MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into 2.4

pull/4605/head
mokaddem 2019-05-08 11:59:07 +02:00
parent 3d74ce99ef 10697b8300
commit e6b8f32729
16 changed files with 185 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.travis.yml
View File

@ -112,7 +112,8 @@ script:
- ./curl_tests.sh $AUTH
- popd
- pushd PyMISP
- pipenv install -d
# FIXME: should be install, but as lief is changing all the time, we have to use update instead: https://github.com/MISP/PyMISP/issues/391
- pipenv update -d
- pushd tests
- git clone https://github.com/viper-framework/viper-test-files.git
- popd

2
PyMISP

@ -1 +1 @@
Subproject commit 0754fdbe329e92e9e0116bd29837ecc11a31c42b
Subproject commit e8bba395bc67bf56e41ddd022ebae670c5b0d64b

21
app/Console/Command/AdminShell.php
View File

@ -177,10 +177,10 @@ class AdminShell extends AppShell
}
}
# FIXME: Debug and make it work, fails to pass userId/orgId properly
# FIXME: Fails to pass userId/orgId properly, global update works.
public function updateObjectTemplates() {
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin updateNoticeLists [user_id]' . PHP_EOL;
echo 'Usage: ' . APP . '/cake ' . 'Admin updateObjectTemplates [user_id]' . PHP_EOL;
} else {
$userId = $this->args[0];
$user = $this->User->find('first', array(
@ -190,8 +190,15 @@ class AdminShell extends AppShell
),
'fields' => array('User.id', 'User.org_id')
));
# If the user_id passed does not exist, do a global update.
if (empty($user)) {
echo 'User not found' . PHP_EOL;
echo 'User with ID: ' . $userId . ' not found' . PHP_EOL;
$result = $this->ObjectTemplate->update();
if ($result) {
echo 'Object templates updated' . PHP_EOL;
} else {
echo 'Could not update object templates' . PHP_EOL;
}
} else {
$result = $this->ObjectTemplate->update($user, false,false);
if ($result) {
@ -309,18 +316,18 @@ class AdminShell extends AppShell
public function updateDatabase() {
$whoami = exec('whoami');
if ($whoami === 'httpd' || $whoami === 'www-data') {
if ($whoami === 'httpd' || $whoami === 'www-data' || $whoami === 'apache') {
echo 'Executing all updates to bring the database up to date with the current version.' . PHP_EOL;
$this->Server->runUpdates(true);
echo 'All updates completed.' . PHP_EOL;
} else {
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL);
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL . 'You tried to run this command as: ' . $whoami . PHP_EOL);
}
}
public function updateApp() {
$whoami = exec('whoami');
if ($whoami === 'httpd' || $whoami === 'www-data') {
if ($whoami === 'httpd' || $whoami === 'www-data' || $whoami === 'apache') {
$command = $this->args[0];
if (!empty($this->args[1])) {
$processId = $this->args[1];
@ -345,7 +352,7 @@ class AdminShell extends AppShell
$job['Job']['message'] = 'Update done';
$this->Job->save($job);
} else {
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL);
die('This OS user is not allowed to run this command.' . PHP_EOL . 'Run it under `www-data` or `httpd`.' . PHP_EOL . 'You tried to run this command as: ' . $whoami . PHP_EOL);
}
}

16
app/Lib/Export/RPZExport.php
View File

@ -23,6 +23,16 @@ class RPZExport
'action' => 'rpz-drop.',
'setting_id' => 0,
),
'PASSTHRU' => array(
'explanation' => 'lets queries through, but allows for logging the hits (useful for testing).',
'action' => 'rpz-passthru.',
'setting_id' => 4,
),
'TCP-only' => array(
'explanation' => 'force the client to use TCP.',
'action' => 'rpz-tcp-only.',
'setting_id' => 5,
),
);
private $__items = array();
@ -33,7 +43,7 @@ class RPZExport
private $__rpzSettings = array();
private $__valid_policies = array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden');
private $__valid_policies = array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden', 'PASSTHRU', 'TCP-only');
private $__server = null;
@ -100,7 +110,7 @@ class RPZExport
$lookupData = array('policy', 'walled_garden', 'ns', 'ns_alt', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
foreach ($lookupData as $v) {
if ($v === 'policy' && isset($options['filters'][$v])) {
if (!in_array($options['filters'][$v], array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden'))) {
if (!in_array($options['filters'][$v], array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden', 'PASSTHRU', 'TCP-only'))) {
unset($options['filters'][$v]);
} else {
$options['filters'][$v] = $this->getIdByPolicy($options['filters'][$v]);
@ -162,6 +172,8 @@ class RPZExport
'NXDOMAIN' => 'return NXDOMAIN (name does not exist) irrespective of actual result received.',
'NODATA' => 'returns NODATA (name exists but no answers returned) irrespective of actual result received.',
'DROP' => 'timeout.',
'PASSTHRU' => 'lets queries through, but allows for logging the hits (useful for testing).',
'TCP-only' => 'force the client to use TCP.',
);
return $explanations[$type] . $this->__policies[$policy]['explanation'] . PHP_EOL;
}

