MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [docs] Adapted Debian 9/testing install to mkdocs 

new: [docs] Added old version of Debian + postgresql guide, needs updating
pull/3784/head
Steve Clement 2018-10-22 10:11:19 +09:00
parent fc3d89a0c4
commit e941964655
3 changed files with 195 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/INSTALL.debian9.md
View File

@ -611,7 +611,6 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
### Recommended actions
-------------------
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
@ -622,11 +621,10 @@ echo "User (misp) DB Password: $DBPASSWORD_MISP"
- Keep your software up2date (OS, MISP, CakePHP and everything else)
- Log and audit
### Optional features
-------------------
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
```
```bash
# ZeroMQ depends on the Python client for Redis
sudo pip3 install redis
@ -634,8 +632,7 @@ sudo pip3 install redis
sudo pip3 install pyzmq
```
### MISP Dashboard
#### MISP Dashboard
--------------
```bash
cd /var/www
@ -710,9 +707,8 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
```
### Install viper framework
#### Install viper framework
-----------------------
```bash
cd /usr/local/src/
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
@ -730,9 +726,7 @@ sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
```
### Install mail to misp
#### Install mail to misp
--------------------
```bash
cd /usr/local/src/

102
docs/xINSTALL.debian9-postgresql.md Normal file
View File

@ -0,0 +1,102 @@
# INSTALLATION INSTRUCTIONS
## for Debian --->8<--- "jessie" server + PostgreSQL
!!! note
This is the old Deian 8 jessie Guide, needs updating.
!!! warning
PostgreSQL support in MISP is experimental.
We strongly discourage you from use on production systems.
Testing & development: most recent MISP codebase on Debian 8 "jessie" (PHP 5.6 & PostgreSQL 9.4).
There may be serious bugs!
We also don't support updates (e.g. 2.4.49 -> 2.4.50) on PostgreSQL yet, so your installation may break.
!!! notice
If you want to help improving PostgreSQL-support,
Please make sure you have tried the newest commit from GitHub first.
Also, please activate debug mode.
After that, you may open an issue on Github and provide us with as much information on the issue as possible.
please follow Debian 8 install instructions - INSTALL.debian8.txt
-------------------------
# when it comes to installing mariadb in step 2, skip that part, instead:
sudo apt-get install postgresql
# instead of installing the php5-mysql package in step 2, install php5-pgsql
sudo apt-get install php5-pgsql
# activate the module
sudo php5enmod pgsql
# restart apache
sudo service apache2 restart
# in step 6 of the Debian install, you skip creating a mysql user, instead:
# create user
sudo -u postgres createuser misp
# create database
sudo -u postgres createdb -O misp misp
# set password
sudo -u postgres psql -U postgres
postgres=# ALTER USER misp with password 'XXXXXXXXX';
postgres=# \q
# after that, load the basic database structure
psql -U misp -d misp -f /var/www/MISP/INSTALL/POSTGRESQL-structure.sql -h localhost -W
# ATTENTION: skip this step if you want to migrate from MySQL/MariaDB!
# and load initial data
psql -U misp -d misp -f /var/www/MISP/INSTALL/POSTGRESQL-data-initial.sql -h localhost -W
# in step 8 of the Debian install, you configure Postgres instead of MySQL
# the necessary lines are already there, you just have to activate them instead of the MySQL-lines
# file: /var/www/MISP/app/Config/database.php
# necessary changes:
# 'datasource' => 'Database/Postgres',
# 'port' => 5432,
# ATTENTION: skip this step if you want to migrate from MySQL/MariaDB!
# perhaps you accidently installed MySQL/MariaDB, too - but you can clean it up like this
sudo apt-get remove mysql-server mysql-client mariadb-client mariadb-server php5-mysql
### MIGRATION from MySQL/MariaDB
# migration of data is done using latest "pgloader" release (3.2.2 at the time of writing)
# add official postgres repository to apt sources
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
# make sure packages from official postgres repository aren't used by default, only when explicitly specifying it
sudo cat <<EOF > /etc/apt/preferences.d/pgdg.pref
Package: *
Pin: release o=apt.postgresql.org
Pin-Priority: 200
EOF
# install some dependencies
sudo apt-get install wget ca-certificates
# add repository signing key
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
# update cache
sudo apt-get update
# install pgloader
sudo apt-get -t $(lsb_release -cs)-pgdg install pgloader
# migrate data (replace XXX and YYY with the correct passwords)
pgloader --type mysql --with "reset sequences" --with "data only" --set "maintenance_work_mem = '128MB'" --set "work_mem = '12MB'" --cast "type tinyint when (= precision 1) to smallint" mysql://misp:XXX@localhost/misp postgresql://misp:YYY@localhost/misp
# afterwards, you have to change your MISP database configuration (see above)
# maybe you want to remove mysql (see command above) in the end
# if you only want to stop&disable it:
systemctl stop mysql
systemctl disable mysql

