From db244c8a96243614f69306422ccfe202475dbf77 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Thu, 25 Oct 2018 08:30:57 +0900 Subject: [PATCH] chg: [docs] Added a generic directory where all the platform independent files should reside. chg: [docs] Added MISP Defaults via the cake command to seperate file. --- docs/INSTALL.debian9.md | 164 ++------------------------ docs/INSTALL.ubuntu1804.md | 2 +- docs/generic/MISP_CAKE_init.md | 146 +++++++++++++++++++++++ docs/{ => generic}/globalVariables.md | 0 docs/xINSTALL.OpenBSD.md | 17 ++- docs/xINSTALL.centos7.md | 43 +------ docs/xINSTALL.debian_testing.md | 160 ++----------------------- 7 files changed, 177 insertions(+), 355 deletions(-) create mode 100644 docs/generic/MISP_CAKE_init.md rename docs/{ => generic}/globalVariables.md (100%) diff --git a/docs/INSTALL.debian9.md b/docs/INSTALL.debian9.md index e6f4441f9..95666dabc 100644 --- a/docs/INSTALL.debian9.md +++ b/docs/INSTALL.debian9.md @@ -7,7 +7,7 @@ !!! notice Maintained and tested by @SteveClement on 20181023 -{!globalVariables.md!} +{!generic/globalVariables.md!} ```bash PHP_INI=/etc/php/7.0/apache2/php.ini @@ -270,7 +270,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ ``` ============================================= Begin sample working SSL config for MISP -:80> + ServerAdmin admin@ ServerName @@ -282,7 +282,7 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ ServerSignature Off -:443> + ServerAdmin admin@ ServerName DocumentRoot $PATH_TO_MISP/app/webroot @@ -410,159 +410,16 @@ then echo 'exit 0' | sudo tee -a /etc/rc.local sudo chmod u+x /etc/rc.local fi - -# Initialize user and fetch Auth Key -sudo -E $CAKE userInit -q -AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) - -# Setup some more MISP default via cake CLI - -# Tune global time outs -sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo $CAKE Admin setSetting "Session.timeout" 600 -sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 - -# Enable GnuPG -sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" -sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" -sudo $CAKE Admin setSetting "GnuPG.password" "Password1234" - -# Enable Enrichment set better timeouts -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 -sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 - -# Enable Import modules set better timout -sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666 -sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true -sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true - -# Enable Export modules set better timout -sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666 -sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true - -# Enable installer org and tune some configurables -sudo $CAKE Admin setSetting "MISP.host_org_id" 1 -sudo $CAKE Admin setSetting "MISP.email" "info@admin.test" -sudo $CAKE Admin setSetting "MISP.disable_emailing" true -sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test" -sudo $CAKE Admin setSetting "MISP.disablerestalert" true -sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true - -# Provisional Cortex tunes -sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false -sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true - -# Various plugin sightings settings -sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0 -sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false -sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365 - -# Plugin CustomAuth tuneable -sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false - -# RPZ Plugin settings - -sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" -sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" -sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" -sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" -sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" -sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" -sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" -sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." -sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" -sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" - -# Force defaults to make MISP Server Settings less RED -sudo $CAKE Admin setSetting "MISP.language" "eng" -sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false - -## Redis block -sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" -sudo $CAKE Admin setSetting "MISP.redis_port" 6379 -sudo $CAKE Admin setSetting "MISP.redis_database" 13 -sudo $CAKE Admin setSetting "MISP.redis_password" "" - -# Force defaults to make MISP Server Settings less YELLOW -sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 -sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false -sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4 -sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true -sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true -sudo $CAKE Admin setSetting "MISP.log_client_ip" false -sudo $CAKE Admin setSetting "MISP.log_auth" false -sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false -sudo $CAKE Admin setSetting "MISP.block_event_alert" false -sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" -sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false -sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" -sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false -sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" -sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" -sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" -sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings" - -# Force defaults to make MISP Server Settings less GREEN -sudo $CAKE Admin setSetting "Security.password_policy_length" 12 -sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' -# Tune global time outs -sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo $CAKE Admin setSetting "Session.timeout" 600 -sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 ``` +{!generic/MISP_CAKE_init.md!