mirror of https://github.com/MISP/MISP
906 lines
32 KiB
Bash
Executable File
906 lines
32 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
############################################################
|
|
###### #
|
|
##### Please AutoGenerated... ##
|
|
#### Do NOT was ###
|
|
### Manually It ####
|
|
## Change this Script... #####
|
|
# ######
|
|
############################################################
|
|
############################################################
|
|
#INSTALLATION INSTRUCTIONS #
|
|
##########################################################
|
|
#------------------------- for Debian Flavored Linux Distributions
|
|
#
|
|
#-------------------------------------------------------|
|
|
# 0/ Quick MISP Instance on Debian Based Linux - Status |
|
|
#-------------------------------------------------------|
|
|
#
|
|
# 20200513: Ubuntu 20.04 tested and working. -- sCl
|
|
# 20200412: Ubuntu 18.04.4 tested and working. -- sCl
|
|
# 20190302: Ubuntu 18.04.2 tested and working. -- sCl
|
|
# 20190208: Kali Linux tested and working. -- sCl
|
|
#
|
|
#
|
|
#-------------------------------------------------------------------------------------------------|
|
|
# 1/ For other Debian based Linux distributions, download script and run as **unprivileged** user |
|
|
#-------------------------------------------------------------------------------------------------|
|
|
#
|
|
# The following installs only MISP Core:
|
|
# $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c
|
|
#
|
|
# This will install MISP Core and misp-modules
|
|
# $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c -M
|
|
#
|
|
#
|
|
#-------------------------------------------------------|
|
|
# 2/ For Kali, download and run Installer Script |
|
|
#-------------------------------------------------------|
|
|
#
|
|
# To install MISP on Kali copy paste the following to your shell:
|
|
# # wget --no-cache -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh
|
|
# NO other version then 2020.x supported, kthxbai.
|
|
# /!\ Please read the installer script before randomly doing the above.
|
|
# The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies.
|
|
#
|
|
#
|
|
#----------------------------------------------------------|
|
|
# 3/ The following script has been partially autogenerated |
|
|
#----------------------------------------------------------|
|
|
#
|
|
# To generate this script yourself, the following steps need to be taken.
|
|
# $ git clone https://github.com/SteveClement/xsnippet.git
|
|
# Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough.
|
|
# $ git clone https://github.com/MISP/MISP.git
|
|
# $ cd MISP/INSTALL ; ./INSTALL.tpl.sh
|
|
#
|
|
##
|
|
###
|
|
####----------------\
|
|
## Developer Note |
|
|
####--------------------------------------------------------------------------------------------------|
|
|
## In theory the order does not matter as everything is a self-contained function. |
|
|
# That said, ideally leave the order as is and do NOT change the lines as they are place-holders. |
|
|
# Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. |
|
|
#-----------------------------------------------------------------------------------------------------|
