useful, add a local misp user
|
||||
```bash
|
||||
sudo pw user add misp -s /usr/local/bin/bash -G wheel,www,staff
|
||||
sudo mkdir /home/misp ; sudo chown misp:misp /home/misp
|
||||
sudo passwd misp
|
||||
```
|
||||
|
||||
```bash
|
||||
# In case you already have a MISP User
|
||||
sudo pw usermod misp -s /usr/local/bin/bash
|
||||
sudo pw groupmod -n www -m misp
|
||||
sudo pw groupmod -n staff -m misp
|
||||
exit
|
||||
```
|
||||
|
||||
#### Update system
|
||||
```bash
|
||||
sudo freebsd-update fetch install
|
||||
```
|
||||
|
||||
#### Fetch ports or update ports
|
||||
```bash
|
||||
sudo portsnap fetch extract
|
||||
# OR
|
||||
sudo portsnap fetch update
|
||||
```
|
||||
|
||||
#### Make python3 default *(optional)
|
||||
```bash
|
||||
echo "DEFAULT_VERSIONS= python=3.6 python2=2.7 python3=3.6" >> /etc/make.conf
|
||||
sudo ln -s /usr/local/bin/python3 /usr/local/bin/python
|
||||
```
|
||||
|
||||
#### Install postfix
|
||||
```bash
|
||||
sudo pkg install -y postfix
|
||||
```
|
||||
|
||||
### FAMP
|
||||
#### Install misc dependencies
|
||||
```bash
|
||||
sudo pkg install -y curl git python3 vim m4 help2man gmake automake libtool expect gsed
|
||||
```
|
||||
|
||||
!!! warning
|
||||
N.B: MariaDB 10.3 currently segfaults on 11.2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229219
|
||||
|
||||
```bash
|
||||
sudo pkg install -y apache24 \
|
||||
logrotate \
|
||||
gnupg \
|
||||
mariadb102-server mariadb102-client \
|
||||
php72 \
|
||||
php72-mysqli \
|
||||
php72-xml \
|
||||
php72-openssl \
|
||||
php72-pcntl \
|
||||
php72-mbstring \
|
||||
php72-pdo_mysql \
|
||||
php72-phar \
|
||||
php72-json \
|
||||
php72-filter \
|
||||
php72-fileinfo \
|
||||
php72-dom \
|
||||
php72-opcache \
|
||||
php72-session \
|
||||
mod_php72
|
||||
|
||||
sudo cp -p /usr/local/etc/php.ini-development /usr/local/etc/php.ini
|
||||
|
||||
sudo sysrc apache24_enable="yes"
|
||||
sudo sysrc mysql_enable="yes"
|
||||
sudo sysrc mysql_args="--bind-address=127.0.0.1"
|
||||
sudo service apache24 start
|
||||
sudo service mysql-server start
|
||||
|
||||
|
||||
### /!\ Needs Fixing /!\
|
||||
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
||||
pw="Password1234"
|
||||
|
||||
expect -f - <<-EOF
|
||||
set timeout 10
|
||||
|
||||
spawn sudo mysql_secure_installation
|
||||
expect "*?assword*"
|
||||
send -- "$pw\r"
|
||||
expect "Enter current password for root (enter for none):"
|
||||
send -- "\r"
|
||||
expect "Set root password?"
|
||||
send -- "y\r"
|
||||
expect "New password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Re-enter new password:"
|
||||
send -- "${DBPASSWORD_ADMIN}\r"
|
||||
expect "Remove anonymous users?"
|
||||
send -- "y\r"
|
||||
expect "Disallow root login remotely?"
|
||||
send -- "y\r"
|
||||
expect "Remove test database and access to it?"
|
||||
send -- "y\r"
|
||||
expect "Reload privilege tables now?"