} ```bash -# Set MISP Live -sudo $CAKE Live $MISP_LIVE - -# Update the galaxies… -sudo $CAKE Admin updateGalaxies - -# Updating the taxonomies… -sudo $CAKE Admin updateTaxonomies - -# Updating the warning lists… -##sudo $CAKE Admin updateWarningLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update - -# Updating the notice lists… -## sudo $CAKE Admin updateNoticeLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update - -# Updating the object templates… -##sudo $CAKE Admin updateObjectTemplates -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update - # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local -sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local # Start the workers sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh @@ -578,13 +435,16 @@ cd misp-modules # pip install sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS sudo -u www-data /var/www/MISP/venv/bin/pip install . -sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp -sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git -# install STIX2.0 library to support STIX 2.0 export: -sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 sudo apt install ruby-pygments.rb -y sudo gem install asciidoctor-pdf --pre +# install STIX2.0 library to support STIX 2.0 export: +sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 + +# install additional dependencies for extended object generation and extraction +sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib +sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git + # Start misp-modules ## /!\ Check wtf is going on with yara. sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s & diff --git a/docs/INSTALL.ubuntu1804.md b/docs/INSTALL.ubuntu1804.md index f6613322c..8f8f80325 100644 --- a/docs/INSTALL.ubuntu1804.md +++ b/docs/INSTALL.ubuntu1804.md @@ -7,7 +7,7 @@ Maintained and tested by the community. It is also partially the basis of the [bootstrap.sh](https://github.com/MISP/misp-packer/blob/18.04/scripts/bootstrap.sh) script of misp-packer. -{!globalVariables.md!} +{!generic/globalVariables.md!} ### 1/ Minimal Ubuntu install ------------------------- diff --git a/docs/generic/MISP_CAKE_init.md b/docs/generic/MISP_CAKE_init.md new file mode 100644 index 000000000..4ba8e3f90 --- /dev/null +++ b/docs/generic/MISP_CAKE_init.md @@ -0,0 +1,146 @@ +#### Initialize MISP configuration and set some defaults +```bash +# Initialize user and fetch Auth Key +sudo -E $CAKE userInit -q +AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) + +# Setup some more MISP default via cake CLI + +# Tune global time outs +sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 +sudo $CAKE Admin setSetting "Session.timeout" 600 +sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 + +# Enable GnuPG +sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" +sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" +sudo $CAKE Admin setSetting "GnuPG.password" "Password1234" + +# Enable Enrichment set better timeouts +sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true +sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true +sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 +sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 +sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true +sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true +sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 + +# Enable Import modules set better timout +sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true +sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666 +sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300 +sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true +sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true + +# Enable Export modules set better timout +sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true +sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666 +sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300 +sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true + +# Enable installer org and tune some configurables +sudo $CAKE Admin setSetting "MISP.host_org_id" 1 +sudo $CAKE Admin setSetting "MISP.email" "info@admin.test" +sudo $CAKE Admin setSetting "MISP.disable_emailing" true +sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test" +sudo $CAKE Admin setSetting "MISP.disablerestalert" true +sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true + +# Provisional Cortex tunes +sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false +sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 +sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 +sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 +sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 +sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" +sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false +sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false +sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true + +# Various plugin sightings settings +sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0 +sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false +sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365 + +# Plugin CustomAuth tuneable +sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false + +# RPZ Plugin settings +sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" +sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" +sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" +sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" +sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" +sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" +sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" +sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" +sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." +sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" +sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" + +# Force defaults to make MISP Server Settings less RED +sudo $CAKE Admin setSetting "MISP.language" "eng" +sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false + +## Redis block +sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" +sudo $CAKE Admin setSetting "MISP.redis_port" 6379 +sudo $CAKE Admin