```bash # # Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default DEBUG= case "$-" in *x*) NO_PROGRESS=1; DEBUG=1 ;; *) NO_PROGRESS=0 ;; esac ## Function Section ## ## Usage of this script usage () { if [ "$0" == "bash" ]; then WEB_INSTALL=1 SCRIPT_NAME="Web Installer Command" else SCRIPT_NAME=$0 fi exec &> /dev/tty space echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install." space echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core echo -e " -M | ${LBLUE}MISP${NC} modules" # modules ## FIXME: The current state of misp-dashboard is broken, disabling any use. ##echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard ## FIXME: The current state of Viper is broken, disabling any use. ##echo -e " -V | Viper" # viper echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2 echo -e " -S | Experimental ssdeep correlations" # ssdeep echo -e " -A | Install ${YELLOW}all${NC} of the above" # all space echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre space echo -e " -u | Do an unattended Install, no questions asked" # UNATTENDED echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE echo -e "${HIDDEN} -N | Nuke this MISP Instance${NC}" # NUKE echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE echo -e "Options can be combined: ${SCRIPT_NAME} -c -D # Will install Core+Dashboard" space echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or" echo -e "MISP + modules - ${SCRIPT_NAME} -c -M" echo -e "" echo -e "" echo -e "Interesting environment variables that get considered are:" echo -e "" echo -e "MISP_USER/MISP_PASSWORD # Local username on machine, default: misp/opensslGeneratedPassword" echo -e "" echo -e "PATH_TO_MISP # Where MISP will be installed, default: /var/www/MISP (recommended)" echo -e "" echo -e "DBHOST/DBNAME # database hostname, MISP database name, default: localhost/misp" echo -e "DBUSER_ADMIN/DBPASSWORD_ADMIN # MySQL admin user, default: root/opensslGeneratedPassword" echo -e "DBUSER_MISP/DBPASSWORD_MISP # MISP database user, default: misp/opensslGeneratedPassword" echo -e "" echo -e "You need to export the variable(s) to be taken into account. (or specified in-line when invoking INSTALL.sh)" space } # Check if element is contained in array containsElement () { local e match="$1" shift for e; do [[ "$e" == "$match" ]] && return 0; done return 1 } checkOpt () { # checkOpt feature containsElement $1 "${options[@]}" } setOpt () { options=() for o in $@; do case "$o" in ("-c") echo "core"; CORE=1 ;; ("-V") echo "viper"; VIPER=1 ;; ("-M") echo "modules"; MODULES=1 ;; ("-D") echo "dashboard"; DASHBOARD=1 ;; ("-m") echo "mail2"; MAIL2=1 ;; ("-S") echo "ssdeep"; SSDEEP=1 ;; ("-A") echo "all"; ALL=1 ;; ("-C") echo "pre"; PRE=1 ;; ("-U") echo "upgrade"; UPGRADE=1 ;; ("-N") echo "nuke"; NUKE=1 ;; ("-u") echo "unattended"; UNATTENDED=1 ;; ("-ni") echo "noninteractive"; NONINTERACTIVE=1 ;; ("-f") echo "force"; FORCE=1 ;; (*) echo "$o is not a valid argument"; exit 1 ;; esac done } # check if command_exists command_exists () { command -v "$@" > /dev/null 2>&1 } # TODO: fix os detection mess # Try to detect what we are running on checkCoreOS () { # lsb_release can exist on any platform. RedHat package: redhat-lsb LSB_RELEASE=$(which lsb_release > /dev/null ; echo $?) APT=$(which apt > /dev/null 2>&1; echo -n $?) APT_GET=$(which apt-get > /dev/null 2>&1; echo $?) # debian specific # /etc/debian_version ## os-release #generic # /etc/os-release # Redhat checks if [[ -f "/etc/redhat-release" ]]; then echo "This is some redhat flavour" REDHAT=1 RHfla=$(cat /etc/redhat-release | cut -f 1 -d\ | tr '[:upper:]' '[:lower:]') fi } # Extract debian flavour checkFlavour () { FLAVOUR="" # Every system that we officially support has /etc/os-release if [ -r /etc/os-release ]; then FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')" fi case "${FLAVOUR}" in ubuntu) if command_exists lsb_release; then dist_version="$(lsb_release --codename | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" fi ;; debian|raspbian) dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 10) dist_version="buster" ;; 9) dist_version="stretch" ;; esac ;; centos) if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" dist_version=${dist_version:0:1} fi