2016-08-19 12:40:33 +02:00
|
|
|
---
|
|
|
|
# Install basic packages
|
|
|
|
- name: Create misp user
|
|
|
|
user:
|
|
|
|
name: misp
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Create Ansible directory
|
|
|
|
file:
|
|
|
|
path: "/home/misp/ansible"
|
|
|
|
owner: misp
|
|
|
|
group: misp
|
|
|
|
mode: 0775
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Install all needed packages
|
|
|
|
apt:
|
|
|
|
pkg: "{{ item }}"
|
|
|
|
state: latest
|
|
|
|
update_cache: yes
|
|
|
|
with_items:
|
|
|
|
- gcc
|
|
|
|
- zip
|
|
|
|
- php-pear
|
|
|
|
- git
|
|
|
|
- redis-server
|
|
|
|
- make
|
|
|
|
- python-dev
|
|
|
|
- python-pip
|
|
|
|
- libxml2-dev
|
|
|
|
- libxslt1-dev
|
|
|
|
- zlib1g-dev
|
|
|
|
- php5-dev
|
|
|
|
- curl
|
|
|
|
- gnupg-agent
|
|
|
|
- php5-mysql
|
|
|
|
- php5-redis
|
|
|
|
|
|
|
|
######### MISP users and groups #########
|
|
|
|
|
|
|
|
- name: Add MISP group
|
|
|
|
group:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
system: yes
|
|
|
|
with_items:
|
|
|
|
- "misp-server"
|
|
|
|
|
|
|
|
- name: Add misp in misp-server
|
|
|
|
user:
|
|
|
|
name: misp
|
|
|
|
append: yes
|
|
|
|
groups: misp-server
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Add www-data in misp-server
|
|
|
|
user:
|
|
|
|
name: www-data
|
|
|
|
append: yes
|
|
|
|
groups: misp-server
|
|
|
|
|
|
|
|
######### MISP directories #########
|
|
|
|
|
|
|
|
- name: Create MISP server directory
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 02775
|
|
|
|
state: directory
|
|
|
|
with_items:
|
|
|
|
- "/opt/misp-server"
|
|
|
|
- "/opt/misp-server/misp"
|
|
|
|
- "/opt/misp-server/tmp"
|
|
|
|
|
|
|
|
######### PEAR: CRYPTPGP #########
|
|
|
|
- name: Configure PEAR proxy
|
|
|
|
shell: "{{ item }}"
|
|
|
|
args:
|
|
|
|
creates: /home/misp/ansible/ansible_shell_pear_configure_proxy.log
|
|
|
|
with_items:
|
|
|
|
- "pear config-set http_proxy http://{{proxy_host}}:{{proxy_port}} > /home/misp/ansible/ansible_shell_pear_configure_proxy.log"
|
|
|
|
|
|
|
|
- name: Configure PEAR tmp
|
|
|
|
shell: "{{ item }}"
|
|
|
|
args:
|
|
|
|
creates: /home/misp/ansible/ansible_shell_pear_configure_tmp.log
|
|
|
|
with_items:
|
|
|
|
- pear config-set temp_dir /opt/misp-server/tmp/ > /home/misp/ansible/ansible_shell_pear_configure_tmp.log
|
|
|
|
|
|
|
|
- name: Install CryptGPG
|
|
|
|
pear:
|
|
|
|
name: Crypt_GPG
|
|
|
|
state: present
|
|
|
|
|
|
|
|
######### MISP REPOSITORY #########
|
|
|
|
|
|
|
|
- name: Clone MISP repository
|
|
|
|
become: true
|
|
|
|
become_user: misp
|
|
|
|
git:
|
|
|
|
repo: "https://github.com/MISP/MISP.git"
|
|
|
|
dest: "/opt/misp-server/misp"
|
|
|
|
recursive: yes
|
|
|
|
force: no
|
|
|
|
update: no
|
|
|
|
accept_hostkey: yes
|
|
|
|
|
|
|
|
- name: Configure Git
|
|
|
|
git_config:
|
|
|
|
name: core.filemode
|
|
|
|
scope: global
|
|
|
|
value: false
|
|
|
|
|
|
|
|
- name: Create scripts directories
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 02775
|
|
|
|
state: directory
|
|
|
|
with_items:
|
|
|
|
- "/opt/misp-server/misp/app/files/scripts/python-cybox"
|
|
|
|
- "/opt/misp-server/misp/app/files/scripts/python-stix"
|
|
|
|
|
|
|
|
- name: Clone MISP depedencies | Python-Cybox
|
|
|
|
become: true
|
|
|
|
become_user: misp
|
|
|
|
git:
|
|
|
|
repo: "https://github.com/CybOXProject/python-cybox.git"
|
|
|
|
dest: "/opt/misp-server/misp/app/files/scripts/python-cybox"
|
|
|
|
force: no
|
|
|
|
update: no
|
|
|
|
accept_hostkey: yes
|
|
|
|
|
|
|
|
- name: Clone MISP depedencies | Python-Stix
|
|
|
|
become: true
|
|
|
|
become_user: misp
|
|
|
|
git:
|
|
|
|
repo: "https://github.com/STIXProject/python-stix.git"
|
|
|
|
dest: "/opt/misp-server/misp/app/files/scripts/python-stix"
|
|
|
|
force: no
|
|
|
|
update: no
|
|
|
|
accept_hostkey: yes
|
|
|
|
|
|
|
|
- name: Install MISP depedencies | Python-Cybox
|
|
|
|
become: true
|
|
|
|
shell: "{{ item }}"
|
|
|
|
args:
|
|
|
|
chdir: /opt/misp-server/misp/app/files/scripts/python-cybox
|
|
|
|
creates: /home/misp/ansible/ansible_shell_pythoncybox_setup.log
|
|
|
|
with_items:
|
|
|
|
- python setup.py install > /home/misp/ansible/ansible_shell_pythoncybox_setup.log
|
|
|
|
|
|
|
|
- name: Install MISP depedencies | Python-Stix
|
|
|
|
become: true
|
|
|
|
shell: "{{ item }}"
|
|
|
|
args:
|
|
|
|
chdir: /opt/misp-server/misp/app/files/scripts/python-stix
|
|
|
|
creates: /home/misp/ansible/ansible_shell_pythonstix_setup.log
|
|
|
|
with_items:
|
|
|
|
- python setup.py install > /home/misp/ansible/ansible_shell_pythonstix_setup.log
|
|
|
|
|
|
|
|
######### CAKE PHP #########
|
|
|
|
|
|
|
|
- name: Curl PHP installer
|
|
|
|
shell: "{{ item }}"
|
|
|
|
args:
|
|
|
|
chdir: /opt/misp-server/misp/app/
|
|
|
|
creates: /home/misp/ansible/ansible_shell_curl_php.log
|
|
|
|
with_items:
|
|
|
|
- curl -s https://getcomposer.org/installer | php > /home/misp/ansible/ansible_shell_curl_php.log
|
|
|
|
|
|
|
|
- name: Install COMPOSER in /bin
|
|
|
|
copy:
|
|
|
|
remote_src: True
|
|
|
|
src: /opt/misp-server/misp/app/composer.phar
|
|
|
|
dest: /usr/local/bin/composer
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
- name: Cake-resque installation
|
|
|
|
composer:
|
|
|
|
command: "require"
|
|
|
|
arguments: "kamisama/cake-resque:4.1.2"
|
|
|
|
working_dir: "/opt/misp-server/misp/app"
|
|
|
|
register: cakeresque_install
|
|
|
|
|
|
|
|
- name: Vendor configure
|
|
|
|
composer:
|
|
|
|
command: "config"
|
|
|
|
arguments: "vendor-dir Vendor"
|
|
|
|
working_dir: "/opt/misp-server/misp/app"
|
|
|
|
when: cakeresque_install.changed
|
|
|
|
|
|
|
|
- name: PHP composer install
|
|
|
|
composer:
|
|
|
|
command: "install"
|
|
|
|
arguments: ""
|
|
|
|
working_dir: "/opt/misp-server/misp/app"
|
|
|
|
|
|
|
|
- name: Copy CakeResque config file
|
|
|
|
copy:
|
|
|
|
remote_src: True
|
|
|
|
src: /opt/misp-server/misp/INSTALL/setup/config.php
|
|
|
|
dest: /opt/misp-server/misp/app/Plugin/CakeResque/Config/config.php
|
|
|
|
force: yes
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 0774
|
|
|
|
|
|
|
|
######### MISP CONFIGURATION #########
|
|
|
|
|
|
|
|
- name: Copy MISP configuration files
|
|
|
|
template:
|
|
|
|
src: "misp/config/{{item}}"
|
|
|
|
dest: "/opt/misp-server/misp/app/Config/{{item}}"
|
|
|
|
force: yes
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 0774
|
|
|
|
with_items:
|
|
|
|
- bootstrap.php
|
|
|
|
- config.php
|
|
|
|
- core.php
|
|
|
|
- database.php
|
|
|
|
|
|
|
|
######### GNUPG #########
|
|
|
|
|
|
|
|
- name: Create the directory for GNUPG
|
|
