```bash # # Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default DEBUG= case "$-" in *x*) NO_PROGRESS=1; DEBUG=1 ;; *) NO_PROGRESS=0 ;; esac ## Function Section ## ## Usage of this script usage () { if [ "$0" == "bash" ]; then WEB_INSTALL=1 SCRIPT_NAME="Web Installer Command" else SCRIPT_NAME=$0 fi exec &> /dev/tty space echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install." space echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core echo -e " -M | ${LBLUE}MISP${NC} modules" # modules ## FIXME: The current state of misp-dashboard is broken, disabling any use. ##echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard ## FIXME: The current state of Viper is broken, disabling any use. ##echo -e " -V | Viper" # viper echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2 echo -e " -S | Experimental ssdeep correlations" # ssdeep echo -e " -A | Install ${YELLOW}all${NC} of the above" # all space echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre space echo -e " -u | Do an unattended Install, no questions asked" # UNATTENDED echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE echo -e "${HIDDEN} -N | Nuke this MISP Instance${NC}" # NUKE echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE echo -e "Options can be combined: ${SCRIPT_NAME} -c -D # Will install Core+Dashboard" space echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or" echo -e "MISP + modules - ${SCRIPT_NAME} -c -M" echo -e "" echo -e "" echo -e "Interesting environment variables that get considered are:" echo -e "" echo -e "MISP_USER/MISP_PASSWORD # Local username on machine, default: misp/opensslGeneratedPassword" echo -e "" echo -e "PATH_TO_MISP # Where MISP will be installed, default: /var/www/MISP (recommended)" echo -e "" echo -e "DBHOST/DBNAME # database hostname, MISP database name, default: localhost/misp" echo -e "DBUSER_ADMIN/DBPASSWORD_ADMIN # MySQL admin user, default: root/opensslGeneratedPassword" echo -e "DBUSER_MISP/DBPASSWORD_MISP # MISP database user, default: misp/opensslGeneratedPassword" echo -e "" echo -e "You need to export the variable(s) to be taken into account. (or specified in-line when invoking INSTALL.sh)" space } # Check if element is contained in array containsElement () { local e match="$1" shift for e; do [[ "$e" == "$match" ]] && return 0; done return 1 } checkOpt () { # checkOpt feature containsElement $1 "${options[@]}" } setOpt () { options=() for o in $@; do case "$o" in ("-c") echo "core"; CORE=1 ;; ("-V") echo "viper"; VIPER=1 ;; ("-M") echo "modules"; MODULES=1 ;; ("-D") echo "dashboard"; DASHBOARD=1 ;; ("-m") echo "mail2"; MAIL2=1 ;; ("-S") echo "ssdeep"; SSDEEP=1 ;; ("-A") echo "all"; ALL=1 ;; ("-C") echo "pre"; PRE=1 ;; ("-U") echo "upgrade"; UPGRADE=1 ;; ("-N") echo "nuke"; NUKE=1 ;; ("-u") echo "unattended"; UNATTENDED=1 ;; ("-ni") echo "noninteractive"; NONINTERACTIVE=1 ;; ("-f") echo "force"; FORCE=1 ;; (*) echo "$o is not a valid argument"; exit 1 ;; esac done } # check if command_exists command_exists () { command -v "$@" > /dev/null 2>&1 } # TODO: fix os detection mess # Try to detect what we are running on checkCoreOS () { # lsb_release can exist on any platform. RedHat package: redhat-lsb LSB_RELEASE=$(which lsb_release > /dev/null ; echo $?) APT=$(which apt > /dev/null 2>&1; echo -n $?) APT_GET=$(which apt-get > /dev/null 2>&1; echo $?) # debian specific # /etc/debian_version ## os-release #generic # /etc/os-release # Redhat checks if [[ -f "/etc/redhat-release" ]]; then echo "This is some redhat flavour" REDHAT=1 RHfla=$(cat /etc/redhat-release | cut -f 1 -d\ | tr '[:upper:]' '[:lower:]') fi } # Extract debian flavour checkFlavour () { FLAVOUR="" # Every system that we officially support has /etc/os-release if [ -r /etc/os-release ]; then FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')" fi case "${FLAVOUR}" in ubuntu) if command_exists lsb_release; then dist_version="$(lsb_release --codename | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" fi ;; debian|raspbian) dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 10) dist_version="buster" ;; 9) dist_version="stretch" ;; esac ;; centos) if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" dist_version=${dist_version:0:1} fi echo "${FLAVOUR} support is experimental at the