misp-modules/documentation/mkdocs/install.md

## How to install and start MISP modules (in a Python virtualenv)?

~~~~bash
SUDO_WWW="sudo -u www-data"

sudo apt-get install -y \
  git \
  libpq5 \
  libjpeg-dev \
  tesseract-ocr \
  libpoppler-cpp-dev \
  imagemagick virtualenv \
  libopencv-dev \
  zbar-tools \
  libzbar0 \
  libzbar-dev \
  libfuzzy-dev \
  libcaca-dev

# BEGIN with virtualenv:   
$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv
# END with virtualenv

cd /usr/local/src/
# Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
sudo adduser misp staff
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
git clone https://github.com/MISP/misp-modules.git
git clone git://github.com/stricaud/faup.git faup
git clone git://github.com/stricaud/gtcaca.git gtcaca

# Install gtcaca/faup
cd gtcaca
mkdir -p build
cd build
cmake .. && make
sudo make install
cd ../../faup
mkdir -p build
cd build
cmake .. && make
sudo make install
sudo ldconfig

cd ../../misp-modules

# BEGIN with virtualenv: 
$SUDO_WWW  /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
$SUDO_WWW  /var/www/MISP/venv/bin/pip install .
# END with virtualenv

# BEGIN without virtualenv: 
sudo pip install -I -r REQUIREMENTS
sudo pip install .
# END without virtualenv

# Start misp-modules as a service
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
~~~~

## How to install and start MISP modules on RHEL-based distributions ?

As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.

~~~~bash
SUDO_WWW="sudo -u apache"
sudo yum install \
  rh-ruby22 \
  openjpeg-devel \
  rubygem-rouge \
  rubygem-asciidoctor \
  zbar-devel \
  opencv-devel \
  gcc-c++ \
  pkgconfig \
  poppler-cpp-devel \
  python-devel \
  redhat-rpm-config
cd /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
cd misp-modules
$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
~~~~

Create the service file /etc/systemd/system/misp-modules.service :

~~~~bash
echo "[Unit]
Description=MISP's modules
After=misp-workers.service

[Service]
Type=simple
User=apache
Group=apache
ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22  '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
~~~~

The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:

~~~~bash
systemctl daemon-reload
systemctl enable --now misp-modules
~~~~

## How to use an MISP modules Docker container

### Docker build

~~~~bash
docker build -t misp-modules \
    --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
  docker/
~~~~

### Docker run

~~~~bash
# Start Redis
docker run --rm -d --name=misp-redis redis:alpine
# Start MISP-modules
docker run \
    --rm -d --name=misp-modules \
    -e REDIS_BACKEND=misp-redis \
    -e REDIS_PORT="6379" \
    -e REDIS_PW="" \
    -e REDIS_DATABASE="245" \
    -e MISP_MODULES_DEBUG="false" \
    dcso/misp-dockerized-misp-modules
~~~~

### Docker-compose

~~~~yml
services:
  misp-modules:
    # https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
    image: dcso/misp-dockerized-misp-modules:3
    
    # Local image:
    #image: misp-modules
    #build:
    #  context: docker/
    
    environment:
      # Redis
      REDIS_BACKEND: misp-redis
      REDIS_PORT: "6379"
      REDIS_DATABASE: "245"
      # System PROXY (OPTIONAL)
      http_proxy: 
      https_proxy: 
      no_proxy: 0.0.0.0
      # Timezone (OPTIONAL)
      TZ: Europe/Berlin
      # MISP-Modules (OPTIONAL)
      MISP_MODULES_DEBUG: "false"
      # Logging options (OPTIONAL)
      LOG_SYSLOG_ENABLED: "no"
  misp-redis:
    # https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
    image: redis:alpine
~~~~

## Install misp-module on an offline instance.
First, you need to grab all necessary packages for example like this :

Use pip wheel to create an archive
~~~
mkdir misp-modules-offline
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
~~~
On offline machine :
~~~
mkdir misp-modules-bundle
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
cd misp-modules-bundle
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
~~~
Next you can follow standard install procedure.
-												Bugfixing for MISP-modules