4
app/Lib/Export/YaraExport.php
View File

@ -122,13 +122,13 @@ class YaraExport
{
$footer = $this->__JsonExporter->footer($options);
$this->__curr_input_file->append($footer);
$pythonSrcipt = $this->__script_path;
$pythonScript = $this->__script_path;
$in = $this->__curr_input_file->path;
$out1 = $this->__yara_file_gen->path;
$out2 = $this->__yara_file_asis->path;
$logging = $this->__end_of_cmd;
$raw_flag = $this->__raw_mode ? '--raw' : '';
$result = shell_exec("python3 $pythonSrcipt --input $in --out-generated $out1 --out-asis $out2 $raw_flag $logging");
$result = shell_exec($this->getPythonVersion() . " $pythonScript --input $in --out-generated $out1 --out-asis $out2 $raw_flag $logging");
$this->__curr_input_file->close();
$this->__curr_input_file->delete();
$this->__n_attributes = 0;

4
app/Model/AppModel.php
View File

@ -224,7 +224,7 @@ class AppModel extends Model
}
// SQL scripts for updates
public function updateDatabase($command, $useWorker=true)
public function updateDatabase($command, $useWorker=false)
{
// Exit if updates are locked
if ($this->isUpdateLocked()) {
@ -241,7 +241,7 @@ class AppModel extends Model
'job_input' => 'command: ' . $command,
'status' => 0,
'retries' => 0,
'org_id' => '',
'org_id' => 0,
'org' => '',
'message' => 'Updating.',
);

10
app/Model/Server.php
View File

@ -1235,7 +1235,7 @@ class Server extends AppModel
'errorMessage' => '',
'test' => 'testForRPZBehaviour',
'type' => 'numeric',
'options' => array(0 => 'DROP', 1 => 'NXDOMAIN', 2 => 'NODATA', 3 => 'walled-garden'),
'options' => array(0 => 'DROP', 1 => 'NXDOMAIN', 2 => 'NODATA', 3 => 'walled-garden', 4 => 'PASSTHRU', 5 => 'TCP-only' ),
),
'RPZ_walled_garden' => array(
'level' => 2,
@ -1247,7 +1247,7 @@ class Server extends AppModel
),
'RPZ_serial' => array(
'level' => 2,
'description' => __('The serial in the SOA portion of the zone file. (numeric, best practice is yyyymmddrr where rr is the two digit sub-revision of the file. $date will automatically get converted to the current yyyymmdd, so $date00 is a valid setting).'),
'description' => __('The serial in the SOA portion of the zone file. (numeric, best practice is yyyymmddrr where rr is the two digit sub-revision of the file. $date will automatically get converted to the current yyyymmdd, so $date00 is a valid setting). Setting it to $time will give you an unixtime-based serial (good then you need more than 99 revisions per day).'),
'value' => '$date00',
'errorMessage' => '',
'test' => 'testForRPZSerial',
@ -3294,8 +3294,8 @@ class Server extends AppModel
if ($numeric !== true) {
return $numeric;
}
if ($value < 0 || $value > 3) {
return 'Invalid setting, valid range is 0-3 (0 = DROP, 1 = NXDOMAIN, 2 = NODATA, 3 = walled garden.';
if ($value < 0 || $value > 5) {
return 'Invalid setting, valid range is 0-5 (0 = DROP, 1 = NXDOMAIN, 2 = NODATA, 3 = walled garden, 4 = PASSTHRU, 5 = TCP-only.';
}
return true;
}
@ -3325,7 +3325,7 @@ class Server extends AppModel
if ($this->testForEmpty($value) !== true) {
return $this->testForEmpty($value);
}
if (!preg_match('/^((\$date(\d*)|\d*))$/', $value)) {
if (!preg_match('/^((\$date(\d*)|\$time|\d*))$/', $value)) {
return 'Invalid format.';
}
return true;