moment" ;; rhel|ol|sles|fedora) if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then # FIXME: On fedora the trimming fails dist_version="$(. /etc/os-release && echo "$VERSION_ID")" dist_version=${dist_version:0:1} # Only interested about major version fi # FIXME: Only tested for RHEL 7 so far echo "${FLAVOUR} support is experimental at the moment" ;; *) if command_exists lsb_release; then dist_version="$(lsb_release --release | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" fi ;; esac # FIXME: The below want to be refactored if [ "${FLAVOUR}" == "ubuntu" ]; then RELEASE=$(lsb_release -s -r) debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}" else debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}" fi } # Check if this is a forked Linux distro check_forked () { # Check for lsb_release command existence, it usually exists in forked distros if command_exists lsb_release; then # Check if the `-u` option is supported set +e lsb_release -a -u > /dev/null 2>&1 lsb_release_exit_code=$? set -e # Check if the command has exited successfully, it means we're in a forked distro if [ "$lsb_release_exit_code" = "0" ]; then # Print info about current distro cat <<-EOF You're using '${FLAVOUR}' version '${dist_version}'. EOF # Get the upstream release info FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') # Print info about upstream distro cat <<-EOF Upstream release is '${FLAVOUR}' version '$dist_version'. EOF else if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then # We're Debian and don't even know it! FLAVOUR=debian dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 10) dist_version="buster" ;; 9) dist_version="stretch" ;; 8|'Kali Linux 2') dist_version="jessie" ;; esac fi fi fi } checkInstaller () { # Workaround: shasum is not available on RHEL, only checking sha512 if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512 chsum=$(cat /tmp/INSTALL.sh.sha512) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "SHA512 matches" else echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}" # exit 1 # uncomment when/if PR is merged fi else # TODO: Implement $FLAVOUR checks and install depending on the platform we are on if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then checkAptLock sudo apt install libdigest-sha-perl -qyy fi # SHAsums to be computed, not the -- notatiation is for ease of use with rhash SHA_SUMS="--sha1 --sha256 --sha384 --sha512" for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ ) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "sha${sum} matches" else echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" echo "Delete installer, re-download and please run again." exit 1 fi done fi } # Extract manufacturer checkManufacturer () { if [[ -z $(which dmidecode) ]]; then checkAptLock sudo apt install dmidecode -qy fi MANUFACTURER=$(sudo dmidecode -s system-manufacturer) debug ${MANUFACTURER} } # Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static. space () { if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then echo "--------------------------------------------------------------------------------" return fi # Check terminal width num=`tput cols` for i in `seq 1 $num`; do echo -n "-" done echo "" } # Spinner so the user knows something is happening spin() { if [[ "$NO_PROGRESS" == "1" ]]; then return fi spinner="/|\\-/|\\-" while : do for i in `seq 0 7` do echo -n "${spinner:$i:1}" echo -en "\010" sleep 0.$i done done } # Progress bar progress () { progress=$[$progress+$1] if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then echo "progress=${progress}" > /tmp/INSTALL.stat return fi bar="#" # Prevent progress of overflowing if [[ $progress -ge 100 ]]; then echo -ne "##################################################################################################### (100%)\r" return fi # Display progress for p in $(seq 1 $progress); do bar+="#" echo -ne "$bar ($p%)\r" done echo -ne '\n' echo "progress=${progress}" > /tmp/INSTALL.stat } # Check locale checkLocale () { debug "Checking Locale" # If locale is missing, generate and install a common UTF-8 if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then checkAptLock sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen sudo locale-gen en_US.UTF-8 sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 fi } # Simple function to check command exit code checkFail () { # '-ne' checks for numerical differences, '==' used for strings if [[ $2 -ne 0 ]]; then echo "iAmError: $1" echo "The last command exited with error code: $2" exit $2 fi } ask_o () { ANSWER="" if [ -z "${1}" ]; then echo "This function needs at least 1 parameter." exit 1 fi [ -z "${2}" ] && OPT1="y" || OPT1="${2}" [ -z "${3}" ] && OPT2="n" || OPT2="${3}" while true; do case "${ANSWER}" in "${OPT1}" | "${OPT2}") break ;; esac echo -e -n "${1} (${OPT1}/${OPT2}) " read ANSWER ANSWER=$(echo "${ANSWER}" | tr '[:upper:]' '[:lower:]') done } clean () { rm /tmp/INSTALL.stat rm /tmp/INSTALL.sh.