mirror of https://github.com/MISP/MISP
183 lines
5.0 KiB
Plaintext
Executable File
183 lines
5.0 KiB
Plaintext
Executable File
|
|
TODOs v0.2.3 to v2.0.0
|
|
-----
|
|
|
|
DB Update
|
|
- UpdateShell with in/out
|
|
|
|
Auth
|
|
- Prevent bruteforce auth attempts
|
|
|
|
Acl
|
|
- clean-up to first cut.
|
|
- saveAcl, from GroupsController to AppController and inherit to *Controllers.
|
|
|
|
auditing/logging system
|
|
- logins
|
|
- add source IP (headers,...);
|
|
- failed logins.
|
|
|
|
Security
|
|
- force cookie reset after login
|
|
|
|
|
|
INSTALLATION INSTRUCTIONS
|
|
------------------------- for ubuntu 12.04-server
|
|
|
|
1/ Minimal ubuntu install
|
|
-------------------------
|
|
Install a minimal ubuntu 12.04-server system with the software:
|
|
- OpenSSH server
|
|
- LAMP server
|
|
- Mail server
|
|
|
|
You will get some questions, you will probably want to set:
|
|
- Postfix Configuration: Satellite system
|
|
|
|
Make sure your system is up2date:
|
|
apt-get update
|
|
apt-get upgrade
|
|
|
|
|
|
2/ Dependencies
|
|
----------------
|
|
Once the system is installed you can perform the following steps as root:
|
|
|
|
# Because vim is just so practical
|
|
apt-get install vim
|
|
|
|
# Install the dependencies:
|
|
apt-get install zip php-pear git
|
|
pear install Crypt_GPG # we need version >1.3.0
|
|
pear install Net_GeoIP
|
|
|
|
|
|
3/ CakePHP
|
|
-----------
|
|
# Download CakePHP from github
|
|
cd /opt/
|
|
git clone https://github.com/cakephp/cakephp.git
|
|
|
|
# You should REALLY make sure that you install security updates of CakePHP when your system is in production !
|
|
|
|
# If you plan to run multiple MISP instances on a single server, only one installation of CakePHP is needed !
|
|
|
|
4/ MISP code
|
|
------------
|
|
# Download MISP using git in the /var/www/ directory.
|
|
cd /var/www/
|
|
git clone https://github.com/MISP/MISP.git
|
|
|
|
# Make git ignore filesystem permission differences
|
|
cd /var/www/MISP
|
|
git config core.filemode false
|
|
|
|
|
|
# Check if the permissions are set correctly using the following commands as root:
|
|
chown -R www-data:www-data /var/www/MISP
|
|
chmod -R 750 /var/www/MISP
|
|
cd /var/www/MISP/app/
|
|
chmod -R g+ws tmp
|
|
chmod -R g+ws files
|
|
cd /var/www/MISP
|
|
|
|
##
|
|
## FIXME this is not really clean
|
|
##
|
|
# Currently you will need to copy the plugins to the CakePHP directory.
|
|
cp -r /var/www/MISP/plugins/* /opt/cakephp/plugins/
|
|
chmod -R o+rx /opt/cakephp/plugins
|
|
|
|
5/ Create a database and user
|
|
-----------------------------
|
|
# Enter the mysql shell
|
|
mysql -u root -p
|
|
|
|
mysql> create database misp;
|
|
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
|
mysql> grant all privileges on misp.* to misp@localhost ;
|
|
mysql> exit
|
|
|
|
# Import the empty MySQL database from MYSQL.sql
|
|
mysql -u misp -p misp < INSTALL/MYSQL.sql
|
|
|
|
|
|
6/ Apache configuration
|
|
-----------------------
|
|
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
|
# A sample ghost can be found in /var/www/MISP/INSTALL/apache.misp
|
|
|
|
cp /var/www/MISP/INSTALL/apache.misp /etc/apache2/sites-available/misp
|
|
a2dissite default
|
|
a2ensite misp
|
|
|
|
# Enable modules
|
|
a2enmod rewrite
|
|
|
|
# Restart apache
|
|
service apache2 reload
|
|
|
|
# We seriously recommend using only SSL !
|
|
# Check out the apache.misp.ssl file for an example
|
|
|
|
|
|
7/ MISP configuration
|
|
---------------------
|
|
# Configure the fields in the files located in /var/www/MISP/app/Config/:
|
|
database.php : login, port, password, database
|
|
bootstrap.php: CyDefSIG.*, GnuPG.*
|
|
core.php : debug, Security.*
|
|
|
|
# and make sure the file permissions are still OK
|
|
chown -R www-data:www-data /var/www/MISP/app/Config
|
|
chmod -R 750 /var/www/MISP/app/Config
|
|
|
|
|
|
# Let MISP know where the CakePHP libraries are located by editing the file app/webroot/index.php and setting (on line 59):
|
|
define('CAKE_CORE_INCLUDE_PATH', '/opt/cakephp/lib');
|
|
|
|
|
|
# Generate a GPG encryption key.
|
|
mkdir /var/www/MISP/.gnupg
|
|
chown www-data:www-data /var/www/MISP/.gnupg
|
|
chmod 700 /var/www/MISP/.gnupg
|
|
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
|
# Recommended key type: RSA (sign only)
|
|
# The email address should match the one set int he bootstrap.php configuration file
|
|
|
|
# And export the public key to the webroot
|
|
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
|
|
|
Now log in using the webinterface:
|
|
The default user/pass = admin@admin.test/admin
|
|
|
|
Don't forget to change the email, password and authentication key after installation.
|
|
|
|
|
|
|
|
UPDATE INSTRUCTIONS
|
|
-------------------
|
|
|
|
To be sure, dump your database before updating.
|
|
|
|
CyDefSIG from 0.2.2 to 0.2.3 needs a database migration and population.
|
|
This is done executing /var/www/cydefsig/app/Console/shell/migrate-0.2.2-0.2.3.sh
|
|
and answer (y)es to all the questions asked
|
|
and afterward run http://<host>:<port>/events/migratemisp11to2/<your org>
|
|
with <your org> being MIL.BE or NCIRC where appropriate.
|
|
|
|
Import the regexp data in /var/www/cydefsig/app/MYSQL.regexp.sql using phpmyadmin or mysql>.
|
|
|
|
|
|
Recommended actions
|
|
-------------------
|
|
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
|
|
|
- You should really harden your OS
|
|
- You should really harden the configuration of Apache
|
|
- You should really harden the configuration of MySQL
|
|
- Keep your software up2date (MISP, CakePHP and everything else)
|
|
- Log and audit
|
|
|
|
|