104
app/View/Elements/Events/View/value_field.ctp
View File

@ -1,58 +1,60 @@
<?php
$sigDisplay = $object['value'];
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
if ($object['type'] == 'attachment' && isset($object['image'])) {
if (extension_loaded('gd')) {
$img = '<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>';
$img .= '<img class="screenshot screenshot-collapsed useCursorPointer img-rounded hidden" src="' . $baseurl . '/attributes/viewPicture/' . h($object['id']) . '/1' . '" title="' . h($object['value']) . '" onload="$(this).show(200); $(this).parent().find(\'.fa-spinner\').remove();"/>';
echo $img;
$sigDisplay = $object['value'];
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
if ($object['type'] == 'attachment' && isset($object['image'])) {
if (extension_loaded('gd')) {
$img = '<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>';
$img .= '<img class="screenshot screenshot-collapsed useCursorPointer img-rounded hidden" src="' . $baseurl . '/attributes/viewPicture/' . h($object['id']) . '/1' . '" title="' . h($object['value']) . '" onload="$(this).show(200); $(this).parent().find(\'.fa-spinner\').remove();"/>';
echo $img;
} else {
$extension = explode('.', $object['value']);
$extension = end($extension);
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
}
} else {
$extension = explode('.', $object['value']);
$extension = end($extension);
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
$filenameHash = explode('|', h($object['value']));
if (strrpos($filenameHash[0], '\\')) {
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
echo h($filepath);
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filename) . '</a>';
} else {
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filenameHash[0]) . '</a>';
}
if (isset($filenameHash[1])) echo '<br />' . $filenameHash[1];
}
} else if (strpos($object['type'], '|') !== false) {
$separator = in_array($object['type'], array('ip-dst|port', 'ip-src|port')) ? ':' : '<br />';
$value_pieces = explode('|', $object['value']);
foreach ($value_pieces as $k => $v) {
$value_pieces[$k] = h($v);
}
$object['value'] = implode($separator, $value_pieces);
echo ($object['value']);
} else if ('vulnerability' == $object['type']) {
$cveUrl = (is_null(Configure::read('MISP.cveurl'))) ? "http://www.google.com/search?q=" : Configure::read('MISP.cveurl');
echo $this->Html->link($sigDisplay, $cveUrl . $sigDisplay, array('target' => '_blank', 'class' => $linkClass));
} else if ('link' == $object['type'] && (substr($object['value'], 0, 7) === 'http://' || substr($object['value'], 0, 8) === 'https://')) {
echo $this->Html->link($sigDisplay, $sigDisplay, array('class' => $linkClass));
} else if ('cortex' == $object['type']) {
echo '<div class="cortex-json" data-cortex-json="' . h($object['value']) . '">Cortex object</div>';
} else if ('text' == $object['type']) {
if (($object['category'] == 'Internal reference' || $object['category'] == 'External analysis') && preg_match('/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/i', $object['value'])) {
echo '<a href="' . $baseurl . '/events/view/' . h($object['value']) . '" class="' . $linkClass . '">' . h($object['value']) . '</a>';
} else {
$sigDisplay = str_replace("\r", '', h($sigDisplay));
$sigDisplay = str_replace(" ", '&nbsp;', $sigDisplay);
echo $sigDisplay;
}
} else if ('hex' == $object['type']) {
$sigDisplay = str_replace("\r", '', $sigDisplay);
echo '<span class="hex-value" title="' . __('Hexadecimal representation') . '">' . h($sigDisplay) . '</span>&nbsp;<span role="button" tabindex="0" aria-label="' . __('Switch to binary representation') . '" class="icon-repeat hex-value-convert useCursorPointer" title="' . __('Switch to binary representation') . '"></span>';
} else {
$filenameHash = explode('|', h($object['value']));
if (strrpos($filenameHash[0], '\\')) {
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
echo h($filepath);
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filename) . '</a>';
} else {
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filenameHash[0]) . '</a>';
}
if (isset($filenameHash[1])) echo '<br />' . $filenameHash[1];
$sigDisplay = str_replace("\r", '', $sigDisplay);
echo h($sigDisplay);
}
} else if (strpos($object['type'], '|') !== false) {
$separator = in_array($object['type'], array('ip-dst|port', 'ip-src|port')) ? ':' : '<br />';
$value_pieces = explode('|', $object['value']);
foreach ($value_pieces as $k => $v) {
$value_pieces[$k] = h($v);
if (isset($object['validationIssue'])) {
echo ' <span class="fa fa-exclamation-triangle" title="' . __('Warning, this doesn\'t seem to be a legitimate ') . strtoupper(h($object['type'])) . __(' value') . '">&nbsp;</span>';
}
$object['value'] = implode($separator, $value_pieces);
echo ($object['value']);
} else if ('vulnerability' == $object['type']) {
$cveUrl = (is_null(Configure::read('MISP.cveurl'))) ? "http://www.google.com/search?q=" : Configure::read('MISP.cveurl');
echo $this->Html->link($sigDisplay, $cveUrl . $sigDisplay, array('target' => '_blank', 'class' => $linkClass));
} else if ('link' == $object['type']) {
echo $this->Html->link($sigDisplay, $sigDisplay, array('class' => $linkClass));
} else if ('cortex' == $object['type']) {
echo '<div class="cortex-json" data-cortex-json="' . h($object['value']) . '">Cortex object</div>';
} else if ('text' == $object['type']) {
if (($object['category'] == 'Internal reference' || $object['category'] == 'External analysis') && preg_match('/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/i', $object['value'])) {
echo '<a href="' . $baseurl . '/events/view/' . h($object['value']) . '" class="' . $linkClass . '">' . h($object['value']) . '</a>';
} else {
$sigDisplay = str_replace("\r", '', h($sigDisplay));
$sigDisplay = str_replace(" ", '&nbsp;', $sigDisplay);
echo $sigDisplay;
}
} else if ('hex' == $object['type']) {
$sigDisplay = str_replace("\r", '', $sigDisplay);
echo '<span class="hex-value" title="' . __('Hexadecimal representation') . '">' . h($sigDisplay) . '</span>&nbsp;<span role="button" tabindex="0" aria-label="' . __('Switch to binary representation') . '" class="icon-repeat hex-value-convert useCursorPointer" title="' . __('Switch to binary representation') . '"></span>';
} else {
$sigDisplay = str_replace("\r", '', $sigDisplay);
echo h($sigDisplay);
}
if (isset($object['validationIssue'])) echo ' <span class="fa fa-exclamation-triangle" title="' . __('Warning, this doesn\'t seem to be a legitimate ') . strtoupper(h($object['type'])) . __(' value') . '">&nbsp;</span>';
?>

