mirror of https://github.com/MISP/MISP
chg: [docs] Added a generic directory where all the platform independent files should reside.
chg: [docs] Added MISP Defaults via the cake command to seperate file.pull/3798/head
parent
fe5735cc73
commit
db244c8a96
|
|
@ -7,7 +7,7 @@
|
|||
!!! notice
|
||||
Maintained and tested by @SteveClement on 20181023
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
PHP_INI=/etc/php/7.0/apache2/php.ini
|
||||
|
|
@ -270,7 +270,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost <IP, FQDN, or *>:80>
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
|
||||
|
|
@ -282,7 +282,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <IP, FQDN, or *>:443>
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
ServerName <your.FQDN.here>
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
|
@ -410,159 +410,16 @@ then
|
|||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
```
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
|
@ -578,13 +435,16 @@ cd misp-modules
|
|||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
Maintained and tested by the community.
|
||||
It is also partially the basis of the [bootstrap.sh](https://github.com/MISP/misp-packer/blob/18.04/scripts/bootstrap.sh) script of misp-packer.
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
### 1/ Minimal Ubuntu install
|
||||
-------------------------
|
||||
|
|
|
|||
|
|
@ -0,0 +1,146 @@
|
|||
#### Initialize MISP configuration and set some defaults
|
||||
```bash
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
```
|
||||
|
|
@ -21,6 +21,13 @@
|
|||
!!! notice
|
||||
As of OpenBSD 6.4 the native httpd has rewrite rules and php 5.6 is gone too.
|
||||
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
export AUTOMAKE_VERSION=1.16
|
||||
export AUTOCONF_VERSION=2.69
|
||||
```
|
||||
|
||||
### 1/ Minimal OpenBSD install
|
||||
------------
|
||||
|
||||
|
|
@ -30,16 +37,6 @@
|
|||
|
||||
- TBD
|
||||
|
||||
#### MISP configuration variables
|
||||
```bash
|
||||
export PATH_TO_MISP='/var/www/htdocs/MISP'
|
||||
export MISP_BASEURL='https://misp.local'
|
||||
export MISP_LIVE='1'
|
||||
export CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
export AUTOMAKE_VERSION=1.16
|
||||
export AUTOCONF_VERSION=2.69
|
||||
```
|
||||
|
||||
#### doas & pkg (as root)
|
||||
```bash
|
||||
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
|
||||
|
|
|
|||
|
|
@ -11,55 +11,14 @@
|
|||
|
||||
CentOS 7.5-1804 [NetInstallURL](http://mirror.centos.org/centos/7.5.1804/os/x86_64/)
|
||||
|
||||
#### MISP configuration variables
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php56 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
MISP_BASEURL=''
|
||||
MISP_LIVE='1'
|
||||
|
||||
# Database configuration
|
||||
DBHOST='localhost'
|
||||
DBNAME='misp'
|
||||
DBUSER_ADMIN='root'
|
||||
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
||||
DBUSER_MISP='misp'
|
||||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# Webserver configuration
|
||||
FQDN='localhost'
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN='Common Name'
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS='info@localhost'
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
||||
GPG_EMAIL_ADDRESS='admin@admin.test'
|
||||
GPG_KEY_LENGTH='2048'
|
||||
GPG_PASSPHRASE='Password1234'
|
||||
|
||||
# php.ini configuration
|
||||
upload_max_filesize=50M
|
||||
post_max_size=50M
|
||||
max_execution_time=300
|
||||
memory_limit=512M
|
||||
PHP_INI=/etc/opt/rh/rh-php56/php.ini
|
||||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
### 1/ Minimal CentOS install
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
PHP 7.3.0RC2 is not working at the moment. Please us 7.2<br />
|
||||
**php-gnupg** and **php-redis** pull in PHP 7.3 thus they are installed with **pecl**
|
||||
|
||||
{!globalVariables.md!}
|
||||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
PHP_INI=/etc/php/7.2/apache2/php.ini
|
||||
|
|
@ -434,159 +434,16 @@ then
|
|||
echo 'exit 0' | sudo tee -a /etc/rc.local
|
||||
sudo chmod u+x /etc/rc.local
|
||||
fi
|
||||
|
||||
# Initialize user and fetch Auth Key
|
||||
sudo -E $CAKE userInit -q
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
|
||||
# Setup some more MISP default via cake CLI
|
||||
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
|
||||
# Enable GnuPG
|
||||
sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test"
|
||||
sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
||||
sudo $CAKE Admin setSetting "GnuPG.password" "Password1234"
|
||||
|
||||
