mirror of https://github.com/MISP/MISP
2556 lines
97 KiB
Bash
2556 lines
97 KiB
Bash
#!/usr/bin/env bash
|
|
############################################################
|
|
###### #
|
|
##### Please AutoGenerated... ##
|
|
#### Do NOT was ###
|
|
### Manually It ####
|
|
## Change this Script... #####
|
|
# ######
|
|
############################################################
|
|
############################################################
|
|
#INSTALLATION INSTRUCTIONS #
|
|
##########################################################
|
|
#------------------------- for Debian Flavored Linux Distributions
|
|
#
|
|
#-------------------------------------------------------|
|
|
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
|
#-------------------------------------------------------|
|
|
#
|
|
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
|
# 20190208: Kali Linux tested and working. -- sCl
|
|
#
|
|
#
|
|
#-------------------------------------------------------------------------------------------------|
|
|
# 1/ For other Debian based Linux distributions, download script and run as **unprivileged** user |
|
|
#-------------------------------------------------------------------------------------------------|
|
|
#
|
|
# The following installs only MISP Core:
|
|
# $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c
|
|
#
|
|
# This will install MISP Core and misp-modules
|
|
# $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c -M
|
|
#
|
|
#
|
|
#-------------------------------------------------------|
|
|
# 2/ For Kali, download and run Installer Script |
|
|
#-------------------------------------------------------|
|
|
#
|
|
# To install MISP on Kali copy paste the following to your r00t shell:
|
|
# # wget --no-cache -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh
|
|
# /!\ Please read the installer script before randomly doing the above.
|
|
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
|
#
|
|
#
|
|
#----------------------------------------------------------|
|
|
# 3/ The following script has been partially autogenerated |
|
|
#----------------------------------------------------------|
|
|
#
|
|
# To generate this script yourself, the following steps need to be taken.
|
|
# $ git clone https://github.com/SteveClement/xsnippet.git
|
|
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
|
|
# $ git clone https://github.com/MISP/MISP.git
|
|
# $ cd MISP/INSTALL ; ./INSTALL.tpl.sh
|
|
#
|
|
##
|
|
###
|
|
####----------------\
|
|
## Developer Note |
|
|
####--------------------------------------------------------------------------------------------------|
|
|
## In theory the order does not matter as everything is a self-contained function. |
|
|
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
|
|
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
|
|
#-----------------------------------------------------------------------------------------------------|
|
|
#
|
|
# ToC #
|
|
#
|
|
#### BEGIN AUTOMATED SECTION ####
|
|
#
|
|
# $ eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | grep -v \`\`\`)"
|
|
# $ MISPvars
|
|
MISPvars () {
|
|
debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours" 2> /dev/null
|
|
# Local non-root MISP user
|
|
MISP_USER='misp'
|
|
MISP_PASSWORD="$(openssl rand -hex 32)"
|
|
|
|
# MISP configuration variables
|
|
PATH_TO_MISP='/var/www/MISP'
|
|
|
|
# The web server user
|
|
# RHEL/CentOS
|
|
if [[ -f "/etc/redhat-release" ]]; then
|
|
WWW_USER='apache'
|
|
# Debian flavoured
|
|
elif [[ -f "/etc/debian_version" ]]; then
|
|
WWW_USER="www-data"
|
|
# OpenBSD
|
|
elif [[ "$(uname -s)" == "OpenBSD" ]]; then
|
|
WWW_USER="www"
|
|
PATH_TO_MISP="/var/www/htdocs/MISP"
|
|
# NetBSD
|
|
elif [[ "$(uname -s)" == "NetBSD" ]]; then
|
|
WWW_USER="www"
|
|
PATH_TO_MISP="/usr/pkg/share/httpd/htdocs/MISP"
|
|
else
|
|
# I am feeling lucky
|
|
WWW_USER="www-data"
|
|
fi
|
|
|
|
if [ -z "$FQDN" ]; then
|
|
FQDN="misp.local"
|
|
fi
|
|
|
|
if [ -z "$MISP_BASEURL" ]; then
|
|
MISP_BASEURL='""'
|
|
fi
|
|
|
|
MISP_LIVE='1'
|
|
|
|
# Database configuration
|
|
DBHOST='localhost'
|
|
DBNAME='misp'
|
|
DBUSER_ADMIN='root'
|
|
DBPASSWORD_ADMIN="$(openssl rand -hex 32)"
|
|
DBUSER_MISP='misp'
|
|
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
|
|
|
# OpenSSL configuration
|
|
OPENSSL_CN=$FQDN
|
|
OPENSSL_C='LU'
|
|
OPENSSL_ST='State'
|
|
OPENSSL_L='Location'
|
|
OPENSSL_O='Organization'
|
|
OPENSSL_OU='Organizational Unit'
|
|
OPENSSL_EMAILADDRESS="info@$FQDN"
|
|
|
|
# GPG configuration
|
|
GPG_REAL_NAME='Autogenerated Key'
|
|
# On a REAL install, please do not set a comment, see here for why: https://www.debian-administration.org/users/dkg/weblog/97
|
|
GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!'
|
|
GPG_EMAIL_ADDRESS='admin@admin.test'
|
|
# 3072 bits used as per suggestions here: https://riseup.net/en/security/message-security/openpgp/best-practices
|
|
GPG_KEY_LENGTH='3072'
|
|
GPG_PASSPHRASE="$(openssl rand -hex 32)"
|
|
|
|
# debug alias to make sure people are not confused when blindly copy pasting blobs of code
|
|
alias debug="echo -e"
|
|
|
|
# checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code
|
|
alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'"
|
|
|
|
# php.ini configuration
|
|
upload_max_filesize=50M
|
|
post_max_size=50M
|
|
max_execution_time=300
|
|
memory_limit=2048M
|
|
|
|
CAKE="$PATH_TO_MISP/app/Console/cake"
|
|
|
|
# sudo config to run $LUSER commands
|
|
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
|
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
|
else
|
|
SUDO_USER="sudo -H -u ${MISP_USER}"
|
|
fi
|
|
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
|
|
|
echo "The following DB Passwords were generated..."
|
|
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
|
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
|
}
|
|
|
|
# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default
|
|
DEBUG=
|
|
|
|
case "$-" in
|
|
*x*) NO_PROGRESS=1; DEBUG=1 ;;
|
|
*) NO_PROGRESS=0 ;;
|
|
esac
|
|
|
|
## Function Section ##
|
|
|
|
## Usage of this script
|
|
usage () {
|
|
if [ "$0" == "bash" ]; then
|
|
WEB_INSTALL=1
|
|
SCRIPT_NAME="Web Installer Command"
|
|
else
|
|
SCRIPT_NAME=$0
|
|
fi
|
|
|
|
exec &> /dev/tty
|
|
space
|
|
echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install."
|
|
space
|
|
echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core
|
|
echo -e " -M | ${LBLUE}MISP${NC} modules" # modules
|
|
echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard
|
|
echo -e " -V | Viper" # viper
|
|
echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2
|
|
echo -e " -S | Experimental ssdeep correlations" # ssdeep
|
|
echo -e " -A | Install ${YELLOW}all${NC} of the above" # all
|
|
space
|
|
echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre
|
|
space
|
|
echo -e " -u | Do an unattended Install, no questions asked" # UNATTENDED
|
|
echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE
|
|
echo -e "${HIDDEN} -N | Nuke this MISP Instance${NC}" # NUKE
|
|
echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE
|
|
echo -e "Options can be combined: ${SCRIPT_NAME} -c -V -D # Will install Core+Viper+Dashboard"
|
|
space
|
|
echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or"
|
|
echo -e "MISP + modules - ${SCRIPT_NAME} -c -M"
|
|
space
|
|
}
|
|
|
|
# Check if element is contained in array
|
|
containsElement () {
|
|
local e match="$1"
|
|
shift
|
|
for e; do [[ "$e" == "$match" ]] && return 0; done
|
|
return 1
|
|
}
|
|
|
|
checkOpt () {
|
|
# checkOpt feature
|
|
containsElement $1 "${options[@]}"
|
|
}
|
|
|
|
setOpt () {
|
|
options=()
|
|
for o in $@; do
|
|
case "$o" in
|
|
("-c") echo "core"; CORE=1 ;;
|
|
("-V") echo "viper"; VIPER=1 ;;
|
|
("-M") echo "modules"; MODULES=1 ;;
|
|
("-D") echo "dashboard"; DASHBOARD=1 ;;
|
|
("-m") echo "mail2"; MAIL2=1 ;;
|
|
("-S") echo "ssdeep"; SSDEEP=1 ;;
|
|
("-A") echo "all"; ALL=1 ;;
|
|
("-C") echo "pre"; PRE=1 ;;
|
|
("-U") echo "upgrade"; UPGRADE=1 ;;
|
|
("-N") echo "nuke"; NUKE=1 ;;
|
|
("-u") echo "unattended"; UNATTENDED=1 ;;
|
|
("-f") echo "force"; FORCE=1 ;;
|
|
(*) echo "$o is not a valid argument"; exit 1 ;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
# check if command_exists
|
|
command_exists () {
|
|
command -v "$@" > /dev/null 2>&1
|
|
}
|
|
|
|
# TODO: fix os detection mess
|
|
# Try to detect what we are running on
|
|
checkCoreOS () {
|
|
# lsb_release can exist on any platform. RedHat package: redhat-lsb
|
|
LSB_RELEASE=$(which lsb_release > /dev/null ; echo $?)
|
|
APT=$(which apt > /dev/null 2>&1; echo -n $?)
|
|
APT_GET=$(which apt-get > /dev/null 2>&1; echo $?)
