# INSTALLATION INSTRUCTIONS ## for Ubuntu 18.04.5-server {% include_relative generic/manual-install-notes.md %} Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804). ### 0/ MISP Ubuntu 18.04-server install - status ------------------------- !!! notice Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210401 (works with **Ubuntu 19.04/20.04/21.04** too) !!! notice If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804). {% include_relative generic/core.md %} ### 1/ Minimal Ubuntu install ------------------------- #### Install a minimal Ubuntu 18.04-server system with the software: - OpenSSH server - This guide assumes a user name of 'misp' with sudo working but can be overwritten by setting the environment variable: *${MISP_USER}* #### Make sure your system is up2date ```bash # aptUpgrade () { debug "Upgrading system" checkAptLock # If we run in non-interactive mode, make sure we do not stop all of a sudden if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then export DEBIAN_FRONTEND=noninteractive export DEBIAN_PRIORITY=critical sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade sudo -E apt-get -qy autoclean else sudo apt-get upgrade -qy fi } # ``` {% include_relative generic/sudo_etckeeper.md %} {% include_relative generic/ethX.md %} #### install postfix, there will be some questions. ```bash # sudo apt-get install postfix dialog -qy # ``` !!! notice Postfix Configuration: Satellite system
change the relay server later with: ```bash sudo postconf -e 'relayhost = example.com' sudo postfix reload ``` {% include_relative generic/globalVariables.md %} ### 2/ Install LAMP & dependencies ------------------------------ Once the system is installed you can perform the following steps. ```bash # installCoreDeps () { debug "Installing core dependencies" # Install the dependencies: (some might already be installed) sudo apt-get install curl gcc git gpg-agent make python3 openssl redis-server sudo vim zip unzip virtualenv libfuzzy-dev sqlite3 moreutils -qy # Install MariaDB (a MySQL fork/alternative) sudo apt-get install mariadb-client mariadb-server -qy # Install Apache2 sudo apt-get install apache2 apache2-doc apache2-utils -qy # install Mitre's STIX and its dependencies by running the following commands: sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy } # # upgradeToPHP74 () { sudo apt install software-properties-common -qy sudo add-apt-repository ppa:ondrej/php -y sudo apt update sudo apt dist-upgrade -y } # # # Install Php 7.4 dependencies installDepsPhp74 () { debug "Installing PHP 7.4 dependencies" PHP_ETC_BASE=/etc/php/7.4 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock sudo apt install -qy \ libapache2-mod-php7.4 \ php7.4 php7.4-cli \ php7.4-dev \ php7.4-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline php7.4-mbstring php7.4-zip php7.4-curl \ php7.4-redis php7.4-gnupg \ php7.4-intl php7.4-bcmath \ php7.4-gd for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI } # ``` ### 3/ MISP code ------------ ```bash # installCore () { debug "Installing ${LBLUE}MISP${NC} core" # Download MISP using git in the /var/www/ directory. if [[ ! -d ${PATH_TO_MISP} ]]; then sudo mkdir ${PATH_TO_MISP} sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done # Make git ignore filesystem permission differences for submodules ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule foreach --recursive git config core.filemode false # Make git ignore filesystem permission differences ${SUDO_WWW} git -C ${PATH_TO_MISP} config core.filemode false # Create a python3 virtualenv ${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv # make pip happy sudo mkdir /var/www/.cache/ sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache # install python-stix dependencies ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ordered-set python-dateutil six weakrefmethod debug "Install misp-stix" ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/app/files/scripts/misp-stix debug "Install PyMISP" ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/PyMISP # FIXME: Remove libfaup etc once the egg has the library baked-in sudo apt-get install cmake libcaca-dev liblua5.3-dev -y cd /tmp false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/faup.git faup; done false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/gtcaca.git gtcaca; done sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca cd gtcaca ${SUDO_CMD} mkdir -p build cd build ${SUDO_CMD} cmake .. && ${SUDO_CMD} make sudo make install cd ../../faup ${SUDO_CMD} mkdir -p build cd build ${SUDO_CMD} cmake .. && ${SUDO_CMD} make sudo make install sudo ldconfig # install pydeep false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done # install lief ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief # install zmq needed by mispzmq ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis # install python-magic ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic # install plyara ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara else debug "Trying to git pull existing install" ${SUDO_WWW} git pull -C ${PATH_TO_MISP} false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U setuptools pip lief zmq redis python-magic plyara ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/PyMISP false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U git+https://github.com/kbandla/pydeep.git; done fi } # ``` ### 4/ CakePHP ----------- ```bash # installCake () { debug "Installing CakePHP" # Make composer cache happy # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install --no-dev" # Enable CakeResque with php-redis sudo phpenmod redis sudo phpenmod gnupg # To use the scheduler worker for scheduled tasks, do the following: ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php # If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers # The default Redis port can be updated in Plugin/CakeResque/Config/config.php } # ``` ### 5/ Set the permissions ---------------------- ```bash # # Main function to fix permissions to something sane permissions () { debug "Setting permissions" sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} sudo chmod -R 750 ${PATH_TO_MISP} sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp sudo chmod -R g+ws ${PATH_TO_MISP}/app/files sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp } # ``` ### 6/ Create a database and user ----------------------------- #### Set-up DB, User and import empty MISP DB ```bash # prepareDB () { if sudo test ! -e "/var/lib/mysql/mysql/"; then #Make sure initial tables are created in MySQL debug "Install mysql tables" sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql sudo service mysql start fi if sudo test ! -e "/var/lib/mysql/misp/"; then debug "Start mysql" sudo service mysql start debug "Setting up database" # Kill the anonymous users sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'localhost'" # Because our hostname varies we'll use some Bash magic here. sudo mysql -h $DBHOST -e "DROP USER IF EXISTS ''@'$(hostname)'" # Kill off the demo database sudo mysql -h $DBHOST -e "DROP DATABASE IF EXISTS test" # No root remote logins sudo mysql -h $DBHOST -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" # Make sure that NOBODY can access the server without a password sudo mysqladmin -h $DBHOST -u "${DBUSER_ADMIN}" password "${DBPASSWORD_ADMIN}" # Make our changes take effect sudo mysql -h $DBHOST -e "FLUSH PRIVILEGES" sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE DATABASE ${DBNAME};" sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';" sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT USAGE ON *.* to '${DBUSER_MISP}'@'localhost';" sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';" sudo mysql -h $DBHOST -u "${DBUSER_ADMIN}" -p"${DBPASSWORD_ADMIN}" -e "FLUSH PRIVILEGES;" # Import the empty MISP database from MYSQL.sql ${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -h $DBHOST -u "${DBUSER_MISP}" -p"${DBPASSWORD_MISP}" ${DBNAME} fi } # ``` ### 7/ Apache configuration ----------------------- Now configure your Apache webserver with the DocumentRoot ${PATH_TO_MISP}/app/webroot/ #### Apache version 2.4 config: !!! notice Be aware that the configuration files for apache 2.4 and up have changed. The configuration file has to have the .conf extension in the sites-available directory For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html ```bash # apacheConfig () { debug "Generating Apache config, if this hangs, make sure you have enough entropy (install: haveged or wait)" sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf if [[ ! -z ${MISP_BASEURL} ]] && [[ "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "http" || "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "https" ]]; then echo "Potentially replacing misp.local with $MISP_BASEURL in misp-ssl.conf" fi # If a valid SSL certificate is not already created for the server, # create a self-signed certificate: sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt # Enable modules, settings, and default of SSL in Apache sudo a2dismod status sudo a2enmod ssl sudo a2enmod rewrite sudo a2enmod headers sudo a2dissite 000-default sudo a2ensite default-ssl # Apply all changes sudo systemctl restart apache2 # activate new vhost sudo a2dissite default-ssl sudo a2ensite misp-ssl # Restart apache sudo systemctl restart apache2 } # ``` !!! notice Please find a sample conf file for an SSL enabled conf file in-line below (alternatively use one of the samples provided in /var/www/MISP/INSTALL).
