mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
e6b8f32729
|
@ -112,7 +112,8 @@ script:
|
|||
- ./curl_tests.sh $AUTH
|
||||
- popd
|
||||
- pushd PyMISP
|
||||
- pipenv install -d
|
||||
# FIXME: should be install, but as lief is changing all the time, we have to use update instead: https://github.com/MISP/PyMISP/issues/391
|
||||
- pipenv update -d
|
||||
- pushd tests
|
||||
- git clone https://github.com/viper-framework/viper-test-files.git
|
||||
- popd
|
||||
|
|
2
PyMISP
2
PyMISP
|
@ -1 +1 @@
|
|||
Subproject commit 0754fdbe329e92e9e0116bd29837ecc11a31c42b
|
||||
Subproject commit e8bba395bc67bf56e41ddd022ebae670c5b0d64b
|
|
@ -177,10 +177,10 @@ class AdminShell extends AppShell
|
|||
}
|
||||
}
|
||||
|
||||
# FIXME: Debug and make it work, fails to pass userId/orgId properly
|
||||
# FIXME: Fails to pass userId/orgId properly, global update works.
|
||||
public function updateObjectTemplates() {
|
||||
if (empty($this->args[0])) {
|
||||
echo 'Usage: ' . APP . '/cake ' . 'Admin updateNoticeLists [user_id]' . PHP_EOL;
|
||||
echo 'Usage: ' . APP . '/cake ' . 'Admin updateObjectTemplates [user_id]' . PHP_EOL;
|
||||
} else {
|
||||
$userId = $this->args[0];
|
||||
$user = $this->User->find('first', array(
|
||||
|
@ -190,8 +190,15 @@ class AdminShell extends AppShell
|
|||
),
|
||||
'fields' => array('User.id', 'User.org_id')
|
||||
));
|
||||
# If the user_id passed does not exist, do a global update.
|
||||
if (empty($user)) {
|
||||
echo 'User not found' . PHP_EOL;
|
||||
echo 'User with ID: ' . $userId . ' not found' . PHP_EOL;
|
||||
$result = $this->ObjectTemplate->update();
|
||||
if ($result) {
|
||||
echo 'Object templates updated' . PHP_EOL;
|
||||
} else {
|
||||
echo 'Could not update object templates' . PHP_EOL;
|
||||
}
|
||||
} else {
|
||||
$result = $this->ObjectTemplate->update($user, false,false);
|
||||
if ($result) {
|
||||
|
@ -309,18 +316,18 @@ class AdminShell extends AppShell
|
|||
|
||||
public function updateDatabase() {
|
||||
$whoami = exec('whoami');
|
||||
if ($whoami === 'httpd' || $whoami === 'www-data') {
|
||||
if ($whoami === 'httpd' || $whoami === 'www-data' || $whoami === 'apache') {
|
||||
echo 'Executing all updates to bring the database up to date with the current version.' . PHP_EOL;
|
||||
$this->Server->runUpdates(true);
|
||||
echo 'All updates completed.' . PHP_EOL;
|
||||
} else {
|
||||
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL);
|
||||
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL . 'You tried to run this command as: ' . $whoami . PHP_EOL);
|
||||
}
|
||||
}
|
||||
|
||||
public function updateApp() {
|
||||
$whoami = exec('whoami');
|
||||
if ($whoami === 'httpd' || $whoami === 'www-data') {
|
||||
if ($whoami === 'httpd' || $whoami === 'www-data' || $whoami === 'apache') {
|
||||
$command = $this->args[0];
|
||||
if (!empty($this->args[1])) {
|
||||
$processId = $this->args[1];
|
||||
|
@ -345,7 +352,7 @@ class AdminShell extends AppShell
|
|||
$job['Job']['message'] = 'Update done';
|
||||
$this->Job->save($job);
|
||||
} else {
|
||||
die('This OS user is not allowed to run this command.'. PHP_EOL. 'Run it under `www-data` or `httpd`.' . PHP_EOL);
|
||||
die('This OS user is not allowed to run this command.' . PHP_EOL . 'Run it under `www-data` or `httpd`.' . PHP_EOL . 'You tried to run this command as: ' . $whoami . PHP_EOL);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -23,6 +23,16 @@ class RPZExport
|
|||
'action' => 'rpz-drop.',
|
||||
'setting_id' => 0,
|
||||
),
|
||||
'PASSTHRU' => array(
|
||||
'explanation' => 'lets queries through, but allows for logging the hits (useful for testing).',
|
||||
'action' => 'rpz-passthru.',
|
||||
'setting_id' => 4,
|
||||
),
|
||||
'TCP-only' => array(
|
||||
'explanation' => 'force the client to use TCP.',
|
||||
'action' => 'rpz-tcp-only.',
|
||||
'setting_id' => 5,
|
||||
),
|
||||
);
|
||||
|
||||
private $__items = array();
|
||||
|
@ -33,7 +43,7 @@ class RPZExport
|
|||
|
||||
private $__rpzSettings = array();
|
||||
|
||||
private $__valid_policies = array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden');
|
||||
