mirror of https://github.com/MISP/MISP
chg: [docs] Adapted Debian 9/testing install to mkdocs
new: [docs] Added old version of Debian + postgresql guide, needs updatingpull/3784/head
parent
fc3d89a0c4
commit
e941964655
|
@ -611,7 +611,6 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
@ -622,11 +621,10 @@ echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
|||
- Keep your software up2date (OS, MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
|
||||
### Optional features
|
||||
-------------------
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
```
|
||||
```bash
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo pip3 install redis
|
||||
|
||||
|
@ -634,8 +632,7 @@ sudo pip3 install redis
|
|||
sudo pip3 install pyzmq
|
||||
```
|
||||
|
||||
|
||||
### MISP Dashboard
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
```bash
|
||||
cd /var/www
|
||||
|
@ -710,9 +707,8 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|||
```
|
||||
|
||||
|
||||
### Install viper framework
|
||||
#### Install viper framework
|
||||
-----------------------
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
|
@ -730,9 +726,7 @@ sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
|||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
```
|
||||
|
||||
|
||||
|
||||
### Install mail to misp
|
||||
#### Install mail to misp
|
||||
--------------------
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
# INSTALLATION INSTRUCTIONS
|
||||
## for Debian --->8<--- "jessie" server + PostgreSQL
|
||||
|
||||
!!! note
|
||||
This is the old Deian 8 jessie Guide, needs updating.
|
||||
|
||||
!!! warning
|
||||
PostgreSQL support in MISP is experimental.
|
||||
We strongly discourage you from use on production systems.
|
||||
Testing & development: most recent MISP codebase on Debian 8 "jessie" (PHP 5.6 & PostgreSQL 9.4).
|
||||
There may be serious bugs!
|
||||
We also don't support updates (e.g. 2.4.49 -> 2.4.50) on PostgreSQL yet, so your installation may break.
|
||||
|
||||
!!! notice
|
||||
If you want to help improving PostgreSQL-support,
|
||||
Please make sure you have tried the newest commit from GitHub first.
|
||||
Also, please activate debug mode.
|
||||
After that, you may open an issue on Github and provide us with as much information on the issue as possible.
|
||||
|
||||
|
||||
|
||||
please follow Debian 8 install instructions - INSTALL.debian8.txt
|
||||
-------------------------
|
||||
|
||||
# when it comes to installing mariadb in step 2, skip that part, instead:
|
||||
sudo apt-get install postgresql
|
||||
|
||||
# instead of installing the php5-mysql package in step 2, install php5-pgsql
|
||||
sudo apt-get install php5-pgsql
|
||||
# activate the module
|
||||
sudo php5enmod pgsql
|
||||
# restart apache
|
||||
sudo service apache2 restart
|
||||
|
||||
|
||||
# in step 6 of the Debian install, you skip creating a mysql user, instead:
|
||||
# create user
|
||||
sudo -u postgres createuser misp
|
||||
# create database
|
||||
sudo -u postgres createdb -O misp misp
|
||||
# set password
|
||||
sudo -u postgres psql -U postgres
|
||||
postgres=# ALTER USER misp with password 'XXXXXXXXX';
|
||||
postgres=# \q
|
||||
|
||||
# after that, load the basic database structure
|
||||
psql -U misp -d misp -f /var/www/MISP/INSTALL/POSTGRESQL-structure.sql -h localhost -W
|
||||
|
||||
# ATTENTION: skip this step if you want to migrate from MySQL/MariaDB!
|
||||
# and load initial data
|
||||
psql -U misp -d misp -f /var/www/MISP/INSTALL/POSTGRESQL-data-initial.sql -h localhost -W