|
|
|
|
# debian specific
|
|
# /etc/debian_version
|
|
## os-release #generic
|
|
# /etc/os-release
|
|
|
|
# Redhat checks
|
|
if [[ -f "/etc/redhat-release" ]]; then
|
|
echo "This is some redhat flavour"
|
|
REDHAT=1
|
|
RHfla=$(cat /etc/redhat-release | cut -f 1 -d\ | tr '[:upper:]' '[:lower:]')
|
|
fi
|
|
}
|
|
|
|
# Extract debian flavour
|
|
checkFlavour () {
|
|
FLAVOUR=""
|
|
# Every system that we officially support has /etc/os-release
|
|
if [ -r /etc/os-release ]; then
|
|
FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')"
|
|
fi
|
|
|
|
case "$FLAVOUR" in
|
|
ubuntu)
|
|
if command_exists lsb_release; then
|
|
dist_version="$(lsb_release --codename | cut -f2)"
|
|
fi
|
|
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
|
|
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
|
|
fi
|
|
;;
|
|
debian|raspbian)
|
|
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
|
case "$dist_version" in
|
|
10)
|
|
dist_version="buster"
|
|
;;
|
|
9)
|
|
dist_version="stretch"
|
|
;;
|
|
esac
|
|
;;
|
|
centos)
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
fi
|
|
echo "$FLAVOUR not supported at the moment"
|
|
exit 1
|
|
;;
|
|
rhel|ol|sles)
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
fi
|
|
echo "$FLAVOUR not supported at the moment"
|
|
exit 1
|
|
;;
|
|
*)
|
|
if command_exists lsb_release; then
|
|
dist_version="$(lsb_release --release | cut -f2)"
|
|
fi
|
|
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
# FIXME: The below want to be refactored
|
|
if [ "$FLAVOUR" == "ubuntu" ]; then
|
|
RELEASE=$(lsb_release -s -r)
|
|
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}"
|
|
else
|
|
debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}"
|
|
fi
|
|
}
|
|
|
|
|
|
# Check if this is a forked Linux distro
|
|
check_forked () {
|
|
# Check for lsb_release command existence, it usually exists in forked distros
|
|
if command_exists lsb_release; then
|
|
# Check if the `-u` option is supported
|
|
set +e
|
|
lsb_release -a -u > /dev/null 2>&1
|
|
lsb_release_exit_code=$?
|
|
set -e
|
|
|
|
# Check if the command has exited successfully, it means we're in a forked distro
|
|
if [ "$lsb_release_exit_code" = "0" ]; then
|
|
# Print info about current distro
|
|
cat <<-EOF
|
|
You're using '$FLAVOUR' version '$dist_version'.
|
|
EOF
|
|
# Get the upstream release info
|
|
FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
|
|
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
|
|
|
|
# Print info about upstream distro
|
|
cat <<-EOF
|
|
Upstream release is '$FLAVOUR' version '$dist_version'.
|
|
EOF
|
|
else
|
|
if [ -r /etc/debian_version ] && [ "$FLAVOUR" != "ubuntu" ] && [ "$FLAVOUR" != "raspbian" ]; then
|
|
# We're Debian and don't even know it!
|
|
FLAVOUR=debian
|
|
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
|
|
case "$dist_version" in
|
|
10)
|
|
dist_version="buster"
|
|
;;
|
|
9)
|
|
dist_version="stretch"
|
|
;;
|
|
8|'Kali Linux 2')
|
|
dist_version="jessie"
|
|
;;
|
|
esac
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
checkInstaller () {
|
|
# TODO: Implement $FLAVOUR checks and install depending on the platform we are on
|
|
if [[ $(which shasum > /dev/null 2>&1 ; echo $?) != 0 ]]; then
|
|
sudo apt install libdigest-sha-perl -qyy
|
|
fi
|
|
# SHAsums to be computed, not the -- notatiation is for ease of use with rhash
|
|
SHA_SUMS="--sha1 --sha256 --sha384 --sha512"
|
|
for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do
|
|
/usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum}
|
|
INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ )
|
|
chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ )
|
|
|
|
if [[ "${chsum}" == "${INSTsum}" ]]; then
|
|
echo "sha${sum} matches"
|
|
else
|
|
echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}"
|
|
echo "Delete installer, re-download and please run again."
|
|
exit 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Extract manufacturer
|
|
checkManufacturer () {
|
|
if [ -z $(which dmidecode) ]; then
|
|
checkAptLock
|
|
sudo apt install dmidecode -qy
|
|
fi
|
|
MANUFACTURER=$(sudo dmidecode -s system-manufacturer)
|
|
echo $MANUFACTURER
|
|
}
|
|
|
|
# Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static.
|
|
space () {
|
|
if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then
|
|
echo "--------------------------------------------------------------------------------"
|
|
return
|
|
fi
|
|
# Check terminal width
|
|
num=`tput cols`
|
|
for i in `seq 1 $num`; do
|
|
echo -n "-"
|
|
done
|
|
echo ""
|
|
}
|
|
|
|
# Spinner so the user knows something is happening
|
|
spin()
|
|
{
|
|
if [[ "$NO_PROGRESS" == "1" ]]; then
|
|
return
|
|
fi
|
|
spinner="/|\\-/|\\-"
|
|
while :
|
|
do
|
|
for i in `seq 0 7`
|
|
do
|
|
echo -n "${spinner:$i:1}"
|
|
echo -en "\010"
|
|
sleep 0.$i
|
|
done
|
|
done
|
|
}
|
|
|
|
# Progress bar
|
|
progress () {
|
|
progress=$[$progress+$1]
|
|
if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then
|
|
echo "progress=${progress}" > /tmp/INSTALL.stat
|
|
return
|
|
fi
|
|
bar="#"
|
|
|
|
# Prevent progress of overflowing
|
|
if [[ $progress -ge 100 ]]; then
|
|
echo -ne "##################################################################################################### (100%)\r"
|
|
return
|
|
fi
|
|
# Display progress
|
|
for p in $(seq 1 $progress); do
|
|
bar+="#"
|
|
echo -ne "$bar ($p%)\r"
|
|
done
|
|
echo -ne '\n'
|
|
echo "progress=${progress}" > /tmp/INSTALL.stat
|
|
}
|
|
|
|
# Check locale
|
|
checkLocale () {
|
|
debug "Checking Locale"
|
|
# If locale is missing, generate and install a common UTF-8
|
|
if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) == "1" ]]; then
|
|
checkAptLock
|
|
sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy
|
|
sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
|
|
sudo locale-gen en_US.UTF-8
|
|
sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
|
|
fi
|
|
}
|
|
|
|
# Simple function to check command exit code
|
|
checkFail () {
|
|
if [[ $2 -ne 0 ]]; then
|
|
echo "iAmError: $1"
|
|
echo "The last command exited with error code: $2"
|
|
exit $2
|
|
fi
|
|
}
|
|
|
|
ask_o () {
|
|
|
|
ANSWER=""
|
|
|
|
if [ -z "${1}" ]; then
|
|
echo "This function needs at least 1 parameter."
|
|
exit 1
|
|
fi
|
|
|
|
[ -z "${2}" ] && OPT1="y" || OPT1="${2}"
|
|
[ -z "${3}" ] && OPT2="n" || OPT2="${3}"
|
|
|
|
while true; do
|
|
case "${ANSWER}" in "${OPT1}" | "${OPT2}") break ;; esac
|
|
echo -e -n "${1} (${OPT1}/${OPT2}) "
|
|
read ANSWER
|
|
ANSWER=$(echo "${ANSWER}" | tr '[:upper:]' '[:lower:]')
|
|
done
|
|
|
|
}
|
|
|
|
clean () {
|
|
rm /tmp/INSTALL.stat
|
|
rm /tmp/INSTALL.sh.*
|
|
}
|
|
|
|
# Check if misp user is present and if run as root
|
|
checkID () {
|
|
debug "Checking if run as root and $MISP_USER is present"
|
|
if [[ $EUID == 0 ]]; then
|
|
echo "This script cannot be run as a root"
|
|
clean > /dev/null 2>&1
|
|
exit 1
|
|
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
|
if [[ "$UNATTENDED" != "1" ]]; then
|
|
echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' (y) or continue as $USER (n)? (y/n) "
|
|
read ANSWER
|
|
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
|
|
else
|
|
ANSWER="y"
|
|
fi
|
|
|
|
if [[ $ANSWER == "y" ]]; then
|
|
sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
|
echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd
|
|
echo "User $MISP_USER added, password is: $MISP_PASSWORD"
|
|
elif [[ $ANSWER == "n" ]]; then
|
|
echo "Using $USER as install user, hope that is what you want."
|
|
echo -e "${RED}Adding $USER to groups $WWW_USER and staff${NC}"
|
|
MISP_USER=$USER
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
else
|
|
echo "yes or no was asked, try again."
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "User ${MISP_USER} exists, skipping creation"
|
|
echo -e "${RED}Adding $MISP_USER to groups $WWW_USER and staff${NC}"
|
|
sudo adduser $MISP_USER staff
|
|
sudo adduser $MISP_USER $WWW_USER
|
|
fi
|
|
|
|
# FIXME: the below SUDO_USER check is a duplicate from global variables, try to have just one check
|
|
# sudo config to run $LUSER commands
|
|
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
|
SUDO_USER="sudo -H -u ${MISP_USER} -g staff"
|
|
else
|
|
SUDO_USER="sudo -H -u ${MISP_USER}"
|
|
fi
|
|
|
|
}
|
|
|
|
# pre-install check to make sure what we will be installing on, is ready and not a half installed system
|
|
preInstall () {
|
|
# preInstall needs to be able to be called before ANY action. Install/Upgrade/AddTool
|
|
# Pre install wants to be the place too where the following is checked and set via ENV_VAR:
|
|
# Check if composer is installed and functioning
|
|
# Check if misp db is installed (API call would confirm that the DB indeed works)
|
|
# Check apache config (Maybe try to talk to the server via api, this would confirm quite a lot)
|
|
# Check if workers are running/installed, maybe kick them if they are not
|
|
# /var/www/MISP/app/Config/[bootstrap,databases,core,config].php exists
|
|
# /var/www/MISP perms are correct (for $SUDO_WWW useage)
|
|
#
|
|
|
|
# Check if $PATH_TO_MISP exists and is writable by $WWW_USER
|
|
[[ -d "$PATH_TO_MISP" ]] && PATH_TO_MISP_EXISTS=1 && echo "$PATH_TO_MISP exists"
|
|
|
|
# .git exists and git is working for $WWW_USER
|
|
[[ -d "$PATH_TO_MISP/.git" ]] && PATH_TO_GIT_EXISTS=1 && echo "$PATH_TO_MISP/.git exists" && cd $PATH_TO_MISP && $SUDO_WWW git status
|
|
|
|
# .gnupg exists and working correctly
|
|
[[ -d "$PATH_TO_MISP/.gnupg" ]] && PATH_TO_GNUPG_EXISTS=1 && echo "$PATH_TO_MISP/.gnupg exists"
|
|
|
|
|
|
# Extract username, password and dbname
|
|
##cat database.php |grep -v // |grep -e database -e login -e password |tr -d \' |tr -d \ |tr -d , |tr -d \>
|
|
DBPASSWORD_MISP=$(cat database.php |grep -v // |grep -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
DBUSER_MISP=$(cat database.php |grep -v // |grep -e login |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
DBNAME=$(cat database.php |grep -v // |grep -e database |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=)
|
|
AUTH_KEY=$(mysql --disable-column-names -B -u $DBUSER_MISP -p"$DBPASSWORD_MISP" $DBNAME -e 'SELECT authkey FROM users WHERE role_id=1 LIMIT 1')
|
|
|
|
# Check if db exists
|
|
[[ -d "/var/lib/mysql/$DBNAME" ]] && MISP_DB_DIR_EXISTS=1 && echo "/var/lib/mysql/$DBNAME exists"
|
|
|
|
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
|
exit
|
|
}
|
|
|
|
# Upgrade function
|
|
upgrade () {
|
|
headerJSON="application/json"
|
|
Acc="Accept:"
|
|
Autho="Authorization:"
|
|
CT="Content-Type:"
|
|
MISP_BASEURL="https://127.0.0.1"
|
|
cd $PATH_TO_MISP/app ; $SUDO_WWW php composer.phar update $SUDO_WWW php composer.phar self-update
|
|
|
|
for URN in $(echo "galaxies warninglists noticelists objectTemplates taxonomies"); do
|
|
curl --header "$Autho $AUTH_KEY" --header "$Acc $headerJSON" --header "$CT $headerJSON" -k -X POST $MISP_BASEURL/$URN/update
|
|
done
|
|
|
|
echo -e "${RED}Place-holder, not implemented yet.${NC}"
|
|
exit
|
|
}
|
|
|
|
# check is /usr/local/src is RW by misp user
|
|
checkUsrLocalSrc () {
|
|
echo ""
|
|
if [[ -e /usr/local/src ]]; then
|
|
WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?)