|
||||
send -- "y\r"
|
||||
expect eof
|
||||
EOF
|
||||
|
||||
sudo pkg remove -R tcl86
|
||||
|
||||
echo "<IfModule dir_module>
|
||||
DirectoryIndex index.php index.html
|
||||
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.phps$">
|
||||
SetHandler application/x-httpd-php-source
|
||||
</FilesMatch>
|
||||
</IfModule>" |sudo tee -a /usr/local/etc/apache24/Includes/php.conf
|
||||
```
|
||||
|
||||
#### Redis needs to be installed via ports
|
||||
|
||||
```
|
||||
cd /usr/ports/databases/redis
|
||||
sudo make install clean
|
||||
sudo sysrc redis_enable="yes"
|
||||
```
|
||||
|
||||
##### php-redis
|
||||
```
|
||||
cd /usr/ports/databases/pecl-redis
|
||||
sudo make install clean
|
||||
```
|
||||
|
||||
##### php-gnupg
|
||||
```
|
||||
cd /usr/ports/security/pecl-gnupg
|
||||
sudo make install clean
|
||||
```
|
||||
|
||||
#### PHP CLI Tweak
|
||||
```bash
|
||||
echo "PATH=$PATH:/usr/local/bin" |sudo tee -a /usr/local/etc/apache24/envvars.d/php.env
|
||||
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
### 3/ MISP code
|
||||
------------
|
||||
|
||||
```bash
|
||||
# Download MISP using git in the /usr/local/www/ directory.
|
||||
sudo mkdir ${PATH_TO_MISP}
|
||||
sudo chown www:www ${PATH_TO_MISP}
|
||||
cd ${PATH_TO_MISP}
|
||||
sudo -u www git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
sudo -u www git config core.filemode false
|
||||
|
||||
sudo -u www git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
sudo -u www git submodule foreach --recursive git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo pkg install -y py36-pip libxml2 libxslt
|
||||
|
||||
# Install virtualenv
|
||||
sudo pip-3.6 install virtualenv
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo -u www virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
cd ${PATH_TO_MISP}/app/files/scripts
|
||||
sudo -u www git clone https://github.com/CybOXProject/python-cybox.git
|
||||
sudo -u www git clone https://github.com/STIXProject/python-stix.git
|
||||
sudo -u www git clone https://github.com/MAECProject/python-maec.git
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
sudo -u www git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
# install PyMISP
|
||||
cd ${PATH_TO_MISP}/PyMISP
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
|
||||
```
|
||||
|
||||
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
```bash
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd ${PATH_TO_MISP}/app
|
||||
sudo -u www php composer.phar require kamisama/cake-resque:4.1.2
|
||||
sudo -u www php composer.phar config vendor-dir Vendor
|
||||
sudo -u www php composer.phar install
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www cp -fa /usr/local/www/MISP/INSTALL/setup/config.php /usr/local/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
```
|
||||
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www:www /usr/local/www/MISP
|
||||
sudo chmod -R 750 /usr/local/www/MISP
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/tmp
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files
|
||||
sudo chmod -R g+ws /usr/local/www/MISP/app/files/scripts/tmp
|
||||
```
|
||||
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
```
|
||||
# Enter the mysql shell
|
||||
sudo mysql -u root -p
|
||||
|
||||
MariaDB [(none)]> create database misp;
|
||||
MariaDB [(none)]> grant usage on *.* to misp@localhost identified by 'XXXXdbpasswordhereXXXXX';
|
||||
MariaDB [(none)]> grant all privileges on misp.* to misp@localhost;
|
||||
MariaDB [(none)]> flush privileges;
|
||||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
#### copy/paste
|
||||
|
||||
```
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
```bash
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
sudo -u www cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
```
|
||||
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
```bash
|
||||
# Now configure your Apache webserver with the DocumentRoot /usr/local/www/MISP/app/webroot/
|
||||
|
||||
#2.4
|
||||
sudo mkdir /usr/local/etc/apache24/sites-available/ /usr/local/etc/apache24/sites-enabled/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
sudo cp /usr/local/www/MISP/INSTALL/apache.24.misp.ssl /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
sudo mkdir /etc/ssl/private/
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate: (Make sure to fill the <…>)
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
sudo chmod 750 /etc/ssl/private/
|
||||
sudo chmod 640 /etc/ssl/private/*
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
|
||||
sudo mkdir /var/log/apache24/
|
||||
|
||||
