MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Create INSTALL.debian.txt 

I know there is already an ubuntu document, but still I found value to have it being mentioned that debian is supported as well

(There are also some minor changes to the ubuntu docu, would adjust the ubuntu doc as well)
pull/903/head
Alexander J 2016-02-02 14:51:11 +01:00
parent 23b091755d
commit f00da2be3d
1 changed files with 228 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
INSTALL/INSTALL.debian.txt Normal file
View File

@ -0,0 +1,228 @@
INSTALLATION INSTRUCTIONS
------------------------- for debian-server
1/ Minimal debian install
-------------------------
Install a minimal debian-server system with the software:
- OpenSSH server
- LAMP server (don't forget php5-mysql)
- Mail server
You will get some questions, you will probably want to set:
sudo apt-get install postfix
- Postfix Configuration: Satellite system
Make sure your system is up2date:
apt-get update
apt-get upgrade
2/ Dependencies *
----------------
Once the system is installed you can perform the following steps as root:
# Because vim is just so practical
apt-get install vim
# Install the dependencies:
apt-get install gcc zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev php5-dev libapache2-mod-php5 php5-mysql curl
pear install Crypt_GPG # we need version >1.3.0
#if you are using a proxy do:
pear config-set http_proxy http://username:password@yourproxy:80
3/ MISP code
------------
# Download MISP using git in the /var/www/ directory.
cd /var/www/
git clone https://github.com/MISP/MISP.git
# if you are behind a proxy:
git config --global http.proxy http://username:password@yourproxy:80
# Make git ignore filesystem permission differences
cd /var/www/MISP
git config core.filemode false
# install Mitre's STIX and its dependencies by running the following commands:
apt-get install python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev
cd /var/www/MISP/app/files/scripts
git clone https://github.com/CybOXProject/python-cybox.git
git clone https://github.com/STIXProject/python-stix.git
cd /var/www/MISP/app/files/scripts/python-cybox
git checkout v2.1.0.12
# before the next step make sure your http_proxy and https_proxy settings are set
python setup.py install
cd /var/www/MISP/app/files/scripts/python-stix
git checkout v1.1.1.4
python setup.py install
4/ CakePHP
-----------
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it:
cd /var/www/MISP
git submodule init
git submodule update
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd /var/www/MISP/app
curl -s https://getcomposer.org/installer | php
php composer.phar require kamisama/cake-resque:4.1.2
php composer.phar config vendor-dir Vendor
php composer.phar install
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis
pecl install redis
apt-get install php5-redis
# Note that the php5-redis package in Debian oldstable (wheezy) only exists in the backports repository: http://backports.debian.org/Instructions/
# After installing it, enable it in your php.ini file
vim /etc/php5/apache2/php.ini
# add the following line:
extension=redis.so
# To use the scheduler worker for scheduled tasks, do the following:
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
5/ Set the permissions
----------------------
# Check if the permissions are set correctly using the following commands as root:
chown -R www-data:www-data /var/www/MISP
chmod -R 750 /var/www/MISP
chmod -R g+ws /var/www/MISP/app/tmp
chmod -R g+ws /var/www/MISP/app/files
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
6/ Create a database and user
-----------------------------
# Enter the mysql shell
mysql -u root -p
mysql> create database misp;
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
mysql> grant all privileges on misp.* to misp@localhost ;
mysql> exit
cd /var/www/MISP
# Import the empty MySQL database from MYSQL.sql
mysql -u misp -p misp < INSTALL/MYSQL.sql
#enter the password you set previously
7/ Apache configuration
-----------------------
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
# A sample vhost can be found in /var/www/MISP/INSTALL/apache.misp.ubuntu
cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
a2dissite 000-default
# 000-default can be called default based on distribution, in which case run a2dissite default
a2ensite misp
# Enable modules
a2enmod rewrite
# Restart apache
service apache2 reload
# We seriously recommend using only SSL !
# Check out the /var/www/MISP/INSTALL/apache.misp.ssl file for an example
8/ MISP configuration
---------------------
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
cd /var/www/MISP/app/Config
cp -a bootstrap.default.php bootstrap.php
cp -a database.default.php database.php
cp -a core.default.php core.php
cp -a config.default.php config.php
# Configure the fields in the newly created files:
# database.php : login, port, password, database
# bootstrap.php: uncomment the last 3 lines to enable the background workers (see below)
# CakePlugin::loadAll(array('CakeResque' => array('bootstrap' => true)));
# To enable the background workers, if you have installed the package required for it in 4/, uncomment the following lines:
# in core.php (if you have just recently updated MISP, just add this line at the end of the file):
# require_once dirname(__DIR__) . '/Vendor/autoload.php';
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The salt key must be an at least 32 byte long string.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Change base url in config.php
'baseurl' => 'https://yourhostname.net',
# and make sure the file permissions are still OK
chown -R www-data:www-data /var/www/MISP/app/Config
chmod -R 750 /var/www/MISP/app/Config
# Generate a GPG encryption key.
mkdir /var/www/MISP/.gnupg
chown www-data:www-data /var/www/MISP/.gnupg
chmod 700 /var/www/MISP/.gnupg
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
# The email address should match the one set in the config.php configuration file
# Make sure that you use the same settings in the MISP Server Settings tool (Described on line 184)
# And export the public key to the webroot
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
# To make the background workers start on boot
chmod +x /var/www/MISP/app/Console/worker/start.sh
sudo vim /etc/rc.local
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
su www-data -c 'bash /var/www/MISP/app/Console/worker/start.sh'
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!
# start the workers by navigating to the workers tab and clicking restart all workers
#Don't forget to change the email, password and authentication key after installation.
# Once done, have a look at the diagnostics
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
# you can do this by running the following commands:
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
# If anything goes wrong, make sure that you check MISP's logs for errors:
# /var/www/MISP/app/tmp/logs/error.log
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
Recommended actions
-------------------
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
- You should really harden your OS
- You should really harden the configuration of Apache
- You should really harden the configuration of MySQL
- Keep your software up2date (MISP, CakePHP and everything else)
- Log and audit
Optional features
-------------------
# MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command
pip install pyzmq