|
|
#
|
|
# ToC #
|
|
#
|
|
#### BEGIN AUTOMATED SECTION ####
|
|
#
|
|
## 0_global-vars.sh ##
|
|
## 0_support-functions.sh ##
|
|
## 0_apt-upgrade.sh ##
|
|
## 0_sudoKeeper.sh ##
|
|
## 0_installCoreDeps.sh ##
|
|
## 0_installDepsPhp74.sh ##
|
|
## 0_installDepsPhp73.sh ##
|
|
## 0_installDepsPhp72.sh ##
|
|
## 0_installDepsPhp70.sh ##
|
|
## 1_prepareDB.sh ##
|
|
## 1_apacheConfig.sh ##
|
|
## 1_mispCoreInstall.sh ##
|
|
## 1_installCake.sh ##
|
|
## 2_permissions.sh ##
|
|
## 2_configMISP.sh ##
|
|
## 2_core-cake.sh ##
|
|
## 2_gnupg.sh ##
|
|
## 2_logRotation.sh ##
|
|
## 2_backgroundWorkers.sh ##
|
|
## 3_misp-modules.sh ##
|
|
## 4_misp-dashboard.sh ##
|
|
## 4_misp-dashboard-cake.sh ##
|
|
## 5_mail_to_misp.sh ##
|
|
## 6_ssdeep.sh ##
|
|
## 6_viper.sh ##
|
|
|
|
## 0_RHEL_SCL.sh ##
|
|
## 0_CentOS_EPEL.sh ##
|
|
## 0_RHEL_EPEL.sh ##
|
|
## 0_yumInstallCoreDeps.sh ##
|
|
## 1_mispCoreInstall_RHEL.sh ##
|
|
## 1_installCake_RHEL.sh ##
|
|
## 1_prepareDB_RHEL.sh ##
|
|
## 1_apacheConfig_RHEL.sh ##
|
|
## 1_firewall_RHEL.sh ##
|
|
## 2_permissions_RHEL.sh ##
|
|
## 2_logRotation_RHEL.sh ##
|
|
## 2_configMISP_RHEL.sh ##
|
|
## 3_configWorkers_RHEL.sh ##
|
|
## 3_misp-modules_RHEL.sh ##
|
|
|
|
# No functions scripts:
|
|
## apt-upgrade.sh ##
|
|
## postfix.sh ##
|
|
## interfaces.sh ##
|
|
#
|
|
### END AUTOMATED SECTION ###
|
|
|
|
# This function will generate the main installer.
|
|
# It is a helper function for the maintainers of the installer.
|
|
|
|
colors () {
|
|
# Some colors for easier debug and better UX (not colorblind compatible, PR welcome)
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
LBLUE='\033[1;34m'
|
|
YELLOW='\033[0;33m'
|
|
HIDDEN='\e[8m'
|
|
NC='\033[0m'
|
|
}
|
|
|
|
generateInstaller () {
|
|
if [[ ! -f $(which xsnippet) ]]; then
|
|
echo 'xsnippet is NOT installed. Clone the repository below and copy the xsnippet shell script somehwere in your $PATH'
|
|
echo "git clone https://github.com/SteveClement/xsnippet.git"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$(echo $0 |grep -e '^\.\/')" != "./INSTALL.tpl.sh" ]]; then
|
|
echo -e "${RED}iAmError!${NC}"
|
|
echo -e "To generate the installer call it with './INSTALL.tpl.sh' otherwise things will break."
|
|
echo -e "You called: ${RED}$0${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir installer ; cd installer
|
|
cp ../INSTALL.tpl.sh .
|
|
|
|
# Pull code snippets out of Main Install Documents
|
|
for f in `echo INSTALL.ubuntu2004.md INSTALL.ubuntu1804.md xINSTALL.debian9.md INSTALL.kali.md xINSTALL.debian10.md xINSTALL.tsurugi.md xINSTALL.debian9-postgresql.md xINSTALL.ubuntu1804.with.webmin.md INSTALL.rhel7.md`; do
|
|
xsnippet . ../../docs/${f}
|
|
done
|
|
|
|
# Pull out code snippets from generic Install Documents
|
|
for f in `echo globalVariables.md mail_to_misp-debian.md MISP_CAKE_init.md misp-dashboard-debian.md misp-modules-debian.md gnupg.md ssdeep-debian.md sudo_etckeeper.md supportFunctions.md viper-debian.md misp-modules-centos.md`; do
|
|
xsnippet . ../../docs/generic/${f}
|
|
done
|
|
|
|
# TODO: Fix the below.
|
|
# $ for f in `echo ls [0-9]_*`; do
|
|
# $ perl -pe 's/## ${f} ##/`cat ${f}`/ge' -i INSTALL.sh
|
|
# $ done
|
|
#
|
|
# Temporary copy/paste holder
|
|
perl -pe 's/^## 0_global-vars.sh ##/`cat 0_global-vars.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp74.sh ##/`cat 0_installDepsPhp74.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_installDepsPhp70.sh ##/`cat 0_installDepsPhp70.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_prepareDB.sh ##/`cat 1_prepareDB.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_apacheConfig.sh ##/`cat 1_apacheConfig.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_mispCoreInstall.sh ##/`cat 1_mispCoreInstall.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_installCake.sh ##/`cat 1_installCake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_permissions.sh ##/`cat 2_permissions.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_configMISP.sh ##/`cat 2_configMISP.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_support-functions.sh ##/`cat 0_support-functions.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_gnupg.sh ##/`cat 2_gnupg.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_logRotation.sh ##/`cat 2_logRotation.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_backgroundWorkers.sh ##/`cat 2_backgroundWorkers.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_core-cake.sh ##/`cat 2_core-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 3_misp-modules.sh ##/`cat 3_misp-modules.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 4_misp-dashboard-cake.sh ##/`cat 4_misp-dashboard-cake.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 4_misp-dashboard.sh ##/`cat 4_misp-dashboard.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 5_mail_to_misp.sh ##/`cat 5_mail_to_misp.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
perl -pe 's/^## 0_RHEL_SCL.sh ##/`cat 0_RHEL_SCL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_CentOS_EPEL.sh ##/`cat 0_CentOS_EPEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_RHEL_EPEL.sh ##/`cat 0_RHEL_EPEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 0_yumInstallCoreDeps.sh ##/`cat 0_yumInstallCoreDeps.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_mispCoreInstall_RHEL.sh ##/`cat 1_mispCoreInstall_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_installCake_RHEL.sh ##/`cat 1_installCake_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_permissions_RHEL.sh ##/`cat 2_permissions_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_prepareDB_RHEL.sh ##/`cat 1_prepareDB_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_apacheConfig_RHEL.sh ##/`cat 1_apacheConfig_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 1_firewall_RHEL.sh ##/`cat 1_firewall_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_logRotation_RHEL.sh ##/`cat 2_logRotation_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 2_configMISP_RHEL.sh ##/`cat 2_configMISP_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 3_configWorkers_RHEL.sh ##/`cat 3_configWorkers_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
perl -pe 's/^## 3_misp-modules_RHEL.sh ##/`cat 3_misp-modules_RHEL.sh`/ge' -i INSTALL.tpl.sh
|
|
|
|
cp INSTALL.tpl.sh ../INSTALL.sh
|
|
cd ..