|
||||
|
||||
|
||||
# in step 8 of the Debian install, you configure Postgres instead of MySQL
|
||||
# the necessary lines are already there, you just have to activate them instead of the MySQL-lines
|
||||
# file: /var/www/MISP/app/Config/database.php
|
||||
# necessary changes:
|
||||
# 'datasource' => 'Database/Postgres',
|
||||
# 'port' => 5432,
|
||||
|
||||
|
||||
# ATTENTION: skip this step if you want to migrate from MySQL/MariaDB!
|
||||
# perhaps you accidently installed MySQL/MariaDB, too - but you can clean it up like this
|
||||
sudo apt-get remove mysql-server mysql-client mariadb-client mariadb-server php5-mysql
|
||||
|
||||
|
||||
|
||||
|
||||
### MIGRATION from MySQL/MariaDB
|
||||
# migration of data is done using latest "pgloader" release (3.2.2 at the time of writing)
|
||||
|
||||
# add official postgres repository to apt sources
|
||||
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
||||
|
||||
# make sure packages from official postgres repository aren't used by default, only when explicitly specifying it
|
||||
sudo cat <<EOF > /etc/apt/preferences.d/pgdg.pref
|
||||
Package: *
|
||||
Pin: release o=apt.postgresql.org
|
||||
Pin-Priority: 200
|
||||
EOF
|
||||
|
||||
# install some dependencies
|
||||
sudo apt-get install wget ca-certificates
|
||||
|
||||
# add repository signing key
|
||||
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
|
||||
|
||||
# update cache
|
||||
sudo apt-get update
|
||||
|
||||
# install pgloader
|
||||
sudo apt-get -t $(lsb_release -cs)-pgdg install pgloader
|
||||
|
||||
# migrate data (replace XXX and YYY with the correct passwords)
|
||||
pgloader --type mysql --with "reset sequences" --with "data only" --set "maintenance_work_mem = '128MB'" --set "work_mem = '12MB'" --cast "type tinyint when (= precision 1) to smallint" mysql://misp:XXX@localhost/misp postgresql://misp:YYY@localhost/misp
|
||||
|
||||
# afterwards, you have to change your MISP database configuration (see above)
|
||||
|
||||
# maybe you want to remove mysql (see command above) in the end
|
||||
# if you only want to stop&disable it:
|
||||
systemctl stop mysql
|
||||
systemctl disable mysql
|
|
@ -1,16 +1,17 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for Debian testing "buster" server
|
||||
# INSTALLATION INSTRUCTIONS
|
||||
## for Debian testing "buster" server
|
||||
|
||||
0/ MISP testing dev install - Status
|
||||
### 0/ MISP testing dev install - Status
|
||||
------------------------------------
|
||||
|
||||
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
|
||||
uses for testing, qc and random development.
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
!!! notice
|
||||
This is mostly the install [@SteveClement](https://twitter.com/SteveClement)
|
||||
uses for testing, qc and random development.
|
||||
Maintained and tested by @SteveClement on 20180705
|
||||
|
||||
Some configurables used below:
|
||||
#### MISP configuration variables
|
||||
|
||||
```
|
||||
```bash
|
||||
# MISP configuration variables
|
||||
PATH_TO_MISP='/var/www/MISP'
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
|
@ -55,36 +56,42 @@ echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
|||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
1/ Minimal Debian install
|
||||
### 1/ Minimal Debian install
|
||||
-------------------------
|
||||
|
||||
# Install a minimal Debian testing "buster" server system with the software:
|
||||
#### Install a minimal Debian testing "buster" server system with the software:
|
||||
- OpenSSH server
|
||||
- Web server, apache FTW!
|
||||
- This guide assumes a user name of 'misp'
|
||||
|
||||
# Make sure you can sudo
|
||||
```
|
||||
#### Make sure you can sudo
|
||||
```bash
|
||||
misp@debian:~$ sudo ls
|
||||
[sudo] password for misp:
|
||||
misp is not in the sudoers file. This incident will be reported.
