misp-cloud/dev/bootstrap

558 lines
26 KiB
Plaintext
Raw Normal View History

2018-06-22 00:11:20 +02:00
#!/usr/bin/env bash
MISP_BRANCH='2.4'
# MISP Configurables
PATH_TO_MISP='/var/www/MISP'
CAKE="${PATH_TO_MISP}/app/Console/cake"
MISP_BASEURL=''
MISP_LIVE='1'
2018-06-22 00:11:20 +02:00
# Database configuration
DBHOST='localhost'
DBNAME='misp'
DBUSER_ADMIN='root'
DBPASSWORD_ADMIN="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer"
DBUSER_MISP='misp'
DBPASSWORD_MISP="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer"
# Webserver configuration
FQDN='localhost'
# GPG configuration
GPG_REAL_NAME='Auto-generated Key'
GPG_COMMENT='WARNING: MISP Cloud Auto-generated Key'
GPG_EMAIL_ADDRESS='admin@admin.test'
GPG_KEY_LENGTH='2048'
GPG_PASSPHRASE='Password1234'
2018-06-22 00:11:20 +02:00
# php.ini configuration
upload_max_filesize=50M
post_max_size=50M
max_execution_time=300
memory_limit=512M
PHP_INI='/etc/php/7.2/apache2/php.ini'
2018-06-22 00:11:20 +02:00
echo "--- Process started ... ---"
2018-06-22 00:11:20 +02:00
echo "--- Performing OS changes (branding) ... ---"
apt-get install -y update-motd > /dev/null 2>&1
cat > /etc/motd <<EOF
__ __ _____ _____ _____
2018-06-22 00:11:20 +02:00
| \/ |_ _|/ ____| __ \
| \ / | | | | (___ | |__) |
| |\/| | | | \___ \| ___/
| | | |_| |_ ____) | |
|_| |_|_____|_____/|_|
* MISP Project: https://github.com/MISP/MISP
* AMI Documentation: https://github.com/misp/misp-cloud
2018-06-22 00:11:20 +02:00
EOF
cat > /etc/update-motd.d/51-cloudguest <<EOF
2018-06-22 00:11:20 +02:00
EOF
echo "--- Upgrading base system and autoremoving packages ---"
apt -qq update > /dev/null 2>&1
2018-09-07 16:44:33 +02:00
# Prevent dialog of dpkg for config overwrite
DEBIAN_FRONTEND=noninteractive apt -yq upgrade > /dev/null 2>&1
2018-09-07 16:44:33 +02:00
# Clean up
apt -y autoremove > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Install base packages ---"
apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo tmux vim virtualenvwrapper zip python3-pythonmagick tesseract-ocr htop imagemagick asciidoctor jq > /dev/null 2>&1
echo "--- Installing and configuring Postfix ---"
# # Postfix Configuration: Satellite system
# # change the relay server later with:
# postconf -e 'relayhost = example.com'
# postfix reload
echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections
apt-get install -y postfix > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Installing MariaDB specific packages and settings ---"
apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
# Secure the MariaDB installation (especially by setting a strong root password)
sleep 10 # give some time to the DB to launch...
systemctl restart mariadb.service
sleep 10
apt-get install -y expect > /dev/null 2>&1
## do we need to spawn mysql_secure_install with sudo in future?
2018-06-22 00:11:20 +02:00
expect -f - <<-EOF
set timeout 10
spawn mysql_secure_installation
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
apt-get purge -y expect > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Installing Apache2 ---"
apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
a2dismod status > /dev/null 2>&1
a2enmod ssl > /dev/null 2>&1
a2enmod rewrite > /dev/null 2>&1
a2enmod headers > /dev/null 2>&1
a2dissite 000-default > /dev/null 2>&1
a2ensite default-ssl > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Installing PHP-specific packages ---"
2019-09-11 12:33:23 +02:00
apt install -qy libapache2-mod-php php php-cli php-dev php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-redis php-gnupg php-gd > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Configuring PHP ---"
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
2018-06-22 00:11:20 +02:00
done
echo "--- Adding Apache virtualhost ---"
openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/CN=MISP-Cloud" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null 2>&1
cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
<VirtualHost *:443>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot $PATH_TO_MISP/app/webroot
<Directory $PATH_TO_MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
</VirtualHost>
EOF
a2dissite default-ssl > /dev/null 2>&1
a2ensite misp-ssl > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Retrieving MISP ---"