|
|
for ALGO in $(echo "1 256 384 512"); do
|
|
shasum -a ${ALGO} INSTALL.sh > INSTALL.sh.sha${ALGO}
|
|
done
|
|
[[ "$(which rhash > /dev/null 2>&1 ; echo $?)" == "0" ]] && rhash --sfv --sha1 --sha256 --sha384 --sha512 INSTALL.sh > INSTALL.sh.sfv
|
|
rm -rf installer
|
|
echo -e "${LBLUE}Generated INSTALL.sh${NC}"
|
|
exit 0
|
|
}
|
|
|
|
# Simple debug function with message
|
|
|
|
# Make sure no alias exists
|
|
[[ $(type -t debug) == "alias" ]] && unalias debug
|
|
debug () {
|
|
echo -e "${RED}Next step:${NC} ${GREEN}$1${NC}" > /dev/tty
|
|
if [[ ! -z ${DEBUG} ]]; then
|
|
NO_PROGRESS=1
|
|
echo -e "${RED}Debug Mode${NC}, press ${LBLUE}enter${NC} to continue..." > /dev/tty
|
|
exec 3>&1
|
|
read
|
|
else
|
|
# [Set up conditional redirection](https://stackoverflow.com/questions/8756535/conditional-redirection-in-bash)
|
|
#exec 3>&1 &>/dev/null
|
|
:
|
|
fi
|
|
}
|
|
|
|
installSupported () {
|
|
space
|
|
echo "Proceeding with the installation of MISP core"
|
|
space
|
|
|
|
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && setBaseURL
|
|
progress 4
|
|
|
|
# Check if sudo is installed and etckeeper - functionLocation('generic/sudo_etckeeper.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkSudoKeeper
|
|
[[ ! -z ${MISP_USER} ]] && [[ ! -f /etc/sudoers.d/misp ]] && echo "%${MISP_USER} ALL=(ALL:ALL) NOPASSWD:ALL" |sudo tee /etc/sudoers.d/misp
|
|
progress 4
|
|
|
|
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
|
checkLocale
|
|
|
|
# Upgrade system to make sure we install the latest packages - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && aptUpgrade
|
|
progress 4
|
|
|
|
# TODO: Double check how the user is added and subsequently used during the install.
|
|
# TODO: Work on possibility to install as user X and install MISP for user Y
|
|
# TODO: Check if logout needed. (run SUDO_CMD in installer)
|
|
# <snippet-begin add-user.sh>
|
|
# TODO: Double check how to properly handle postfix
|
|
# <snippet-begin postfix.sh>
|
|
|
|
# Pull in all possible MISP Environment variables - functionLocation('generic/globalVariables.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && MISPvars
|
|
progress 4
|
|
|
|
# Check if MISP user is installed and we do not run as root - functionLocation('generic/supportFunctions.md')
|
|
checkID
|
|
progress 4
|
|
|
|
# Starting friendly UI spinner
|
|
#spin &
|
|
#SPIN_PID=$!