* } # Check if misp user is present and if run as root checkID () { debug "Checking if run as root and $MISP_USER is present" if [[ $EUID -eq 0 ]]; then echo "This script cannot be run as a root" clean > /dev/null 2>&1 exit 1 elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then if [[ "$UNATTENDED" != "1" ]]; then echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' (y) or continue as $USER (n)? (y/n) " read ANSWER ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]') INSTALL_USER=${USER} else ANSWER="y" fi if [[ $ANSWER == "y" ]]; then sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd echo "User $MISP_USER added, password is: $MISP_PASSWORD" elif [[ $ANSWER == "n" ]]; then echo "Using $USER as install user, hope that is what you want." echo -e "${RED}Adding $USER to groups $WWW_USER and staff${NC}" MISP_USER=$USER sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER else echo "yes or no was asked, try again." sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER exit 1 fi else echo "User ${MISP_USER} exists, skipping creation" echo -e "${RED}Adding $MISP_USER to groups $WWW_USER and staff${NC}" sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER fi # FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check # sudo config to run $LUSER commands if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then SUDO_CMD="sudo -H -u ${MISP_USER} -g staff" else SUDO_CMD="sudo -H -u ${MISP_USER}" fi } # pre-install check to make sure what we will be installing on, is ready and not a half installed system preInstall () { # preInstall needs to be able to be called before ANY action. Install/Upgrade/AddTool # Pre install wants to be the place too where the following is checked and set via ENV_VAR: # Check if composer is installed and functioning # Check if misp db is installed (API call would confirm that the DB indeed works) # Check apache config (Maybe try to talk to the server via api, this would confirm quite a lot) # Check if workers are running/installed, maybe kick them if they are not # /var/www/MISP/app/Config/[bootstrap,databases,core,config].php exists # /var/www/MISP perms are correct (for $SUDO_WWW useage) # # Check if $PATH_TO_MISP exists and is writable by $WWW_USER [[ -d "$PATH_TO_MISP" ]] && PATH_TO_MISP_EXISTS=1 && echo "$PATH_TO_MISP exists" # .git exists and git is working for $WWW_USER [[ -d "$PATH_TO_MISP/.git" ]] && PATH_TO_GIT_EXISTS=1 && echo "$PATH_TO_MISP/.git exists" && cd $PATH_TO_MISP && $SUDO_WWW git status # .gnupg exists and working correctly [[ -d "$PATH_TO_MISP/.gnupg" ]] && PATH_TO_GNUPG_EXISTS=1 && echo "$PATH_TO_MISP/.gnupg exists" # Extract username, password and dbname ##cat database.php |grep -v // |grep -e database -e login -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> DBPASSWORD_MISP=$(cat database.php |grep -v // |grep -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) DBUSER_MISP=$(cat database.php |grep -v // |grep -e login |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) DBNAME=$(cat database.php |grep -v // |grep -e database |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) AUTH_KEY=$(mysql -h $DBHOST --disable-column-names -B -u $DBUSER_MISP -p"$DBPASSWORD_MISP" $DBNAME -e 'SELECT authkey FROM users WHERE role_id=1 LIMIT 1') # Check if db exists [[ -d "/var/lib/mysql/$DBNAME" ]] && MISP_DB_DIR_EXISTS=1 && echo "/var/lib/mysql/$DBNAME exists" echo -e "${RED}Place-holder, not implemented yet.