Also remember to verify the SSLCertificateChainFile property in your config file.
This is usually commented out for the self-generated certificate in the sample configurations, such as the one pasted below.
Otherwise, copy the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to /etc/ssl/private/. (Modify path and config to fit your environment) ``` ============================================= Begin sample working SSL config for MISP :80> ServerName Redirect permanent / https:// LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off :443> ServerAdmin admin@ ServerName DocumentRoot /var/www/MISP/app/webroot Options -Indexes AllowOverride all Order allow,deny allow from all SSLEngine On SSLCertificateFile /etc/ssl/private/misp.local.crt SSLCertificateKeyFile /etc/ssl/private/misp.local.key # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off ============================================= End sample working SSL config for MISP ``` ### 8/ Log rotation --------------- ```bash # logRotation () { # MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs # To rotate these logs install the supplied logrotate script: sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp sudo chmod 0640 /etc/logrotate.d/misp } # ``` ### 9/ MISP configuration --------------------- ```bash # configMISP () { debug "Generating ${LBLUE}MISP${NC} config files" # There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php echo " 'Database/Mysql', //'datasource' => 'Database/Postgres', 'persistent' => false, 'host' => '$DBHOST', 'login' => '$DBUSER_MISP', 'port' => 3306, // MySQL & MariaDB //'port' => 5432, // PostgreSQL 'password' => '$DBPASSWORD_MISP', 'database' => '$DBNAME', 'prefix' => '', 'encoding' => 'utf8', ); }" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php # Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php # The salt key must be a string at least 32 bytes long. # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) # and make sure the file permissions are still OK sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config sudo chmod -R 750 ${PATH_TO_MISP}/app/Config } # ``` {% include_relative generic/gnupg.md %} !!! notice If entropy is not high enough, you can install havegd and then start the service ```bash sudo apt install haveged -qy sudo service haveged start ``` ```bash # backgroundWorkers () { debug "Setting up background workers" # To make the background workers start on boot sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh if [ ! -e /etc/rc.local ] then echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local echo 'exit 0' | sudo tee -a /etc/rc.local sudo chmod u+x /etc/rc.local fi echo "[Unit] Description=MISP background workers After=network.target [Service] Type=forking User=${WWW_USER} Group=${WWW_USER} ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh Restart=always RestartSec=10 [Install] WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-workers.service sudo systemctl daemon-reload sudo systemctl enable --now misp-workers # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local } # ``` ```bash echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" echo "User (misp) DB Password: $DBPASSWORD_MISP" ``` {% include_relative generic/MISP_CAKE_init.md %} {% include_relative generic/misp-modules-debian.md %} {% include_relative generic/misp-modules-cake.md %} {% include_relative generic/INSTALL.done.md %} {% include_relative generic/recommended.actions.md %} ### Optional features ----------------- #### MISP has a new pub/sub feature, using ZeroMQ. To enable it, simply run the following command ```bash ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyzmq ``` #### MISP has a feature for publishing events to Kafka. To enable it, simply run the following commands ```bash # installKafka () { sudo apt-get install librdkafka-dev php-dev -y sudo pecl channel-update pecl.php.net sudo pecl install rdkafka echo "extension=rdkafka.so" | sudo tee ${PHP_ETC_BASE}/mods-available/rdkafka.ini sudo phpenmod rdkafka sudo service apache2 restart } # ``` {% include_relative generic/misp-dashboard-debian.md %} {% include_relative generic/misp-dashboard-cake.md %} {% include_relative generic/viper-debian.md %} {% include_relative generic/ssdeep-debian.md %} {% include_relative generic/mail_to_misp-debian.md %} {% include_relative generic/hardening.md %} # INSTALL.sh !!! notice The following section is an administrative section that is used by the "[INSTALL.sh](https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh)" script. Please ignore. {% include_relative generic/supportFunctions.md %}