echo "${FLAVOUR} support is experimental at the moment" ;; rhel|ol|sles|fedora) if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then # FIXME: On fedora the trimming fails dist_version="$(. /etc/os-release && echo "$VERSION_ID")" dist_version=${dist_version:0:1} # Only interested about major version fi # FIXME: Only tested for RHEL 7 so far echo "${FLAVOUR} support is experimental at the moment" ;; *) if command_exists lsb_release; then dist_version="$(lsb_release --release | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" fi ;; esac # FIXME: The below want to be refactored if [ "${FLAVOUR}" == "ubuntu" ]; then RELEASE=$(lsb_release -s -r) debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}" else debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}" fi } # Check if this is a forked Linux distro check_forked () { # Check for lsb_release command existence, it usually exists in forked distros if command_exists lsb_release; then # Check if the `-u` option is supported set +e lsb_release -a -u > /dev/null 2>&1 lsb_release_exit_code=$? set -e # Check if the command has exited successfully, it means we're in a forked distro if [ "$lsb_release_exit_code" = "0" ]; then # Print info about current distro cat <<-EOF You're using '${FLAVOUR}' version '${dist_version}'. EOF # Get the upstream release info FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') # Print info about upstream distro cat <<-EOF Upstream release is '${FLAVOUR}' version '$dist_version'. EOF else if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then # We're Debian and don't even know it! FLAVOUR=debian dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 10) dist_version="buster" ;; 9) dist_version="stretch" ;; 8|'Kali Linux 2') dist_version="jessie" ;; esac fi fi fi } checkInstaller () { # Workaround: shasum is not available on RHEL, only checking sha512 if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512 chsum=$(cat /tmp/INSTALL.sh.sha512) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "SHA512 matches" else echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}" # exit 1 # uncomment when/if PR is merged fi else # TODO: Implement $FLAVOUR checks and install depending on the platform we are on if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then checkAptLock sudo apt install libdigest-sha-perl -qyy fi # SHAsums to be computed, not the -- notatiation is for ease of use with rhash SHA_SUMS="--sha1 --sha256 --sha384 --sha512" for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ ) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "sha${sum} matches" else echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" echo "Delete installer, re-download and please run again." exit 1 fi done fi } # Extract manufacturer checkManufacturer () { if [[ -z $(which dmidecode) ]]; then checkAptLock sudo apt install dmidecode -qy fi MANUFACTURER=$(sudo dmidecode -s system-manufacturer) debug ${MANUFACTURER} } # Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static. space () { if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then echo "--------------------------------------------------------------------------------" return fi # Check terminal width num=`tput cols` for i in `seq 1 $num`; do echo -n "-" done echo "" } # Spinner so the user knows something is happening spin() { if [[ "$NO_PROGRESS" == "1" ]]; then return fi spinner="/|\\-/|\\-" while : do for i in `seq 0 7` do echo -n "${spinner:$i:1}" echo -en "\010" sleep 0.$i done done } # Progress bar progress () { progress=$[$progress+$1] if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then echo "progress=${progress}" > /tmp/INSTALL.stat return fi bar="#" # Prevent progress of overflowing if [[ $progress -ge 100 ]]; then echo -ne "##################################################################################################### (100%)\r" return fi # Display progress for p in $(seq 1 $progress); do bar+="#" echo -ne "$bar ($p%)\r" done echo -ne '\n' echo "progress=${progress}" > /tmp/INSTALL.stat } # Check locale checkLocale () { debug "Checking Locale" # If locale is missing, generate and install a common UTF-8 if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then checkAptLock sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen sudo locale-gen en_US.UTF-8 sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 fi } # Simple function to check command exit code checkFail () { # '-ne' checks for numerical differences, '==' used for strings if [[ $2 -ne 0 ]]; then echo "iAmError: $1" echo "The last command exited with error code: $2" exit $2 fi } ask_o () { ANSWER="" if [ -z "${1}" ]; then echo "This function needs at least 1 parameter." exit 1 fi [ -z "${2}" ] && OPT1="y" || OPT1="${2}" [ -z "${3}" ] && OPT2="n" || OPT2="${3}" while true; do case "${ANSWER}" in "${OPT1}" | "${OPT2}") break ;; esac echo -e -n "${1} (${OPT1}/${OPT2}) " read ANSWER ANSWER=$(echo "${ANSWER}" | tr '[:upper:]' '[:lower:]') done } clean () { rm /tmp/INSTALL.stat rm /tmp/INSTALL.sh.* } # Check if misp user is present and if run as root checkID () { debug "Checking if run as root and $MISP_USER is present" if [[ $EUID -eq 0 ]]; then echo "This script cannot be run as a root" clean > /dev/null 2>&1 exit 1 elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then if [[ "$UNATTENDED" != "1" ]]; then echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' (y) or continue as $USER (n)? (y/n) " read ANSWER ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]') INSTALL_USER=${USER} else ANSWER="y" fi if [[ $ANSWER == "y" ]]; then sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd echo "User $MISP_USER added, password is: $MISP_PASSWORD" elif [[ $ANSWER == "n" ]]; then echo "Using $USER as install user, hope that is what you want." echo -e "${RED}Adding $USER to groups $WWW_USER and staff${NC}" MISP_USER=$USER sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER else echo "yes or no was asked, try again." sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER exit 1 fi else echo "User ${MISP_USER} exists, skipping creation" echo -e "${RED}Adding $MISP_USER to groups $WWW_USER and staff${NC}" sudo adduser $MISP_USER staff sudo adduser $MISP_USER $WWW_USER fi # FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check # sudo config to run $LUSER commands if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then SUDO_CMD="sudo -H -u ${MISP_USER} -g staff" else SUDO_CMD="sudo -H -u ${MISP_USER}" fi } # pre-install check to make sure what we will be installing on, is ready and not a half installed system preInstall () { # preInstall needs to be able to be called before ANY action. Install/Upgrade/AddTool # Pre install wants to be the place too where the following is checked and set via ENV_VAR: # Check if composer is installed and functioning # Check if misp db is installed (API call would confirm that the DB indeed works) # Check apache config (Maybe try to talk to the server via api, this would confirm quite a lot) # Check if workers are running/installed, maybe kick them if they are not # /var/www/MISP/app/Config/[bootstrap,databases,core,config].php exists # /var/www/MISP perms are correct (for $SUDO_WWW useage) # # Check if $PATH_TO_MISP exists and is writable by $WWW_USER [[ -d "$PATH_TO_MISP" ]] && PATH_TO_MISP_EXISTS=1 && echo "$PATH_TO_MISP exists" # .git exists and git is working for $WWW_USER [[ -d "$PATH_TO_MISP/.git" ]] && PATH_TO_GIT_EXISTS=1 && echo "$PATH_TO_MISP/.git exists" && cd $PATH_TO_MISP && $SUDO_WWW git status # .gnupg exists and working correctly [[ -d "$PATH_TO_MISP/.gnupg" ]] && PATH_TO_GNUPG_EXISTS=1 && echo "$PATH_TO_MISP/.gnupg exists" # Extract username, password and dbname ##cat database.php |grep -v // |grep -e database -e login -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> DBPASSWORD_MISP=$(cat database.php |grep -v // |grep -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) DBUSER_MISP=$(cat database.php |grep -v // |grep -e login |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) DBNAME=$(cat database.php |grep -v // |grep -e database |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) AUTH_KEY=$(mysql -h $DBHOST --disable-column-names -B -u $DBUSER_MISP -p"$DBPASSWORD_MISP" $DBNAME -e 'SELECT authkey FROM users WHERE role_id=1 LIMIT 1') # Check if db exists [[ -d "/var/lib/mysql/$DBNAME" ]] && MISP_DB_DIR_EXISTS=1 && echo "/var/lib/mysql/$DBNAME exists" echo -e "${RED}Place-holder, not implemented yet.