|
|
file:
|
|
|
|
path: "/opt/misp-server/misp/.gnupg"
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 0770
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
######### MISP WORKERS #########
|
|
|
|
|
|
|
|
- name: Check MISP worker launcher permissions
|
|
|
|
file:
|
|
|
|
path: /opt/misp-server/misp/app/Console/worker/start.sh
|
|
|
|
owner: misp
|
|
|
|
group: misp-server
|
|
|
|
mode: 0764
|
|
|
|
|
|
|
|
- name: Check MISP worker autolaunch at boot
|
|
|
|
lineinfile:
|
|
|
|
state: present
|
|
|
|
dest: /etc/rc.local
|
|
|
|
insertbefore: "exit 0"
|
|
|
|
line: "sudo -u www-data bash /opt/misp-server/misp/app/Console/worker/start.sh"
|
|
|
|
|
|
|
|
######### ADD-ON #########
|
|
|
|
|
|
|
|
- name: Install ZeroMQ
|
|
|
|
pip:
|
|
|
|
name: pyzmq
|
|
|
|
state: latest
|
|
|
|
|
|
|
|
- name: Install Python client for Redis
|
|
|
|
pip:
|
|
|
|
name: redis
|
|
|
|
state: latest
|
|
|
|
|
|
|
|
######### MYSQL CONFIGURATION #########
|
|
|
|
|
|
|
|
- name: MySQL | Create MISP database
|
|
|
|
become: true
|
|
|
|
mysql_db:
|
|
|
|
login_user: root
|
|
|
|
login_password: "{{ mysql_root_new_pass }}"
|
|
|
|
name: misp
|
|
|
|
state: present
|
|
|
|
register: mysql_init
|
|
|
|
|
|
|
|
- name: MySQL | Create MISP user
|
|
|
|
become: true
|
|
|
|
mysql_user:
|
|
|
|
login_user: root
|
|
|
|
login_password: "{{ mysql_root_new_pass }}"
|
|
|
|
name: misp
|
|
|
|
password: "{{mysql_misp_password}}"
|
|
|
|
priv: "misp.*:ALL,GRANT"
|
|
|
|
state: present
|
|
|
|
register: mysql_init
|
|
|
|
|
|
|
|
- name: MySQL | Create password file
|
|
|
|
template:
|
|
|
|
src: "mysql/{{item}}"
|
|
|
|
dest: "/home/misp/{{item}}"
|
|
|
|
force: no
|
|
|
|
owner: misp
|
|
|
|
group: misp
|
|
|
|
mode: 0600
|
|
|
|
with_items:
|
|
|
|
- .my.cnf
|
|
|
|
|
|
|
|
- name: MySQL | Create password file for root
|
|
|
|
template:
|
|
|
|
src: "mysql/{{item}}"
|
|
|
|
dest: "/root/{{item}}"
|
|
|
|
force: no
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0600
|
|
|
|
with_items:
|
|
|
|
- .my.cnf
|
|
|
|
|
|
|
|
- name: MySQL | Initialize MISP database
|
|
|
|
shell: "{{ item }}"
|
|
|
|
with_items:
|
|
|
|
- mysql -D misp < /opt/misp-server/misp/INSTALL/MYSQL.sql
|
|
|
|
when: mysql_init.changed
|
2016-08-24 14:35:57 +02:00
|
|
|
|
2016-08-19 12:40:33 +02:00
|
|
|
######### PERMISSIONS #########
|
|
|
|
|
|
|
|
- name: Fix all files permissions
|
|
|
|
file:
|
|
|
|
path: /opt/misp-server/misp
|
|
|
|
recurse: yes
|
|
|
|
state: directory
|
|
|
|
mode: "g=u"
|
|
|
|
|
2016-08-26 15:10:19 +02:00
|
|
|
####### BACKUP #######
|
2016-08-19 12:40:33 +02:00
|
|
|
|
2016-08-24 14:35:57 +02:00
|
|
|
- name: Configure and enable MISP backup
|
|
|
|
include: backup.yml
|
2016-08-19 12:40:33 +02:00
|
|
|
when: enable_auto_backup == 'y'
|
|
|
|
|
2016-08-26 15:10:19 +02:00
|
|
|
####### NEW DATA LOCATION #######
|
2016-08-19 12:40:33 +02:00
|
|
|
|
2016-08-24 14:35:57 +02:00
|
|
|
- name: Change DATA location of MISP
|
|
|
|
include: new_data_location.yml
|
|
|
|
when: data_location != '/opt/misp-server/misp/app'
|
2016-08-26 15:10:19 +02:00
|
|
|
|
|
|
|
####### MISP-MODULES #######
|
|
|
|
|
|
|
|
- name: Install misp-modules
|
|
|
|
include: modules.yml
|
2017-03-28 14:14:15 +02:00
|
|
|
when: install_modules == 'y'
|