setSetting "MISP.redis_database" 13 +sudo $CAKE Admin setSetting "MISP.redis_password" "" + +# Force defaults to make MISP Server Settings less YELLOW +sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 +sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false +sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4 +sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" +sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" +sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true +sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true +sudo $CAKE Admin setSetting "MISP.log_client_ip" false +sudo $CAKE Admin setSetting "MISP.log_auth" false +sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false +sudo $CAKE Admin setSetting "MISP.block_event_alert" false +sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" +sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false +sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" +sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false +sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" +sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" +sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" +sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings" + +# Force defaults to make MISP Server Settings less GREEN +sudo $CAKE Admin setSetting "Security.password_policy_length" 12 +sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' + +# Tune global time outs +sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 +sudo $CAKE Admin setSetting "Session.timeout" 600 +sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 + +# Update the galaxies… +sudo $CAKE Admin updateGalaxies + +# Updating the taxonomies… +sudo $CAKE Admin updateTaxonomies + +# Updating the warning lists… +##sudo $CAKE Admin updateWarningLists +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update + +# Updating the notice lists… +## sudo $CAKE Admin updateNoticeLists +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update + +# Updating the object templates… +##sudo $CAKE Admin updateObjectTemplates +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update + +# Set MISP Live +sudo $CAKE Live $MISP_LIVE +``` diff --git a/docs/globalVariables.md b/docs/generic/globalVariables.md similarity index 100% rename from docs/globalVariables.md rename to docs/generic/globalVariables.md diff --git a/docs/xINSTALL.OpenBSD.md b/docs/xINSTALL.OpenBSD.md index d7c73a886..7f9903867 100644 --- a/docs/xINSTALL.OpenBSD.md +++ b/docs/xINSTALL.OpenBSD.md @@ -21,6 +21,13 @@ !!! notice As of OpenBSD 6.4 the native httpd has rewrite rules and php 5.6 is gone too. +{!generic/globalVariables.md!} + +```bash +export AUTOMAKE_VERSION=1.16 +export AUTOCONF_VERSION=2.69 +``` + ### 1/ Minimal OpenBSD install ------------ @@ -30,16 +37,6 @@ - TBD -#### MISP configuration variables -```bash -export PATH_TO_MISP='/var/www/htdocs/MISP' -export MISP_BASEURL='https://misp.local' -export MISP_LIVE='1' -export CAKE="$PATH_TO_MISP/app/Console/cake" -export AUTOMAKE_VERSION=1.16 -export AUTOCONF_VERSION=2.69 -``` - #### doas & pkg (as root) ```bash echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md index c240e2351..e5fdb2f52 100644 --- a/docs/xINSTALL.centos7.md +++ b/docs/xINSTALL.centos7.md @@ -11,55 +11,14 @@ CentOS 7.5-1804 [NetInstallURL](http://mirror.centos.org/centos/7.5.1804/os/x86_64/) -#### MISP configuration variables +{!generic/globalVariables.md!} ```bash # CentOS Specific RUN_PHP='/usr/bin/scl enable rh-php56 ' RUN_PYTHON='/usr/bin/scl enable rh-python36 ' -# MISP configuration variables -PATH_TO_MISP='/var/www/MISP' -CAKE="$PATH_TO_MISP/app/Console/cake" -MISP_BASEURL='' -MISP_LIVE='1' - -# Database configuration -DBHOST='localhost' -DBNAME='misp' -DBUSER_ADMIN='root' -DBPASSWORD_ADMIN="$(openssl rand -hex 32)" -DBUSER_MISP='misp' -DBPASSWORD_MISP="$(openssl rand -hex 32)" - -# Webserver configuration -FQDN='localhost' - -# OpenSSL configuration -OPENSSL_CN='Common Name' -OPENSSL_C='LU' -OPENSSL_ST='State' -OPENSSL_L='Location' -OPENSSL_O='Organization' -OPENSSL_OU='Organizational Unit' -OPENSSL_EMAILADDRESS='info@localhost' - -# GPG configuration -GPG_REAL_NAME='Autogenerated Key' -GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' -GPG_EMAIL_ADDRESS='admin@admin.test' -GPG_KEY_LENGTH='2048' -GPG_PASSPHRASE='Password1234' - -# php.ini configuration -upload_max_filesize=50M -post_max_size=50M -max_execution_time=300 -memory_limit=512M PHP_INI=/etc/opt/rh/rh-php56/php.ini - -echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" -echo "User (misp) DB Password: $DBPASSWORD_MISP" ``` ### 1/ Minimal CentOS install diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md index 01fb59e82..eb9c77be7 100644 --- a/docs/xINSTALL.debian_testing.md +++ b/docs/xINSTALL.debian_testing.md @@ -13,7 +13,7 @@ PHP 7.3.0RC2 is not working at the moment. Please us 7.2
**php-gnupg** and **php-redis** pull in PHP 7.3 thus they are installed with **pecl** -{!globalVariables.md!} +{!generic/globalVariables.md!} ```bash PHP_INI=/etc/php/7.2/apache2/php.ini @@ -434,159 +434,16 @@ then echo 'exit 0' | sudo tee -a /etc/rc.local sudo chmod u+x /etc/rc.local fi - -# Initialize user and fetch Auth Key -sudo -E $CAKE userInit -q -AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) - -# Setup some more MISP default via cake CLI - -# Tune global time outs -sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo $CAKE Admin setSetting "Session.timeout" 600 -sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 - -# Enable GnuPG -sudo $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" -sudo $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" -sudo $CAKE Admin setSetting "GnuPG.password" "Password1234" - -# Enable Enrichment set better timeouts -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 -sudo $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 - -# Enable Import modules set better timout -sudo $CAKE Admin setSetting "Plugin.Import_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Import_services_port" 6666 -sudo $CAKE Admin setSetting "Plugin.Import_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true -sudo $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true - -# Enable Export modules set better timout -sudo $CAKE Admin setSetting "Plugin.Export_services_enable" true -sudo $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Export_services_port" 6666 -sudo $CAKE Admin setSetting "Plugin.Export_timeout" 300 -sudo $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true - -# Enable installer org and tune some configurables -sudo $CAKE Admin setSetting "MISP.host_org_id" 1 -sudo $CAKE Admin setSetting "MISP.email" "info@admin.test" -sudo $CAKE Admin setSetting "MISP.disable_emailing" true -sudo $CAKE Admin setSetting "MISP.contact" "info@admin.test" -sudo $CAKE Admin setSetting "MISP.disablerestalert" true -sudo $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true - -# Provisional Cortex tunes -sudo $CAKE Admin setSetting "Plugin.Cortex_services_enable" false -sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 -sudo $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false -sudo $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true - -# Various plugin sightings settings -sudo $CAKE Admin setSetting "Plugin.Sightings_policy" 0 -sudo $CAKE Admin setSetting "Plugin.Sightings_anonymise" false -sudo $CAKE Admin setSetting "Plugin.Sightings_range" 365 - -# Plugin CustomAuth tuneable -sudo $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false - -# RPZ Plugin settings - -sudo $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" -sudo $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" -sudo $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" -sudo $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" -sudo $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" -sudo $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" -sudo $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" -sudo $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" -sudo $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." -sudo $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" -sudo $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" - -# Force defaults to make MISP Server Settings less RED -sudo $CAKE Admin setSetting "MISP.language" "eng" -sudo $CAKE Admin setSetting "MISP.proposals_block_attributes" false - -## Redis block -sudo $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" -sudo $CAKE Admin setSetting "MISP.redis_port" 6379 -sudo $CAKE Admin setSetting "MISP.redis_database" 13 -sudo $CAKE Admin setSetting "MISP.redis_password" "" - -# Force defaults to make MISP Server Settings less YELLOW -sudo $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 -sudo $CAKE Admin setSetting "MISP.extended_alert_subject" false -sudo $CAKE Admin setSetting "MISP.default_event_threat_level" 4 -sudo $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" -sudo $CAKE Admin setSetting "MISP.enableEventBlacklisting" true -sudo $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true -sudo $CAKE Admin setSetting "MISP.log_client_ip" false -sudo $CAKE Admin setSetting "MISP.log_auth" false -sudo $CAKE Admin setSetting "MISP.disableUserSelfManagement" false -sudo $CAKE Admin setSetting "MISP.block_event_alert" false -sudo $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" -sudo $CAKE Admin setSetting "MISP.block_old_event_alert" false -sudo $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" -sudo $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false -sudo $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" -sudo $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" -sudo $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" -sudo $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP, change this message in MISP Settings" - -# Force defaults to make MISP Server Settings less GREEN -sudo $CAKE Admin setSetting "Security.password_policy_length" 12 -sudo $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' -# Tune global time outs -sudo $CAKE Admin setSetting "Session.autoRegenerate" 0 -sudo $CAKE Admin setSetting "Session.timeout" 600 -sudo $CAKE Admin setSetting "Session.cookie_timeout" 3600 ``` +{!generic/MISP_CAKE_init.md!} ```bash -# Set MISP Live -sudo $CAKE Live $MISP_LIVE - -# Update the galaxies… -sudo $CAKE Admin updateGalaxies - -# Updating the taxonomies… -sudo $CAKE Admin updateTaxonomies - -# Updating the warning lists… -##sudo $CAKE Admin updateWarningLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/warninglists/update - -# Updating the notice lists… -## sudo $CAKE Admin updateNoticeLists -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/noticelists/update - -# Updating the object templates… -##sudo $CAKE Admin updateObjectTemplates -curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -k -X POST https://127.0.0.1/objectTemplates/update - # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh > /tmp/worker_start_rc.local.log\n' /etc/rc.local -sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local +sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local # Start the workers sudo -u www-data bash $PATH_TO_MISP/app/Console/worker/start.sh @@ -602,13 +459,16 @@ cd misp-modules # pip install sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS sudo -u www-data /var/www/MISP/venv/bin/pip install . -sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic wand yara pathlib pymisp -sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git -# install STIX2.0 library to support STIX 2.0 export: -sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 sudo apt install ruby-pygments.rb -y sudo gem install asciidoctor-pdf --pre +# install STIX2.0 library to support STIX 2.0 export: +sudo -u www-data /var/www/MISP/venv/bin/pip install stix2 + +# install additional dependencies for extended object generation and extraction +sudo -u www-data /var/www/MISP/venv/bin/pip install maec lief python-magic pathlib +sudo -u www-data /var/www/MISP/venv/bin/pip install git+https://github.com/kbandla/pydeep.git + # Start misp-modules ## /!\ Check wtf is going on with yara. sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 0.0.0.0 -s &