chg: [doc] Update the get your instance instructions to 2.4.95

pull/128/head
Steve Clement 2018-09-07 21:39:04 +02:00
parent cca70c0f3d
commit eb2463d160
3 changed files with 38 additions and 21 deletions

View File

@ -1,4 +1,3 @@
## Get your own MISP instance ## Get your own MISP instance
The intention of this chapter is to support you in getting your own MISP instance up and running. The intention of this chapter is to support you in getting your own MISP instance up and running.
@ -6,18 +5,16 @@ The intention of this chapter is to support you in getting your own MISP instanc
### MISP Virtual Machine ### MISP Virtual Machine
CIRCL maintains the image of a recent MISP virtual machine online. CIRCL maintains the image of a recent MISP virtual machine online. This VM is generated after every commit to the main MISP repository on Github.
This is a very easy out of the box solution, optimized for product evaluation and to support trainings hold by CIRCL staff. This is a very easy out of the box solution, optimized for product evaluation and to support trainings held by CIRCL staff.
The images is updated on a regular base. You should frequently re-visit the online resources to get the latest versions including bug fixes and new features.
#### MISP VM Download #### MISP VM Download
The best place to get the latest version of the MISP virtual machine, as well as all the available training materials is the [MISP training materials page] [1] on the CIRCL website. The best place to get the latest version of the MISP virtual machine, as well as all the available training materials is the [MISP training materials page] [1] on the CIRCL website.
If you do not remember the direct link to the MISP training materials here are the very easy to remember step you have to follow to reach the right place: If you do not remember the direct link to the MISP training materials here are the very easy to remember steps you have to follow to reach the right place:
1. Access the [CIRCL homepage] [2] 1. Access the [CIRCL homepage] [2]
2. Navigate to the [Training area] [3] 2. Navigate to the [Training area] [3]
@ -35,10 +32,12 @@ In VirtualBox use the "Import Appliance..." functionality to import the virtual
The instructions in this manual covers VirtualBox only. If you prefer another virtualization solution like VMWare you can find some quick instruction on the [MISP training materials page] [1]. The instructions in this manual covers VirtualBox only. If you prefer another virtualization solution like VMWare you can find some quick instruction on the [MISP training materials page] [1].
ESXi Servers have been tested too. Should work without problem but some manual changing of the ATA-Bus is needed.
#### MISP VM Credentials #### MISP VM Credentials
The MISP image is pre-configured to be reachable on the private IP address **192.168.56.50** by SSH. The GUI is reachable by **http://192.168.56.50/**. The MISP image is pre-configured to be reachable on the private IP address **localhost** by SSH on port 2222. The GUI is reachable by **http://localhost:8080/**.
You should have two interfaces on your VirtualBox configuration (NAT and host-only). You can also configure access to the MISP instance by doing port forwarding on the NAT interface. You should have two interfaces on your VirtualBox configuration (NAT and host-only). You can also configure access to the MISP instance by doing port forwarding on the NAT interface.
@ -46,26 +45,44 @@ MISP credentials:
* **GUI Admin:** admin@admin.test:admin (it's the site admin account with full rights, feel free to create other users) * **GUI Admin:** admin@admin.test:admin (it's the site admin account with full rights, feel free to create other users)
* **Shell/SSH:** misp : Password1234 * **Shell/SSH:** misp : Password1234
* **MySQL:** The credentials are generated during the VM generator. The details are located in ~misp/mysql.txt
#### Networking on the VM
Virtualbox has a neat feature to forward ports from your Host machine to the Guest VM.
We forward the following ports:
* **ssh** Forward from 2222 on Host -> 22 on guest
* **http** Main WebUI - 8080 on Host -> 80 on guest
* **https** Not in use - 8443 on Host -> 443 on guest
* **8001** MISP Dashboard - 8001 on Host -> 8001 on guest
* **8888** Viper Web UI - 8888 on Host -> 8888 on guest
* **1666** misp-modules used to poll the misp-modules API - 1666 on Host -> 6666 on guest
If the port is already used on your host, virtualbox will still boot and all the other ports will work.
To change the port forwarding select the running VM in the UI and click on `Settings` -> `Network` -> `Advanced` -> `Port forwarding`
![Overview of Network settings](figures/vbox-settings-forwarding.png)
Overview of default port forwards
![Overview of forwarded ports](figures/port-forwards-vbox.png)
The reason that some entries have `0.0.0.0` and other are left blank is due to a virtualbox bug where traffic would not be sent to the Guest VM.
:warning: VMWare users will need to connect to whatever IP the VM has on your host. There is NO port forwarding done fo r VMWare.
#### Potential issues #### Potential issues
During life trainings we see in rare cases that some users could not reach the virtual machine over the virtual network. You might have a very old VM installed and the ports are not be forwarded.
Either configure the port forwards manually or download a new VM.
Some investigations discover that this always happens with user whom already had VirtualBox in use before and had already one or more **Host-only Adapter** configured in advance.
The MISP image is pre-configured to use **Host-only Adapter** with the Name **vboxnet0**.
![Host-only Adapter vboxnet0](figures/host-only-1.png)
If this is already occupied by previous VirtualBox projects, try to attach the network adapter to the next available **Host-only** network.
![Host-only Adapter vboxnet0](figures/host-only-2.png)
[1]: https://www.circl.lu/services/misp-training-materials/ "MISP training materials page" [1]: https://www.circl.lu/services/misp-training-materials/ "MISP training materials page"
[2]: https://www.circl.lu/ "CIRCL homepage" [2]: https://www.circl.lu/ "CIRCL homepage"
[3]: https://www.circl.lu/services/training/ "Training area" [3]: https://www.circl.lu/services/training/ "Training area"
[4]: https://www.circl.lu/services/training/#misp-malware-information-sharing-platform-threat-sharing "Malware Information Sharing Platform" [4]: https://www.circl.lu/services/training/#misp-malware-information-sharing-platform-threat-sharing "Malware Information Sharing Platform"

Binary file not shown.

After

Width:  |  Height:  |  Size: 73 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 216 KiB