|
||||
```
|
||||
|
||||
```bash
|
||||
su -
|
||||
adduser misp sudo
|
||||
```
|
||||
|
||||
# install etckeeper (optional)
|
||||
#### install etckeeper (optional)
|
||||
```bash
|
||||
sudo apt install -y etckeeper
|
||||
```
|
||||
|
||||
# Make sure your system is up2date:
|
||||
#### Make sure your system is up2date:
|
||||
```bash
|
||||
sudo apt update
|
||||
sudo apt -y dist-upgrade
|
||||
```
|
||||
|
||||
# Network Interface Name salvage (optional)
|
||||
#### Network Interface Name salvage (optional)
|
||||
|
||||
This will bring back 'ethX' e.g: eth0
|
||||
|
||||
```
|
||||
```bash
|
||||
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
|
||||
DEFAULT_GRUB=/etc/default/grub
|
||||
for key in GRUB_CMDLINE_LINUX
|
||||
|
@ -94,19 +101,24 @@ done
|
|||
sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
```
|
||||
|
||||
# install postfix, there will be some questions.
|
||||
sudo apt install -y postfix
|
||||
#### install postfix, there will be some questions. (optional)
|
||||
```bash
|
||||
# Postfix Configuration: Satellite system
|
||||
sudo apt install -y postfix
|
||||
```
|
||||
|
||||
```
|
||||
# change the relay server later with:
|
||||
sudo postconf -e 'relayhost = example.com'
|
||||
sudo postfix reload
|
||||
```
|
||||
|
||||
|
||||
2/ Install LAMP & dependencies
|
||||
### 2/ Install LAMP & dependencies
|
||||
------------------------------
|
||||
Once the system is installed you can perform the following steps:
|
||||
|
||||
# Install all the dependencies: (some might already be installed)
|
||||
#### Install all the dependencies: (some might already be installed)
|
||||
|
||||
```bash
|
||||
sudo apt install -y \
|
||||
curl gcc git gnupg-agent make openssl redis-server neovim zip libyara-dev python3-yara python3-redis python3-zmq \
|
||||
mariadb-client \
|
||||
|
@ -141,15 +153,22 @@ echo "extension=redis.so" | sudo tee /etc/php/7.2/mods-available/redis.ini
|
|||
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
|
||||
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2
|
||||
```
|
||||
|
||||
To flip between the 2 pythons: sudo update-alternatives --config python
|
||||
To flip between the 2 pythons use update-alternatives
|
||||
```bash
|
||||
sudo update-alternatives --config python
|
||||
```
|
||||
|
||||
# Apply all changes
|
||||
#### Apply all changes
|
||||
```bash
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
|
||||
3/ MISP code
|
||||
### 3/ MISP code
|
||||
------------
|
||||
```
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
sudo mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
|
@ -181,11 +200,13 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
|
|||
# install PyMISP
|
||||
cd $PATH_TO_MISP/PyMISP
|
||||
sudo pip3 install .
|
||||
```
|
||||
|
||||
4/ CakePHP
|
||||
### 4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is included as a submodule of MISP.
|
||||
#### CakePHP is included as a submodule of MISP.
|
||||
|
||||
```bash
|
||||
# Install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd $PATH_TO_MISP/app
|
||||
# Make composer cache happy
|
||||
|
@ -199,23 +220,25 @@ sudo phpenmod redis
|
|||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
```
|
||||
|
||||
|
||||
5/ Set the permissions
|
||||
### 5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
```bash
|
||||
# Check if the permissions are set correctly using the following commands:
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
```
|
||||
|
||||
|
||||
6/ Create a database and user
|
||||
### 6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
#### Enter the mysql shell
|
||||
```bash
|
||||
sudo mysql -u root -p
|
||||
```
|
||||
|
||||
```
|
||||
MariaDB [(none)]> create database misp;
|
||||
|
@ -225,19 +248,22 @@ MariaDB [(none)]> flush privileges;
|
|||
MariaDB [(none)]> exit
|
||||
```
|
||||
|
||||
copy/paste:
|
||||
```
|
||||
#### copy/paste:
|
||||
```bash
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
||||
```
|
||||
|
||||
# Import the empty MISP database from MYSQL.sql
|
||||
#### Import the empty MISP database from MYSQL.sql
|
||||
```bash
|
||||
sudo -u www-data cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
||||
```
|
||||
|
||||
7/ Apache configuration
|
||||
### 7/ Apache configuration
|
||||