|
|
#disown
|
|
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
|
|
|
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCoreDeps
|
|
progress 4
|
|
|
|
if [[ "$1" =~ ^PHP= ]]; then
|
|
PHP_VER=$(echo $1 |cut -f2 -d=)
|
|
if [[ "$PHP_VER" == 7.2 ]]; then
|
|
# Install PHP 7.2 Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
|
elif [[ "$PHP_VER" == 7.3 ]]; then
|
|
# Install PHP 7.4 Dependencies - functionLocation('INSTALL.ubuntu2004.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp73
|
|
elif [[ "$PHP_VER" == 7.4 ]]; then
|
|
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp74
|
|
elif [[ "$PHP_VER" == 7.0 ]]; then
|
|
# Install PHP 7.0 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp70
|
|
fi
|
|
else
|
|
# Install PHP 7.2 Dependencies by dangerous default - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installDepsPhp72
|
|
fi
|
|
progress 4
|
|
|
|
# Install Core MISP - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCore
|
|
progress 4
|
|
|
|
# Install PHP Cake - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && installCake
|
|
progress 4
|
|
|
|
# Make sure permissions are sane - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && permissions
|
|
progress 4
|
|
|
|
# TODO: Mysql install functions, make it upgrade safe, double check
|
|
# Setup Databse - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && prepareDB
|
|
progress 4
|
|
|
|
# Roll Apache Config - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && apacheConfig
|
|
progress 4
|
|
|
|
# Setup log logrotate - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && logRotation
|
|
progress 4
|
|
|
|
# Generate MISP Config files - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && configMISP
|
|
progress 4
|
|
|
|
# Generate GnuPG key - functionLocation('generic/gnupg.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && setupGnuPG
|
|
progress 4
|
|
|
|
# Setup and start background workers - functionLocation('INSTALL.ubuntu1804.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && backgroundWorkers
|
|
progress 4
|
|
|
|
# Run cake CLI for the core installation - functionLocation('generic/MISP_CAKE_init.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE
|
|
progress 4
|
|
|
|
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT
|
|
progress 4
|
|
|
|
# Disable spinner
|
|
#(kill $SPIN_PID 2>&1) >/dev/null
|
|
|
|
# Check if /usr/local/src is writeable by target install user - functionLocation('generic/supportFunctions.md')
|
|
[[ -n $CORE ]] || [[ -n $ALL ]] && checkUsrLocalSrc
|
|
progress 4
|
|
|
|
## Resume spinner
|
|
#spin &
|
|
#SPIN_PID=$!
|
|
#disown
|
|
#trap "kill -9 $SPIN_PID" `seq 0 15`
|
|
|
|
# Install misp-modules - functionLocation('generic/misp-modules-debian.md')
|
|
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
|
|
progress 4
|
|
|
|
# Install Viper - functionLocation('generic/viper-debian.md')
|
|
## FIXME: The current state of Viper is broken, disabling any use.
|
|
##[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
|
|
##progress 4
|
|
|
|
# Install ssdeep - functionLocation('generic/ssdeep-debian.md')
|
|
[[ -n $SSDEEP ]] || [[ -n $ALL ]] && ssdeep
|
|
progress 4
|
|
|
|
# Install misp-dashboard - functionLocation('generic/misp-dashboard-debian.md')
|
|
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
|
##[[ -n $DASHBOARD ]] || [[ -n $ALL ]] && mispDashboard ; dashboardCAKE
|
|
##progress 4
|
|
|
|
# Install Mail2MISP - functionLocation('generic/mail_to_misp-debian.md')
|
|
[[ -n $MAIL2 ]] || [[ -n $ALL ]] && mail2misp
|
|
progress 2
|
|
|
|
# Run tests
|
|
runTests
|
|
progress 2
|
|
|
|
# Run final script to inform the User what happened - functionLocation('generic/supportFunctions.md')
|
|
theEnd
|
|
}
|
|
|
|
# Main Kali Install function
|
|
installMISPonKali () {
|
|
# Kali might have a bug on installs where libc6 is not up to date, this forces bash and libc to update - functionLocation('')
|
|
kaliUpgrade
|
|
|
|
# Set locale if not set - functionLocation('generic/supportFunctions.md')
|
|
checkLocale
|
|
|
|
# Set Base URL - functionLocation('generic/supportFunctions.md')
|
|
setBaseURL
|
|
|
|
# Install PHP 7.3 Dependencies - functionLocation('generic/supportFunctions.md')
|
|
installDepsPhp73
|
|
|
|
# Set custom Kali only variables and tweaks
|
|
space
|
|
# The following disables sleep on kali/gnome
|
|
### FIXME: Disabling for now, maybe source of some issues.
|
|
##disableSleep
|
|
##debug "Sleeping 3 seconds to make sure the disable sleep does not confuse the execution of the script."