private $__valid_policies = array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden', 'PASSTHRU', 'TCP-only');
|
||||
|
||||
private $__server = null;
|
||||
|
||||
|
@ -100,7 +110,7 @@ class RPZExport
|
|||
$lookupData = array('policy', 'walled_garden', 'ns', 'ns_alt', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
|
||||
foreach ($lookupData as $v) {
|
||||
if ($v === 'policy' && isset($options['filters'][$v])) {
|
||||
if (!in_array($options['filters'][$v], array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden'))) {
|
||||
if (!in_array($options['filters'][$v], array('NXDOMAIN', 'NODATA', 'DROP', 'walled-garden', 'PASSTHRU', 'TCP-only'))) {
|
||||
unset($options['filters'][$v]);
|
||||
} else {
|
||||
$options['filters'][$v] = $this->getIdByPolicy($options['filters'][$v]);
|
||||
|
@ -162,6 +172,8 @@ class RPZExport
|
|||
'NXDOMAIN' => 'return NXDOMAIN (name does not exist) irrespective of actual result received.',
|
||||
'NODATA' => 'returns NODATA (name exists but no answers returned) irrespective of actual result received.',
|
||||
'DROP' => 'timeout.',
|
||||
'PASSTHRU' => 'lets queries through, but allows for logging the hits (useful for testing).',
|
||||
'TCP-only' => 'force the client to use TCP.',
|
||||
);
|
||||
return $explanations[$type] . $this->__policies[$policy]['explanation'] . PHP_EOL;
|
||||
}
|
||||
|
|
|
@ -122,13 +122,13 @@ class YaraExport
|
|||
{
|
||||
$footer = $this->__JsonExporter->footer($options);
|
||||
$this->__curr_input_file->append($footer);
|
||||
$pythonSrcipt = $this->__script_path;
|
||||
$pythonScript = $this->__script_path;
|
||||
$in = $this->__curr_input_file->path;
|
||||
$out1 = $this->__yara_file_gen->path;
|
||||
$out2 = $this->__yara_file_asis->path;
|
||||
$logging = $this->__end_of_cmd;
|
||||
$raw_flag = $this->__raw_mode ? '--raw' : '';
|
||||
$result = shell_exec("python3 $pythonSrcipt --input $in --out-generated $out1 --out-asis $out2 $raw_flag $logging");
|
||||
$result = shell_exec($this->getPythonVersion() . " $pythonScript --input $in --out-generated $out1 --out-asis $out2 $raw_flag $logging");
|
||||
$this->__curr_input_file->close();
|
||||
$this->__curr_input_file->delete();
|
||||
$this->__n_attributes = 0;
|
||||
|
|
|
@ -224,7 +224,7 @@ class AppModel extends Model
|
|||
}
|
||||
|
||||
// SQL scripts for updates
|
||||
public function updateDatabase($command, $useWorker=true)
|
||||
public function updateDatabase($command, $useWorker=false)
|
||||
{
|
||||
// Exit if updates are locked
|
||||
if ($this->isUpdateLocked()) {
|
||||
|
@ -241,7 +241,7 @@ class AppModel extends Model
|
|||
'job_input' => 'command: ' . $command,
|
||||
'status' => 0,
|
||||
'retries' => 0,
|
||||
'org_id' => '',
|
||||
'org_id' => 0,
|
||||
'org' => '',
|
||||
'message' => 'Updating.',
|
||||
);
|
||||
|
|
|
@ -1235,7 +1235,7 @@ class Server extends AppModel
|
|||
'errorMessage' => '',
|
||||
'test' => 'testForRPZBehaviour',
|
||||
'type' => 'numeric',
|
||||
'options' => array(0 => 'DROP', 1 => 'NXDOMAIN', 2 => 'NODATA', 3 => 'walled-garden'),
|
||||
'options' => array(0 => 'DROP', 1 => 'NXDOMAIN', 2 => 'NODATA', 3 => 'walled-garden', 4 => 'PASSTHRU', 5 => 'TCP-only' ),
|
||||
),
|
||||
'RPZ_walled_garden' => array(
|
||||
'level' => 2,
|
||||
|
@ -1247,7 +1247,7 @@ class Server extends AppModel
|
|||
),
|
||||
'RPZ_serial' => array(
|
||||
'level' => 2,
|
||||
'description' => __('The serial in the SOA portion of the zone file. (numeric, best practice is yyyymmddrr where rr is the two digit sub-revision of the file. $date will automatically get converted to the current yyyymmdd, so $date00 is a valid setting).'),
|
||||
'description' => __('The serial in the SOA portion of the zone file. (numeric, best practice is yyyymmddrr where rr is the two digit sub-revision of the file. $date will automatically get converted to the current yyyymmdd, so $date00 is a valid setting). Setting it to $time will give you an unixtime-based serial (good then you need more than 99 revisions per day).'),
|
||||
'value' => '$date00',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForRPZSerial',
|
||||
|
@ -3294,8 +3294,8 @@ class Server extends AppModel
|
|||
if ($numeric !== true) {
|
||||
return $numeric;
|
||||
}
|
||||
if ($value < 0 || $value > 3) {
|
||||
return 'Invalid setting, valid range is 0-3 (0 = DROP, 1 = NXDOMAIN, 2 = NODATA, 3 = walled garden.';
|
||||
if ($value < 0 || $value > 5) {
|
||||
return 'Invalid setting, valid range is 0-5 (0 = DROP, 1 = NXDOMAIN, 2 = NODATA, 3 = walled garden, 4 = PASSTHRU, 5 = TCP-only.';
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
@ -3325,7 +3325,7 @@ class Server extends AppModel
|
|||
if ($this->testForEmpty($value) !== true) {
|
||||
return $this->testForEmpty($value);
|
||||
}
|
||||
if (!preg_match('/^((\$date(\d*)|\d*))$/', $value)) {
|
||||
if (!preg_match('/^((\$date(\d*)|\$time|\d*))$/', $value)) {
|
||||
return 'Invalid format.';
|
||||
}
|
||||
return true;
|
||||
|
|
|
@ -1,58 +1,60 @@
|
|||
<?php
|
||||
$sigDisplay = $object['value'];
|
||||
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
|
||||
if ($object['type'] == 'attachment' && isset($object['image'])) {
|
||||
if (extension_loaded('gd')) {
|
||||
$img = '<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>';
|
||||
$img .= '<img class="screenshot screenshot-collapsed useCursorPointer img-rounded hidden" src="' . $baseurl . '/attributes/viewPicture/' . h($object['id']) . '/1' . '" title="' . h($object['value']) . '" onload="$(this).show(200); $(this).parent().find(\'.fa-spinner\').remove();"/>';
|
||||
echo $img;
|
||||
$sigDisplay = $object['value'];
|
||||
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
|
||||
if ($object['type'] == 'attachment' && isset($object['image'])) {
|
||||
if (extension_loaded('gd')) {
|
||||
$img = '<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>';
|
||||
$img .= '<img class="screenshot screenshot-collapsed useCursorPointer img-rounded hidden" src="' . $baseurl . '/attributes/viewPicture/' . h($object['id']) . '/1' . '" title="' . h($object['value']) . '" onload="$(this).show(200); $(this).parent().find(\'.fa-spinner\').remove();"/>';
|
||||
echo $img;
|
||||
} else {
|
||||
$extension = explode('.', $object['value']);
|
||||
$extension = end($extension);
|
||||
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
|
||||
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
|
||||
}
|
||||
} else {
|
||||
$extension = explode('.', $object['value']);
|
||||
$extension = end($extension);
|
||||
$uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
|
||||
echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
|
||||
$filenameHash = explode('|', h($object['value']));
|
||||
if (strrpos($filenameHash[0], '\\')) {
|
||||
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
echo h($filepath);
|
||||
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filename) . '</a>';
|
||||
} else {
|
||||
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filenameHash[0]) . '</a>';
|
||||
}
|
||||
if (isset($filenameHash[1])) echo '<br />' . $filenameHash[1];
|
||||
}
|
||||
} else if (strpos($object['type'], '|') !== false) {
|
||||
$separator = in_array($object['type'], array('ip-dst|port', 'ip-src|port')) ? ':' : '<br />';
|
||||
$value_pieces = explode('|', $object['value']);
|
||||
foreach ($value_pieces as $k => $v) {
|
||||
$value_pieces[$k] = h($v);
|
||||
}
|
||||
$object['value'] = implode($separator, $value_pieces);
|
||||
echo ($object['value']);
|
||||
} else if ('vulnerability' == $object['type']) {
|
||||
$cveUrl = (is_null(Configure::read('MISP.cveurl'))) ? "http://www.google.com/search?q=" : Configure::read('MISP.cveurl');
|
||||
echo $this->Html->link($sigDisplay, $cveUrl . $sigDisplay, array('target' => '_blank', 'class' => $linkClass));
|
||||
} else if ('link' == $object['type'] && (substr($object['value'], 0, 7) === 'http://' || substr($object['value'], 0, 8) === 'https://')) {
|
||||
echo $this->Html->link($sigDisplay, $sigDisplay, array('class' => $linkClass));
|
||||
} else if ('cortex' == $object['type']) {
|
||||
echo '<div class="cortex-json" data-cortex-json="' . h($object['value']) . '">Cortex object</div>';
|
||||
} else if ('text' == $object['type']) {
|
||||