## Double check perms.
mkdir $PATH_TO_MISP
chown www-data:www-data $PATH_TO_MISP
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP
2019-09-11 12:33:23 +02:00
git clone https://github.com/MISP/MISP.git $PATH_TO_MISP > /dev/null 2>&1
git submodule update --init --recursive
git submodule foreach --recursive git config core.filemode false
git config core.filemode false
2018-06-22 00:11:20 +02:00
echo "--- Installing Mitre's STIX ---"
apt-get install -y python-dev python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP/app/files/scripts
git clone https://github.com/CybOXProject/python-cybox.git > /dev/null 2>&1
git clone https://github.com/STIXProject/python-stix.git > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP/app/files/scripts/python-cybox
python3 setup.py install > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP/app/files/scripts/python-stix
python3 setup.py install > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
# install mixbox to accomodate the new STIX dependencies:
cd $PATH_TO_MISP/app/files/scripts/
git clone https://github.com/CybOXProject/mixbox.git > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP/app/files/scripts/mixbox
python3 setup.py install > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Retrieving CakePHP ---"
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP
git submodule init > /dev/null 2>&1
git submodule update > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
# Make composer cache happy
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
2018-06-22 00:11:20 +02:00
cd $PATH_TO_MISP/app
php composer.phar require kamisama/cake-resque:4.1.2 > /dev/null 2>&1
php composer.phar config vendor-dir Vendor > /dev/null 2>&1
php composer.phar install > /dev/null 2>&1
2019-09-11 12:33:23 +02:00
2018-06-22 00:11:20 +02:00
# Enable CakeResque with php-redis
phpenmod redis
2019-09-11 12:33:23 +02:00
phpenmod gnupg
2018-06-22 00:11:20 +02:00
# To use the scheduler worker for scheduled tasks, do the following:
cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
echo "--- Setting the permissions ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
echo "--- Creating a database user ---"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
2018-06-22 00:11:20 +02:00
# Import the empty MISP database from MYSQL.sql
cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
2018-06-22 00:11:20 +02:00
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Configuring log rotation ---"
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
2018-06-22 00:11:20 +02:00
echo "--- MISP configuration ---"
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
cat > $PATH_TO_MISP/app/Config/database.php <<EOF
2018-06-22 00:11:20 +02:00
<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}
EOF
# and make sure the file permissions are still OK
chown -R www-data:www-data $PATH_TO_MISP/app/Config
chmod -R 750 $PATH_TO_MISP/app/Config
2018-06-22 00:11:20 +02:00
# Set some MISP directives with the command line tool
$CAKE Live $MISP_LIVE > /dev/null
# Enable ZeroMQ
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false > /dev/null
# Enable GnuPG
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test" > /dev/null
$CAKE Admin setSetting "GnuPG.homedir" ${PATH_TO_MISP}/.gnupg > /dev/null
$CAKE Admin setSetting "GnuPG.binary" `which gpg` > /dev/null
$CAKE Admin setSetting "GnuPG.password" "Password1234" > /dev/null
# Enable Enrichment set better timeouts
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_vmray_submit_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_circl_passivedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_circl_passivessl_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_countrycode_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_domaintools_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_eupi_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_farsight_passivedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_passivetotal_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_sourcecache_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_virustotal_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_whois_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_shodan_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_reversedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_geoip_country_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_wiki_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_iprep_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_threatminer_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_otx_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_threatcrowd_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_vulndb_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_crowdstrike_falcon_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hashdd_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_onyphe_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_onyphe_full_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_rbl_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null
# Enable Import modules set better timout
$CAKE Admin setSetting "Plugin.Import_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Import_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Import_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_vmray_import_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_testimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_cuckooimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_goamlimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_email_import_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_mispjson_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" false > /dev/null
# Enable Export modules set better timout
$CAKE Admin setSetting "Plugin.Export_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Export_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Export_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Export_testexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_testexport_restrict" 1 > /dev/null
$CAKE Admin setSetting "Plugin.Export_cef_export_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_liteexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_goamlexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_threat_connect_export_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_threatStream_misp_export_enabled" false > /dev/null
# Enable installer org and tune some configurables
$CAKE Admin setSetting "MISP.host_org_id" 1 > /dev/null
$CAKE Admin setSetting "MISP.email" "info@admin.test" > /dev/null
$CAKE Admin setSetting "MISP.disable_emailing" true > /dev/null