											
										
										
											2019-09-02 10:03:32 +02:00
+								## How to install and start MISP modules (in a Python virtualenv)?
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
 								~~~~bash
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								SUDO_WWW="sudo -u www-data"
-												Change Install documentation

											
										
										
											2019-09-02 11:44:54 +02:00
+								sudo apt-get install -y \
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								  git \
 								  libpq5 \
 								  libjpeg-dev \
 								  tesseract-ocr \
 								  libpoppler-cpp-dev \
 								  imagemagick virtualenv \
 								  libopencv-dev \
 								  zbar-tools \
 								  libzbar0 \
 								  libzbar-dev \
-												Add libcaca-dev to apt packages required

I needed to add libcaca-dev to make gtcaca.

## Before
```
misp@server:/usr/local/src/gtcaca/build$ cmake .. && make
-- The C compiler identification is GNU 7.5.0
-- The CXX compiler identification is GNU 7.5.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake system name: Linux
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1")
pkg config path:
-- Check if the system is big endian
-- Searching 16 bit integer
-- Looking for sys/types.h
-- Looking for sys/types.h - found
-- Looking for stdint.h
-- Looking for stdint.h - found
-- Looking for stddef.h
-- Looking for stddef.h - found
-- Check size of unsigned short
-- Check size of unsigned short - done
-- Using unsigned short
-- Check if the system is big endian - little endian
-- Checking for module 'caca'
--   No package 'caca' found
CMake Error at /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:415 (message):
  A required package was not found
Call Stack (most recent call first):
  /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:593 (_pkg_check_modules_internal)
  CMakeLists.txt:69 (pkg_check_modules)


-- Configuring incomplete, errors occurred!
See also "/usr/local/src/gtcaca/build/CMakeFiles/CMakeOutput.log".
```

## After
```
misp@server:/usr/local/src/gtcaca/build$ cmake .. && make
CMake system name: Linux
pkg config path:
-- Checking for module 'caca'
--   Found caca, version 0.99.beta19
libcaca link library: -lcaca
CMake system: Linux
-- Configuring done
-- Generating done
-- Build files have been written to: /usr/local/src/gtcaca/build
```
											
										
										
											2021-10-21 15:14:13 +02:00
+								  libfuzzy-dev \
 								  libcaca-dev
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
 								# BEGIN with virtualenv:
 								$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv
 								# END with virtualenv
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								cd /usr/local/src/
-												chg: [doc] Added details about faup

											
										
										
											2020-05-01 05:09:18 +02:00
+								# Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
 								sudo adduser misp staff
 								sudo chmod 2775 /usr/local/src
 								sudo chown root:staff /usr/local/src
 								git clone https://github.com/MISP/misp-modules.git
 								git clone git://github.com/stricaud/faup.git faup
 								git clone git://github.com/stricaud/gtcaca.git gtcaca
 								# Install gtcaca/faup
 								cd gtcaca
 								mkdir -p build
 								cd build
 								cmake .. && make
 								sudo make install
 								cd ../../faup
 								mkdir -p build
 								cd build
 								cmake .. && make
 								sudo make install
 								sudo ldconfig
 								cd ../../misp-modules
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
 								# BEGIN with virtualenv:
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								$SUDO_WWW  /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
 								$SUDO_WWW  /var/www/MISP/venv/bin/pip install .
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
+								# END with virtualenv
 								# BEGIN without virtualenv:
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								sudo pip install -I -r REQUIREMENTS
 								sudo pip install .
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
+								# END without virtualenv
-												Change Install documentation

											
										
										
											2019-09-02 11:44:54 +02:00
+								# Start misp-modules as a service
 								sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
 								sudo systemctl daemon-reload
 								sudo systemctl enable --now misp-modules
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
 								~~~~
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
+								## How to install and start MISP modules on RHEL-based distributions ?
 								As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.
 								~~~~bash
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								SUDO_WWW="sudo -u apache"
-												Fix Install.md

											
										