${NC}" exit } # Upgrade function upgrade () { headerJSON="application/json" Acc="Accept:" Autho="Authorization:" CT="Content-Type:" MISP_BASEURL="https://127.0.0.1" ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar update ; php composer.phar self-update" for URN in $(echo "galaxies warninglists noticelists objectTemplates taxonomies"); do curl --header "$Autho $AUTH_KEY" --header "$Acc $headerJSON" --header "$CT $headerJSON" -k -X POST $MISP_BASEURL/$URN/update done echo -e "${RED}Place-holder, not implemented yet.${NC}" exit } # check is /usr/local/src is RW by misp user checkUsrLocalSrc () { echo "" if [[ -e /usr/local/src ]]; then WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?) if [[ "$WRITEABLE" == "0" ]]; then echo "Good, /usr/local/src exists and is writeable as $MISP_USER" else # TODO: The below might be shorter, more elegant and more modern #[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it" sudo chmod 2775 /usr/local/src sudo chown root:staff /usr/local/src fi else echo "/usr/local/src does not exist, creating." mkdir -p /usr/local/src sudo chmod 2775 /usr/local/src # TODO: Better handling /usr/local/src permissions if [[ "$(cat /etc/group |grep staff > /dev/null 2>&1)" == "0" ]]; then sudo chown root:staff /usr/local/src fi fi } kaliSpaceSaver () { # Future function in case Kali overlay on LiveCD is full echo "${RED}Not implement${NC}" } # FIXME: Kali now uses kali/kali instead of root/toor # Because Kali is l33t we make sure we DO NOT run as root kaliOnTheR0ckz () { totalRoot=$(df -k | grep /$ |awk '{ print $2 }') totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}') overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present if [[ ${totalRoot} -lt 3059034 ]]; then echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space." echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough." echo "6-8Gb should be fine. (need >3Gb overlayFS)" exit 1 fi if [[ ${EUID} -eq 0 ]]; then echo "This script must NOT be run as root" exit 1 elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER} echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd else # TODO: Make sure we consider this further down the road echo "User ${MISP_USER} exists, skipping creation" fi } setBaseURL () { debug "Setting Base URL" CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP") IFACE=$(echo $CONN |awk {'print $1'}) IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/) [[ -n ${MANUFACTURER} ]] || checkManufacturer if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be." if [[ "${UNATTENDED}" != "1" ]]; then echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards." echo "Do you want to change it now? (y/n) " read ANSWER ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]') if [[ "${ANSWER}" == "y" ]]; then if [[ ! -z ${IP} ]]; then echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI" echo "Thus your Base URL could be: https://${IP}" fi echo "Please enter the Base URL, e.g: 'https://example.org'" echo "" echo -n "Enter Base URL: " read MISP_BASEURL else MISP_BASEURL='""' fi else MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' fi elif [[ "${KALI}" == "1" ]]; then MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then MISP_BASEURL='https://localhost:8443' IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1) sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443 # Webserver configuration FQDN='localhost.localdomain' elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then MISP_BASEURL='""' # Webserver configuration FQDN='misp.local' else MISP_BASEURL='""' # Webserver configuration FQDN='misp.local' fi } # Test and install software RNG installRNG () { sudo modprobe tpm-rng 2> /dev/null if [ "$?" -eq "0" ]; then echo tpm-rng | sudo tee -a /etc/modules fi checkAptLock sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS sudo service rng-tools start if [ "$?" -eq "1" ]; then sudo apt purge -qy rng-tools sudo apt install -qy haveged sudo /etc/init.d/haveged start fi } # Kali upgrade kaliUpgrade () { debug "Running various Kali upgrade tasks" checkAptLock sudo DEBIAN_FRONTEND=noninteractive apt update sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y } # Kali 2022.x has only php81 installDepsKaliPhp74 () { sudo apt -y install lsb-release apt-transport-https ca-certificates sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ bullseye main" | sudo tee /etc/apt/sources.list.d/php.list sudo apt update wget http://ftp.us.