sudo gsed -i "s/apache2/apache24/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
sudo gsed -i "s/var\/www/usr\/local\/www/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
sudo gsed -i "s/SSLCertificateChainFile/#SSLCertificateChainFile/" /usr/local/etc/apache24/sites-available/misp-ssl.conf
|
||||
|
||||
# activate new vhost
|
||||
cd /usr/local/etc/apache24/sites-enabled/
|
||||
sudo ln -s ../sites-available/misp-ssl.conf
|
||||
echo "Include etc/apache24/sites-enabled/*.conf" |sudo tee -a /usr/local/etc/apache24/httpd.conf
|
||||
echo "IncludeOptional etc/apache24/sites-enabled/*.conf" |sudo tee -a /usr/local/etc/apache24/httpd.conf
|
||||
|
||||
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
||||
do
|
||||
sudo gsed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
||||
done
|
||||
|
||||
sudo gsed -i "s/#LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/LoadModule rewrite_module libexec\/apache24\/mod_rewrite.so/" /usr/local/etc/apache24/httpd.conf
|
||||
sudo gsed -i "s/#LoadModule ssl_module libexec\/apache24\/mod_ssl.so/LoadModule ssl_module libexec\/apache24\/mod_ssl.so/" /usr/local/etc/apache24/httpd.conf
|
||||
sudo gsed -i "s/Listen 80/Listen 80\nListen 443/" /usr/local/etc/apache24/httpd.conf
|
||||
|
||||
# Restart apache
|
||||
sudo service apache24 restart
|
||||
```
|
||||
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# MISP saves the stdout and stderr of its workers in /usr/local/www/MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
sudo cp /usr/local/www/MISP/INSTALL/misp.logrotate /usr/local/etc/logrotate.d/misp
|
||||
sudo chmod 0640 /usr/local/etc/logrotate.d/misp
|
||||
```
|
||||
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```bash
|
||||
# There are 4 sample configuration files in /usr/local/www/MISP/app/Config that need to be copied
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/bootstrap.default.php /usr/local/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/database.default.php /usr/local/www/MISP/app/Config/database.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/core.default.php /usr/local/www/MISP/app/Config/core.php
|
||||
sudo -u www cp -a /usr/local/www/MISP/app/Config/config.default.php /usr/local/www/MISP/app/Config/config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
|
||||
|
||||
echo "<?php
|
||||
class DATABASE_CONFIG {
|
||||
public \$default = array(
|
||||
'datasource' => 'Database/Mysql',
|
||||
//'datasource' => 'Database/Postgres',
|
||||
'persistent' => false,
|
||||
'host' => '$DBHOST',
|
||||
'login' => '$DBUSER_MISP',
|
||||
'port' => 3306, // MySQL & MariaDB
|
||||
//'port' => 5432, // PostgreSQL
|
||||
'password' => '$DBPASSWORD_MISP',
|
||||
'database' => '$DBNAME',
|
||||
'prefix' => '',
|
||||
'encoding' => 'utf8',
|
||||
);
|
||||
}" | sudo -u www tee $PATH_TO_MISP/app/Config/database.php
|
||||
|
||||
# Important! Change the salt key in /usr/local/www/MISP/app/Config/config.php
|
||||
# The salt key must be a string at least 32 bytes long.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
||||
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
||||
# 'baseurl' => '',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
sudo chown -R www:www /usr/local/www/MISP/app/Config
|
||||
sudo chmod -R 750 /usr/local/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
||||
cat >/tmp/gen-key-script <<EOF
|
||||
%echo Generating a default key
|
||||
Key-Type: default
|
||||
Key-Length: $GPG_KEY_LENGTH
|
||||
Subkey-Type: default
|
||||
Name-Real: $GPG_REAL_NAME
|
||||
Name-Comment: $GPG_COMMENT
|
||||
Name-Email: $GPG_EMAIL_ADDRESS
|
||||
Expire-Date: 0
|
||||
Passphrase: $GPG_PASSPHRASE
|
||||
# Do a commit here, so that we can later print "done"
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
|
||||
sudo -u www gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
# The email address should match the one set in the config.php / set in the configuration menu in the administration menu configuration file
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | sudo -u www tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
sudo chmod +x /usr/local/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
```
|
||||
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
sudo gsed -i -e '$i \sudo -u www bash /usr/local/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo gsed -i -e '$i \sudo -u www /usr/local/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
### 10/ MISP modules
|
||||
|
||||
```bash
|
||||
sudo pkg install -y yara
|
||||
sudo mkdir /usr/local/src
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# lief broken...