if (($object['category'] == 'Internal reference' || $object['category'] == 'External analysis') && preg_match('/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/i', $object['value'])) {
|
||||
echo '<a href="' . $baseurl . '/events/view/' . h($object['value']) . '" class="' . $linkClass . '">' . h($object['value']) . '</a>';
|
||||
} else {
|
||||
$sigDisplay = str_replace("\r", '', h($sigDisplay));
|
||||
$sigDisplay = str_replace(" ", ' ', $sigDisplay);
|
||||
echo $sigDisplay;
|
||||
}
|
||||
} else if ('hex' == $object['type']) {
|
||||
$sigDisplay = str_replace("\r", '', $sigDisplay);
|
||||
echo '<span class="hex-value" title="' . __('Hexadecimal representation') . '">' . h($sigDisplay) . '</span> <span role="button" tabindex="0" aria-label="' . __('Switch to binary representation') . '" class="icon-repeat hex-value-convert useCursorPointer" title="' . __('Switch to binary representation') . '"></span>';
|
||||
} else {
|
||||
$filenameHash = explode('|', h($object['value']));
|
||||
if (strrpos($filenameHash[0], '\\')) {
|
||||
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
echo h($filepath);
|
||||
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filename) . '</a>';
|
||||
} else {
|
||||
echo '<a href="' . $baseurl . '/attributes/download/' . h($object['id']) . '" class="' . $linkClass . '">' . h($filenameHash[0]) . '</a>';
|
||||
}
|
||||
if (isset($filenameHash[1])) echo '<br />' . $filenameHash[1];
|
||||
$sigDisplay = str_replace("\r", '', $sigDisplay);
|
||||
echo h($sigDisplay);
|
||||
}
|
||||
} else if (strpos($object['type'], '|') !== false) {
|
||||
$separator = in_array($object['type'], array('ip-dst|port', 'ip-src|port')) ? ':' : '<br />';
|
||||
$value_pieces = explode('|', $object['value']);
|
||||
foreach ($value_pieces as $k => $v) {
|
||||
$value_pieces[$k] = h($v);
|
||||
if (isset($object['validationIssue'])) {
|
||||
echo ' <span class="fa fa-exclamation-triangle" title="' . __('Warning, this doesn\'t seem to be a legitimate ') . strtoupper(h($object['type'])) . __(' value') . '"> </span>';
|
||||
}
|
||||
$object['value'] = implode($separator, $value_pieces);
|
||||
echo ($object['value']);
|
||||
} else if ('vulnerability' == $object['type']) {
|
||||
$cveUrl = (is_null(Configure::read('MISP.cveurl'))) ? "http://www.google.com/search?q=" : Configure::read('MISP.cveurl');
|
||||
echo $this->Html->link($sigDisplay, $cveUrl . $sigDisplay, array('target' => '_blank', 'class' => $linkClass));
|
||||
} else if ('link' == $object['type']) {
|
||||
echo $this->Html->link($sigDisplay, $sigDisplay, array('class' => $linkClass));
|
||||
} else if ('cortex' == $object['type']) {
|
||||
echo '<div class="cortex-json" data-cortex-json="' . h($object['value']) . '">Cortex object</div>';
|
||||
} else if ('text' == $object['type']) {
|
||||
if (($object['category'] == 'Internal reference' || $object['category'] == 'External analysis') && preg_match('/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/i', $object['value'])) {
|
||||
echo '<a href="' . $baseurl . '/events/view/' . h($object['value']) . '" class="' . $linkClass . '">' . h($object['value']) . '</a>';
|
||||
} else {
|
||||
$sigDisplay = str_replace("\r", '', h($sigDisplay));
|
||||
$sigDisplay = str_replace(" ", ' ', $sigDisplay);
|
||||
echo $sigDisplay;
|
||||
}
|
||||
} else if ('hex' == $object['type']) {
|
||||
$sigDisplay = str_replace("\r", '', $sigDisplay);
|
||||
echo '<span class="hex-value" title="' . __('Hexadecimal representation') . '">' . h($sigDisplay) . '</span> <span role="button" tabindex="0" aria-label="' . __('Switch to binary representation') . '" class="icon-repeat hex-value-convert useCursorPointer" title="' . __('Switch to binary representation') . '"></span>';
|
||||
} else {
|
||||
$sigDisplay = str_replace("\r", '', $sigDisplay);
|
||||
echo h($sigDisplay);
|
||||
}
|
||||
if (isset($object['validationIssue'])) echo ' <span class="fa fa-exclamation-triangle" title="' . __('Warning, this doesn\'t seem to be a legitimate ') . strtoupper(h($object['type'])) . __(' value') . '"> </span>';
|
||||
?>
|
||||
|
|
|
@ -36,7 +36,7 @@ App::uses('AppHelper', 'View/Helper');
|
|||
$closing = preg_match('%\[/' . $trigger . '\]%isU', $string, $closing_matches, PREG_OFFSET_CAPTURE);
|
||||
$opening_len = strlen($trigger) + 2;
|
||||
$closing_len = $opening_len + 1;
|
||||
if ((count($opening) !== count($closing))) return false;
|
||||
if ((count($opening_matches) !== count($closing_matches))) return false;
|
||||
$pairs = array();
|
||||
$rearrangedTags = array();
|
||||
foreach ($opening_matches as $opening_tag) {
|
||||
|
@ -68,10 +68,14 @@ App::uses('AppHelper', 'View/Helper');
|
|||
$replacement = '%MALFORMED URL%';
|
||||
} else {
|
||||
if (filter_var(str_replace('$1', $data, $this->__replacement[$trigger]['url']), FILTER_VALIDATE_URL)) {
|
||||
$replacement = $this->Html->link(
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
|
||||
);
|
||||
if (substr($data, 0, 7) === 'http://' || substr($data, 0, 8) === 'https://') {
|
||||
$replacement = $this->Html->link(
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
|
||||
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
|
||||
);
|
||||
} else {
|
||||
$replacement = '%MALFORMED URL%';
|
||||
}
|
||||
} else {
|
||||
$replacement = '%MALFORMED URL%';
|
||||
}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 94466d8196dce3dafd2a41942d02e4c5362dbe51
|
||||
Subproject commit 988586fde0ee119cb0629e5155ceb9437a48f65b
|
|
@ -1 +1 @@
|
|||
Subproject commit 8f951e84502eecdaf404a0fa6a557220f0ecb0ee
|
||||
Subproject commit 53e67b013122d658ff0f07e94ba34db81f69277b
|
|
@ -791,9 +791,9 @@ class StixBuilder(object):
|
|||
if 'user-agent' in attributes_dict:
|
||||
email_header.user_agent = attributes_dict['user-agent'][0]['value']
|
||||
email_header.user_agent.condition = "Equals"
|
||||
if 'email-attachment' in attributes_dict:
|
||||
email.attachments = Attachments()
|
||||
for attachment in attributes_dict['email-attachment']:
|
||||
if 'attachment' in attributes_dict:
|
||||
email_object.attachments = Attachments()
|
||||
for attachment in attributes_dict['attachment']:
|
||||
attachment_file = self.create_file_attachment(attachment['value'], attachment['uuid'])
|
||||
email_object.add_related(attachment_file, "Contains", inline=True)
|
||||
email_object.attachments.append(attachment_file.parent.id_)
|
||||
|
@ -1374,7 +1374,8 @@ class StixBuilder(object):
|
|||
return domain_observable
|
||||
|
||||
def create_file_attachment(self, value, uuid):
|
||||
file_object = File(file_name=value)
|
||||
file_object = File()
|
||||
file_object.file_name = value
|
||||
file_object.file_name.condition = "Equals"
|
||||
file_object.parent.id_ = "{}:FileObject-{}".format(self.namespace_prefix, uuid)
|
||||
return file_object
|
||||
|
|
|
@ -97,7 +97,9 @@ function screenshotPopup(url, title) {
|
|||
if (!url.startsWith('data:image/')) {
|
||||
url = url.slice(0, -1);
|
||||
}
|
||||
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>'
|
||||
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>';
|
||||
url = $('<div>').text(url).html();
|
||||
title = $('<div>').text(title).html();
|
||||
popupHtml += '<img class="screenshot_box-content hidden" src="' + url + '" id="screenshot-image" title="' + title + '" alt="' + title + '" onload="$(this).show(); $(this).parent().find(\'.fa-spinner\').remove();"/>';
|
||||
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
|
||||
if (!url.startsWith('data:image/')) {
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for OpenBSD 6.4-amd64
|
||||
## for OpenBSD 6.5-amd64
|
||||
|
||||
!!! warning
|
||||
This is not fully working yet. Mostly it is a template for our ongoing documentation efforts :spider:
|
||||
LIEF, will probably not be available for a long long time on OpenBSD, until someone is brave enough to make it work.
|
||||
GnuPG also needs some more TLC.
|
||||
LIEF, will probably not be available for a long long time on OpenBSD, until someone is brave enough to make it work.
|
||||
GnuPG also needs some more TLC.
|
||||
|
||||
### 0/ WIP! You are warned, this does not work yet!
|
||||
### 0/ WIP! You are warned, this does only partially work!
|
||||
------------
|
||||
|
||||
!!! notice
|
||||
Current issues: php-redis only available in binary for php-56, workaround: use OpenBSD 6.4.
|
||||
This guide attempts to offer native httpd or apache2/nginx.
|
||||
|
||||
!!! warning
|
||||
|
@ -39,7 +38,9 @@ export AUTOCONF_VERSION=2.69
|
|||
|
||||
#### doas & pkg (as root)
|
||||
```bash
|
||||
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
|
||||
if [[ ! -e /etc/installurl ]]; then
|
||||
echo https://cdn.openbsd.org/pub/OpenBSD/ > /etc/installurl
|
||||
fi
|
||||
echo "permit keepenv setenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } :wheel" > /etc/doas.conf
|
||||
## FIXME: this does NOT set the HOME env correctly, please fix to make pip happier
|
||||
echo "permit nopass setenv { ENV PS1 HOME=/var/www } www" >> /etc/doas.conf
|
||||
|
@ -54,6 +55,18 @@ signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig
|
|||
doas tar -x -z -f /tmp/ports.tar.gz -C /usr
|
||||
```
|
||||
|
||||
##### If you want to use php-gd (resizing of images) you need X (optional)
|
||||
|
||||
```bash
|
||||
cd /tmp
|
||||
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xbase$(uname -r| tr -d \.).tgz,SHA256.sig}
|
||||
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xbase$(uname -r |tr -d \.).tgz
|
||||
doas tar -xzphf /tmp/xbase$(uname -r| tr -d \.).tgz -C /
|
||||
ftp https://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/$(uname -m)/{xshare$(uname -r| tr -d \.).tgz,SHA256.sig}
|
||||
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig xshare$(uname -r |tr -d \.).tgz
|
||||
doas tar -xzphf /tmp/xshare$(uname -r| tr -d \.).tgz -C /
|
||||
```
|
||||
|
||||
#### Update system
|
||||
```bash
|
||||
doas syspatch
|
||||
|
@ -119,10 +132,14 @@ doas /usr/local/sbin/ntpd -p /var/run/ntpd.pid
|
|||
|
||||
#### misp user
|
||||
```bash
|
||||
doas useradd -m -s /usr/local/bin/bash -G wheel,www misp
|
||||
if [[ -z $(id misp 2>/dev/null) ]]; then
|
||||
doas useradd -m -s /usr/local/bin/bash -G wheel,www misp
|
||||
else
|
||||
doas usermod -G www misp
|
||||
fi
|
||||
```
|
||||
|
||||
#### /etc/httpd.conf
|
||||
#### /etc/httpd.conf (native httpd)
|
||||
```bash
|
||||
doas cp /etc/examples/httpd.conf /etc # adjust by hand, or copy/paste the config example below
|
||||
```
|
||||
|
@ -256,33 +273,33 @@ doas pkg_add -v fcgi-cgi fcgi
|
|||
!!! notice
|
||||
php-5.6 is marked as end-of-life starting December 2018, use php 7.0 instead.
|
||||
Option 2.
|
||||
If on OpenBSD 6.3, upgrade to 6.4 to make your life much easier.
|
||||
If on OpenBSD 6.3, upgrade to 6.5 to make your life much easier.
|
||||
|
||||
```
|
||||
doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl72-redis php-gd
|
||||
doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl73-redis php-gd
|
||||
```
|
||||
|
||||
#### /etc/php-7.2.ini
|
||||
#### /etc/php-7.3.ini
|
||||
```
|
||||
## TODO: sed foo as .ini exists
|
||||
allow_url_fopen = On
|
||||
```
|
||||
|
||||
```bash
|
||||
cd /etc/php-7.2
|
||||
doas cp ../php-7.2.sample/* .
|
||||
cd /etc/php-7.3
|
||||
doas cp ../php-7.3.sample/* .