|
|
if [[ "$WRITEABLE" == "0" ]]; then
|
|
echo "Good, /usr/local/src exists and is writeable as $MISP_USER"
|
|
else
|
|
# TODO: The below might be shorter, more elegant and more modern
|
|
#[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it"
|
|
sudo chmod 2775 /usr/local/src
|
|
sudo chown root:staff /usr/local/src
|
|
fi
|
|
else
|
|
echo "/usr/local/src does not exist, creating."
|
|
mkdir -p /usr/local/src
|
|
sudo chmod 2775 /usr/local/src
|
|
# TODO: Better handling /usr/local/src permissions
|
|
if [[ "$(cat /etc/group |grep staff > /dev/null 2>&1)" == "0" ]]; then
|
|
sudo chown root:staff /usr/local/src
|
|
fi
|
|
fi
|
|
}
|
|
|
|
kaliSpaceSaver () {
|
|
# Future function in case Kali overlay on LiveCD is full
|
|
echo "${RED}Not implement${NC}"
|
|
}
|
|
|
|
# Because Kali is l33t we make sure we run as root
|
|
kaliOnRootR0ckz () {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root"
|
|
exit 1
|
|
elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then
|
|
useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER
|
|
echo $MISP_USER:$MISP_PASSWORD | chpasswd
|
|
else
|
|
# TODO: Make sure we consider this further down the road
|
|
echo "User ${MISP_USER} exists, skipping creation"
|
|
fi
|
|
}
|
|
|
|
setBaseURL () {
|
|
debug "Setting Base URL"
|
|
CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP")
|
|
IFACE=`echo $CONN |awk {'print $1'}`
|
|
IP=`echo $CONN |awk {'print $2'}| cut -f1 -d/`
|
|
# TODO: Consider "QEMU"
|
|
if [[ "$(checkManufacturer)" != "innotek GmbH" ]] && [[ "$(checkManufacturer)" != "VMware, Inc." ]]; then
|
|
debug "We guess that this is a physical machine and cannot possibly guess what the MISP_BASEURL might be."
|
|
if [[ "$UNATTENDED" != "1" ]]; then
|
|
echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards."
|
|
echo "Do you want to change it now? (y/n) "
|
|
read ANSWER
|
|
ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]')
|
|
if [[ "$ANSWER" == "y" ]]; then
|
|
if [[ ! -z $IP ]]; then
|
|
echo "It seems you have an interface called $IFACE UP with the following IP: $IP - FYI"
|
|
echo "Thus your Base URL could be: https://$IP"
|
|
fi
|
|
echo "Please enter the Base URL, e.g: 'https://example.org'"
|
|
echo ""
|
|
echo -n "Enter Base URL: "
|
|
read MISP_BASEURL
|
|
else
|
|
MISP_BASEURL='""'
|
|
fi
|
|
else
|
|
MISP_BASEURL="https://misp.local"
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
fi
|
|
elif [[ $KALI == "1" ]]; then
|
|
MISP_BASEURL="https://misp.local"
|
|
# Webserver configuration
|
|
FQDN='misp.local'
|
|
else
|
|
MISP_BASEURL='https://localhost:8443'
|
|
IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1)
|
|
sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443
|
|
# Webserver configuration
|
|
FQDN='localhost.localdomain'
|
|
fi
|
|
}
|
|
|
|
# Test and install software RNG
|
|
installRNG () {
|
|
sudo modprobe tpm-rng 2> /dev/null
|
|
if [ "$?" -eq "0" ]; then
|
|
echo tpm-rng | sudo tee -a /etc/modules
|
|
fi
|
|
checkAptLock
|
|
sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS
|
|
sudo service rng-tools start
|
|
|
|
if [ "$?" -eq "1" ]; then
|
|
sudo apt purge -qy rng-tools
|
|
sudo apt install -qy haveged
|
|
sudo /etc/init.d/haveged start
|
|
fi
|
|
}
|
|
|
|
# Kali upgrade
|
|
kaliUpgrade () {
|
|
debug "Running various Kali upgrade tasks"
|
|
sudo apt update
|
|
checkAptLock
|
|
sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y
|
|
sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y
|
|
}
|
|
|
|
# Disables sleep
|
|
disableSleep () {
|
|
debug "Disabling sleep etc if run from a Laptop as the install might take some time…" > /dev/tty
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null
|
|
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null
|
|
gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null
|
|
gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null
|
|
|
|
setterm -blank 0 -powersave off -powerdown 0
|
|
xset s 0 0 2> /dev/null
|
|
xset dpms 0 0 2> /dev/null
|
|
xset dpms force off
|
|
xset s off 2> /dev/null
|
|
service sleepd stop
|
|
kill $(lsof | grep 'sleepd' | awk '{print $2}')
|
|
checkAptLock
|
|
}
|
|
|
|
# Remove alias if present
|
|
if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi
|
|
# Simple function to make sure APT is not locked
|
|
checkAptLock () {
|
|
SLEEP=3
|
|
while [ "$DONE" != "0" ]; do
|
|
sudo apt-get check 2> /dev/null > /dev/null && DONE=0
|
|
echo -e "${LBLUE}apt${NC} is maybe ${RED}locked${NC}, waiting ${RED}$SLEEP${NC} seconds." > /dev/tty
|
|
sleep $SLEEP
|
|
SLEEP=$[$SLEEP+3]
|
|
done
|
|
unset DONE
|
|
}
|
|
|
|
# Install Php 7.0 dependencies
|
|
installDepsPhp70 () {
|
|
debug "Installing PHP 7.0 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.0
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
sudo apt update
|
|
sudo apt install -qy \
|
|
libapache2-mod-php \
|
|
php php-cli \
|
|
php-dev \
|
|
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
}
|
|
|
|
# Install Php 7.3 deps
|
|
installDepsPhp73 () {
|
|
debug "Installing PHP 7.3 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.3
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
sudo apt update
|
|
checkAptLock
|
|
sudo apt install -qy \
|
|
libapache2-mod-php7.3 \
|
|
php7.3 php7.3-cli \
|
|
php7.3-dev \
|
|
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
}
|
|
|
|
# Installing core dependencies
|
|
installDeps () {
|
|
debug "Installing core dependencies"
|
|
checkAptLock
|
|
sudo apt update
|
|
sudo apt install -qy etckeeper
|
|
# Skip dist-upgrade for now, pulls in 500+ updated packages
|
|
#sudo apt -y dist-upgrade
|
|
gitMail=$(git config --global --get user.email ; echo $?)
|
|
if [ "$?" -eq "1" ]; then
|
|
git config --global user.email "root@kali.lan"
|
|
fi
|
|
gitUser=$(git config --global --get user.name ; echo $?)
|
|
if [ "$?" -eq "1" ]; then
|
|
git config --global user.name "Root User"
|
|
fi
|
|
|
|
[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix
|
|
|
|
sudo apt install -qy \
|
|
curl gcc git gnupg-agent make openssl redis-server neovim unzip zip libyara-dev python3-yara python3-redis python3-zmq sqlite3 \
|
|
mariadb-client \
|
|
mariadb-server \
|
|
apache2 apache2-doc apache2-utils \
|
|
python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
|
|
libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect
|
|
|
|
installRNG
|
|
}
|
|
|
|
# On Kali, the redis start-up script is broken. This tries to fix it.
|
|
fixRedis () {
|
|
# As of 20190124 redis-server init.d scripts are broken and need to be replaced
|
|
sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d`
|
|
|
|
echo '#! /bin/sh
|
|
### BEGIN INIT INFO
|
|
# Provides: redis-server
|
|
# Required-Start: $syslog
|
|
# Required-Stop: $syslog
|
|
# Should-Start: $local_fs
|
|
# Should-Stop: $local_fs
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: redis-server - Persistent key-value db
|
|
# Description: redis-server - Persistent key-value db
|
|
### END INIT INFO
|
|
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
DAEMON=/usr/bin/redis-server
|
|
DAEMON_ARGS=/etc/redis/redis.conf
|
|
NAME=redis-server
|
|
DESC=redis-server
|
|
PIDFILE=/var/run/redis.pid
|
|
|
|
test -x $DAEMON || exit 0
|
|
test -x $DAEMONBOOTSTRAP || exit 0
|
|
|
|
set -e
|
|
|
|
case "$1" in
|
|
start)
|
|
echo -n "Starting $DESC: "
|
|
touch $PIDFILE
|
|
chown redis:redis $PIDFILE
|
|
if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
|
|
then
|
|
echo "$NAME."