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install maec python-magic
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install .
|
||||
##sudo pip-3.6 install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install stix2
|
||||
```
|
||||
|
||||
{!generic/INSTALL.done.md!}
|
||||
|
||||
{!generic/recommended.actions.md!}
|
||||
|
||||
### Optional features
|
||||
-----------------
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
```bash
|
||||
sudo pkg install -y libzmq4
|
||||
sudo -H -u www ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
||||
```
|
||||
|
||||
#### misp-dashboard (NOT WORKING)
|
||||
|
||||
!!! notice
|
||||
Enable ZeroMQ for misp-dashboard
|
||||
|
||||
!!! warning
|
||||
This is not working, still needs a working WSGI config.
|
||||
|
||||
|
||||
!!! warning
|
||||
The install_dependencies.sh script is for Linux ONLY. The following blurp will be a diff of a working OpenBSD version.
|
||||
|
||||
```diff
|
||||
(DASHENV) fbsd# diff -u install_dependencies.sh install_dependencies_fbsd.sh
|
||||
diff --git a/install_dependencies.sh b/install_dependencies.sh
|
||||
index ca10fc0..bd5d415 100755
|
||||
--- a/install_dependencies.sh
|
||||
+++ b/install_dependencies.sh
|
||||
@@ -1,9 +1,9 @@
|
||||
-#!/bin/bash
|
||||
+#!/usr/local/bin/bash
|
||||
|
||||
set -e
|
||||
#set -x
|
||||
|
||||
-sudo apt-get install python3-virtualenv virtualenv screen redis-server unzip -y
|
||||
+pkg install -y unzip wget screen
|
||||
|
||||
if [ -z "$VIRTUAL_ENV" ]; then
|
||||
virtualenv -p python3 DASHENV
|
||||
@@ -25,8 +25,8 @@ if [ -e "config/config.cfg" ]; then
|
||||
else
|
||||
cp -i config/config.cfg.default config/config.cfg
|
||||
echo "Sanitizing MaxMindDB Path"
|
||||
- sed -i "s|pathMaxMindDB=./data/GeoLite2-City/GeoLite2-City.mmdb|pathMaxMindDB=$PWD/data/GeoLite2-City/GeoLite2-City.mmdb|" config/config.cfg
|
||||
- sed -i "s|path_countrycode_to_coord_JSON=./data/country_code_lat_long.json|path_countrycode_to_coord_JSON=$PWD/data/country_code_lat_long.json|" config/config.cfg
|
||||
+ gsed -i "s|pathMaxMindDB=./data/GeoLite2-City/GeoLite2-City.mmdb|pathMaxMindDB=$PWD/data/GeoLite2-City/GeoLite2-City.mmdb|" config/config.cfg
|
||||
+ gsed -i "s|path_countrycode_to_coord_JSON=./data/country_code_lat_long.json|path_countrycode_to_coord_JSON=$PWD/data/country_code_lat_long.json|" config/config.cfg
|
||||
fi
|
||||
|
||||
## Web stuff
|
||||
```
|
||||
|
||||
```
|
||||
cd /usr/local/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www:www misp-dashboard
|
||||
sudo -u www git clone https://github.com/MISP/misp-dashboard.git
|
||||
cd misp-dashboard
|
||||
#/!\ Made on Linux, the next script will fail
|
||||
#sudo /usr/local/www/misp-dashboard/install_dependencies.sh
|
||||
sudo virtualenv -ppython3 /usr/local/www/misp-dashboard/DASHENV
|
||||
sudo chown -R www DASHENV/
|