${NC}" exit } # Upgrade function upgrade () { headerJSON="application/json" Acc="Accept:" Autho="Authorization:" CT="Content-Type:" MISP_BASEURL="https://127.0.0.1" ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar update ; php composer.phar self-update" for URN in $(echo "galaxies warninglists noticelists objectTemplates taxonomies"); do curl --header "$Autho $AUTH_KEY" --header "$Acc $headerJSON" --header "$CT $headerJSON" -k -X POST $MISP_BASEURL/$URN/update done echo -e "${RED}Place-holder, not implemented yet.${NC}" exit } # check is /usr/local/src is RW by misp user checkUsrLocalSrc () { echo "" if [[ -e /usr/local/src ]]; then WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?) if [[ "$WRITEABLE" == "0" ]]; then echo "Good, /usr/local/src exists and is writeable as $MISP_USER" else # TODO: The below might be shorter, more elegant and more modern #[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it" sudo chmod 2775 /usr/local/src sudo chown root:staff /usr/local/src fi else echo "/usr/local/src does not exist, creating." mkdir -p /usr/local/src sudo chmod 2775 /usr/local/src # TODO: Better handling /usr/local/src permissions if [[ "$(cat /etc/group |grep staff > /dev/null 2>&1)" == "0" ]]; then sudo chown root:staff /usr/local/src fi fi } kaliSpaceSaver () { # Future function in case Kali overlay on LiveCD is full echo "${RED}Not implement${NC}" } # FIXME: Kali now uses kali/kali instead of root/toor # Because Kali is l33t we make sure we DO NOT run as root kaliOnTheR0ckz () { totalRoot=$(df -k | grep /$ |awk '{ print $2 }') totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}') overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present if [[ ${totalRoot} -lt 3059034 ]]; then echo "(If?) You run Kali in LiveCD mode, you need more overlay disk space." echo "This is defined by the total memory setting in you VM config." echo "You currently have: ${totalMem}kB which is not enough." echo "6-8Gb should be fine. (need >3Gb overlayFS)" exit 1 fi if [[ ${EUID} -eq 0 ]]; then echo "This script must NOT be run as root" exit 1 elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER} echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd else # TODO: Make sure we consider this further down the road echo "User ${MISP_USER} exists, skipping creation" fi } setBaseURL () { debug "Setting Base URL" CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP") IFACE=$(echo $CONN |awk {'print $1'}) IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/) [[ -n ${MANUFACTURER} ]] || checkManufacturer if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be." if [[ "${UNATTENDED}" != "1" ]]; then echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards." echo "Do you want to change it now? (y/n) " read ANSWER ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]') if [[ "${ANSWER}" == "y" ]]; then if [[ ! -z ${IP} ]]; then echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI" echo "Thus your Base URL could be: https://${IP}" fi echo "Please enter the Base URL, e.g: 'https://example.org'" echo "" echo -n "Enter Base URL: " read MISP_BASEURL else MISP_BASEURL='""' fi else MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' fi elif [[ "${KALI}" == "1" ]]; then MISP_BASEURL="https://misp.local" # Webserver configuration FQDN='misp.local' elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then MISP_BASEURL='https://localhost:8443' IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1) sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443 # Webserver configuration FQDN='localhost.localdomain' elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then MISP_BASEURL='""' # Webserver configuration FQDN='misp.local' else MISP_BASEURL='""' # Webserver configuration FQDN='misp.local' fi } # Test and install software RNG installRNG () { sudo modprobe tpm-rng 2> /dev/null if [ "$?" -eq "0" ]; then echo tpm-rng | sudo tee -a /etc/modules fi checkAptLock sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS sudo service rng-tools start if [ "$?" -eq "1" ]; then sudo apt purge -qy rng-tools sudo apt install -qy haveged sudo /etc/init.d/haveged start fi } # Kali upgrade kaliUpgrade () { debug "Running various Kali upgrade tasks" checkAptLock # Fix Missing keys early sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg # /!\ The following is a very ugly dependency hack to make php7.4 work on Kali wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb wget http://ftp.debian.org/debian/pool/main/i/icu/libicu67_67.1-7_amd64.deb sudo dpkg -i libicu67_67.1-7_amd64.deb # EOH End-Of-Hack sudo DEBIAN_FRONTEND=noninteractive apt update sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y } # Kali 2022.x has only php81 installDepsKaliPhp74 () { sudo apt -y install lsb-release apt-transport-https ca-certificates sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ bullseye main" | sudo tee /etc/apt/sources.list.d/php.list sudo apt update wget http://ftp.us.debian.org/debian/pool/main/libf/libffi/libffi7_3.3-6_amd64.deb sudo dpkg -i libffi7_3.3-6_amd64.deb } # Disables sleep disableSleep () { debug "Disabling sleep etc if run from a Laptop as the install might take some timeā€¦" > /dev/tty gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null setterm -blank 0 -powersave off -powerdown 0 xset s 0 0 2> /dev/null xset dpms 0 0 2> /dev/null xset dpms force off xset s off 2> /dev/null service sleepd stop kill $(lsof | grep 'sleepd' | awk '{print $2}') checkAptLock } # Remove alias if present if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi # Simple function to make sure APT is not locked checkAptLock () { SLEEP=3 if [[ -n ${APT_UPDATED} ]]; then sudo apt update && APT_UPDATED=1 fi while [ "$DONE" != "0" ]; do sudo apt-get check 2> /dev/null > /dev/null && DONE=0 echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty sleep $SLEEP SLEEP=$[$SLEEP+3] done unset DONE } # # Install Php 7.0 dependencies installDepsPhp70 () { debug "Installing PHP 7.0 dependencies" PHP_ETC_BASE=/etc/php/7.0 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock sudo apt install -qy \ libapache2-mod-php \ php php-cli \ php-dev \ php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \ php-redis php-gnupg \ php-gd for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI } # # # Install Php 7.3 deps installDepsPhp73 () { debug "Installing PHP 7.3 dependencies" PHP_ETC_BASE=/etc/php/7.3 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock if [[ ! -n ${KALI} ]]; then sudo apt install -qy \ libapache2-mod-php7.3 \ php7.3 php7.3-cli \ php7.3-dev \ php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ php-redis php-gnupg \ php-gd else sudo apt install -qy \ libapache2-mod-php7.3 \ libgpgme-dev \ php7.3 php7.3-cli \ php7.3-dev \ php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ php7.3-gd sudo pecl channel-update pecl.php.net #sudo pear config-set php_ini ${PHP_INI} echo "" |sudo pecl install redis sudo pecl install gnupg echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini fi } # # Installing core dependencies installDeps () { debug "Installing core dependencies" checkAptLock sudo apt install -qy etckeeper # Skip dist-upgrade for now, pulls in 500+ updated packages #sudo apt -y dist-upgrade gitMail=$(git config --global --get user.email ; echo $?) if [ "$?" -eq "1" ]; then git config --global user.email "root@kali.lan" fi gitUser=$(git config --global --get user.name ; echo $?) if [ "$?" -eq "1" ]; then git config --global user.name "Root User" fi [[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix sudo apt install -qy \ curl gcc git gnupg-agent make openssl redis-server neovim unzip zip libyara-dev python3-yara python3-redis python3-zmq sqlite3 python3-virtualenv \ mariadb-client \ mariadb-server \ apache2 apache2-doc apache2-utils \ python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools installRNG } # generate MISP apache conf genApacheConf () { echo " ServerAdmin admin@localhost.lu ServerName misp.local Redirect permanent / https://misp.local LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off ServerAdmin admin@localhost.lu ServerName misp.local DocumentRoot $PATH_TO_MISP/app/webroot Options -Indexes AllowOverride all Require all granted Order allow,deny allow from all SSLEngine On SSLCertificateFile /etc/ssl/private/misp.local.crt SSLCertificateKeyFile /etc/ssl/private/misp.local.key # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off Header