-----------------------
|
||||
```bash
|
||||
# Now configure your Apache webserver with the DocumentRoot $PATH_TO_MISP/app/webroot/
|
||||
|
||||
# If the apache version is 2.4:
|
||||
|
@ -253,7 +279,9 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
|
||||
# Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment)
|
||||
```
|
||||
|
||||
```
|
||||
============================================= Begin sample working SSL config for MISP
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin admin@<your.FQDN.here>
|
||||
|
@ -290,7 +318,9 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
============================================= End sample working SSL config for MISP
|
||||
```
|
||||
|
||||
```bash
|
||||
# activate new vhost
|
||||
sudo a2dissite default-ssl
|
||||
sudo a2ensite misp-ssl
|
||||
|
@ -307,17 +337,21 @@ done
|
|||
|
||||
# Restart apache
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
8/ Log rotation
|
||||
### 8/ Log rotation
|
||||
---------------
|
||||
```bash
|
||||
# MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs
|
||||
# To rotate these logs install the supplied logrotate script:
|
||||
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
chmod 0640 /etc/logrotate.d/misp
|
||||
```
|
||||
|
||||
9/ MISP configuration
|
||||
### 9/ MISP configuration
|
||||
---------------------
|
||||
```bash
|
||||
# There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
|
||||
|
@ -584,9 +618,10 @@ sudo chown -R www-data:www-data $PATH_TO_MISP/<directory path with an indicated
|
|||
|
||||
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN"
|
||||
echo "User (misp) DB Password: $DBPASSWORD_MISP"
|
||||
```
|
||||
|
||||
|
||||
Recommended actions
|
||||
### Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes its name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
|
@ -597,8 +632,9 @@ Recommended actions
|
|||
- Log and audit
|
||||
|
||||
|
||||
Optional features
|
||||
### Optional features
|
||||
-------------------
|
||||
```bash
|
||||
# set PATH so it includes viper if it exists
|
||||
if [ -d "/usr/local/src/viper" ] ; then
|
||||
PATH="$PATH:/usr/local/src/viper"
|
||||
|
@ -608,19 +644,20 @@ fi
|
|||
if [ -d "/var/www/MISP/app/Console" ] ; then
|
||||
PATH="$PATH:/var/www/MISP/app/Console"
|
||||
fi
|
||||
```
|
||||
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
|
||||
#### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following commands
|
||||
```bash
|
||||
# ZeroMQ depends on the Python client for Redis
|
||||
sudo apt install python3-redis -y
|
||||
|
||||
## install pyzmq
|
||||
sudo apt install python3-zmq -y
|
||||
```
|
||||
|
||||
|
||||
MISP Dashboard
|
||||
#### MISP Dashboard
|
||||
--------------
|
||||
|
||||
```bash
|
||||
cd /var/www
|
||||
sudo mkdir misp-dashboard
|
||||
sudo chown www-data:www-data misp-dashboard
|
||||
|
@ -690,11 +727,13 @@ sudo $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
|||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
||||
sudo $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
||||
```
|
||||
|
||||
|
||||
Install viper framework
|
||||
-----------------------
|
||||
|
||||
```
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2
|
||||
sudo pip3 install SQLAlchemy PrettyTable python-magic
|
||||
|
@ -709,12 +748,11 @@ echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/ga
|
|||
sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ~/.viper/viper.conf
|
||||
sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ~/.viper/viper.conf
|
||||
sqlite3 ~/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'
|
||||
```
|
||||
|
||||
|
||||
|
||||
Install mail to misp
|
||||
#### Install mail to misp
|
||||
--------------------
|
||||
|
||||
```bash
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install -y cmake
|
||||
sudo git clone https://github.com/MISP/mail_to_misp.git
|
||||
|
@ -732,4 +770,4 @@ sudo cp mail_to_misp_config.py-example mail_to_misp_config.py
|
|||
|
||||
sudo sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'http:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
sudo sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '$AUTH_KEY'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
||||
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue