mirror of https://github.com/MISP/MISP
Create INSTALL.debian.txt
I know there is already an ubuntu document, but still I found value to have it being mentioned that debian is supported as well (There are also some minor changes to the ubuntu docu, would adjust the ubuntu doc as well)pull/903/head
parent
23b091755d
commit
f00da2be3d
|
@ -0,0 +1,228 @@
|
|||
INSTALLATION INSTRUCTIONS
|
||||
------------------------- for debian-server
|
||||
|
||||
1/ Minimal debian install
|
||||
-------------------------
|
||||
|
||||
Install a minimal debian-server system with the software:
|
||||
|
||||
- OpenSSH server
|
||||
- LAMP server (don't forget php5-mysql)
|
||||
- Mail server
|
||||
|
||||
You will get some questions, you will probably want to set:
|
||||
sudo apt-get install postfix
|
||||
- Postfix Configuration: Satellite system
|
||||
|
||||
Make sure your system is up2date:
|
||||
apt-get update
|
||||
apt-get upgrade
|
||||
|
||||
|
||||
2/ Dependencies *
|
||||
----------------
|
||||
Once the system is installed you can perform the following steps as root:
|
||||
|
||||
# Because vim is just so practical
|
||||
apt-get install vim
|
||||
|
||||
# Install the dependencies:
|
||||
apt-get install gcc zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev php5-dev libapache2-mod-php5 php5-mysql curl
|
||||
pear install Crypt_GPG # we need version >1.3.0
|
||||
#if you are using a proxy do:
|
||||
pear config-set http_proxy http://username:password@yourproxy:80
|
||||
|
||||
|
||||
3/ MISP code
|
||||
------------
|
||||
# Download MISP using git in the /var/www/ directory.
|
||||
cd /var/www/
|
||||
git clone https://github.com/MISP/MISP.git
|
||||
|
||||
# if you are behind a proxy:
|
||||
git config --global http.proxy http://username:password@yourproxy:80
|
||||
|
||||
# Make git ignore filesystem permission differences
|
||||
cd /var/www/MISP
|
||||
git config core.filemode false
|
||||
|
||||
# install Mitre's STIX and its dependencies by running the following commands:
|
||||
apt-get install python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev
|
||||
cd /var/www/MISP/app/files/scripts
|
||||
git clone https://github.com/CybOXProject/python-cybox.git
|
||||
git clone https://github.com/STIXProject/python-stix.git
|
||||
cd /var/www/MISP/app/files/scripts/python-cybox
|
||||
git checkout v2.1.0.12
|
||||
# before the next step make sure your http_proxy and https_proxy settings are set
|
||||
python setup.py install
|
||||
cd /var/www/MISP/app/files/scripts/python-stix
|
||||
git checkout v1.1.1.4
|
||||
python setup.py install
|
||||
|
||||
4/ CakePHP
|
||||
-----------
|
||||
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
|
||||
cd /var/www/MISP
|
||||
git submodule init
|
||||
git submodule update
|
||||
|
||||
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
||||
cd /var/www/MISP/app
|
||||
curl -s https://getcomposer.org/installer | php
|
||||
php composer.phar require kamisama/cake-resque:4.1.2
|
||||
php composer.phar config vendor-dir Vendor
|
||||
php composer.phar install
|
||||
|
||||
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis
|
||||
pecl install redis
|
||||
apt-get install php5-redis
|
||||
# Note that the php5-redis package in Debian oldstable (wheezy) only exists in the backports repository: http://backports.debian.org/Instructions/
|
||||
# After installing it, enable it in your php.ini file
|
||||
vim /etc/php5/apache2/php.ini
|
||||
# add the following line:
|
||||
extension=redis.so
|
||||
|
||||
# To use the scheduler worker for scheduled tasks, do the following:
|
||||
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
5/ Set the permissions
|
||||
----------------------
|
||||
|
||||
# Check if the permissions are set correctly using the following commands as root:
|
||||
chown -R www-data:www-data /var/www/MISP
|
||||
chmod -R 750 /var/www/MISP
|
||||
chmod -R g+ws /var/www/MISP/app/tmp
|
||||
chmod -R g+ws /var/www/MISP/app/files
|
||||
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
||||
|
||||
6/ Create a database and user
|
||||
-----------------------------
|
||||
# Enter the mysql shell
|
||||
mysql -u root -p
|
||||
|
||||
mysql> create database misp;
|
||||
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
||||
mysql> grant all privileges on misp.* to misp@localhost ;
|
||||
mysql> exit
|
||||
|
||||
cd /var/www/MISP
|
||||
|
||||
# Import the empty MySQL database from MYSQL.sql
|
||||
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
||||
#enter the password you set previously
|
||||
|
||||
|
||||
7/ Apache configuration
|
||||
-----------------------
|
||||
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
||||
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.ubuntu
|
||||
|
||||
cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf
|
||||
|
||||
# Be aware that the configuration files for apache 2.4 and up have changed.
|
||||
# The configuration file has to have the .conf extension in the sites-available directory
|
||||
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
||||
|
||||
a2dissite 000-default
|
||||
# 000-default can be called default based on distribution, in which case run a2dissite default
|
||||
a2ensite misp
|
||||
|
||||
# Enable modules
|
||||
a2enmod rewrite
|
||||
|
||||
# Restart apache
|
||||
service apache2 reload
|
||||
|
||||
# We seriously recommend using only SSL !
|
||||
# Check out the /var/www/MISP/INSTALL/apache.misp.ssl file for an example
|
||||
|
||||
|
||||
8/ MISP configuration
|
||||
---------------------
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
cd /var/www/MISP/app/Config
|
||||
cp -a bootstrap.default.php bootstrap.php
|
||||
cp -a database.default.php database.php
|
||||
cp -a core.default.php core.php
|
||||
cp -a config.default.php config.php
|
||||
|
||||
# Configure the fields in the newly created files:
|
||||
# database.php : login, port, password, database
|
||||
# bootstrap.php: uncomment the last 3 lines to enable the background workers (see below)
|
||||
# CakePlugin::loadAll(array('CakeResque' => array('bootstrap' => true)));
|
||||
|
||||
# To enable the background workers, if you have installed the package required for it in 4/, uncomment the following lines:
|
||||
# in core.php (if you have just recently updated MISP, just add this line at the end of the file):
|
||||
# require_once dirname(__DIR__) . '/Vendor/autoload.php';
|
||||
|
||||
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
||||
# The salt key must be an at least 32 byte long string.
|
||||
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
||||
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
||||
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
||||
|
||||
# Change base url in config.php
|
||||
'baseurl' => 'https://yourhostname.net',
|
||||
|
||||
# and make sure the file permissions are still OK
|
||||
chown -R www-data:www-data /var/www/MISP/app/Config
|
||||
chmod -R 750 /var/www/MISP/app/Config
|
||||
|
||||
# Generate a GPG encryption key.
|
||||
mkdir /var/www/MISP/.gnupg
|
||||
chown www-data:www-data /var/www/MISP/.gnupg
|
||||
chmod 700 /var/www/MISP/.gnupg
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
||||
|
||||
# The email address should match the one set in the config.php configuration file
|
||||
# Make sure that you use the same settings in the MISP Server Settings tool (Described on line 184)
|
||||
|
||||
# And export the public key to the webroot
|
||||
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
||||
|
||||
# To make the background workers start on boot
|
||||
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
||||
sudo vim /etc/rc.local
|
||||
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
||||
su www-data -c 'bash /var/www/MISP/app/Console/worker/start.sh'
|
||||
|
||||
# Now log in using the webinterface:
|
||||
# The default user/pass = admin@admin.test/admin
|
||||
|
||||
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
||||
# It is especially vital that no critical issues remain!
|
||||
# start the workers by navigating to the workers tab and clicking restart all workers
|
||||
|
||||
#Don't forget to change the email, password and authentication key after installation.
|
||||
|
||||
# Once done, have a look at the diagnostics
|
||||
|
||||
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
||||
# you can do this by running the following commands:
|
||||
|
||||
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
||||
chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
||||
|
||||
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
||||
|
||||
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
||||
# /var/www/MISP/app/tmp/logs/error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
||||
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
||||
|
||||
Recommended actions
|
||||
-------------------
|
||||
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
||||
|
||||
- You should really harden your OS
|
||||
- You should really harden the configuration of Apache
|
||||
- You should really harden the configuration of MySQL
|
||||
- Keep your software up2date (MISP, CakePHP and everything else)
|
||||
- Log and audit
|
||||
|
||||
Optional features
|
||||
-------------------
|
||||
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
|
||||
pip install pyzmq
|
Loading…
Reference in New Issue