140
docs/xINSTALL.debian_testing.md
View File

@ -1,16 +1,17 @@
INSTALLATION INSTRUCTIONS
------------------------- for Debian testing "buster" server
# INSTALLATION INSTRUCTIONS
## for Debian testing "buster" server
0/ MISP testing dev install - Status
### 0/ MISP testing dev install - Status
------------------------------------
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
uses for testing, qc and random development.
Maintained and tested by @SteveClement on 20180705
!!! notice
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
uses for testing, qc and random development.
Maintained and tested by @SteveClement on 20180705
Some configurables used below:
#### MISP configuration variables
```
```bash
# MISP configuration variables
PATH_TO_MISP='/var/www/MISP'
CAKE="$PATH_TO_MISP/app/Console/cake"
@ -55,36 +56,42 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
1/ Minimal Debian install
### 1/ Minimal Debian install
-------------------------
# Install a minimal Debian testing "buster" server system with the software:
#### Install a minimal Debian testing "buster" server system with the software:
- OpenSSH server
- Web server, apache FTW!
- This guide assumes a user name of 'misp'
# Make sure you can sudo
```
#### Make sure you can sudo
```bash
misp@debian:~$ sudo ls
[sudo] password for misp:
misp is not in the sudoers file. This incident will be reported.
```
```bash
su -
adduser misp sudo
```
# install etckeeper (optional)
#### install etckeeper (optional)
```bash
sudo apt install -y etckeeper
```
# Make sure your system is up2date:
#### Make sure your system is up2date:
```bash
sudo apt update
sudo apt -y dist-upgrade
```
# Network Interface Name salvage (optional)
#### Network Interface Name salvage (optional)
This will bring back 'ethX' e.g: eth0
```
```bash
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
DEFAULT_GRUB=/etc/default/grub
for key in GRUB_CMDLINE_LINUX
@ -94,19 +101,24 @@ done
sudo grub-mkconfig -o /boot/grub/grub.cfg
```
# install postfix, there will be some questions.
sudo apt install -y postfix
#### install postfix, there will be some questions. (optional)
```bash
# Postfix Configuration: Satellite system
sudo apt install -y postfix
```
```
# change the relay server later with:
sudo postconf -e 'relayhost = example.com'
sudo postfix reload
```
2/ Install LAMP & dependencies
### 2/ Install LAMP & dependencies
------------------------------
Once the system is installed you can perform the following steps:
# Install all the dependencies: (some might already be installed)
#### Install all the dependencies: (some might already be installed)
```bash
sudo apt install -y \
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
mariadb-client \
@ -141,15 +153,22 @@ echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
```
To flip between the 2 pythons: sudo update-alternatives --config python
To flip between the 2 pythons use update-alternatives
```bash
sudo update-alternatives --config python
```
# Apply all changes
#### Apply all changes
```bash
sudo systemctl restart apache2
```
3/ MISP code
### 3/ MISP code
------------
```
# Download MISP using git in the /var/www/ directory.
sudo mkdir $PATH_TO_MISP
sudo chown www-data:www-data $PATH_TO_MISP
@ -181,11 +200,13 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
# install PyMISP
cd $PATH_TO_MISP/PyMISP
sudo pip3 install .
```
4/ CakePHP
### 4/ CakePHP
-----------
# CakePHP is included as a submodule of MISP.
#### CakePHP is included as a submodule of MISP.
```bash
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd $PATH_TO_MISP/app
# Make composer cache happy
@ -199,23 +220,25 @@ sudo phpenmod redis
# To use the scheduler worker for scheduled tasks, do the following:
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