$CAKE Admin setSetting "MISP.contact" "info@admin.test" > /dev/null
$CAKE Admin setSetting "MISP.disablerestalert" true > /dev/null
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true > /dev/null
# Provisional Cortex tunes
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true > /dev/null
# Provisional Elastic Search tunes
$CAKE Admin setSetting "Plugin.ElasticSearch_logging_enable" false > /dev/null
# Various plugin sightings settings
$CAKE Admin setSetting "Plugin.Sightings_policy" 0 > /dev/null
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false > /dev/null
$CAKE Admin setSetting "Plugin.Sightings_range" 365 > /dev/null
# Plugin CustomAuth tuneable
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false > /dev/null
# RPZ Plugin settings
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" > /dev/null
# Force defaults to make MISP Server Settings less RED
$CAKE Admin setSetting "MISP.language" "eng" > /dev/null
$CAKE Admin setSetting "MISP.proposals_block_attributes" false > /dev/null
## Redis block
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" > /dev/null
$CAKE Admin setSetting "MISP.redis_port" 6379 > /dev/null
$CAKE Admin setSetting "MISP.redis_database" 13 > /dev/null
$CAKE Admin setSetting "MISP.redis_password" "" > /dev/null
# Force defaults to make MISP Server Settings less YELLOW
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 > /dev/null
$CAKE Admin setSetting "MISP.extended_alert_subject" false > /dev/null
$CAKE Admin setSetting "MISP.default_event_threat_level" 4 > /dev/null
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true > /dev/null
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true > /dev/null
$CAKE Admin setSetting "MISP.log_client_ip" false > /dev/null
$CAKE Admin setSetting "MISP.log_auth" false > /dev/null
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false > /dev/null
$CAKE Admin setSetting "MISP.block_event_alert" false > /dev/null
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" > /dev/null
$CAKE Admin setSetting "MISP.block_old_event_alert" false > /dev/null
$CAKE Admin setSetting "MISP.block_old_event_alert_age" "" > /dev/null
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false > /dev/null
$CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email. " > /dev/null
2018-11-27 11:55:56 +01:00
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated AMI." > /dev/null
$CAKE Admin setSetting "MISP.footermidright" "https://github.com/MISP/misp-cloud/" > /dev/null
$CAKE Admin setSetting "MISP.welcome_text_top" "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security" > /dev/null
$CAKE Admin setSetting "MISP.download_attachments_on_load" true > /dev/null
$CAKE Admin setSetting "MISP.title_text" "MISP" > /dev/null
$CAKE Admin setSetting "MISP.terms_download" false > /dev/null
$CAKE Admin setSetting "MISP.showorgalternate" false > /dev/null
$CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name" > /dev/null
# Force defaults to make MISP Server Settings less GREEN
$CAKE Admin setSetting "Security.password_policy_length" 12 > /dev/null
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' > /dev/null
# Tune global time outs
$CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null
$CAKE Admin setSetting "Session.timeout" 600 > /dev/null
$CAKE Admin setSetting "Session.cookie_timeout" 3600 > /dev/null
echo "--- Generating a GPG encryption key ---"
apt-get install -y rng-tools haveged > /dev/null 2>&1
sudo -u www-data mkdir $PATH_TO_MISP/.gnupg
chmod 700 $PATH_TO_MISP/.gnupg
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
rm -f /tmp/gen-key-script
# And export the public key to the webroot
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc"
echo "--- Making the background workers start on boot ---"
chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
2018-06-22 00:11:20 +02:00
# With initd:
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | tee -a /etc/rc.local
echo 'exit 0' | tee -a /etc/rc.local
chmod u+x /etc/rc.local
2018-06-22 00:11:20 +02:00
fi
# redis-server requires the following /sys/kernel tweak
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sed -i -e '$i \ cd $d && git pull &\n' /etc/rc.local
sed -i -e '$i \done\n' /etc/rc.local
echo "--- Installing MISP modules ---"
apt-get install -y libpq5 libjpeg-dev libfuzzy-dev > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
2019-04-10 10:15:18 +02:00
sudo chown -R www-data:www-data misp-modules
2019-05-14 10:56:04 +02:00
cd misp-modules
2018-06-22 00:11:20 +02:00
# pip3 install
pip3 install -I -r REQUIREMENTS > /dev/null 2>&1
pip3 install -I . > /dev/null 2>&1
pip3 install lief 2>&1
pip3 install maec 2>&1
pip3 install pathlib 2>&1
pip3 install pymisp python-magic wand yara > /dev/null 2>&1
pip3 install git+https://github.com/kbandla/pydeep.git > /dev/null 2>&1
# install STIX2.0 library to support STIX 2.0 export:
pip3 install stix2 > /dev/null 2>&1
echo "--- Setting the permissions ... ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
sleep 5
echo "--- Updating the galaxies ---"
sudo -u www-data -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null
2018-06-22 00:11:20 +02:00
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# Update the galaxies
$CAKE Admin updateGalaxies > /dev/null 2>&1
# Updating the taxonomies
$CAKE Admin updateTaxonomies > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
# Updating the warning lists
## $CAKE Admin updateWarningLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/warninglists/update > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
# Updating the notice lists
## $CAKE Admin updateNoticeLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/noticelists/update > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
# Updating the object templates
##$CAKE Admin updateObjectTemplates
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/objectTemplates/update > /dev/null 2>&1
2018-06-22 00:11:20 +02:00
echo "--- Enabling MISP new pub/sub feature (ZeroMQ) ---"
apt-get install -y pkg-config python-redis python-zmq python3-zmq > /dev/null 2>&1
echo "--- Installing asciidoctor-pdf ---"
gem install asciidoctor-pdf --pre > /dev/null 2>&1
gem install pygments.rb > /dev/null 2>&1
echo "--- Ignoring filemode on all submodules ---"
cd $PATH_TO_MISP
sudo -u www-data git submodule foreach --recursive git config core.filemode false > /dev/null 2>&1
echo "--- autoremove for apt ---"
apt autoremove -y > /dev/null 2>&1
echo "--- Setting Baseurl and making sure Sessions do NOT auto regenerate ---"
$CAKE Baseurl "" > /dev/null 2>&1
$CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null 2>&1
echo "--- Setting the permissions ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
chmod 700 $PATH_TO_MISP/.gnupg