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_amd64.deb sudo dpkg -i libffi7_3.3-6_amd64.deb } # Disables sleep disableSleep () { debug "Disabling sleep etc if run from a Laptop as the install might take some timeā€¦" > /dev/tty gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null setterm -blank 0 -powersave off -powerdown 0 xset s 0 0 2> /dev/null xset dpms 0 0 2> /dev/null xset dpms force off xset s off 2> /dev/null service sleepd stop kill $(lsof | grep 'sleepd' | awk '{print $2}') checkAptLock } # Remove alias if present if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi # Simple function to make sure APT is not locked checkAptLock () { SLEEP=3 if [[ -n ${APT_UPDATED} ]]; then sudo apt update && APT_UPDATED=1 fi while [ "$DONE" != "0" ]; do sudo apt-get check 2> /dev/null > /dev/null && DONE=0 echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty sleep $SLEEP SLEEP=$[$SLEEP+3] done unset DONE } # # Install Php 7.0 dependencies installDepsPhp70 () { debug "Installing PHP 7.0 dependencies" PHP_ETC_BASE=/etc/php/7.0 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock sudo apt install -qy \ libapache2-mod-php \ php php-cli \ php-dev \ php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \ php-redis php-gnupg \ php-gd for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI } # # # Install Php 7.3 deps installDepsPhp73 () { debug "Installing PHP 7.3 dependencies" PHP_ETC_BASE=/etc/php/7.3 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock if [[ ! -n ${KALI} ]]; then sudo apt install -qy \ libapache2-mod-php7.3 \ php7.3 php7.3-cli \ php7.3-dev \ php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ php-redis php-gnupg \ php-gd else sudo apt install -qy \ libapache2-mod-php7.3 \ libgpgme-dev \ php7.3 php7.3-cli \ php7.3-dev \ php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ php7.3-gd sudo pecl channel-update pecl.php.net #sudo pear config-set php_ini ${PHP_INI} echo "" |sudo pecl install redis sudo pecl install gnupg echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini fi } # # Installing core dependencies installDeps () { debug "Installing core dependencies" checkAptLock sudo apt install -qy etckeeper # Skip dist-upgrade for now, pulls in 500+ updated packages #sudo apt -y dist-upgrade gitMail=$(git config --global --get user.email ; echo $?) if [ "$?" -eq "1" ]; then git config --global user.email "root@kali.lan" fi gitUser=$(git config --global --get user.name ; echo $?) if [ "$?" -eq "1" ]; then git config --global user.name "Root User" fi [[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix sudo apt install -qy \ curl gcc git gnupg-agent make openssl redis-server neovim unzip zip libyara-dev python3-yara python3-redis python3-zmq sqlite3 \ mariadb-client \ mariadb-server \ apache2 apache2-doc apache2-utils \ python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools installRNG } # On Kali, the redis start-up script is broken. This tries to fix it. fixRedis () { # As of 20190124 redis-server init.d scripts are broken and need to be replaced sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d` echo '#! /bin/sh ### BEGIN INIT INFO # Provides: redis-server # Required-Start: $syslog # Required-Stop: $syslog # Should-Start: $local_fs # Should-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: redis-server - Persistent key-value db # Description: redis-server - Persistent key-value db ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/bin/redis-server DAEMON_ARGS=/etc/redis/redis.conf NAME=redis-server DESC=redis-server PIDFILE=/var/run/redis.pid test -x $DAEMON || exit 0 test -x $DAEMONBOOTSTRAP || exit 0 set -e case "$1" in start) echo -n "Starting $DESC: " touch $PIDFILE chown redis:redis $PIDFILE if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS then echo "$NAME." else echo "failed" fi ;; stop) echo -n "Stopping $DESC: " if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON then echo "$NAME." else echo "failed" fi rm -f $PIDFILE ;; restart|force-reload) ${0} stop ${0} start ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0' | sudo tee /etc/init.d/redis-server sudo chmod 755 /etc/init.d/redis-server sudo /etc/init.d/redis-server start } # generate MISP apache conf genApacheConf () { echo " ServerAdmin admin@localhost.lu ServerName misp.local Redirect permanent / https://misp.local LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off ServerAdmin