Install Guides
How to install and start MISP modules (in a Python virtualenv)?¶
SUDO_WWW="sudo -u www-data"
sudo apt-get install -y \
git \
libpq5 \
libjpeg-dev \
tesseract-ocr \
libpoppler-cpp-dev \
imagemagick virtualenv \
libopencv-dev \
zbar-tools \
libzbar0 \
libzbar-dev \
libfuzzy-dev \
libcaca-dev
# BEGIN with virtualenv:
$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv
# END with virtualenv
cd /usr/local/src/
# Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
sudo adduser misp staff
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
git clone https://github.com/MISP/misp-modules.git
git clone git://github.com/stricaud/faup.git faup
git clone git://github.com/stricaud/gtcaca.git gtcaca
# Install gtcaca/faup
cd gtcaca
mkdir -p build
cd build
cmake .. && make
sudo make install
cd ../../faup
mkdir -p build
cd build
cmake .. && make
sudo make install
sudo ldconfig
cd ../../misp-modules
# BEGIN with virtualenv:
$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
$SUDO_WWW /var/www/MISP/venv/bin/pip install .
# END with virtualenv
# BEGIN without virtualenv:
sudo pip install -I -r REQUIREMENTS
sudo pip install .
# END without virtualenv
# Start misp-modules as a service
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
How to install and start MISP modules on RHEL-based distributions ?¶
As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.
SUDO_WWW="sudo -u apache"
sudo yum install \
rh-ruby22 \
openjpeg-devel \
rubygem-rouge \
rubygem-asciidoctor \
zbar-devel \
opencv-devel \
gcc-c++ \
pkgconfig \
poppler-cpp-devel \
python-devel \
redhat-rpm-config
cd /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
cd misp-modules
$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
Create the service file /etc/systemd/system/misp-modules.service :
echo "[Unit]
Description=MISP's modules
After=misp-workers.service
[Service]
Type=simple
User=apache
Group=apache
ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:
systemctl daemon-reload
systemctl enable --now misp-modules
How to use an MISP modules Docker container¶
Docker build¶
docker build -t misp-modules \
--build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
docker/
Docker run¶
# Start Redis
docker run --rm -d --name=misp-redis redis:alpine
# Start MISP-modules
docker run \
--rm -d --name=misp-modules \
-e REDIS_BACKEND=misp-redis \
-e REDIS_PORT="6379" \
-e REDIS_PW="" \
-e REDIS_DATABASE="245" \
-e MISP_MODULES_DEBUG="false" \
dcso/misp-dockerized-misp-modules
Docker-compose¶
services:
misp-modules:
# https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
image: dcso/misp-dockerized-misp-modules:3
# Local image:
#image: misp-modules
#build:
# context: docker/
environment:
# Redis
REDIS_BACKEND: misp-redis
REDIS_PORT: "6379"
REDIS_DATABASE: "245"
# System PROXY (OPTIONAL)
http_proxy:
https_proxy:
no_proxy: 0.0.0.0
# Timezone (OPTIONAL)
TZ: Europe/Berlin
# MISP-Modules (OPTIONAL)
MISP_MODULES_DEBUG: "false"
# Logging options (OPTIONAL)
LOG_SYSLOG_ENABLED: "no"
misp-redis:
# https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
image: redis:alpine
Install misp-module on an offline instance.¶
First, you need to grab all necessary packages for example like this :
Use pip wheel to create an archive
mkdir misp-modules-offline
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
mkdir misp-modules-bundle
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
cd misp-modules-bundle
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done