|
|
else
|
|
echo "failed"
|
|
fi
|
|
;;
|
|
stop)
|
|
echo -n "Stopping $DESC: "
|
|
if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
|
|
then
|
|
echo "$NAME."
|
|
else
|
|
echo "failed"
|
|
fi
|
|
rm -f $PIDFILE
|
|
;;
|
|
|
|
restart|force-reload)
|
|
${0} stop
|
|
${0} start
|
|
;;
|
|
*)
|
|
echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0' | sudo tee /etc/init.d/redis-server
|
|
sudo chmod 755 /etc/init.d/redis-server
|
|
sudo /etc/init.d/redis-server start
|
|
}
|
|
|
|
# generate MISP apache conf
|
|
genApacheConf () {
|
|
echo "<VirtualHost _default_:80>
|
|
ServerAdmin admin@localhost.lu
|
|
ServerName misp.local
|
|
|
|
Redirect permanent / https://misp.local
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/misp.local_error.log
|
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>
|
|
|
|
<VirtualHost _default_:443>
|
|
ServerAdmin admin@localhost.lu
|
|
ServerName misp.local
|
|
DocumentRoot $PATH_TO_MISP/app/webroot
|
|
|
|
<Directory $PATH_TO_MISP/app/webroot>
|
|
Options -Indexes
|
|
AllowOverride all
|
|
Require all granted
|
|
Order allow,deny
|
|
allow from all
|
|
</Directory>
|
|
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
|
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
|
# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
|
|
|
LogLevel warn
|
|
ErrorLog /var/log/apache2/misp.local_error.log
|
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
|
ServerSignature Off
|
|
Header set X-Content-Type-Options nosniff
|
|
Header set X-Frame-Options DENY
|
|
</VirtualHost>" | tee /etc/apache2/sites-available/misp-ssl.conf
|
|
}
|
|
|
|
# Add git pull update mechanism to rc.local - TODO: Make this better
|
|
gitPullAllRCLOCAL () {
|
|
sed -i -e '$i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local
|
|
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
|
|
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
|
|
sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local
|
|
sed -i -e '$i \done\n' /etc/rc.local
|
|
}
|
|
|
|
# Composer on php 7.0 does not need any special treatment the provided phar works well
|
|
alias composer70='composer72'
|
|
|
|
# Composer on php 7.2 does not need any special treatment the provided phar works well
|
|
composer72 () {
|
|
cd $PATH_TO_MISP/app
|
|
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
|
$SUDO_WWW php composer.phar install
|
|
}
|
|
|
|
# Composer on php 7.3 needs a recent version of composer.phar
|
|
composer73 () {
|
|
cd $PATH_TO_MISP/app
|
|
mkdir /var/www/.composer ; chown $WWW_USER:$WWW_USER /var/www/.composer
|
|
# Update composer.phar
|
|
# If hash changes, check here: https://getcomposer.org/download/ and replace with the correct one
|
|
# Current Sum for: v1.8.3
|
|
SHA384_SUM='48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5'
|
|
$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
|
$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$SHA384_SUM') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); exit(137); } echo PHP_EOL;"
|
|
checkFail "composer.phar checksum failed, please investigate manually. " $?
|
|
$SUDO_WWW php composer-setup.php
|
|
$SUDO_WWW php -r "unlink('composer-setup.php');"
|
|
$SUDO_WWW php composer.phar install
|
|
}
|
|
|
|
# Enable various core services
|
|
enableServices () {
|
|
update-rc.d mysql enable
|
|
update-rc.d apache2 enable
|
|
update-rc.d redis-server enable
|
|
}
|
|
|
|
# Generate rc.local
|
|
genRCLOCAL () {
|
|
if [ ! -e /etc/rc.local ]; then
|
|
echo '#!/bin/sh -e' | tee -a /etc/rc.local
|
|
echo 'exit 0' | tee -a /etc/rc.local
|
|
chmod u+x /etc/rc.local
|
|
fi
|
|
|
|
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
|
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
|
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
|
sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local
|
|
}
|
|
|
|
# Run PyMISP tests
|
|
runTests () {
|
|
echo "url = '${MISP_BASEURL}'
|
|
key = '${AUTH_KEY}'" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
|
|
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
|
|
|
|
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
|
|
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
|
|
sudo -H -u $WWW_USER git clone https://github.com/viper-framework/viper-test-files.git $PATH_TO_MISP/PyMISP/tests/viper-test-files
|
|
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
|
|
}
|
|
|
|
# Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster
|
|
nuke () {
|
|
echo -e "${RED}YOU ARE ABOUT TO DELETE ALL MISP DATA! Sleeping 10, 9, 8...${NC}"
|
|
sleep 10
|
|
sudo rm -rvf /usr/local/src/{misp-modules,viper,mail_to_misp,LIEF,faup}
|
|
sudo rm -rvf /var/www/MISP
|
|
sudo mysqladmin drop misp
|
|
sudo mysql -e "DROP USER misp@localhost"
|
|
}
|
|
|
|
# Final function to let the user know what happened
|
|
theEnd () {
|
|
space
|
|
echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_USER tee /home/${MISP_USER}/mysql.txt
|
|
echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_USER tee -a /home/${MISP_USER}/mysql.txt
|
|
echo "Authkey: $AUTH_KEY" |$SUDO_USER tee -a /home/${MISP_USER}/MISP-authkey.txt
|
|
|
|
clear
|
|
space
|
|
echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}"
|
|
echo
|
|
echo "User: admin@admin.test"
|
|
echo "Password: admin"
|
|
space
|
|
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001"
|
|
[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888"
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}"
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin"
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234"
|
|
[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space
|
|
echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)"
|
|
echo "/home/${MISP_USER}/mysql.txt"
|
|
echo -e "${RED}Contents:${NC}"
|
|
cat /home/${MISP_USER}/mysql.txt
|
|
echo "/home/${MISP_USER}/MISP-authkey.txt"
|
|
echo -e "${RED}Contents:${NC}"
|
|
cat /home/${MISP_USER}/MISP-authkey.txt
|
|
space
|
|
echo -e "The ${RED}LOCAL${NC} system credentials:"
|
|
echo "User: ${MISP_USER}"
|
|
echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user"
|
|
space
|
|
echo "GnuPG Passphrase is: ${GPG_PASSPHRASE}"
|
|
space
|
|
echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:"
|
|
echo
|
|
echo "sudo postconf -e 'relayhost = example.com'"
|
|
echo "sudo postfix reload"
|
|
space
|
|
echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues"
|
|
space
|
|
if [[ "$UNATTENDED" == "1" ]]; then
|
|
echo -e "${RED}Unattended install!${NC}"
|
|
echo -e "This means we guessed the Base URL, it might be wrong, please double check."
|
|
space
|
|
fi
|
|
|
|
if [[ "$PACKER" == "1" ]]; then
|
|
echo -e "${RED}This was an Automated Packer install!${NC}"
|
|
echo -e "This means we forced an unattended install."
|
|
space
|
|
fi
|
|
|
|
if [[ "$USER" != "$MISP_USER" && "$UNATTENDED" != "1" ]]; then
|
|
sudo su - ${MISP_USER}
|
|
fi
|
|
}
|
|
## End Function Section Nothing allowed in .md after this line ##
|
|
|
|
aptUpgrade () {
|
|
debug "Upgrading system"
|
|
checkAptLock
|
|
sudo apt-get update
|
|
|
|
# If we run in non-interactive mode, make sure we do not stop all of a sudden
|
|
if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
export DEBIAN_PRIORITY=critical
|
|
sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade
|
|
sudo -E apt-get -qy autoclean
|
|
else
|
|
sudo apt-get upgrade -qy
|
|
fi
|
|
}
|
|
|
|
# check if sudo is installed
|
|
checkSudoKeeper () {
|
|
echo "Checking for sudo and installing etckeeper"
|
|
if [[ ! -f $(which sudo) ]]; then
|
|
echo "Please enter your root password below to install etckeeper"
|
|
su -c "apt install etckeeper -y"
|
|
echo "Please enter your root password below to install sudo"
|
|
su -c "apt install sudo -y"
|
|
echo "Please enter your root password below to install sudo"
|
|
su -c "apt install curl -y"
|
|
echo "Please enter your root password below to add ${MISP_USER} to sudo group"
|
|
su -c "/usr/sbin/adduser ${MISP_USER} sudo"
|
|
echo "We added ${MISP_USER} to group sudo and now we need to log out and in again."
|
|
exit
|
|
else
|
|
sudo apt update
|
|
sudo apt install etckeeper -y
|
|
fi
|
|
}
|
|
|
|
installCoreDeps () {
|
|
debug "Installing core dependencies"
|
|
# Install the dependencies: (some might already be installed)
|
|
sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip unzip virtualenv libfuzzy-dev sqlite3 moreutils -qy
|
|
|
|
# Install MariaDB (a MySQL fork/alternative)
|
|
sudo apt-get install mariadb-client mariadb-server -qy
|
|
|
|
# Install Apache2
|
|
sudo apt-get install apache2 apache2-doc apache2-utils -qy
|
|
|
|
# install Mitre's STIX and its dependencies by running the following commands:
|
|
sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy
|
|
|
|
sudo apt install expect -qy
|
|
}
|
|
|
|
# Install Php 7.3 deps
|
|
installDepsPhp73 () {
|
|
debug "Installing PHP 7.3 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.3
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
sudo apt update
|
|
checkAptLock
|
|
sudo apt install -qy \
|
|
libapache2-mod-php7.3 \
|
|
php7.3 php7.3-cli \
|
|
php7.3-dev \
|
|
php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
}
|
|
|
|
# Install Php 7.2 dependencies
|
|
installDepsPhp72 () {
|
|
debug "Installing PHP 7.2 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.2
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
sudo apt update
|
|
sudo apt install -qy \
|
|
libapache2-mod-php \
|
|
php php-cli \
|
|
php-dev \
|
|
php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
}
|
|
|
|
# Install Php 7.0 dependencies
|
|
installDepsPhp70 () {
|
|
debug "Installing PHP 7.0 dependencies"
|
|
PHP_ETC_BASE=/etc/php/7.0
|
|
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
|
|
sudo apt update
|
|
sudo apt install -qy \
|
|
libapache2-mod-php \
|
|
php php-cli \
|
|
php-dev \
|
|
php-json php-xml php-mysql php-opcache php-readline php-mbstring \
|
|
php-redis php-gnupg \
|
|
php-gd
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
}
|
|
|
|
prepareDB () {
|
|
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
|
debug "Setting up database"
|
|
|
|
# FIXME: If user 'misp' exists, and has a different password, the below WILL fail.
|
|
# Add your credentials if needed, if sudo has NOPASS, comment out the relevant lines
|
|
if [[ "${PACKER}" == "1" ]]; then
|
|
pw="Password1234"
|
|
else
|
|
pw=${MISP_PASSWORD}
|
|
fi
|
|
|
|
expect -f - <<-EOF
|
|
set timeout 10
|
|
|
|
spawn sudo -k mysql_secure_installation
|
|
expect "*?assword*"
|
|
send -- "${pw}\r"
|
|
expect "Enter current password for root (enter for none):"
|
|
send -- "\r"
|
|
expect "Set root password?"
