diff --git a/dev/bootstrap b/dev/bootstrap new file mode 100644 index 0000000..5242a88 --- /dev/null +++ b/dev/bootstrap @@ -0,0 +1,340 @@ +#!/usr/bin/env bash + +# Ubuntu version +UBUNTU_VERSION="$(lsb_release -r -s)" + +# Database configuration +DBHOST='localhost' +DBNAME='misp' +DBUSER_ADMIN='root' +DBPASSWORD_ADMIN="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer" +DBUSER_MISP='misp' +DBPASSWORD_MISP="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer" + +# Webserver configuration +PATH_TO_MISP='/var/www/MISP' +MISP_BASEURL='' +FQDN='localhost' + +# OpenSSL configuration +OPENSSL_C='PT' +OPENSSL_ST='Lisbon' +OPENSSL_L='Lisbon' +OPENSSL_O='MISP' +OPENSSL_OU='MISP' +OPENSSL_CN='MISP Training' +OPENSSL_EMAILADDRESS='info@localhost' + +# php.ini configuration +upload_max_filesize=50M +post_max_size=50M +max_execution_time=300 +memory_limit=512M +PHP_INI=/etc/php/7.0/apache2/php.ini + +echo "--- Installing MISP... ---" + +echo "--- Updating packages list and upgrading base image ---" +sudo apt-get -qq update > /dev/null 2>&1 +sudo apt-get -qq upgrade -y > /dev/null 2>&1 + +echo "--- Performing OS changes... ---" +sudo apt-get install -y update-motd > /dev/null 2>&1 +sudo cat > /etc/update-motd.d/10-help-text < /etc/update-motd.d/51-cloudguest < /dev/null 2>&1 + +echo "--- Installing MariaDB specific packages and settings ---" +sudo apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1 + +# DB Hardening +sudo apt-get install -y expect > /dev/null 2>&1 +expect -f - <<-EOF + set timeout 10 + spawn mysql_secure_installation + expect "Enter current password for root (enter for none):" + send -- "\r" + expect "Set root password?" + send -- "y\r" + expect "New password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Re-enter new password:" + send -- "${DBPASSWORD_ADMIN}\r" + expect "Remove anonymous users?" + send -- "y\r" + expect "Disallow root login remotely?" + send -- "y\r" + expect "Remove test database and access to it?" + send -- "y\r" + expect "Reload privilege tables now?" + send -- "y\r" + expect eof +EOF +sudo apt-get purge -y expect > /dev/null 2>&1 + +echo "" +echo "--- Installing Apache2 ---" +sudo apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1 +sudo a2dismod status > /dev/null 2>&1 +sudo a2enmod ssl > /dev/null 2>&1 +sudo a2enmod rewrite > /dev/null 2>&1 +sudo a2dissite 000-default > /dev/null 2>&1 +sudo a2ensite default-ssl > /dev/null 2>&1 + +echo "--- Installing PHP-specific packages ---" +sudo apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1 + +echo "--- Configuring PHP ---" +for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit +do + sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI +done + +echo "--- Restarting Apache ---" +sudo systemctl restart apache2 > /dev/null 2>&1 + +echo "--- Retrieving MISP ---" +sudo mkdir $PATH_TO_MISP +sudo chown www-data:www-data $PATH_TO_MISP +cd $PATH_TO_MISP + +# PROBLEM +#sudo -u www-data git clone -b $MISP_BRANCH https://github.com/MISP/MISP.git $PATH_TO_MISP +sudo -u www-data git clone https://github.com/MISP/MISP.git /var/www/MISP > /dev/null 2>&1 +git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) > /dev/null 2>&1 +sudo -u www-data git config core.filemode false > /dev/null 2>&1 +# chown -R www-data $PATH_TO_MISP +# chgrp -R www-data $PATH_TO_MISP +# chmod -R 700 $PATH_TO_MISP + +echo "--- Installing Mitre's STIX ---" +sudo apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1 +cd $PATH_TO_MISP/app/files/scripts +sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git +sudo -u www-data git clone https://github.com/STIXProject/python-stix.git + +cd $PATH_TO_MISP/app/files/scripts/python-cybox +sudo -u www-data git checkout v2.1.0.12 +sudo python setup.py install + +cd $PATH_TO_MISP/app/files/scripts/python-stix +sudo -u www-data git checkout v1.1.1.4 +sudo python setup.py install + +# install mixbox to accomodate the new STIX dependencies: +cd $PATH_TO_MISP/app/files/scripts/ +sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git +cd $PATH_TO_MISP/app/files/scripts/mixbox +sudo -u www-data git checkout v1.0.2 +sudo python setup.py install + +# install STIX2.0 library to support STIX 2.0 export: +sudo pip3 install stix2 + +echo "--- Retrieving CakePHP… ---" +cd $PATH_TO_MISP +sudo -u www-data git submodule init +sudo -u www-data git submodule update +sudo -u www-data git submodule foreach git config core.filemode false + +# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs: +cd $PATH_TO_MISP/app +sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2 +sudo -u www-data php composer.phar config vendor-dir Vendor +sudo -u www-data php composer.phar install + +# Enable CakeResque with php-redis +sudo phpenmod redis + +# To use the scheduler worker for scheduled tasks, do the following: +sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php + +echo "--- Setting the permissions… ---" +sudo chown -R www-data:www-data $PATH_TO_MISP +sudo chmod -R 750 $PATH_TO_MISP +sudo chmod -R g+ws $PATH_TO_MISP/app/tmp +sudo chmod -R g+ws $PATH_TO_MISP/app/files +sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp + +echo "--- Creating a database user… ---" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" + +# Import the empty MISP database from MYSQL.sql +sudo -u www-data cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME + +echo "--- Configuring Apache… ---" +# !!! apache.24.misp.ssl seems to be missing +#cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf +# If a valid SSL certificate is not already created for the server, create a self-signed certificate: +sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null + +echo "--- Add a VirtualHost for MISP ---" +cat > /etc/apache2/sites-available/misp-ssl.conf < + ServerName misp.local + + Redirect permanent / https://$FQDN + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + + + + ServerAdmin me@me.local + ServerName misp.local + DocumentRoot $PATH_TO_MISP/app/webroot + + + Options -Indexes + AllowOverride all + Require all granted + + + SSLEngine On + SSLCertificateFile /etc/ssl/private/misp.local.crt + SSLCertificateKeyFile /etc/ssl/private/misp.local.key + #SSLCertificateChainFile /etc/ssl/private/misp-chain.crt + + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off + +EOF + +# activate new vhost +sudo a2dissite default-ssl +sudo a2ensite misp-ssl + +echo "--- Restarting Apache ---" +sudo systemctl restart apache2 > /dev/null 2>&1 + +echo "--- Configuring log rotation ---" +sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp + + +echo "--- MISP configuration ---" +# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied +sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php +sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php +sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php +sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php + +sudo -u www-data cat > $PATH_TO_MISP/app/Config/database.php < 'Database/Mysql', + //'datasource' => 'Database/Postgres', + 'persistent' => false, + 'host' => '$DBHOST', + 'login' => '$DBUSER_MISP', + 'port' => 3306, // MySQL & MariaDB + //'port' => 5432, // PostgreSQL + 'password' => '$DBPASSWORD_MISP', + 'database' => '$DBNAME', + 'prefix' => '', + 'encoding' => 'utf8', + ); +} +EOF + +# and make sure the file permissions are still OK +sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config +sudo chmod -R 750 $PATH_TO_MISP/app/Config + +# Set some MISP directives with the command line tool +##sudo $PATH_TO_MISP/app/Console/cake Baseurl "" +##sudo -u www-data /var/www/MISP/app/Console/cake Baseurl http:// +sudo $PATH_TO_MISP/app/Console/cake Live 1 +#sudo $PATH_TO_MISP/app/Console/cake org MISP-CLOUD +#sudo $PATH_TO_MISP/app/Console/cake showorg 1 +#sudo $PATH_TO_MISP/app/Console/cake background_jobs 1 +# Create Terms and Conditions File +#echo "Don't use this image in production." > $PATH_TO_MISP/app/files/terms/training +#sudo $PATH_TO_MISP/app/Console/cake terms_file training +#sudo $PATH_TO_MISP/app/Console/cake terms_download 0 +#sudo $PATH_TO_MISP/app/Console/cake disable_emailing 1 +# Logs +#sudo $PATH_TO_MISP/app/Console/cake log_client_ip 1 +#sudo $PATH_TO_MISP/app/Console/cake log_auth 1 +# Footer +#sudo $PATH_TO_MISP/app/Console/cake footermidright "Powered by MISP | MISP-CLOUD" +#sudo $PATH_TO_MISP/app/Console/cake footermidleft "https://github.com/0xtf/misp-cloud" + +echo "--- Making the background workers start on boot… ---" +sudo chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh + +# With initd: +if [ ! -e /etc/rc.local ] +then + echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local + echo 'exit 0' | sudo tee -a /etc/rc.local + sudo chmod u+x /etc/rc.local +fi +sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local + +echo "--- Installing ZeroMQ... ---" +sudo pip install pyzmq +sudo pip install redis + +echo "--- Installing MISP modules… ---" +sudo apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev > /dev/null 2>&1 +cd /usr/local/src/ +sudo git clone https://github.com/MISP/misp-modules.git +cd misp-modules +sudo pip3 install -I -r REQUIREMENTS +sudo pip3 install -I . +sudo pip3 install lief +sudo pip3 install pymisp python-magic +sudo pip3 install git+https://github.com/kbandla/pydeep.git +sudo pip install pymisp python-magic +sudo pip install git+https://github.com/kbandla/pydeep.git +sudo pip install lief +# With initd: +sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local + +echo "--- Restarting Apache… ---" +sudo systemctl restart apache2 > /dev/null 2>&1 +sleep 5 + +echo "--- Updating the galaxies… ---" +sudo -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null +AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) +echo "--- Updating the galaxies… ---" +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/galaxies/update + +echo "--- Updating the taxonomies… ---" +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/taxonomies/update + +echo "--- Updating the warning lists… ---" +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/warninglists/update + +echo "--- Updating the object templates… ---" +curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/objectTemplates/update + +echo "Configurations finished!"