14
app/View/Helper/CommandHelper.php
View File

@ -36,7 +36,7 @@ App::uses('AppHelper', 'View/Helper');
$closing = preg_match('%\[/' . $trigger . '\]%isU', $string, $closing_matches, PREG_OFFSET_CAPTURE);
$opening_len = strlen($trigger) + 2;
$closing_len = $opening_len + 1;
if ((count($opening) !== count($closing))) return false;
if ((count($opening_matches) !== count($closing_matches))) return false;
$pairs = array();
$rearrangedTags = array();
foreach ($opening_matches as $opening_tag) {
@ -68,10 +68,14 @@ App::uses('AppHelper', 'View/Helper');
$replacement = '%MALFORMED URL%';
} else {
if (filter_var(str_replace('$1', $data, $this->__replacement[$trigger]['url']), FILTER_VALIDATE_URL)) {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
if (substr($data, 0, 7) === 'http://' || substr($data, 0, 8) === 'https://') {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
} else {
$replacement = '%MALFORMED URL%';
}
} else {
$replacement = '%MALFORMED URL%';
}

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit 94466d8196dce3dafd2a41942d02e4c5362dbe51
Subproject commit 988586fde0ee119cb0629e5155ceb9437a48f65b

2
app/files/misp-objects

@ -1 +1 @@
Subproject commit 8f951e84502eecdaf404a0fa6a557220f0ecb0ee
Subproject commit 53e67b013122d658ff0f07e94ba34db81f69277b