|
|
##sleep 3
|
|
|
|
# Kali specific dependencies - functionLocation('generic/supportFunctions.md')
|
|
debug "Installing dependencies"
|
|
installDeps
|
|
|
|
# Install Core Dependencies - functionLocation('INSTALL.ubuntu1804.md')
|
|
installCoreDeps
|
|
|
|
debug "Enabling redis and gnupg modules"
|
|
sudo phpenmod -v 7.3 redis
|
|
sudo phpenmod -v 7.3 gnupg
|
|
|
|
debug "Apache2 ops: dismod: status - dissite: 000-default enmod: ssl rewrite headers php7.3 ensite: default-ssl"
|
|
sudo a2dismod status
|
|
sudo a2enmod ssl rewrite headers php7.3
|
|
sudo a2dissite 000-default
|
|
sudo a2ensite default-ssl
|
|
|
|
debug "Restarting mysql.service"
|
|
sudo systemctl restart mysql.service
|
|
|
|
debug "Fixing redis rc script on Kali"
|
|
fixRedis
|
|
|
|
debug "git clone, submodule update everything"
|
|
sudo mkdir ${PATH_TO_MISP}
|
|
sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
|
cd ${PATH_TO_MISP}
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done
|
|
|
|
${SUDO_WWW} git config core.filemode false
|
|
|
|
cd ${PATH_TO_MISP}
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git submodule update --progress --init --recursive; done
|
|
# Make git ignore filesystem permission differences for submodules
|
|
${SUDO_WWW} git submodule foreach --recursive git config core.filemode false
|
|
|
|
cd ${PATH_TO_MISP}/app/files/scripts
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git; done
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git; done
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git; done
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git; done
|
|
|
|
sudo mkdir /var/www/.cache/
|
|
|
|
MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=)
|
|
sudo mkdir $MISP_USER_HOME/.cache
|
|
sudo chown $MISP_USER:$MISP_USER $MISP_USER_HOME/.cache
|
|
sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache
|
|
|
|
## Not really needed...
|
|
## debug "Generating rc.local"
|
|
## genRCLOCAL
|
|
|
|
debug "Setting up main MISP virtualenv"
|
|
# Needs virtualenv
|
|
${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv
|
|
|
|
## FIXME: The current stat of misp-dashboard is broken, disabling any use.
|
|
##debug "Installing MISP dashboard"
|
|
##mispDashboard
|
|
|
|
debug "Installing python-cybox"
|
|
cd ${PATH_TO_MISP}/app/files/scripts/python-cybox
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
debug "Installing python-stix"
|
|
cd ${PATH_TO_MISP}/app/files/scripts/python-stix
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
debug "Install maec"
|
|
cd ${PATH_TO_MISP}/app/files/scripts/python-maec
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
# install STIX2.0 library to support STIX 2.0 export
|
|
debug "Installing cti-python-stix2"
|
|
# install STIX2.0 library to support STIX 2.0 export:
|
|
cd ${PATH_TO_MISP}/cti-python-stix2
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
debug "Installing mixbox"
|
|
cd ${PATH_TO_MISP}/app/files/scripts/mixbox
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
# install PyMISP
|
|
debug "Installing PyMISP"
|
|
cd ${PATH_TO_MISP}/PyMISP
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
|
|
|
|
# install pydeep
|
|
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done
|
|
|
|
# install lief
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief
|
|
|
|
# install python-magic
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic
|
|
|
|
# install plyara
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
|
|
|
|
# install zmq needed by mispzmq
|
|
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq
|
|
|
|
debug "Installing cake"
|
|
composer
|
|
|
|
${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
|
|
|
|
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}
|
|
sudo chmod -R 750 ${PATH_TO_MISP}
|
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp
|
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files
|
|
sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp
|
|
|
|
debug "Setting up database"
|
|
if [[ ! -e /var/lib/mysql/misp/users.ibd ]]; then
|
|
echo "
|
|
set timeout 10
|
|
spawn sudo mysql_secure_installation
|
|
expect \"Enter current password for root (enter for none):\"
|
|
send -- \"\r\"
|
|
expect \"Set root password?\"
|
|
send -- \"y\r\"
|
|
expect \"New password:\"
|
|
send -- \"${DBPASSWORD_ADMIN}\r\"
|
|
expect \"Re-enter new password:\"
|
|
send -- \"${DBPASSWORD_ADMIN}\r\"
|
|
expect \"Remove anonymous users?\"
|
|
send -- \"y\r\"
|
|
expect \"Disallow root login remotely?\"
|
|
send -- \"y\r\"
|
|
expect \"Remove test database and access to it?\"
|
|
send -- \"y\r\"
|
|
expect \"Reload privilege tables now?\"
|
|
send -- \"y\r\"
|
|
expect eof" | expect -f -
|
|
|
|
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "CREATE DATABASE $DBNAME;"
|
|
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT USAGE ON *.* TO $DBUSER_MISP@localhost IDENTIFIED BY '$DBPASSWORD_MISP';"
|
|
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBUSER_MISP'@'localhost';"
|
|
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
|
|
|
enableServices
|
|
|
|
debug "Populating database"
|
|
${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
|
|
|
|
echo "<?php
|
|
class DATABASE_CONFIG {
|
|
public \$default = array(
|
|
'datasource' => 'Database/Mysql',
|
|
//'datasource' => 'Database/Postgres',
|
|
'persistent' => false,
|
|
'host' => '$DBHOST',
|
|
'login' => '$DBUSER_MISP',
|
|
'port' => 3306, // MySQL & MariaDB
|
|
//'port' => 5432, // PostgreSQL
|
|
'password' => '$DBPASSWORD_MISP',
|
|
'database' => '$DBNAME',
|
|
'prefix' => '',
|
|
'encoding' => 'utf8',
|
|
);
|
|
}" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php
|
|
else
|
|
echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd"
|
|
echo "Skipping any creations…"
|
|
sleep 3
|
|
fi
|
|
|
|
debug "Generating Certificate"
|
|
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \
|
|
-subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \
|
|
-keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
|
|
|
debug "Generating Apache Conf"
|
|
genApacheConf
|
|
|
|
echo "127.0.0.1 misp.local" | sudo tee -a /etc/hosts
|
|
|
|
debug "Disabling site default-ssl, enabling misp-ssl"
|
|
sudo a2dissite default-ssl
|
|
sudo a2ensite misp-ssl
|
|
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
|
|
debug "Restarting Apache2"
|
|
sudo systemctl restart apache2
|
|
|
|
debug "Setting up logrotate"
|
|
sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
|
sudo chmod 0640 /etc/logrotate.d/misp
|
|
|
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php
|
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php
|
|
${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
|
|
|
|
sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config
|
|
sudo chmod -R 750 ${PATH_TO_MISP}/app/Config
|
|
|
|
debug "Setting up GnuPG"
|
|
setupGnuPG
|
|
|
|
debug "Adding workers to systemd"
|
|
backgroundWorkers
|
|
|
|
debug "Running Core Cake commands"
|
|
coreCAKE
|
|
|
|
## FIXME: The current state of misp-dashboard is broken, disabling any use.
|
|
##dashboardCAKE
|
|
|
|
debug "Update: Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies"
|
|
updateGOWNT
|
|
|
|
# This is not needed atm...
|
|
##gitPullAllRCLOCAL
|
|
|
|
checkUsrLocalSrc
|
|
|
|
debug "Installing misp-modules"
|
|
mispmodules
|
|
|
|
## FIXME: The current state of Viper is broken, disabling any use.
|
|
##debug "Installing Viper"
|
|
##viper
|
|
|
|
debug "Installing ssdeep"
|
|
ssdeep
|
|
sudo phpenmod -v 7.3 ssdeep
|
|
|
|
debug "Setting permissions"
|
|
permissions
|
|
|
|
debug "Running Then End!"
|
|
theEnd
|
|
}
|
|
# End installMISPonKali ()
|
|
|
|
# Main Install on RHEL function
|
|
installMISPRHEL () {
|
|
if [[ -n $SSDEEP ]] || [[ -n $MAIL2 ]]; then
|
|
echo "RHEL installation currently only supports Core and Modules"
|
|
echo "Ignoring other options..."