|
|
send -- "y\r"
|
|
expect "New password:"
|
|
send -- "${DBPASSWORD_ADMIN}\r"
|
|
expect "Re-enter new password:"
|
|
send -- "${DBPASSWORD_ADMIN}\r"
|
|
expect "Remove anonymous users?"
|
|
send -- "y\r"
|
|
expect "Disallow root login remotely?"
|
|
send -- "y\r"
|
|
expect "Remove test database and access to it?"
|
|
send -- "y\r"
|
|
expect "Reload privilege tables now?"
|
|
send -- "y\r"
|
|
expect eof
|
|
EOF
|
|
sudo apt-get purge -y expect ; sudo apt autoremove -qy
|
|
fi
|
|
|
|
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE DATABASE ${DBNAME};"
|
|
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "CREATE USER '${DBUSER_MISP}'@'localhost' IDENTIFIED BY '${DBPASSWORD_MISP}';"
|
|
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT USAGE ON *.* to ${DBUSER_MISP}@localhost;"
|
|
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "GRANT ALL PRIVILEGES on ${DBNAME}.* to '${DBUSER_MISP}'@'localhost';"
|
|
sudo mysql -u ${DBUSER_ADMIN} -p${DBPASSWORD_ADMIN} -e "FLUSH PRIVILEGES;"
|
|
# Import the empty MISP database from MYSQL.sql
|
|
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u ${DBUSER_MISP} -p${DBPASSWORD_MISP} ${DBNAME}
|
|
}
|
|
|
|
apacheConfig () {
|
|
debug "Generating Apache config"
|
|
sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
|
|
|
if [[ ! -z ${MISP_BASEURL} ]] && [[ "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "http" || "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "https" ]]; then
|
|
|
|
echo "Potentially replacing misp.local with $MISP_BASEURL in misp-ssl.conf"
|
|
|
|
fi
|
|
|
|
# If a valid SSL certificate is not already created for the server,
|
|
# create a self-signed certificate:
|
|
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
|
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
|
|
|
# Enable modules, settings, and default of SSL in Apache
|
|
sudo a2dismod status
|
|
sudo a2enmod ssl
|
|
sudo a2enmod rewrite
|
|
sudo a2enmod headers
|
|
sudo a2dissite 000-default
|
|
sudo a2ensite default-ssl
|
|
|
|
# Apply all changes
|
|
sudo systemctl restart apache2
|
|
# activate new vhost
|
|
sudo a2dissite default-ssl
|
|
sudo a2ensite misp-ssl
|
|
|
|
# Restart apache
|
|
sudo systemctl restart apache2
|
|
}
|
|
|
|
installCore () {
|
|
debug "Installing ${LBLUE}MISP${NC} core"
|
|
# Download MISP using git in the /var/www/ directory.
|
|
sudo mkdir ${PATH_TO_MISP}
|
|
sudo chown $WWW_USER:$WWW_USER ${PATH_TO_MISP}
|
|
cd ${PATH_TO_MISP}
|
|
$SUDO_WWW git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}
|
|
$SUDO_WWW git submodule update --init --recursive
|
|
# Make git ignore filesystem permission differences for submodules
|
|
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
|
|
|
# Make git ignore filesystem permission differences
|
|
$SUDO_WWW git config core.filemode false
|
|
|
|
# Create a python3 virtualenv
|
|
$SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
|
|
|
|
# make pip happy
|
|
sudo mkdir /var/www/.cache/
|
|
sudo chown $WWW_USER:$WWW_USER /var/www/.cache
|
|
|
|
cd ${PATH_TO_MISP}/app/files/scripts
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
|
|
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
|
|
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git
|
|
|
|
# install mixbox to accommodate the new STIX dependencies:
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
|
|
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
# install STIX2.0 library to support STIX 2.0 export:
|
|
cd ${PATH_TO_MISP}/cti-python-stix2
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
# install PyMISP
|
|
cd ${PATH_TO_MISP}/PyMISP
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
# install pydeep
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git
|
|
|
|
# install lief
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
|
|
|
# install zmq needed by mispzmq
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq redis
|
|
|
|
# install python-magic
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
|
|
|
# install plyara
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara
|
|
}
|
|
|
|
installCake () {
|
|
debug "Installing CakePHP"
|
|
# Once done, install CakeResque along with its dependencies
|
|
# if you intend to use the built in background jobs:
|
|
cd ${PATH_TO_MISP}/app
|
|
# Make composer cache happy
|
|
# /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/
|
|
sudo mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer
|
|
$SUDO_WWW php composer.phar install
|
|
|
|
# Enable CakeResque with php-redis
|
|
sudo phpenmod redis
|
|
sudo phpenmod gnupg
|
|
|
|
# To use the scheduler worker for scheduled tasks, do the following:
|
|
$SUDO_WWW cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
|
|
|
# If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers
|
|
# The default Redis port can be updated in Plugin/CakeResque/Config/config.php
|
|
}
|
|
|
|
# Main function to fix permissions to something sane
|
|
permissions () {
|
|
debug "Setting permissions"
|
|
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
|
sudo chmod -R 750 ${PATH_TO_MISP}
|
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
|
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
|
}
|
|
|
|
configMISP () {
|
|
debug "Generating ${LBLUE}MISP${NC} config files"
|
|
# There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied
|
|
$SUDO_WWW cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
|
$SUDO_WWW cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php
|
|
$SUDO_WWW cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
|
$SUDO_WWW cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
|
|
|
echo "<?php
|
|
class DATABASE_CONFIG {
|
|
public \$default = array(
|
|
'datasource' => 'Database/Mysql',
|
|
//'datasource' => 'Database/Postgres',
|
|
'persistent' => false,
|
|
'host' => '$DBHOST',
|
|
'login' => '$DBUSER_MISP',
|
|
'port' => 3306, // MySQL & MariaDB
|
|
//'port' => 5432, // PostgreSQL
|
|
'password' => '$DBPASSWORD_MISP',
|
|
'database' => '$DBNAME',
|
|
'prefix' => '',
|
|
'encoding' => 'utf8',
|
|
);
|
|
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php
|
|
|
|
# Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php
|
|
# The salt key must be a string at least 32 bytes long.
|
|
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
|
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
|
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
|
|
|
# and make sure the file permissions are still OK
|
|
sudo chown -R $WWW_USER:$WWW_USER ${PATH_TO_MISP}/app/Config
|
|
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
|
}
|
|
|
|
# Core cake commands to tweak MISP and aleviate some of the configuration pains
|
|
# The $RUN_PHP is ONLY set on RHEL/CentOS installs and can thus be ignored
|
|
# This file is NOT an excuse to NOT read the settings and familiarize ourselves with them ;)
|
|
|
|
coreCAKE () {
|
|
debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}"
|
|
|
|
# IF you have logged in prior to running this, it will fail but the fail is NON-blocking
|
|
$SUDO_WWW $RUN_PHP -- $CAKE userInit -q
|
|
|
|
# This makes sure all Database upgrades are done, without logging in.
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin runUpdates
|
|
|
|
# The default install is Python >=3.6 in a virtualenv, setting accordingly
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
|
|
|
|
# Set default role
|
|
# TESTME: The following seem defunct, please test.
|
|
# $SUDO_WWW $RUN_PHP -- $CAKE setDefaultRole 3
|
|
|
|
# Tune global time outs
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.autoRegenerate" 0
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.timeout" 600
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.cookieTimeout" 3600
|
|
|
|
# Change base url, either with this CLI command or in the UI
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Baseurl $MISP_BASEURL
|
|
# example: 'baseurl' => 'https://<your.FQDN.here>',
|
|
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
|
|
# 'baseurl' => '',
|
|
# The base url of the application (in the format https://www.mymispinstance.com) as visible externally/by other MISPs.
|
|
# MISP will encode this URL in sharing groups when including itself. If this value is not set, the baseurl is used as a fallback.
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.external_baseurl" $MISP_BASEURL
|
|
|
|
# Enable GnuPG
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE"
|
|
# FIXME: what if we have not gpg binary but a gpg2 one?
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.binary" "$(which gpg)"
|
|
|
|
# Enable installer org and tune some configurables
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.host_org_id" 1
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.email" "info@admin.test"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_emailing" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.contact" "info@admin.test"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disablerestalert" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
|
|
|
|
# Provisional Cortex tunes
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
|
|
|
|
# Various plugin sightings settings
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_policy" 0
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_range" 365
|
|
|
|
# Plugin CustomAuth tuneable
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
|
|
|
|
# RPZ Plugin settings
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
|
|
|
|
# Force defaults to make MISP Server Settings less RED
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.language" "eng"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.proposals_block_attributes" false
|
|
|
|
# Redis block
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_port" 6379
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_database" 13
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_password" ""
|
|
|
|
# Force defaults to make MISP Server Settings less YELLOW
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.extended_alert_subject" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_threat_level" 4
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableEventBlacklisting" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_client_ip" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_auth" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email."