9
app/files/scripts/misp2stix.py
View File

@ -791,9 +791,9 @@ class StixBuilder(object):
if 'user-agent' in attributes_dict:
email_header.user_agent = attributes_dict['user-agent'][0]['value']
email_header.user_agent.condition = "Equals"
if 'email-attachment' in attributes_dict:
email.attachments = Attachments()
for attachment in attributes_dict['email-attachment']:
if 'attachment' in attributes_dict:
email_object.attachments = Attachments()
for attachment in attributes_dict['attachment']:
attachment_file = self.create_file_attachment(attachment['value'], attachment['uuid'])
email_object.add_related(attachment_file, "Contains", inline=True)
email_object.attachments.append(attachment_file.parent.id_)
@ -1374,7 +1374,8 @@ class StixBuilder(object):
return domain_observable
def create_file_attachment(self, value, uuid):
file_object = File(file_name=value)
file_object = File()
file_object.file_name = value
file_object.file_name.condition = "Equals"
file_object.parent.id_ = "{}:FileObject-{}".format(self.namespace_prefix, uuid)
return file_object

4
app/webroot/js/misp.js
View File

@ -97,7 +97,9 @@ function screenshotPopup(url, title) {
if (!url.startsWith('data:image/')) {
url = url.slice(0, -1);
}
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>'
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>';
url = $('<div>').text(url).html();
title = $('<div>').text(title).html();
popupHtml += '<img class="screenshot_box-content hidden" src="' + url + '" id="screenshot-image" title="' + title + '" alt="' + title + '" onload="$(this).show(); $(this).parent().find(\'.fa-spinner\').remove();"/>';
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
if (!url.startsWith('data:image/')) {