|
|
fi
|
|
|
|
if [[ -n $CORE ]] || [[ -n $ALL ]]; then
|
|
space
|
|
echo "Proceeding with MISP core installation on RHEL ${dist_version}"
|
|
space
|
|
|
|
id -u "${MISP_USER}" > /dev/null
|
|
if [[ $? -eq 1 ]]; then
|
|
debug "Creating MISP user"
|
|
sudo useradd -r "${MISP_USER}"
|
|
fi
|
|
|
|
debug "Enabling Extras Repos (SCL)"
|
|
if [[ "${FLAVOUR}" == "rhel" ]]; then
|
|
sudo subscription-manager register --auto-attach
|
|
enableReposRHEL
|
|
enableEPEL
|
|
else # CentOS
|
|
centosEPEL
|
|
fi
|
|
|
|
debug "Installing System Dependencies"
|
|
yumInstallCoreDeps
|
|
|
|
debug "Enabling Haveged for additional entropy"
|
|
sudo yum install haveged -y
|
|
sudo systemctl enable --now haveged.service
|
|
|
|
debug "Installing MISP code"
|
|
installCoreRHEL
|
|
|
|
debug "Install Cake PHP"
|
|
installCake_RHEL
|
|
|
|
debug "Setting File permissions"
|
|
permissions_RHEL
|
|
|
|
debug "Preparing Database"
|
|
prepareDB_RHEL
|
|
|
|
debug "Configuring Apache"
|
|
apacheConfig_RHEL
|
|
|
|
debug "Setting up firewall"
|
|
firewall_RHEL
|
|
|
|
debug "Enabling log rotation"
|
|
logRotation_RHEL
|
|
|
|
debug "Configuring MISP"
|
|
configMISP_RHEL
|
|
|
|
debug "Setting up background workers"
|
|
configWorkersRHEL
|
|
|
|
debug "Optimizing Cake Installation"
|
|
coreCAKE
|
|
|
|
debug "Updating tables"
|
|
updateGOWNT
|
|
|
|
echo "Core Intallation finished, check on port 443 to see the Web UI"
|
|
fi
|
|
|
|
if [[ -n $MODULES ]] || [[ -n $ALL ]]; then
|
|
space
|
|
echo "Installing MISP Modules"
|
|
space
|
|
|
|
mispmodulesRHEL
|
|
|
|
echo "MISP modules installation finished."
|
|
fi
|
|
}
|
|
# End installMISPRHEL ()
|
|
|
|
## End Function Section ##
|
|
|
|
colors
|
|
debug "Checking if we are run as the installer template"
|
|
if [[ "$0" == "./INSTALL.tpl.sh" || "$(echo $0 |grep -o -e 'INSTALL.tpl.sh')" == "INSTALL.tpl.sh" ]]; then
|
|
generateInstaller
|
|
fi
|
|
|
|
debug "Checking Linux distribution and flavour..."
|
|
checkFlavour
|
|
debug "Checking if we are uptodate and checksums match"
|
|
checkInstaller
|
|
|
|
space
|
|
debug "Setting MISP variables"
|
|
MISPvars
|
|
|
|
debug "Checking for parameters or Unattended Kali Install"
|
|
if [[ $# -eq 0 && "$0" != "/tmp/misp-kali.sh" ]]; then
|
|
usage
|
|
exit
|
|
else
|
|
debug "Setting install options with given parameters."
|
|
# The setOpt/checkOpt function lives in generic/supportFunctions.md
|
|
setOpt $@
|
|
checkOpt core && echo "${LBLUE}MISP${NC} ${GREEN}core${NC} selected"
|
|
checkOpt viper && echo "${GREEN}Viper${NC} selected"
|
|
checkOpt modules && echo "${LBLUE}MISP${NC} ${GREEN}modules${NC} selected"
|
|
checkOpt dashboard && echo "${LBLUE}MISP${NC} ${GREEN}dashboard${NC} selected"
|
|
checkOpt mail2 && echo "${GREEN}Mail 2${NC} ${LBLUE}MISP${NC} selected"
|
|
checkOpt all && echo "${GREEN}All options${NC} selected"
|
|
checkOpt pre && echo "${GREEN}Pre-flight checks${NC} selected"
|
|
checkOpt unattended && echo "${GREEN}unattended${NC} install selected"
|
|
checkOpt upgrade && echo "${GREEN}upgrade${NC} install selected"
|
|
checkOpt force && echo "${GREEN}force${NC} install selected"
|
|
|
|
# Check if at least core is selected if no other options that do not require core are set
|
|
if [[ "$CORE" != "1" && "$ALL" != "1" && "$UPGRADE" != "1" && "$PRE" != "1" && "$0" != "/tmp/misp-kali.sh" ]]; then
|
|
space
|
|
usage
|
|
echo "You need to at least select core, or -A to install everything."