admin@localhost.lu ServerName misp.local DocumentRoot $PATH_TO_MISP/app/webroot Options -Indexes AllowOverride all Require all granted Order allow,deny allow from all SSLEngine On SSLCertificateFile /etc/ssl/private/misp.local.crt SSLCertificateKeyFile /etc/ssl/private/misp.local.key # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off Header set X-Content-Type-Options nosniff Header set X-Frame-Options DENY " | sudo tee /etc/apache2/sites-available/misp-ssl.conf } # Add git pull update mechanism to rc.local - TODO: Make this better gitPullAllRCLOCAL () { sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local sudo sed -i -e '$i \done\n' /etc/rc.local } # Main composer function composer () { sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install --no-dev" } # TODO: FIX somehow the alias of the function does not work # Composer on php 7.0 does not need any special treatment the provided phar works well alias composer70=composer # Composer on php 7.2 does not need any special treatment the provided phar works well alias composer72=composer # Composer on php 7.3 does not need any special treatment the provided phar works well alias composer73=composer # TODO: this is probably a useless function # Enable various core services enableServices () { sudo systemctl daemon-reload sudo systemctl enable --now mysql sudo systemctl enable --now apache2 sudo systemctl enable --now redis-server } # TODO: check if this makes sense # Generate rc.local genRCLOCAL () { if [[ ! -e /etc/rc.local ]]; then echo '#!/bin/sh -e' | tee -a /etc/rc.local echo 'exit 0' | sudo tee -a /etc/rc.local chmod u+x /etc/rc.local fi sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local } # Run PyMISP tests runTests () { echo "url = \"${MISP_BASEURL}\" key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/ ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin main" ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport] ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py" } # Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster nuke () { echo -e "${RED}YOU ARE ABOUT TO DELETE ALL MISP DATA! Sleeping 10, 9, 8...${NC}" sleep 10 sudo rm -rvf /usr/local/src/{misp-modules,viper,mail_to_misp,LIEF,faup} sudo rm -rvf /var/www/MISP sudo mysqladmin -h $DBHOST drop misp sudo mysql -h $DBHOST -e "DROP USER misp@localhost" } # Final function to let the user know what happened theEnd () { space echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt # Commenting out, see: https://github.com/MISP/MISP/issues/5368 # clear -x space echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}" echo echo "User: admin@admin.test" echo "Password: admin" space ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001" ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)" echo "/home/${MISP_USER}/mysql.txt" echo -e "${RED}Contents:${NC}" cat /home/${MISP_USER}/mysql.txt echo "/home/${MISP_USER}/MISP-authkey.txt" echo -e "${RED}Contents:${NC}" cat /home/${MISP_USER}/MISP-authkey.txt space echo -e "The ${RED}LOCAL${NC} system credentials:" echo "User: ${MISP_USER}" echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user" space echo "GnuPG Passphrase is: ${GPG_PASSPHRASE}" space echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" echo echo "sudo postconf -e 'relayhost = example.com'" echo "sudo postfix reload" space echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues" space if [[ "$UNATTENDED" == "1" ]]; then echo -e "${RED}Unattended install!${NC}" echo -e "This means we guessed the Base URL, it might be wrong, please double check." space fi if [[ "$PACKER" == "1" ]]; then echo -e "${RED}This was an Automated Packer install!${NC}" echo -e "This means we forced an unattended install." space fi if [[ "$USER" != "$MISP_USER" && "$UNATTENDED" != "1" ]]; then sudo su - ${MISP_USER} fi } # # # Install Php 7.2 dependencies installDepsPhp72 () { debug "Installing PHP 7.2 dependencies" PHP_ETC_BASE=/etc/php/7.2 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock sudo apt install -qy \ libapache2-mod-php \ php php-cli \ php-dev \ php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \ php-redis php-gnupg \ php-intl php-bcmath \ php-gd for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI } ## End Function Section Nothing allowed in .md after this line ## # ```