55
docs/xINSTALL.OpenBSD.md
View File

@ -1,16 +1,15 @@
# INSTALLATION INSTRUCTIONS
## for OpenBSD 6.4-amd64
## for OpenBSD 6.5-amd64
!!! warning
This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
LIEF, will probably not be available for a long long time on OpenBSD, until someone is brave enough to make it work.
GnuPG also needs some more TLC.
LIEF, will probably not be available for a long long time on OpenBSD, until someone is brave enough to make it work.
GnuPG also needs some more TLC.
### 0/ WIP! You are warned, this does not work yet!
### 0/ WIP! You are warned, this does only partially work!
------------
!!! notice
Current issues: php-redis only available in binary for php-56, workaround: use OpenBSD 6.4.
This guide attempts to offer native httpd or apache2/nginx.
!!! warning
@ -39,7 +38,9 @@ export AUTOCONF_VERSION=2.69
#### doas & pkg (as root)
```bash
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
if [[ ! -e /etc/installurl ]]; then
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
fi
echo "permit keepenv setenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } :wheel" > /etc/doas.conf
## FIXME: this does NOT set the HOME env correctly, please fix to make pip happier
echo "permit nopass setenv { ENV PS1 HOME=/var/www } www" >> /etc/doas.conf
@ -54,6 +55,18 @@ signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig
doas tar -x -z -f /tmp/ports.tar.gz -C /usr
```
##### If you want to use php-gd (resizing of images) you need X (optional)
```bash
cd /tmp
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xbase$(uname -r| tr -d \.).tgz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xbase$(uname -r |tr -d \.).tgz
doas tar -xzphf /tmp/xbase$(uname -r| tr -d \.).tgz -C /
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xshare$(uname -r| tr -d \.).tgz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xshare$(uname -r |tr -d \.).tgz
doas tar -xzphf /tmp/xshare$(uname -r| tr -d \.).tgz -C /
```
#### Update system
```bash
doas syspatch
@ -119,10 +132,14 @@ doas /usr/local/sbin/ntpd -p /var/run/ntpd.pid
#### misp user
```bash
doas useradd -m -s /usr/local/bin/bash -G wheel,www misp
if [[ -z $(id misp 2>/dev/null) ]]; then
doas useradd -m -s /usr/local/bin/bash -G wheel,www misp
else
doas usermod -G www misp
fi
```
#### /etc/httpd.conf
#### /etc/httpd.conf (native httpd)
```bash
doas cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config example below
```
@ -256,33 +273,33 @@ doas pkg_add -v fcgi-cgi fcgi
!!! notice
php-5.6 is marked as end-of-life starting December 2018, use php 7.0 instead.
Option 2.
If on OpenBSD 6.3, upgrade to 6.4 to make your life much easier.
If on OpenBSD 6.3, upgrade to 6.5 to make your life much easier.
```
doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl72-redis php-gd
doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl73-redis php-gd
```
#### /etc/php-7.2.ini
#### /etc/php-7.3.ini
```
## TODO: sed foo as .ini exists
allow_url_fopen = On
```
```bash
cd /etc/php-7.2
doas cp ../php-7.2.sample/* .
cd /etc/php-7.3
doas cp ../php-7.3.sample/* .
```
#### php symlinks
```bash
doas ln -s /usr/local/bin/php-7.2 /usr/local/bin/php
doas ln -s /usr/local/bin/phpize-7.2 /usr/local/bin/phpize
doas ln -s /usr/local/bin/php-config-7.2 /usr/local/bin/php-config
doas ln -s /usr/local/bin/php-7.3 /usr/local/bin/php
doas ln -s /usr/local/bin/phpize-7.3 /usr/local/bin/phpize
doas ln -s /usr/local/bin/php-config-7.3 /usr/local/bin/php-config
```
#### Enable php fpm
```bash
doas rcctl enable php72_fpm
doas rcctl enable php73_fpm
```
#### Configure fpm
@ -312,7 +329,7 @@ pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = /var/www" | doas tee /etc/php-fpm.d/default.conf
doas /etc/rc.d/php72_fpm start
doas /etc/rc.d/php73_fpm start
```
!!! notice
@ -514,7 +531,7 @@ DirectoryIndex index.php
```
```bash
doas ln -sf /var/www/conf/modules.sample/php-7.2.conf /var/www/conf/modules/php.conf
doas ln -sf /var/www/conf/modules.sample/php-7.3.conf /var/www/conf/modules/php.conf
# Restart apache
doas /etc/rc.d/apache2 restart
```

74
docs/xINSTALL.centos7.md
View File

@ -38,12 +38,15 @@ Make sure you are reading the parsed version of this Document. When in doubt [cl
{!generic/globalVariables.md!}
```bash
# CentOS Specific
RUN_PHP='/usr/bin/scl enable rh-php72 '
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
# <snippet-begin 0_RHEL_PHP_INI.sh>
# RHEL/CentOS Specific
RUN_PHP='/usr/bin/scl enable rh-php72'
RUN_PYTHON='/usr/bin/scl enable rh-python36'
SUDO_WWW='sudo -H -u apache'
WWW_USER='apache'
PHP_INI=/etc/opt/rh/rh-php72/php.ini
# <snippet-end 0_RHEL_PHP_INI.sh>
```
### 1/ Minimal CentOS install
@ -76,8 +79,8 @@ sudo yum install epel-release -y
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
sudo yum install centos-release-scl -y
# Because vim is just so practical
sudo yum install vim -y
# Because (neo)vim is just so practical
sudo yum install neovim -y
# Install the dependencies:
sudo yum install gcc git zip \
@ -95,8 +98,7 @@ sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysql
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
sudo yum install rh-python36 -y
sudo systemctl enable rh-php72-php-fpm.service
sudo systemctl start rh-php72-php-fpm.service
sudo systemctl enable --now rh-php72-php-fpm.service
```
!!! notice
@ -105,13 +107,10 @@ sudo systemctl start rh-php72-php-fpm.service
```bash
# GPG needs lots of entropy, haveged provides entropy
sudo yum install haveged -y
sudo systemctl enable haveged.service
sudo systemctl start haveged.service
sudo systemctl enable --now haveged.service
# Enable and start redis
sudo systemctl enable redis.service
sudo systemctl start redis.service
sudo systemctl enable --now redis.service
```
### 3/ MISP code
@ -119,7 +118,7 @@ sudo systemctl start redis.service
```bash
# Download MISP using git in the /var/www/ directory.
sudo mkdir $PATH_TO_MISP
sudo chown apache:apache $PATH_TO_MISP
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