||||
sudo -u www /usr/local/www/misp-dashboard/DASHENV/bin/pip install -U pip argparse redis zmq geoip2 flask phonenumbers pycountry
|
||||
|
||||
sudo gsed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /usr/local/www/misp-dashboard/config/config.cfg
|
||||
sudo gsed -i -e '$i \sudo -u www bash /usr/local/www/misp-dashboard/start_all.sh\n' /etc/rc.local
|
||||
#/!\ Add port 8001 as a listener
|
||||
#sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
||||
sudo pkg install -y ap24-py36-mod_wsgi
|
||||
|
||||
echo "<VirtualHost *:8001>
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot /usr/local/www/misp-dashboard
|
||||
|
||||
WSGIDaemonProcess misp-dashboard \
|
||||
user=misp group=misp \
|
||||
python-home=/usr/local/www/misp-dashboard/DASHENV \
|
||||
processes=1 \
|
||||
threads=15 \
|
||||
maximum-requests=5000 \
|
||||
listen-backlog=100 \
|
||||
queue-timeout=45 \
|
||||
socket-timeout=60 \
|
||||
connect-timeout=15 \
|
||||
request-timeout=60 \
|
||||
inactivity-timeout=0 \
|
||||
deadlock-timeout=60 \
|
||||
graceful-timeout=15 \
|
||||
eviction-timeout=0 \
|
||||
shutdown-timeout=5 \
|
||||
send-buffer-size=0 \
|
||||
receive-buffer-size=0 \
|
||||
header-buffer-size=0 \
|
||||
response-buffer-size=0 \
|
||||
server-metrics=Off
|
||||
WSGIScriptAlias / /usr/local/www/misp-dashboard/misp-dashboard.wsgi
|
||||
<Directory /usr/local/www/misp-dashboard>
|
||||
WSGIProcessGroup misp-dashboard
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
LogLevel info
|
||||
ErrorLog /usr/local/log/apache2/misp-dashboard.local_error.log
|
||||
CustomLog /usr/local/log/apache2/misp-dashboard.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>" | sudo tee /usr/local/etc/apache24/sites-available/misp-dashboard.conf
|
||||
|
||||
sudo ln -s /usr/local/etc/apache24/sites-available/misp-dashboard.conf /usr/local/etc/apache24/sites-enabled/misp-dashboard.conf
|
||||
```
|
||||
|
||||
Add this to /etc/httpd2.conf
|
||||
```
|
||||
LoadModule wsgi_module /usr/local/lib/apache2/mod_wsgi.so
|
||||
Listen 8001
|
||||
```
|
||||
|
||||
|
||||
```
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
||||
#### misp-modules (section deprecated)
|
||||
-------------------------------
|
||||
!!! notice
|
||||
If you want to add the misp modules functionality, follow the setup procedure described in misp-modules:<br />
|
||||
https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules<br />
|
||||
Then the enrichment, export and import modules can be enabled in MISP via the settings.
|
|
@ -5,7 +5,7 @@
|
|||
--------------------------------------------
|
||||
|
||||
!!! notice
|
||||
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20180906<br />
|
||||
Semi-maintained and tested by @SteveClement, CentOS 7.5-1804 on 20181113<br />
|
||||
It is still considered experimental as not everything works seemlessly.