set X-Content-Type-Options nosniff Header set X-Frame-Options DENY " | sudo tee /etc/apache2/sites-available/misp-ssl.conf } # Add git pull update mechanism to rc.local - TODO: Make this better gitPullAllRCLOCAL () { sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local sudo sed -i -e '$i \done\n' /etc/rc.local } # Main composer function composer () { sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install --no-dev" } # Legacy composer function composer74 () { sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php7.4 composer.phar install --no-dev" } # TODO: FIX somehow the alias of the function does not work # Composer on php 7.0 does not need any special treatment the provided phar works well alias composer70=composer # Composer on php 7.2 does not need any special treatment the provided phar works well alias composer72=composer # Composer on php 7.3 does not need any special treatment the provided phar works well alias composer73=composer # TODO: this is probably a useless function # Enable various core services enableServices () { sudo systemctl daemon-reload sudo systemctl enable --now mysql sudo systemctl enable --now apache2 sudo systemctl enable --now redis-server } # TODO: check if this makes sense # Generate rc.local genRCLOCAL () { if [[ ! -e /etc/rc.local ]]; then echo '#!/bin/sh -e' | tee -a /etc/rc.local echo 'exit 0' | sudo tee -a /etc/rc.local chmod u+x /etc/rc.local fi sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local } # Run PyMISP tests runTests () { echo "url = \"${MISP_BASEURL}\" key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/ ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin main" ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport] ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py" } # Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster nuke () { echo -e "${RED}YOU ARE ABOUT TO DELETE ALL MISP DATA! Sleeping 10, 9, 8...${NC}" sleep 10 sudo rm -rvf /usr/local/src/{misp-modules,viper,mail_to_misp,LIEF,faup} sudo rm -rvf /var/www/MISP sudo mysqladmin -h $DBHOST drop misp sudo mysql -h $DBHOST -e "DROP USER misp@localhost" } # Final function to let the user know what happened theEnd () { space echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt # Commenting out, see: https://github.com/MISP/MISP/issues/5368 # clear -x space echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}" echo echo "User: admin@admin.test" echo "Password: admin" space ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001" ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234" ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)" echo "/home/${MISP_USER}/mysql.txt" echo -e "${RED}Contents:${NC}" cat /home/${MISP_USER}/mysql.txt echo "/home/${MISP_USER}/MISP-authkey.txt" echo -e "${RED}Contents:${NC}" cat /home/${MISP_USER}/MISP-authkey.txt space echo -e "The ${RED}LOCAL${NC} system credentials:" echo "User: ${MISP_USER}" echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user" space echo "GnuPG Passphrase is: ${GPG_PASSPHRASE}" space echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" echo echo "sudo postconf -e 'relayhost = example.com'" echo "sudo postfix reload" space echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues" space if [[ "$UNATTENDED" == "1" ]]; then echo -e "${RED}Unattended install!${NC}" echo -e "This means we guessed the Base URL, it might be wrong, please double check." space fi if [[ "$PACKER" == "1" ]]; then echo -e "${RED}This was an Automated Packer install!${NC}" echo -e "This means we forced an unattended install." space fi if [[ "$USER" != "$MISP_USER" && "$UNATTENDED" != "1" ]]; then sudo su - ${MISP_USER} fi } # # # Install Php 7.2 dependencies installDepsPhp72 () { debug "Installing PHP 7.2 dependencies" PHP_ETC_BASE=/etc/php/7.2 PHP_INI=${PHP_ETC_BASE}/apache2/php.ini checkAptLock sudo apt install -qy \ libapache2-mod-php \ php php-cli \ php-dev \ php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \ php-redis php-gnupg \ php-intl php-bcmath \ php-gd for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI done sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI } ## End Function Section Nothing allowed in .md after this line ## # ```