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
|
|
# TODO: Make sure $FLAVOUR is correct
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.attachments_dir" "$PATH_TO_MISP/app/files"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.download_attachments_on_load" true
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.title_text" "MISP"
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.terms_download" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showorgalternate" false
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name"
|
|
|
|
# Force defaults to make MISP Server Settings less GREEN
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_length" 12
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
|
|
|
|
# Set MISP Live
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Live $MISP_LIVE
|
|
}
|
|
|
|
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
|
|
updateGOWNT () {
|
|
# AUTH_KEY Place holder in case we need to **curl** somehing in the future
|
|
#
|
|
$SUDO_WWW $RUN_MYSQL -- mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1 > /tmp/auth.key
|
|
AUTH_KEY=$(cat /tmp/auth.key)
|
|
rm /tmp/auth.key
|
|
|
|
debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates"
|
|
# Update the galaxies…
|
|
# TODO: Fix updateGalaxies
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateGalaxies
|
|
# Updating the taxonomies…
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateTaxonomies
|
|
# Updating the warning lists…
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateWarningLists
|
|
# Updating the notice lists…
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateNoticeLists
|
|
# Updating the object templates…
|
|
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateObjectTemplates "1337"
|
|
}
|
|
|
|
# Generate GnuPG key
|
|
setupGnuPG () {
|
|
if [ ! -d $PATH_TO_MISP/.gnupg ]; then
|
|
# The email address should match the one set in the config.php
|
|
# set in the configuration menu in the administration menu configuration file
|
|
echo "%echo Generating a default key
|
|
Key-Type: default
|
|
Key-Length: $GPG_KEY_LENGTH
|
|
Subkey-Type: default
|
|
Name-Real: $GPG_REAL_NAME
|
|
Name-Comment: $GPG_COMMENT
|
|
Name-Email: $GPG_EMAIL_ADDRESS
|
|
Expire-Date: 0
|
|
Passphrase: $GPG_PASSPHRASE
|
|
# Do a commit here, so that we can later print "done"
|
|
%commit
|
|
%echo done" > /tmp/gen-key-script
|
|
|
|
$SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
|
|
|
|
# Export the public key to the webroot
|
|
$SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc
|
|
fi
|
|
}
|
|
|
|
logRotation () {
|
|
# MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs
|
|
# To rotate these logs install the supplied logrotate script:
|
|
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
|
sudo chmod 0640 /etc/logrotate.d/misp
|
|
}
|
|
|
|
backgroundWorkers () {
|
|
debug "Setting up background workers"
|
|
# To make the background workers start on boot
|
|
sudo chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
|
|
|
if [ ! -e /etc/rc.local ]
|
|
then
|
|
echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
|
|
echo 'exit 0' | sudo tee -a /etc/rc.local
|
|
sudo chmod u+x /etc/rc.local
|
|
fi
|
|
|
|
echo "[Unit]
|
|
Description=MISP background workers
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=forking
|
|
User=${WWW_USER}
|
|
Group=${WWW_USER}
|
|
ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh
|
|
Restart=always
|
|
RestartSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-workers.service
|
|
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now misp-workers
|
|
|
|
# Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
|
sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
|
|
sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
|
|
sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
|
|
}
|
|
|
|
# Main MISP Modules install function
|
|
mispmodules () {
|
|
cd /usr/local/src/
|
|
## TODO: checkUsrLocalSrc in main doc
|
|
debug "Cloning misp-modules"
|
|
$SUDO_USER git clone https://github.com/MISP/misp-modules.git
|
|
cd misp-modules
|
|
# some misp-modules dependencies
|
|
sudo apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y
|
|
# If you build an egg, the user you build it as need write permissions in the CWD
|
|
sudo chgrp $WWW_USER .
|
|
sudo chmod g+w .
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS
|
|
sudo chgrp staff .
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I .
|
|
## sudo gem install asciidoctor-pdf --pre
|
|
|
|
# Start misp-modules as a service
|
|
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now misp-modules
|
|
|
|
# Sleep 9 seconds to give misp-modules a chance to spawn
|
|
sleep 9
|
|
|
|
# Enable Enrichment, set better timeouts
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150
|
|
# TODO:"Investigate why the next one fails"
|
|
#$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_btc_steroids_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_query_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pdf_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_docx_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_xlsx_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pptx_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ods_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_odt_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1"
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666
|
|
|
|
# Enable Import modules, set better timeout
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1"
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_mispjson_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true
|
|
|
|
# Enable Export modules, set better timeout
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1"
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true
|
|
}
|
|
|
|
# Main MISP Dashboard install function
|
|
mispDashboard () {
|
|
debug "Install misp-dashboard"
|
|
# Install pyzmq to main MISP venv
|
|
debug "Installing PyZMQ"
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq
|
|
cd /var/www
|
|
sudo mkdir misp-dashboard
|
|
sudo chown $WWW_USER:$WWW_USER misp-dashboard
|
|
|
|
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
|
cd misp-dashboard
|
|
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
|
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
|
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf
|
|
sudo apt install libapache2-mod-wsgi-py3 net-tools -y
|
|
echo "<VirtualHost *:8001>
|
|
ServerAdmin admin@misp.local
|
|
ServerName misp.local
|
|
|
|
DocumentRoot /var/www/misp-dashboard
|
|
|
|
WSGIDaemonProcess misp-dashboard \
|
|
user=misp group=misp \
|
|
python-home=/var/www/misp-dashboard/DASHENV \
|
|
processes=1 \
|
|
threads=15 \
|
|
maximum-requests=5000 \
|
|
listen-backlog=100 \
|
|
queue-timeout=45 \
|
|
socket-timeout=60 \
|
|
connect-timeout=15 \
|
|
request-timeout=60 \
|
|
inactivity-timeout=0 \
|
|
deadlock-timeout=60 \
|
|
graceful-timeout=15 \
|
|
eviction-timeout=0 \
|
|
shutdown-timeout=5 \
|
|
send-buffer-size=0 \
|
|
receive-buffer-size=0 \
|
|
header-buffer-size=0 \
|
|
response-buffer-size=0 \
|
|
server-metrics=Off
|
|
|
|
WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi
|
|
|
|
<Directory /var/www/misp-dashboard>
|
|
WSGIProcessGroup misp-dashboard
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
Require all granted
|
|
</Directory>
|
|
|
|
LogLevel info
|
|
ErrorLog /var/log/apache2/misp-dashboard.local_error.log
|
|
CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
|
|
ServerSignature Off
|
|
</VirtualHost>" | sudo tee /etc/apache2/sites-available/misp-dashboard.conf
|
|
|
|
# Enable misp-dashboard in apache and reload
|
|
sudo a2ensite misp-dashboard
|
|
sudo systemctl restart apache2
|
|
|
|
# Needs to be started after apache2 is reloaded so the port status check works
|
|
$SUDO_WWW bash /var/www/misp-dashboard/start_all.sh
|
|
|
|
# Add misp-dashboard to rc.local to start on boot.
|
|
sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local
|
|
}
|
|
|
|
dashboardCAKE () {
|
|
# Enable ZeroMQ for misp-dashboard
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost"
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq"
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
|
|
$SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false
|
|
}
|
|
|
|
# Main mail2misp install function
|
|
mail2misp () {
|
|
debug "Installing Mail2${LBLUE}MISP${NC}"
|
|
cd /usr/local/src/
|
|
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
|
$SUDO_USER git clone https://github.com/MISP/mail_to_misp.git
|
|
$SUDO_USER git clone git://github.com/stricaud/faup.git faup
|
|
$SUDO_USER git clone git://github.com/stricaud/gtcaca.git gtcaca
|
|
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
|
|
cd gtcaca
|
|
$SUDO_USER mkdir -p build
|
|
cd build
|
|
$SUDO_USER cmake .. && $SUDO_USER make
|
|
sudo make install
|
|
cd ../../faup
|
|
$SUDO_USER mkdir -p build
|
|
cd build
|
|
$SUDO_USER cmake .. && $SUDO_USER make
|
|
sudo make install
|
|
sudo ldconfig
|
|
cd ../../mail_to_misp
|
|
$SUDO_USER virtualenv -p python3 venv
|
|
$SUDO_USER ./venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
|
$SUDO_USER ./venv/bin/pip install -r requirements.txt
|
|
$SUDO_USER cp mail_to_misp_config.py-example mail_to_misp_config.py
|
|
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
|
|
$SUDO_USER sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
|
$SUDO_USER sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
|
|
}
|
|
|
|
ssdeep () {
|
|
debug "Install ssdeep 2.14.1"
|
|
cd /usr/local/src
|
|
$SUDO_USER wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz
|
|
$SUDO_USER tar zxvf ssdeep-2.14.1.tar.gz
|
|
cd ssdeep-2.14.1
|
|
$SUDO_USER ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc
|
|
$SUDO_USER make
|
|
sudo make install
|
|
|
|
#installing ssdeep_php
|
|
sudo pecl channel-update pecl.php.net
|
|
sudo pecl install ssdeep
|
|
|
|
# You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version
|
|
echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini
|
|
sudo phpenmod ssdeep
|
|
sudo service apache2 restart
|
|
}
|
|
|
|
# viper-web is broken ATM
|
|
# Main Viper install function
|
|
viper () {
|
|
export PATH=$PATH:/home/misp/.local/bin
|
|
debug "Installing Viper dependencies"
|
|
cd /usr/local/src/
|
|
sudo apt-get install \
|
|
libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \
|
|
python3-magic python3-sqlalchemy python3-prettytable libffi-dev libfreetype6-dev libpng-dev -qy
|
|
if [[ -f "/etc/debian_version" ]]; then
|
|
if [[ "$(cat /etc/debian_version)" == "9.9" ]]; then
|
|
sudo apt-get install libpython3.5-dev -qy
|
|
fi
|
|
fi
|
|
echo "Cloning Viper"
|
|
$SUDO_USER git clone https://github.com/viper-framework/viper.git
|
|
$SUDO_USER git clone https://github.com/viper-framework/viper-web.git
|
|
sudo chown -R $MISP_USER:$MISP_USER viper
|
|
sudo chown -R $MISP_USER:$MISP_USER viper-web
|
|
cd viper
|
|
echo "Creating virtualenv"
|
|
$SUDO_USER virtualenv -p python3 venv
|
|
echo "Submodule update"
|
|
# TODO: Check for current user install permissions
|
|
$SUDO_USER git submodule update --init --recursive
|
|
echo "pip install deps"
|
|
$SUDO_USER ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip
|
|
$SUDO_USER ./venv/bin/pip install .