# Enable Enrichment set better timeouts
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
||||
|
||||
# Enable Import modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
||||
|
||||
# Enable Export modules set better timout
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
||||
sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
||||
|
||||
# Enable installer org and tune some configurables
|
||||
sudo $CAKE Admin setSetting "MISP.host_org_id" 1
|
||||
sudo $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disable_emailing" true
|
||||
sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
||||
sudo $CAKE Admin setSetting "MISP.disablerestalert" true
|
||||
sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
||||
|
||||
# Provisional Cortex tunes
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
||||
|
||||
# Various plugin sightings settings
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
||||
sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
||||
|
||||
# Plugin CustomAuth tuneable
|
||||
sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
||||
|
||||
# RPZ Plugin settings
|
||||
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
||||
sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
||||
|
||||
# Force defaults to make MISP Server Settings less RED
|
||||
sudo $CAKE Admin setSetting "MISP.language" "eng"
|
||||
sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
||||
|
||||
## Redis block
|
||||
sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
||||
sudo $CAKE Admin setSetting "MISP.redis_port" 6379
|
||||
sudo $CAKE Admin setSetting "MISP.redis_database" 13
|
||||
sudo $CAKE Admin setSetting "MISP.redis_password" ""
|
||||
|
||||
# Force defaults to make MISP Server Settings less YELLOW
|
||||
sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
||||
sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
||||
sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
||||
sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
||||
sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
||||
sudo $CAKE Admin setSetting "MISP.log_client_ip" false
|
||||
sudo $CAKE Admin setSetting "MISP.log_auth" false
|
||||
sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
||||
sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
||||
sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
||||
sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
||||
sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
||||
sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings"
|
||||
|
||||
# Force defaults to make MISP Server Settings less GREEN
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_length" 12
|
||||
sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
||||
# Tune global time outs
|
||||
sudo $CAKE Admin setSetting "Session.autoRegenerate" 0
|
||||
sudo $CAKE Admin setSetting "Session.timeout" 600
|
||||
sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600
|
||||
```
|
||||
{!generic/MISP_CAKE_init.md!}
|
||||
|
||||
```bash
|
||||
# Set MISP Live
|
||||
sudo $CAKE Live $MISP_LIVE
|
||||
|
||||
# Update the galaxies…
|
||||
sudo $CAKE Admin updateGalaxies
|
||||
|
||||
# Updating the taxonomies…
|
||||
sudo $CAKE Admin updateTaxonomies
|
||||
|
||||
# Updating the warning lists…
|
||||
##sudo $CAKE Admin updateWarningLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update
|
||||
|
||||
# Updating the notice lists…
|
||||
## sudo $CAKE Admin updateNoticeLists
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update
|
||||
|
||||
# Updating the object templates…
|
||||
##sudo $CAKE Admin updateObjectTemplates
|
||||
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update
|
||||
|
||||
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
|
||||
|
||||
# Start the workers
|
||||
sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
|
@ -602,13 +459,16 @@ cd misp-modules
|
|||
# pip install
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install .
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
sudo apt install ruby-pygments.rb -y
|
||||
sudo gem install asciidoctor-pdf --pre
|
||||
|
||||
# install STIX2.0 library to support STIX 2.0 export:
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install stix2
|
||||
|
||||
# install additional dependencies for extended object generation and extraction
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib
|
||||
sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# Start misp-modules
|
||||
## /!\ Check wtf is going on with yara.
|
||||
sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &
|
||||
|
|
|
|||
Loading…
Reference in New Issue