mirror of https://github.com/MISP/MISP
214 lines
8.0 KiB
Plaintext
214 lines
8.0 KiB
Plaintext
INSTALLATION INSTRUCTIONS
|
|
------------------------- for ubuntu 14.04-server
|
|
|
|
# steps 2 (besides acquiring git), 4, 5 can be skipped by running INSTALL.SH
|
|
# The correct order in this case is 1/, apt get git, 3/ and then executing INSTALL.SH in /var/www/MISP/INSTALL/INSTALL.SH
|
|
|
|
1/ Minimal ubuntu install
|
|
-------------------------
|
|
|
|
Install a minimal ubuntu 14.04-server system with the software:
|
|
|
|
- OpenSSH server
|
|
- LAMP server (don't forget php5-mysql)
|
|
- Mail server
|
|
|
|
You will get some questions, you will probably want to set:
|
|
- Postfix Configuration: Satellite system
|
|
|
|
Make sure your system is up2date:
|
|
apt-get update
|
|
apt-get upgrade
|
|
|
|
|
|
2/ Dependencies *
|
|
----------------
|
|
Once the system is installed you can perform the following steps as root:
|
|
|
|
# Because vim is just so practical
|
|
apt-get install vim
|
|
|
|
# Install the dependencies:
|
|
apt-get install zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev php5-dev
|
|
pear install Crypt_GPG # we need version >1.3.0
|
|
pear install Net_GeoIP
|
|
|
|
3/ MISP code
|
|
------------
|
|
# Download MISP using git in the /var/www/ directory.
|
|
cd /var/www/
|
|
git clone https://github.com/MISP/MISP.git
|
|
|
|
# Make git ignore filesystem permission differences
|
|
cd /var/www/MISP
|
|
git config core.filemode false
|
|
|
|
# install Mitre's STIX and its dependencies by running the following commands:
|
|
apt-get install python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev
|
|
cd /var/www/MISP/app/files/scripts
|
|
git clone https://github.com/CybOXProject/python-cybox.git
|
|
git clone https://github.com/STIXProject/python-stix.git
|
|
cd /var/www/MISP/app/files/scripts/python-cybox
|
|
python setup.py install
|
|
cd /var/www/MISP/app/files/scripts/python-stix
|
|
python setup.py install
|
|
|
|
4/ CakePHP
|
|
-----------
|
|
# CakePHP is now included as a submodule of MISP, execute the following commands to let git fetch it:
|
|
|
|
cd /var/www/MISP
|
|
git submodule init
|
|
git submodule update
|
|
|
|
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
|
|
cd /var/www/MISP/app
|
|
curl -s https://getcomposer.org/installer | php
|
|
php composer.phar require --no-update kamisama/cake-resque:4.1.0
|
|
php composer.phar config vendor-dir Vendor
|
|
php composer.phar install
|
|
|
|
# CakeResque normally uses phpredis to connect to redis, but it has a (buggy) fallback connector through Redisent. It is highly advised to install phpredis
|
|
pecl install redis
|
|
apt-get install php5-redis
|
|
# After installing it, enable it in your php.ini file
|
|
vim /etc/php5/apache2/php.ini
|
|
# add the following line:
|
|
extension=redis.so
|
|
|
|
# To use the scheduler worker for scheduled tasks, do the following:
|
|
cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
|
|
|
5/ Set the permissions
|
|
----------------------
|
|
|
|
# Check if the permissions are set correctly using the following commands as root:
|
|
chown -R www-data:www-data /var/www/MISP
|
|
chmod -R 750 /var/www/MISP
|
|
chmod -R g+ws /var/www/MISP/app/tmp
|
|
chmod -R g+ws /var/www/MISP/app/files
|
|
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
|
|
|
|
6/ Create a database and user
|
|
-----------------------------
|
|
# Enter the mysql shell
|
|
mysql -u root -p
|
|
|
|
mysql> create database misp;
|
|
mysql> grant usage on *.* to misp@localhost identified by 'XXXXXXXXX';
|
|
mysql> grant all privileges on misp.* to misp@localhost ;