|
|
echo 'update-modules' |/usr/local/src/viper/venv/bin/viper
|
|
cd /usr/local/src/viper-web
|
|
$SUDO_USER sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web
|
|
$SUDO_USER /usr/local/src/viper/venv/bin/pip install -r requirements.txt
|
|
echo "Launching viper-web"
|
|
$SUDO_USER /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 &
|
|
echo 'PATH="/home/misp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee /etc/environment
|
|
echo ". /etc/environment" >> /home/${MISP_USER}/.profile
|
|
|
|
# TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t
|
|
if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then
|
|
VIPER_HOME="/home/${MISP_USER}/.viper"
|
|
else
|
|
VIPER_HOME="${HOME}/.viper"
|
|
fi
|
|
|
|
echo "Setting misp_url/misp_key"
|
|
$SUDO_USER sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf
|
|
$SUDO_USER sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf
|
|
# Reset admin password to: admin/Password1234
|
|
echo "Fixing admin.db with default password"
|
|
VIPER_COUNT=0
|
|
while [ "$(sudo sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do
|
|
# FIXME This might lead to a race condition, the while loop is sub-par
|
|
sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db
|
|
echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…"
|
|
sleep 6
|
|
VIPER_COUNT=$[$VIPER_COUNT+1]
|
|
if [[ "$VIPER_COUNT" > '10' ]]; then
|
|
echo "Something is wrong with updating viper. Continuing without db update."
|
|
break
|
|
fi
|
|
done
|
|
|
|
# Add viper-web to rc.local to be started on boot
|
|
sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local
|
|
}
|
|
|
|
|
|
# No functions scripts:
|
|
## apt-upgrade.sh ##
|
|
## postfix.sh ##
|
|
## interfaces.sh ##
|
|
#
|
|
### END AUTOMATED SECTION ###
|
|
|
|
# This function will generate the main installer.
|
|
# It is a helper function for the maintainers for the installer.
|
|
|
|
colors () {
|
|
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
LBLUE='\033[1;34m'
|
|
YELLOW='\033[0;33m'
|
|
HIDDEN='\e[8m'
|
|
NC='\033[0m'
|
|
}
|
|
|
|
generateInstaller () {
|
|
if [ ! -f $(which xsnippet) ]; then
|
|
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
|
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ $(echo $0 |grep -e '^\.\/') != "./INSTALL.tpl.sh" ]]; then
|
|
echo -e "${RED}iAmError!${NC}"
|
|
echo -e "To generate the installer call it with './INSTALL.tpl.sh' otherwise things will break."
|
|
echo -e "You called: ${RED}$0${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir installer ; cd installer
|
|
cp ../INSTALL.tpl.sh .
|
|
|
|
# Pull code snippets out of Main Install Documents
|
|
for f in `echo INSTALL.ubuntu1804.md xINSTALL.debian9.md INSTALL.kali.md xINSTALL.debian10.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md`; do
|
|
xsnippet . ../../docs/${f}
|
|
done
|
|
|
|
# Pull out code snippets from generic Install Documents
|
|
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md`; do
|
|
xsnippet . ../../docs/generic/${f}
|
|
done
|
|
|
|
# TODO: Fix the below.
|
|
# $ for f in `echo ls [0-9]_*`; do
|
|
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.sh
|
|
# $ done
|
|
#
|
|
# Temporary copy/paste holder
|
|
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp70.sh ##/`cat 0_installDepsPhp70.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
cp INSTALL.tpl.sh ../INSTALL.sh
|
|
cd ..
|
|
for ALGO in $(echo "1 256 384 512"); do
|
|
shasum -a ${ALGO} INSTALL.sh > INSTALL.sh.sha${ALGO}
|
|
done
|
|
[[ "$(which rhash > /dev/null 2>&1 ; echo $?)" == "0" ]] && rhash --sfv --sha1 --sha256 --sha384 --sha512 INSTALL.sh > INSTALL.sh.sfv
|
|
rm -rf installer
|
|
echo -e "${LBLUE}Generated INSTALL.sh${NC}"
|
|
exit 0
|
|
}
|
|
|
|
# Simple debug function with message
|
|
|
|
# Make sure no alias exists
|
|
[[ $(type -t debug) == "alias" ]] && unalias debug
|
|
debug () {
|
|
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
|
if [ ! -z $DEBUG ]; then
|
|
NO_PROGRESS=1
|
|
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
|
exec 3>&1
|
|
read
|
|
else
|
|
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
|
|
#exec 3>&1 &>/dev/null
|
|
:
|
|
fi
|
|
}
|
|
|
|
installSupported () {
|
|
space
|
|
echo "Proceeding with the installation of MISP core"
|
|
space
|
|
|
|
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
|
progress 4
|
|
|
|
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper 2> /dev/null > /dev/null
|
|
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
|
progress 4
|
|
|
|
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
|
checkLocale
|
|
|
|
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# TODO: Double check how the user is added and subsequently used during the install.
|
|
# TODO: Work on possibility to install as user X and install MISP for user Y
|
|
# TODO: Check if logout needed. (run SUDO_USER in installer)
|
|
# <snippet-begin add-user.sh>
|
|
# TODO: Double check how to properly handle postfix
|
|
# <snippet-begin postfix.sh>
|
|
|
|
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
|
|
progress 4
|
|
|
|
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
|
|
checkID
|
|
progress 4
|
|
|
|
# Starting friendly UI spinner
|
|
#spin &
|
|
#SPIN_PID=$!
|
|
#disown
|
|
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
|
|
|
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps
|
|
progress 4
|
|
|
|
if [[ "$1" =~ ^PHP= ]]; then
|
|
PHP_VER=$(echo $1 |cut -f2 -d=)
|
|
if [[ "$PHP_VER" == "7.2" ]]; then
|
|
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
|
elif [[ "$PHP_VER" == "7.3" ]]; then
|
|
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp73
|
|
elif [[ "$PHP_VER" == "7.0" ]]; then
|
|
# Install PHP 7.0 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp70
|
|
fi
|
|
else
|
|
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
|
fi
|
|
progress 4
|
|
|
|
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
|
|
progress 4
|
|
|
|
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
|
|
progress 4
|
|
|
|
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# TODO: Mysql install functions, make it upgrade safe, double check
|
|
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Disable spinner
|
|
#(kill $SPIN_PID 2>&1) >/dev/null
|
|
|
|
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
|
|
progress 4
|
|
|
|
## Resume spinner
|
|
#spin &
|
|
#SPIN_PID=$!
|
|
#disown
|
|
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
|
|
|
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
|
|
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
|
|
progress 4
|
|
|
|
# Install Viper - functionLocation('generic/viper-debian.md')
|
|
[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
|
|
progress 4
|
|
|
|
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
|
|
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
|
|
progress 4
|
|
|
|
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
|
[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE 2> /dev/null > /dev/null
|
|
progress 4
|
|
|
|
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
|
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
|
|
progress 2
|
|
|
|
# Run tests
|
|
runTests
|
|
progress 2
|
|
|
|
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
|
|
theEnd
|
|
}
|
|
|
|
# Main Kalin Install function
|
|
installMISPonKali () {
|
|
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
|
kaliUpgrade 2> /dev/null > /dev/null
|
|
|
|
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
|
checkLocale
|
|
|
|
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
setBaseURL
|
|
|
|
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
installDepsPhp73 2> /dev/null > /dev/null
|
|
|
|
# Set custom Kali only variables and tweaks
|
|
space
|
|
# The following disables sleep on kali/gnome
|
|
### FIXME: Disabling for now, maybe source of some issues.
|
|
##disableSleep 2> /dev/null > /dev/null
|
|
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
|
##sleep 3
|
|
|
|
# Kali specific dependencies - functionLocation('generic/supportFunctions.md')
|
|
debug "Installing dependencies"
|
|
installDeps
|
|
|
|
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
installCoreDeps
|
|
|
|
debug "Enabling redis and gnupg modules"
|
|
phpenmod -v 7.3 redis
|
|
phpenmod -v 7.3 gnupg
|
|
|
|
debug "Apache2 ops: dismod: status php7.2 - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
|
a2dismod status 2> /dev/null > /dev/null
|
|
a2dismod php7.2 2> /dev/null > /dev/null
|
|
a2enmod ssl rewrite headers php7.3 2> /dev/null > /dev/null
|
|
a2dissite 000-default 2> /dev/null > /dev/null
|
|
a2ensite default-ssl 2> /dev/null > /dev/null
|
|
|
|
debug "Restarting mysql.service"
|
|
systemctl restart mysql.service 2> /dev/null > /dev/null
|
|
|
|
debug "Fixing redis rc script on Kali"
|
|
fixRedis 2> /dev/null > /dev/null
|
|
|
|
debug "git clone, submodule update everything"
|
|
mkdir $PATH_TO_MISP
|
|
chown $WWW_USER:$WWW_USER $PATH_TO_MISP
|
|
cd $PATH_TO_MISP
|
|
$SUDO_WWW git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
|
|
|
|
$SUDO_WWW git config core.filemode false
|
|
|
|
cd $PATH_TO_MISP
|
|
$SUDO_WWW git submodule update --init --recursive 2> /dev/null > /dev/null
|
|
# Make git ignore filesystem permission differences for submodules
|
|
$SUDO_WWW git submodule foreach --recursive git config core.filemode false
|
|
|
|
cd $PATH_TO_MISP/app/files/scripts
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git 2> /dev/null > /dev/null
|
|
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git 2> /dev/null > /dev/null
|
|
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git 2> /dev/null > /dev/null
|
|
$SUDO_WWW git clone https://github.com/MAECProject/python-maec.git 2> /dev/null > /dev/null
|
|
|
|
|
|
mkdir /var/www/.cache/
|
|
|
|
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
|
mkdir $MISP_USER_HOME/.cache
|
|
chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
|
chown $WWW_USER:$WWW_USER /var/www/.cache
|
|
|
|
debug "Generating rc.local"
|
|
genRCLOCAL
|
|
|
|
debug "Setting up main MISP virtualenv"
|
|
# Needs virtualenv
|
|
$SUDO_WWW virtualenv -p python3 ${PATH_TO_MISP}/venv
|
|
|
|
debug "Installing MISP dashboard"
|
|
mispDashboard
|
|
|
|
debug "Installing python-cybox"
|
|
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
|
|
|
debug "Installing python-stix"
|
|
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