|
||||
```
|
||||
|
||||
#### php symlinks
|
||||
```bash
|
||||
doas ln -s /usr/local/bin/php-7.2 /usr/local/bin/php
|
||||
doas ln -s /usr/local/bin/phpize-7.2 /usr/local/bin/phpize
|
||||
doas ln -s /usr/local/bin/php-config-7.2 /usr/local/bin/php-config
|
||||
doas ln -s /usr/local/bin/php-7.3 /usr/local/bin/php
|
||||
doas ln -s /usr/local/bin/phpize-7.3 /usr/local/bin/phpize
|
||||
doas ln -s /usr/local/bin/php-config-7.3 /usr/local/bin/php-config
|
||||
```
|
||||
|
||||
#### Enable php fpm
|
||||
```bash
|
||||
doas rcctl enable php72_fpm
|
||||
doas rcctl enable php73_fpm
|
||||
```
|
||||
|
||||
#### Configure fpm
|
||||
|
@ -312,7 +329,7 @@ pm.min_spare_servers = 1
|
|||
pm.max_spare_servers = 3
|
||||
chroot = /var/www" | doas tee /etc/php-fpm.d/default.conf
|
||||
|
||||
doas /etc/rc.d/php72_fpm start
|
||||
doas /etc/rc.d/php73_fpm start
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -514,7 +531,7 @@ DirectoryIndex index.php
|
|||
```
|
||||
|
||||
```bash
|
||||
doas ln -sf /var/www/conf/modules.sample/php-7.2.conf /var/www/conf/modules/php.conf
|
||||
doas ln -sf /var/www/conf/modules.sample/php-7.3.conf /var/www/conf/modules/php.conf
|
||||
# Restart apache
|
||||
doas /etc/rc.d/apache2 restart
|
||||
```
|
||||
|
|
|
@ -38,12 +38,15 @@ Make sure you are reading the parsed version of this Document. When in doubt [cl
|
|||
{!generic/globalVariables.md!}
|
||||
|
||||
```bash
|
||||
# CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php72 '
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36 '
|
||||
# <snippet-begin 0_RHEL_PHP_INI.sh>
|
||||
# RHEL/CentOS Specific
|
||||
RUN_PHP='/usr/bin/scl enable rh-php72'
|
||||
RUN_PYTHON='/usr/bin/scl enable rh-python36'
|
||||
SUDO_WWW='sudo -H -u apache'
|
||||
WWW_USER='apache'
|
||||
|
||||
PHP_INI=/etc/opt/rh/rh-php72/php.ini
|
||||
# <snippet-end 0_RHEL_PHP_INI.sh>
|
||||
```
|
||||
|
||||
### 1/ Minimal CentOS install
|
||||
|
@ -76,8 +79,8 @@ sudo yum install epel-release -y
|
|||
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
|
||||
sudo yum install centos-release-scl -y
|
||||
|
||||
# Because vim is just so practical
|
||||
sudo yum install vim -y
|
||||
# Because (neo)vim is just so practical
|
||||
sudo yum install neovim -y
|
||||
|
||||
# Install the dependencies:
|
||||
sudo yum install gcc git zip \
|
||||
|
@ -95,8 +98,7 @@ sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel rh-php72-php-mysql
|
|||
# https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
|
||||
sudo yum install rh-python36 -y
|
||||
|
||||
sudo systemctl enable rh-php72-php-fpm.service
|
||||
sudo systemctl start rh-php72-php-fpm.service
|
||||
sudo systemctl enable --now rh-php72-php-fpm.service
|
||||
```
|
||||
|
||||
!!! notice
|
||||
|
@ -105,13 +107,10 @@ sudo systemctl start rh-php72-php-fpm.service
|
|||
```bash
|
||||
# GPG needs lots of entropy, haveged provides entropy
|
||||
sudo yum install haveged -y
|
||||
sudo systemctl enable haveged.service
|
||||
sudo systemctl start haveged.service
|
||||
|
||||
sudo systemctl enable --now haveged.service
|
||||
|
||||
# Enable and start redis
|
||||
sudo systemctl enable redis.service
|
||||
sudo systemctl start redis.service
|
||||
sudo systemctl enable --now redis.service
|
||||
```
|
||||
|
||||
### 3/ MISP code
|
||||
|
@ -119,7 +118,7 @@ sudo systemctl start redis.service
|
|||
```bash
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown apache:apache $PATH_TO_MISP
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
|
||||
cd /var/www
|
||||
$SUDO_WWW git clone https://github.com/MISP/MISP.git
|
||||
cd $PATH_TO_MISP
|
||||
|
@ -133,6 +132,8 @@ cd $PATH_TO_MISP
|
|||
$SUDO_WWW git submodule update --init --recursive
|
||||
# Make git ignore filesystem permission differences for submodules
|
||||
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
||||
# Make git ignore filesystem permission differences
|
||||
$SUDO_WWW git config core.filemode false
|
||||
|
||||
# Install packaged pears
|
||||
sudo $RUN_PHP "pear channel-update pear.php.net"
|
||||
|
@ -142,14 +143,18 @@ sudo $RUN_PHP "pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/packa
|
|||
# Create a python3 virtualenv
|
||||
$SUDO_WWW $RUN_PYTHON "virtualenv -p python3 $PATH_TO_MISP/venv"
|
||||
sudo mkdir /usr/share/httpd/.cache
|
||||
sudo chown apache:apache /usr/share/httpd/.cache
|
||||
sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.cache
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
sudo yum install python-importlib python-lxml python-dateutil python-six -y
|
||||
##sudo yum install python-importlib python-lxml python-dateutil python-six -y
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
||||
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
||||
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
|
||||
UMASK=$(umask)
|
||||
|
@ -169,8 +174,6 @@ $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis
|
|||
# lief needs manual compilation
|
||||
sudo yum install devtoolset-7 cmake3 -y
|
||||
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
|
||||
|
||||
# TODO: Fix static path with PATH_TO_MISP
|
||||
cd $PATH_TO_MISP/app/files/scripts/lief
|
||||
|
@ -193,9 +196,6 @@ $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/p
|
|||
# install magic, pydeep
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git
|
||||
|
||||
# install mixbox to accommodate the new STIX dependencies:
|
||||
cd $PATH_TO_MISP/app/files/scripts/
|
||||
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install .