|
||||
|
||||
|
||||
|
@ -55,7 +55,7 @@ sudo yum install centos-release-scl -y
|
|||
sudo yum install vim -y
|
||||
|
||||
# Install the dependencies:
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel -y
|
||||
sudo yum install gcc git httpd zip redis mariadb mariadb-server python-devel python-pip python-zmq libxslt-devel zlib-devel ssdeep-devel -y
|
||||
|
||||
# Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
|
||||
sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
|
||||
|
@ -110,8 +110,8 @@ sudo -u apache git submodule foreach --recursive git config core.filemode false
|
|||
|
||||
# Create a python3 virtualenv
|
||||
sudo -u apache $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
|
||||
sudo mkdir /var/www/.cache/
|
||||
sudo chown apache:apache /var/www/.cache
|
||||
sudo mkdir /usr/share/httpd/.cache
|
||||
sudo chown apache:apache /usr/share/httpd/.cache
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U pip
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
|
@ -135,6 +135,9 @@ sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U zmq
|
|||
# install redis
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U redis
|
||||
|
||||
# install magic, lief, pydeep
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install -U python-magic lief git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd /var/www/MISP/app/files/scripts/
|
||||
sudo -u apache git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
@ -143,6 +146,7 @@ sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
|
|||
|
||||
# install PyMISP
|
||||
cd /var/www/MISP/PyMISP
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install enum34
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
# Enable python3 for php-fpm
|
||||
|
@ -285,6 +289,18 @@ sudo -u apache cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DB
|
|||
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
|
||||
!!! notice
|
||||
SELinux note, to check if it is running:
|
||||
```bash
|
||||
$ sestatus
|
||||
SELinux status: disabled
|
||||
```
|
||||
If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
|
||||
|
||||
!!! warning
|
||||
This guide only copies a stock **NON-SSL** configuration file.
|
||||
|
||||
```bash
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.centos7
|
||||
|
@ -331,6 +347,8 @@ sudo firewall-cmd --reload
|
|||
To be fixed - Place holder
|
||||
|
||||
```bash
|
||||
sudo mkdir /etc/ssl/private
|
||||
sudo chmod 700 /etc/ssl/private
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
||||
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
||||
|
@ -360,7 +378,7 @@ sudo semodule -i /tmp/misplogrotate.pp
|
|||
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```
|
||||
```bash
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u apache cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
|
@ -438,13 +456,50 @@ sudo gpg --homedir /var/www/MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sud
|
|||
sudo chown apache:apache /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo -u apache $RUN_PHP /var/www/MISP/app/Console/worker/start.sh
|
||||
|
||||
# Add the following line at the end
|
||||
su -s /bin/bash apache -c 'scl enable rh-php71 /var/www/MISP/app/Console/worker/start.sh'
|
||||
# and make sure it will execute
|
||||
if [ ! -e /etc/rc.local ]
|
||||
then
|
||||
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
||||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
sudo sed -i -e '$i \su -s /bin/bash apache -c "scl enable rh-php71 /var/www/MISP/app/Console/worker/start.sh" > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
# Make sure it will execute
|
||||
sudo chmod +x /etc/rc.local
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
```
|
||||
# some misp-modules dependencies
|
||||
sudo yum install -y openjpeg-devel
|
||||
|
||||
sudo chmod 2777 /usr/local/src
|
||||
sudo chown root:users /usr/local/src
|
||||
cd /usr/local/src/
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
cd misp-modules
|
||||
# pip install
|
||||
sudo $PATH_TO_MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install .
|
||||
sudo yum install rubygem-rouge -y
|
||||
##sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u apache $PATH_TO_MISP/venv/bin/pip install stix2
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
sudo -u apache ${PATH_TO_MISP}/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
||||
sudo sed -i -e '$i \sudo -u apache /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &\n' /etc/rc.local
|
||||
```
|
||||
|
||||
{!generic/MISP_CAKE_init_centos.md!}
|
||||
|
|
|
@ -89,6 +89,7 @@ nav:
|
|||
- Old guides:
|
||||
- '2.3 to 2.4 upgrade': 'archive/old-2_3to2_4-UPGRADE.md'
|
||||
- 'Ubuntu 16.04': 'archive/INSTALL.ubuntu1604.md'
|
||||
- 'FreeBSD': 'archive/xINSTALL.FreeBSD.md'
|
||||
- About:
|
||||
- 'MISP Release Notes': 'Changelog.md'
|
||||
- 'License': 'license.md'
|
||||
|
|
Loading…
Reference in New Issue