|
|
|
debug "Install maec"
|
|
cd $PATH_TO_MISP/app/files/scripts/python-maec
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
|
|
|
# install STIX2.0 library to support STIX 2.0 export
|
|
debug "Installing cti-python-stix2"
|
|
cd ${PATH_TO_MISP}/cti-python-stix2
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . 2> /dev/null > /dev/null
|
|
|
|
debug "Installing mixbox"
|
|
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
|
|
|
# install PyMISP
|
|
debug "Installing PyMISP"
|
|
cd $PATH_TO_MISP/PyMISP
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install . 2> /dev/null > /dev/null
|
|
|
|
# install pydeep
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git 2> /dev/null > /dev/null
|
|
|
|
# install lief
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install https://github.com/lief-project/packages/raw/lief-master-latest/pylief-0.9.0.dev.zip 2> /dev/null > /dev/null
|
|
|
|
# install python-magic
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install python-magic 2> /dev/null > /dev/null
|
|
|
|
# install plyara
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install plyara 2> /dev/null > /dev/null
|
|
|
|
# install zmq needed by mispzmq
|
|
$SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install zmq 2> /dev/null > /dev/null
|
|
|
|
# Install Crypt_GPG and Console_CommandLine
|
|
debug "Installing pear Console_CommandLine"
|
|
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Console_CommandLine/package.xml
|
|
debug "Installing pear Crypt_GPG"
|
|
pear install ${PATH_TO_MISP}/INSTALL/dependencies/Crypt_GPG/package.xml
|
|
|
|
|
|
debug "Installing composer with php 7.3 updates"
|
|
composer73
|
|
|
|
$SUDO_WWW cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
|
|
|
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
|
|
chmod -R 750 $PATH_TO_MISP
|
|
chmod -R g+ws $PATH_TO_MISP/app/tmp
|
|
chmod -R g+ws $PATH_TO_MISP/app/files
|
|
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
|
|
|
debug "Setting up database"
|
|
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
|
echo "
|
|
set timeout 10
|
|
spawn mysql_secure_installation
|
|
expect \"Enter current password for root (enter for none):\"
|
|
send -- \"\r\"
|
|
expect \"Set root password?\"
|
|
send -- \"y\r\"
|
|
expect \"New password:\"
|
|
send -- \"${DBPASSWORD_ADMIN}\r\"
|
|
expect \"Re-enter new password:\"
|
|
send -- \"${DBPASSWORD_ADMIN}\r\"
|
|
expect \"Remove anonymous users?\"
|
|
send -- \"y\r\"
|
|
expect \"Disallow root login remotely?\"
|
|
send -- \"y\r\"
|
|
expect \"Remove test database and access to it?\"
|
|
send -- \"y\r\"
|
|
expect \"Reload privilege tables now?\"
|
|
send -- \"y\r\"
|
|
expect eof" | expect -f -
|
|
|
|
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
|
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
|
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
|
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
|
|
|
enableServices
|
|
|
|
$SUDO_WWW cat $PATH_TO_MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
|
|
|
echo "<?php
|
|
class DATABASE_CONFIG {
|
|
public \$default = array(
|
|
'datasource' => 'Database/Mysql',
|
|
//'datasource' => 'Database/Postgres',
|
|
'persistent' => false,
|
|
'host' => '$DBHOST',
|
|
'login' => '$DBUSER_MISP',
|
|
'port' => 3306, // MySQL & MariaDB
|
|
//'port' => 5432, // PostgreSQL
|
|
'password' => '$DBPASSWORD_MISP',
|
|
'database' => '$DBNAME',
|
|
'prefix' => '',
|
|
'encoding' => 'utf8',
|
|
);
|
|
}" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2> /dev/null > /dev/null
|
|
else
|
|
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
|
echo "Skipping any creations…"
|
|
sleep 3
|
|
fi
|
|
|
|
debug "Generating Certificate"
|
|
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
|
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
|
|
|
debug "Generating Apache Conf"
|
|
genApacheConf
|
|
|
|
echo "127.0.0.1 misp.local" | tee -a /etc/hosts
|
|
|
|
debug "Disabling site default-ssl, enabling misp-ssl"
|
|
a2dissite default-ssl
|
|
a2ensite misp-ssl
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
|
|
debug "Restarting Apache2"
|
|
systemctl restart apache2
|
|
|
|
debug "Setting up logrotate"
|
|
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
|
chmod 0640 /etc/logrotate.d/misp
|
|
|
|
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
|
|
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
|
|
$SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
|
|
|
|
chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config
|
|
chmod -R 750 $PATH_TO_MISP/app/Config
|
|
|
|
debug "Setting up GnuPG"
|
|
setupGnuPG 2> /dev/null > /dev/null
|
|
|
|
debug "Adding workers to systemd"
|
|
chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
|
|
sudo cp $PATH_TO_MISP/INSTALL/misp-workers.service /etc/systemd/system/
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now misp-workers
|
|
|
|
debug "Running Core Cake commands"
|
|
coreCAKE 2> /dev/null > /dev/null
|
|
dashboardCAKE 2> /dev/null > /dev/null
|
|
|
|
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
|
updateGOWNT 2> /dev/null > /dev/null
|
|
|
|
gitPullAllRCLOCAL
|
|
|
|
checkUsrLocalSrc
|
|
|
|
debug "Installing misp-modules"
|
|
mispmodules
|
|
|
|
debug "Installing Viper"
|
|
viper
|
|
|
|
debug "Installing ssdeep"
|
|
ssdeep
|
|
phpenmod -v 7.3 ssdeep
|
|
|
|
debug "Setting permissions"
|
|
permissions
|
|
|
|
debug "Running Then End!"
|
|
theEnd
|
|
}
|
|
# End installMISPonKali ()
|
|
|
|
## End Function Section ##
|
|
|
|
colors
|
|
debug "Checking if we are run as the installer template"
|
|
if [[ "$0" == "./INSTALL.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.tpl.sh')" == "INSTALL.tpl.sh" ]]; then
|
|
generateInstaller
|
|
fi
|
|
|
|
debug "Checking if we are uptodate and checksums match"
|
|
checkInstaller
|
|
|
|
space
|
|
debug "Setting MISP variables"
|
|
MISPvars
|
|
debug "Checking Linux distribution and flavour..."
|
|
checkFlavour
|
|
|
|
debug "Checking for parameters or Unattended Kali Install"
|
|
if [[ $# == 0 && $0 != "/tmp/misp-kali.sh" ]]; then
|
|
usage
|
|
exit
|
|
else
|
|
debug "Setting install options with given parameters."
|
|
# The setOpt/checkOpt function lives in generic/supportFunctions.md
|
|
setOpt $@
|
|
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
|
|
checkOpt viper && echo "${GREEN}Viper${NC} selected"
|
|
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
|
|
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
|
|
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
|
|
checkOpt all && echo "${GREEN}All options${NC} selected"
|
|
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
|
|
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
|
|
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
|
|
checkOpt force && echo "${GREEN}force${NC} install selected"
|
|
|
|
# Check if at least core is selected if no other options that do not require core are set
|
|
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
|
|
space
|
|
usage
|
|
echo "You need to at least select core, or -A to install everything."
|
|
echo "$0 -c # Is the minima for install options"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Add upgrade option to do upgrade pre flight
|
|
[[ -n $PRE ]] && preInstall
|
|
|
|
[[ -n $UPGRADE ]] && upgrade
|
|
|
|
[[ -n $NUKE ]] && nuke && exit
|
|
|
|
# TODO: Move support map to top
|
|
|
|
SUPPORT_MAP="
|
|
x86_64-centos-8
|
|
x86_64-rhel-7
|
|
x86_64-rhel-8
|
|
x86_64-fedora-30
|
|
x86_64-debian-stretch
|
|
x86_64-debian-buster
|
|
x86_64-ubuntu-bionic
|
|
x86_64-kali-2019.2
|
|
x86_64-kali-2019.3
|
|
armv6l-raspbian-stretch
|
|
armv7l-raspbian-stretch
|
|
armv7l-debian-jessie
|
|
armv7l-debian-stretch
|
|
armv7l-debian-buster
|
|
armv7l-ubuntu-bionic
|
|
"
|
|
|
|
# Check if we actually support this configuration
|
|
if ! echo "$SUPPORT_MAP" | grep "$(uname -m)-$FLAVOUR-$dist_version" >/dev/null; then
|
|
cat >&2 <<-'EOF'
|
|
Either your platform is not easily detectable or is not supported by this
|
|
installer script.
|
|
Please visit the following URL for more detailed installation instructions:
|
|
https://misp.github.io/MISP/
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
|
if [ "${FLAVOUR}" == "ubuntu" ]; then
|
|
RELEASE=$(lsb_release -s -r| tr '[:upper:]' '[:lower:]')
|
|
if [ "${RELEASE}" == "18.04" ]; then
|
|
echo "Install on Ubuntu 18.04 LTS fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported && exit || exit
|
|
fi
|
|
if [ "${RELEASE}" == "18.10" ]; then
|
|
echo "Install on Ubuntu 18.10 partially supported, bye."
|
|
installSupported && exit || exit
|
|
fi
|
|
if [ "${RELEASE}" == "19.04" ]; then
|
|
echo "Install on Ubuntu 19.04 under development."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported && exit || exit
|
|
exit 1
|
|
fi
|
|
if [ "${RELEASE}" == "19.10" ]; then
|
|
echo "Install on Ubuntu 19.10 not supported, bye"
|
|
exit 1
|
|
fi
|
|
echo "Installation done!"
|
|
exit
|
|
fi
|
|
|
|
# If Debian is detected, figure out which release it is and run the according scripts
|
|
if [ "${FLAVOUR}" == "debian" ]; then
|
|
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
|
if [ "${CODE}" == "buster" ]; then
|
|
echo "Install on Debian testing fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.3 && exit || exit
|
|
fi
|
|
if [ "${CODE}" == "sid" ]; then
|
|
echo "Install on Debian unstable not fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.3 && exit || exit
|
|
fi
|
|
if [ "${CODE}" == "stretch" ]; then
|
|
echo "Install on Debian stable fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.0 && exit || exit
|
|
fi
|
|
echo "Installation done!"
|
|
exit 0
|
|
fi
|
|
|
|
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
|
if [ "${FLAVOUR}" == "tsurugi" ]; then
|
|
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
|
if [ "${CODE}" == "bamboo" ]; then
|
|
echo "Install on Tsurugi Lab partially supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
fi
|
|
if [ "${CODE}" == "soy sauce" ]; then
|
|
echo "Install on Tsurugi Acquire partially supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
fi
|
|
echo "Installation done!"
|
|
exit 0
|
|
fi
|
|
|
|
# If Kali Linux is detected, run the acccording scripts
|
|
if [ "${FLAVOUR}" == "kali" ]; then
|
|
KALI=1
|
|
kaliOnRootR0ckz
|
|
installMISPonKali
|
|
echo "Installation done!"
|
|
exit
|
|
fi
|