```
5/ Set the permissions
### 5/ Set the permissions
----------------------
```bash
# Check if the permissions are set correctly using the following commands:
sudo chown -R www-data:www-data $PATH_TO_MISP
sudo chmod -R 750 $PATH_TO_MISP
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
sudo chmod -R g+ws $PATH_TO_MISP/app/files
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
```
6/ Create a database and user
### 6/ Create a database and user
-----------------------------
# Enter the mysql shell
#### Enter the mysql shell
```bash
sudo mysql -u root -p
```
```
MariaDB [(none)]> create database misp;
@ -225,19 +248,22 @@ MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
```
copy/paste:
```
#### copy/paste:
```bash
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
```
# Import the empty MISP database from MYSQL.sql
#### Import the empty MISP database from MYSQL.sql
```bash
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
```
7/ Apache configuration
### 7/ Apache configuration
-----------------------
```bash
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
# If the apache version is 2.4:
@ -253,7 +279,9 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
```
```
============================================= Begin sample working SSL config for MISP
<VirtualHost _default_:80>
ServerAdmin admin@<your.FQDN.here>
@ -290,7 +318,9 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
ServerSignature Off
</VirtualHost>
============================================= End sample working SSL config for MISP
```
```bash
# activate new vhost
sudo a2dissite default-ssl
sudo a2ensite misp-ssl
@ -307,17 +337,21 @@ done
# Restart apache
sudo systemctl restart apache2
```
8/ Log rotation
### 8/ Log rotation
---------------
```bash
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
# To rotate these logs install the supplied logrotate script:
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
chmod 0640 /etc/logrotate.d/misp
```
9/ MISP configuration
### 9/ MISP configuration
---------------------
```bash
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
@ -584,9 +618,10 @@ sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
echo "User (misp) DB Password: $DBPASSWORD_MISP"
```
Recommended actions
### Recommended actions
-------------------
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
@ -597,8 +632,9 @@ Recommended actions
- Log and audit
Optional features
### Optional features
-------------------
```bash
# set PATH so it includes viper if it exists
if [ -d "/usr/local/src/viper" ] ; then
PATH="$PATH:/usr/local/src/viper"
@ -608,19 +644,20 @@ fi
if [ -d "/var/www/MISP/app/Console" ] ; then
PATH="$PATH:/var/www/MISP/app/Console"
fi
```
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
```bash
# ZeroMQ depends on the Python client for Redis
sudo apt install python3-redis -y
## install pyzmq
sudo apt install python3-zmq -y
```
MISP Dashboard
#### MISP Dashboard
--------------
```bash
cd /var/www
sudo mkdir misp-dashboard
sudo chown www-data:www-data misp-dashboard
@ -690,11 +727,13 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
```
Install viper framework
-----------------------
```
cd /usr/local/src/
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
sudo pip3 install SQLAlchemy PrettyTable python-magic
@ -709,12 +748,11 @@ echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/ga
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
```
Install mail to misp
#### Install mail to misp
--------------------
```bash
cd /usr/local/src/
sudo apt-get install -y cmake
sudo git clone https://github.com/MISP/mail_to_misp.git
@ -732,4 +770,4 @@ sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
```