										
											2019-09-02 11:49:56 +02:00
+								sudo yum install \
 								  rh-ruby22 \
 								  openjpeg-devel \
 								  rubygem-rouge \
 								  rubygem-asciidoctor \
 								  zbar-devel \
 								  opencv-devel \
 								  gcc-c++ \
 								  pkgconfig \
 								  poppler-cpp-devel \
 								  python-devel \
 								  redhat-rpm-config
 								cd /usr/local/src/
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								sudo git clone https://github.com/MISP/misp-modules.git
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
+								cd misp-modules
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
+								$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
 								$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
 								$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
-												Update install doc

											
										
										
											2019-09-02 10:21:37 +02:00
+								~~~~
 								Create the service file /etc/systemd/system/misp-modules.service :
 								~~~~bash
 								echo "[Unit]
 								Description=MISP's modules
 								After=misp-workers.service
 								[Service]
 								Type=simple
 								User=apache
 								Group=apache
 								ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22  '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'
 								Restart=always
 								RestartSec=10
 								[Install]
 								WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
 								~~~~
 								The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:
 								~~~~bash
 								systemctl daemon-reload
 								systemctl enable --now misp-modules
 								~~~~
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								## How to use an MISP modules Docker container
-												Change Install documentation

											
										
										
											2019-09-02 11:44:54 +02:00
+								### Docker build
 								~~~~bash
 								docker build -t misp-modules \
 								    --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
 								  docker/
 								~~~~
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								### Docker run
 								~~~~bash
 								# Start Redis
-												Fix Bugs

											
										
										
											2019-07-31 10:43:17 +02:00
+								docker run --rm -d --name=misp-redis redis:alpine
-												Bugfixing for MISP-modules

											
										
										
											2019-09-02 10:03:32 +02:00
+								# Start MISP-modules
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								docker run \
-												Fix Bugs

											
										
										
											2019-07-31 10:43:17 +02:00
+								    --rm -d --name=misp-modules \
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								    -e REDIS_BACKEND=misp-redis \
 								    -e REDIS_PORT="6379" \
 								    -e REDIS_PW="" \
 								    -e REDIS_DATABASE="245" \
-												Fix Bugs

											
										
										
											2019-07-31 10:43:17 +02:00
+								    -e MISP_MODULES_DEBUG="false" \
-												Bugfixing for MISP-modules

											
										
										
											2019-09-02 10:03:32 +02:00
+								    dcso/misp-dockerized-misp-modules
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								~~~~
 								### Docker-compose
 								~~~~yml
 								services:
 								  misp-modules:
 								    # https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
 								    image: dcso/misp-dockerized-misp-modules:3
-												Fixing Install.md

											
										
										
											2019-09-02 11:56:04 +02:00
 								    # Local image:
 								    #image: misp-modules
 								    #build:
 								    #  context: docker/
-												Add mkdocs as a great web documentation

											
										
										
											2019-07-31 08:25:51 +02:00
+								    environment:
 								      # Redis
 								      REDIS_BACKEND: misp-redis
 								      REDIS_PORT: "6379"
 								      REDIS_DATABASE: "245"
 								      # System PROXY (OPTIONAL)
 								      http_proxy:
 								      https_proxy:
 								      no_proxy: 0.0.0.0
 								      # Timezone (OPTIONAL)
 								      TZ: Europe/Berlin
 								      # MISP-Modules (OPTIONAL)
 								      MISP_MODULES_DEBUG: "false"
 								      # Logging options (OPTIONAL)
 								      LOG_SYSLOG_ENABLED: "no"
 								  misp-redis:
 								    # https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
 								    image: redis:alpine
 								~~~~
 								## Install misp-module on an offline instance.
 								First, you need to grab all necessary packages for example like this :
 								Use pip wheel to create an archive
 								~~~
 								mkdir misp-modules-offline
 								pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
 								tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
 								~~~
 								On offline machine :
 								~~~
 								mkdir misp-modules-bundle
 								tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
 								cd misp-modules-bundle
 								ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
 								~~~
-												chg: [doc] Added details about faup

											
										
										
											2020-05-01 05:09:18 +02:00
+								Next you can follow standard install procedure.