|
|
echo "$0 -c # Is the minima for install options"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Add upgrade option to do upgrade pre flight
|
|
[[ -n $PRE ]] && preInstall
|
|
|
|
[[ -n $UPGRADE ]] && upgrade
|
|
|
|
[[ -n $NUKE ]] && nuke && exit
|
|
|
|
# TODO: Move support map to top
|
|
|
|
SUPPORT_MAP="
|
|
x86_64-centos-7
|
|
x86_64-rhel-7
|
|
x86_64-fedora-30
|
|
x86_64-debian-stretch
|
|
x86_64-debian-buster
|
|
x86_64-ubuntu-bionic
|
|
x86_64-ubuntu-focal
|
|
x86_64-kali-2020.1
|
|
x86_64-kali-2020.2
|
|
x86_64-kali-2020.3
|
|
x86_64-kali-2020.4
|
|
armv6l-raspbian-stretch
|
|
armv7l-raspbian-stretch
|
|
armv7l-debian-jessie
|
|
armv7l-debian-stretch
|
|
armv7l-debian-buster
|
|
armv7l-ubuntu-bionic
|
|
armv7l-ubuntu-focal
|
|
"
|
|
|
|
# Check if we actually support this configuration
|
|
if ! echo "$SUPPORT_MAP" | grep "$(uname -m)-$FLAVOUR-$dist_version" >/dev/null; then
|
|
cat >&2 <<-'EOF'
|
|
Either your platform is not easily detectable or is not supported by this
|
|
installer script.
|
|
Please visit the following URL for more detailed installation instructions:
|
|
https://misp.github.io/MISP/
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
# If Ubuntu is detected, figure out which release it is and run the according scripts
|
|
if [[ "${FLAVOUR}" == "ubuntu" ]]; then
|
|
RELEASE=$(lsb_release -s -r| tr '[:upper:]' '[:lower:]')
|
|
if [[ "${RELEASE}" == "18.04" ]]; then
|
|
echo "Install on Ubuntu 18.04 LTS fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported && exit || exit
|
|
fi
|
|
if [[ "${RELEASE}" == "20.04" ]]; then
|
|
echo "Install on Ubuntu 20.04 LTS fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP="7.4" && exit || exit
|
|
fi
|
|
if [[ "${RELEASE}" == "18.10" ]]; then
|
|
echo "Install on Ubuntu 18.10 partially supported, bye."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported && exit || exit
|
|
fi
|
|
if [[ "${RELEASE}" == "19.04" ]]; then
|
|
echo "Install on Ubuntu 19.04 partially supported bye."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported && exit || exit
|
|
exit 1
|
|
fi
|
|
if [[ "${RELEASE}" == "19.10" ]]; then
|
|
echo "Install on Ubuntu 19.10 not supported, bye"
|
|
exit 1
|
|
fi
|
|
echo "Installation done!"
|
|
exit
|
|
fi
|
|
|
|
# If Debian is detected, figure out which release it is and run the according scripts
|
|
if [[ "${FLAVOUR}" == "debian" ]]; then
|
|
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
|
if [[ "${CODE}" == "buster" ]]; then
|
|
echo "Install on Debian testing fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.3 && exit || exit
|
|
fi
|
|
if [[ "${CODE}" == "sid" ]]; then
|
|
echo "Install on Debian unstable not fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.3 && exit || exit
|
|
fi
|
|
if [[ "${CODE}" == "stretch" ]]; then
|
|
echo "Install on Debian stable fully supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
installSupported PHP=7.0 && exit || exit
|
|
fi
|
|
echo "Installation done!"
|
|
exit 0
|
|
fi
|
|
|
|
# If Tsurugi is detected, figure out which release it is and run the according scripts
|
|
if [[ "${FLAVOUR}" == "tsurugi" ]]; then
|
|
CODE=$(lsb_release -s -c| tr '[:upper:]' '[:lower:]')
|
|
if [[ "${CODE}" == "bamboo" ]]; then
|
|
echo "Install on Tsurugi Lab partially supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
fi
|
|
if [[ "${CODE}" == "soy sauce" ]]; then
|
|
echo "Install on Tsurugi Acquire partially supported."
|
|
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
|
|
fi
|
|
echo "Installation done!"
|
|
exit 0
|
|
fi
|
|
|
|
# If Kali Linux is detected, run the acccording scripts
|
|
if [[ "${FLAVOUR}" == "kali" ]]; then
|
|
KALI=1
|
|
kaliOnTheR0ckz
|
|
installMISPonKali
|
|
echo "Installation done!"
|
|
exit
|
|
fi
|
|
|
|
# If RHEL/CentOS is detected, run appropriate script
|
|
if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then
|
|
installMISPRHEL
|
|
echo "Installation done !"
|
|
exit
|
|
fi
|