cd /var/www
$SUDO_WWW git clone https://github.com/MISP/MISP.git
cd $PATH_TO_MISP
@ -133,6 +132,8 @@ cd $PATH_TO_MISP
$SUDO_WWW git submodule update --init --recursive
# Make git ignore filesystem permission differences for submodules
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
# Make git ignore filesystem permission differences
$SUDO_WWW git config core.filemode false
# Install packaged pears
sudo $RUN_PHP "pear channel-update pear.php.net"
@ -142,14 +143,18 @@ sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/packa
# Create a python3 virtualenv
$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
sudo mkdir /usr/share/httpd/.cache
sudo chown apache:apache /usr/share/httpd/.cache
sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.cache
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
# install Mitre's STIX and its dependencies by running the following commands:
sudo yum install python-importlib python-lxml python-dateutil python-six -y
##sudo yum install python-importlib python-lxml python-dateutil python-six -y
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
cd $PATH_TO_MISP/app/files/scripts/python-cybox
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
UMASK=$(umask)
@ -169,8 +174,6 @@ $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
# lief needs manual compilation
sudo yum install devtoolset-7 cmake3 -y
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
# TODO: Fix static path with PATH_TO_MISP
cd $PATH_TO_MISP/app/files/scripts/lief
@ -193,9 +196,6 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/p
# install magic, pydeep
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
# install mixbox to accommodate the new STIX dependencies:
cd $PATH_TO_MISP/app/files/scripts/
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
cd $PATH_TO_MISP/app/files/scripts/mixbox
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
@ -225,9 +225,9 @@ sudo systemctl restart rh-php72-php-fpm.service
#### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
#### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
```bash
sudo chown -R apache:apache $PATH_TO_MISP
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
sudo mkdir /usr/share/httpd/.composer
sudo chown apache:apache /usr/share/httpd/.composer
sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.composer
cd $PATH_TO_MISP/app
# Update composer.phar (optional)
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
@ -264,7 +264,7 @@ sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/Cake
----------------------
```bash
# Make sure the permissions are set correctly using the following commands as root:
sudo chown -R apache:apache $PATH_TO_MISP
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
sudo chmod -R g+r,o= $PATH_TO_MISP
sudo chmod -R 750 $PATH_TO_MISP
@ -273,22 +273,21 @@ sudo chmod -R g+ws $PATH_TO_MISP/app/files
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
sudo chmod -R g+rw $PATH_TO_MISP/venv
sudo chmod -R g+rw $PATH_TO_MISP/.git
sudo chown apache:apache $PATH_TO_MISP/app/files
sudo chown apache:apache $PATH_TO_MISP/app/files/terms
sudo chown apache:apache $PATH_TO_MISP/app/files/scripts/tmp
sudo chown apache:apache $PATH_TO_MISP/app/Plugin/CakeResque/tmp
sudo chown -R apache:apache $PATH_TO_MISP/app/Config
sudo chown -R apache:apache $PATH_TO_MISP/app/tmp
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/orgs
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/custom
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/terms
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/scripts/tmp
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Plugin/CakeResque/tmp
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/tmp
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/orgs
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/custom
```
### 6/ Create a database and user
-----------------------------
```bash
# Enable, start and secure your mysql database server
sudo systemctl enable mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable --now mariadb.service
sudo yum install expect -y
@ -425,8 +424,7 @@ sudo setsebool -P httpd_can_network_connect on
sudo setsebool -P httpd_can_sendmail on
# Enable and start the httpd service
sudo systemctl enable httpd.service
sudo systemctl start httpd.service
sudo systemctl enable --now httpd.service
# Open a hole in the iptables firewall
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
@ -511,7 +509,7 @@ class DATABASE_CONFIG {
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# If you want to be able to change configuration parameters from the webinterface:
sudo chown apache:apache $PATH_TO_MISP/app/Config/config.php
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config/config.php
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
# Generate a GPG encryption key.
@ -532,11 +530,11 @@ EOF
sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
sudo rm -f /tmp/gen-key-script
sudo chown -R apache:apache $PATH_TO_MISP/.gnupg
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/.gnupg
# And export the public key to the webroot
sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
sudo chown apache:apache $PATH_TO_MISP/app/webroot/gpg.asc
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/gpg.asc
# Start the workers to enable background jobs
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh

4
mkdocs.yml
View File

@ -74,13 +74,11 @@ nav:
- xInstall Guides:
- 'Warning': 'xINSTALL.md'
- 'Centos 6': 'xINSTALL.centos6.md'
- 'Centos 7': 'xINSTALL.centos7.md'
- 'Debian stable': 'xINSTALL.debian9.md'
- 'Debian testing': 'xINSTALL.debian_testing.md'
- 'Debian 9 \w postgresql': 'xINSTALL.debian9-postgresql.md'
- 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
- 'OpenBSD 6.4': 'xINSTALL.OpenBSD.md'
- 'OpenBSD 6.5': 'xINSTALL.OpenBSD.md'
- 'RHEL8 (Beta)': 'xINSTALL.rhel8.md'
- Config Guides:
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'