|
||||
|
||||
|
@ -225,9 +225,9 @@ sudo systemctl restart rh-php72-php-fpm.service
|
|||
#### CakePHP is now included as a submodule of MISP and has been fetch by a previous step.
|
||||
#### Install CakeResque along with its dependencies if you intend to use the built in background jobs.
|
||||
```bash
|
||||
sudo chown -R apache:apache $PATH_TO_MISP
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
|
||||
sudo mkdir /usr/share/httpd/.composer
|
||||
sudo chown apache:apache /usr/share/httpd/.composer
|
||||
sudo chown ${WWW_USER}:${WWW_USER} /usr/share/httpd/.composer
|
||||
cd $PATH_TO_MISP/app
|
||||
# Update composer.phar (optional)
|
||||
#$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||
|
@ -264,7 +264,7 @@ sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/Cake
|
|||
----------------------
|
||||
```bash
|
||||
# Make sure the permissions are set correctly using the following commands as root:
|
||||
sudo chown -R apache:apache $PATH_TO_MISP
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP
|
||||
sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
|
||||
sudo chmod -R g+r,o= $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
|
@ -273,22 +273,21 @@ sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
|||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
sudo chmod -R g+rw $PATH_TO_MISP/venv
|
||||
sudo chmod -R g+rw $PATH_TO_MISP/.git
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/files
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/files/terms
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/files/scripts/tmp
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chown -R apache:apache $PATH_TO_MISP/app/Config
|
||||
sudo chown -R apache:apache $PATH_TO_MISP/app/tmp
|
||||
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/orgs
|
||||
sudo chown -R apache:apache $PATH_TO_MISP/app/webroot/img/custom
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/terms
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/files/scripts/tmp
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Plugin/CakeResque/tmp
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/tmp
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/orgs
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/img/custom
|
||||
```
|
||||
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
```bash
|
||||
# Enable, start and secure your mysql database server
|
||||
sudo systemctl enable mariadb.service
|
||||
sudo systemctl start mariadb.service
|
||||
sudo systemctl enable --now mariadb.service
|
||||
|
||||
sudo yum install expect -y
|
||||
|
||||
|
@ -425,8 +424,7 @@ sudo setsebool -P httpd_can_network_connect on
|
|||
sudo setsebool -P httpd_can_sendmail on
|
||||
|
||||
# Enable and start the httpd service
|
||||
sudo systemctl enable httpd.service
|
||||
sudo systemctl start httpd.service
|
||||
sudo systemctl enable --now httpd.service
|
||||
|
||||
# Open a hole in the iptables firewall
|
||||
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
|
@ -511,7 +509,7 @@ class DATABASE_CONFIG {
|
|||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# If you want to be able to change configuration parameters from the webinterface:
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/Config/config.php
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/Config/config.php
|
||||
sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
|
@ -532,11 +530,11 @@ EOF
|
|||
|
||||
sudo gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
||||
sudo rm -f /tmp/gen-key-script
|
||||
sudo chown -R apache:apache $PATH_TO_MISP/.gnupg
|
||||
sudo chown -R ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/.gnupg
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS |sudo tee $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
sudo chown apache:apache $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
sudo chown ${WWW_USER}:${WWW_USER} $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
# Start the workers to enable background jobs
|
||||
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
|
|
|
@ -74,13 +74,11 @@ nav:
|
|||
- xInstall Guides:
|
||||
- 'Warning': 'xINSTALL.md'
|
||||
- 'Centos 6': 'xINSTALL.centos6.md'
|
||||
- 'Centos 7': 'xINSTALL.centos7.md'
|
||||
- 'Debian stable': 'xINSTALL.debian9.md'
|
||||
- 'Debian testing': 'xINSTALL.debian_testing.md'
|
||||
- 'Debian 9 \w postgresql': 'xINSTALL.debian9-postgresql.md'
|
||||
- 'Ubuntu 18.04 \w webmin': 'xINSTALL.ubuntu1804.with.webmin.md'
|
||||
- 'Tsurugi Linux': 'xINSTALL.tsurugi.md'
|
||||
- 'OpenBSD 6.4': 'xINSTALL.OpenBSD.md'
|
||||
- 'OpenBSD 6.5': 'xINSTALL.OpenBSD.md'
|
||||
- 'RHEL8 (Beta)': 'xINSTALL.rhel8.md'
|
||||
- Config Guides:
|
||||
- 'Elastic Search Logging': 'CONFIG.elasticsearch-logging.md'
|
||||
|
|
Loading…
Reference in New Issue