|
|
mysql> exit
|
|
|
|
cd /var/www/MISP
|
|
|
|
# Import the empty MySQL database from MYSQL.sql
|
|
mysql -u misp -p<password> misp < INSTALL/MYSQL.sql
|
|
|
|
|
|
7/ Apache configuration
|
|
-----------------------
|
|
# Now configure your apache server with the DocumentRoot /var/www/MISP/app/webroot/
|
|
# A sample ghost can be found in /var/www/MISP/INSTALL/apache.misp
|
|
|
|
cp /var/www/MISP/INSTALL/apache.misp /etc/apache2/sites-available/misp.conf
|
|
|
|
# Be aware that the configuration files for apache 2.4 and up have changed.
|
|
# The configuration file has to have the .conf extension in the sites-available directory
|
|
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
|
|
|
|
a2dissite 000-default
|
|
# 000-default can be called default based on distribution, in which case run a2dissite default
|
|
a2ensite misp
|
|
|
|
# Enable modules
|
|
a2enmod rewrite
|
|
|
|
# Restart apache
|
|
service apache2 reload
|
|
|
|
# We seriously recommend using only SSL !
|
|
# Check out the apache.misp.ssl file for an example
|
|
|
|
|
|
8/ MISP configuration
|
|
---------------------
|
|
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
|
cd /var/www/MISP/app/Config
|
|
cp -a bootstrap.default.php bootstrap.php
|
|
cp -a database.default.php database.php
|
|
cp -a core.default.php core.php
|
|
cp -a config.default.php config.php
|
|
|
|
# Configure the fields in the newly created files:
|
|
# database.php : login, port, password, database
|
|
# bootstrap.php: uncomment the last 3 lines to enable the background workers (see below)
|
|
# CakePlugin::loadAll(array('CakeResque' => array('bootstrap' => true)));
|
|
|
|
# To enable the background workers, if you have installed the package required for it in 4/, uncomment the following lines:
|
|
# in Core.php (if you have just recently updated MISP, just add this line at the end of the file):
|
|
# require_once dirname(__DIR__) . '/Vendor/autoload.php';
|
|
|
|
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
|
|
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
|
|
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
|
|
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
|
|
|
|
# and make sure the file permissions are still OK
|
|
chown -R www-data:www-data /var/www/MISP/app/Config
|
|
chmod -R 750 /var/www/MISP/app/Config
|
|
|
|
# Generate a GPG encryption key.
|
|
mkdir /var/www/MISP/.gnupg
|
|
chown www-data:www-data /var/www/MISP/.gnupg
|
|
chmod 700 /var/www/MISP/.gnupg
|
|
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
|
|
# Recommended key type: RSA
|
|
# The email address should match the one set int he bootstrap.php configuration file
|
|
# Make sure that you use the same settings in the MISP Server Settings tool tool (Described on line 184)
|
|
|
|
# And export the public key to the webroot
|
|
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-EMAIL > /var/www/MISP/app/webroot/gpg.asc
|
|
|
|
# Start the workers to enable background jobs
|
|
/var/www/MISP/app/Console/worker/start.sh
|
|
|
|
# To make the background workers start on boot
|
|
chmod +x /var/www/MISP/app/Console/worker/start.sh
|
|
sudo vim /etc/rc.local
|
|
# Add the following line before the last line (exit 0). Make sure that you replace www-data with your apache user:
|
|
su www-data -c 'bash /var/www/MISP/app/Console/worker/start.sh'
|
|
|
|
# Now log in using the webinterface:
|
|
# The default user/pass = admin@admin.test/admin
|
|
|
|
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
|
|
# It is especially vital that no critical issues remain!
|
|
|
|
Don't forget to change the email, password and authentication key after installation.
|
|
|
|
# Once done, have a look at the diagnostics
|
|
|
|
# If any of the directories that MISP uses to store files is not writeable to the apache user, change the permissions
|
|
# you can do this by running the following commands:
|
|
|
|
chmod -R 750 /var/www/MISP/<directory path with an indicated issue>
|
|
chown -R www-data:www-data /var/www/MISP/<directory path with an indicated issue>
|
|
|
|
# Make sure that the STIX libraries and GnuPG work as intended, if not, refer to INSTALL.txt's paragraphs dealing with these two items
|
|
|
|
# If anything goes wrong, make sure that you check MISP's logs for errors:
|
|
# /var/www/MISP/app/tmp/logs/error.log
|
|
# /var/www/MISP/app/tmp/logs/resque-worker-error.log
|
|
# /var/www/MISP/app/tmp/logs/resque-scheduler-error.log
|
|
# /var/www/MISP/app/tmp/logs/resque-2015-01-01.log //where the actual date is the current date
|
|
|
|
Recommended actions
|
|
-------------------
|
|
- By default CakePHP exposes his name and version in email headers. Apply a patch to remove this behavior.
|
|
|
|
- You should really harden your OS
|
|
- You should really harden the configuration of Apache
|
|
- You should really harden the configuration of MySQL
|
|
- Keep your software up2date (MISP, CakePHP and everything else)
|
|
- Log and audit
|