How to install and start MISP modules (in a Python virtualenv)?¶

_~~bash SUDO_WWW="sudo -u www-data"

sudo apt-get install -y \ git \ libpq5 \ libjpeg-dev \ tesseract-ocr \ libpoppler-cpp-dev \ imagemagick virtualenv \ libopencv-dev \ zbar-tools \ libzbar0 \ libzbar-dev \ libfuzzy-dev \ libcaca-dev

BEGIN with virtualenv:¶

$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv

END with virtualenv¶

cd /usr/local/src/

Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp¶

sudo adduser misp staff sudo chmod 2775 /usr/local/src sudo chown root:staff /usr/local/src git clone https://github.com/MISP/misp-modules.git git clone git://github.com/stricaud/faup.git faup git clone git://github.com/stricaud/gtcaca.git gtcaca

Install gtcaca/faup¶

cd gtcaca mkdir -p build cd build cmake .. && make sudo make install cd ../../faup mkdir -p build cd build cmake .. && make sudo make install sudo ldconfig

cd ../../misp-modules

BEGIN with virtualenv:¶

$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS $SUDO_WWW /var/www/MISP/venv/bin/pip install .

END with virtualenv¶

BEGIN without virtualenv:¶

sudo pip install -I -r REQUIREMENTS sudo pip install .

END without virtualenv¶

Start misp-modules as a service¶

sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/ sudo systemctl daemon-reload sudo systemctl enable --now misp-modules /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules _~~

How to install and start MISP modules on RHEL-based distributions ?¶

As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.

_~~bash SUDO_WWW="sudo -u apache" sudo yum install \ rh-ruby22 \ openjpeg-devel \ rubygem-rouge \ rubygem-asciidoctor \ zbar-devel \ opencv-devel \ gcc-c++ \ pkgconfig \ poppler-cpp-devel \ python-devel \ redhat-rpm-config cd /usr/local/src/ sudo git clone https://github.com/MISP/misp-modules.git cd misp-modules $SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv" $SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS $SUDO_WWW /var/www/MISP/venv/bin/pip install -U . _~~

Create the service file /etc/systemd/system/misp-modules.service :

_~~bash echo "[Unit] Description=MISP's modules After=misp-workers.service

[Service] Type=simple User=apache Group=apache ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s' Restart=always RestartSec=10

[Install] WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service _~~

The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:

_~~bash systemctl daemon-reload systemctl enable --now misp-modules _~~

How to use an MISP modules Docker container¶

Docker build¶

_~~bash docker build -t misp-modules \ --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \ docker/ _~~

Docker run¶

_~~bash

Start Redis¶

docker run --rm -d --name=misp-redis redis:alpine

Start MISP-modules¶

docker run \ --rm -d --name=misp-modules \ -e REDIS_BACKEND=misp-redis \ -e REDIS_PORT="6379" \ -e REDIS_PW="" \ -e REDIS_DATABASE="245" \ -e MISP_MODULES_DEBUG="false" \ dcso/misp-dockerized-misp-modules _~~

Docker-compose¶

_~~yml services: misp-modules: # https://hub.docker.com/r/dcso/misp-dockerized-misp-modules image: dcso/misp-dockerized-misp-modules:3

# Local image:
#image: misp-modules
#build:
#  context: docker/

environment:
  # Redis
  REDIS_BACKEND: misp-redis
  REDIS_PORT: "6379"
  REDIS_DATABASE: "245"
  # System PROXY (OPTIONAL)
  http_proxy: 
  https_proxy: 
  no_proxy: 0.0.0.0
  # Timezone (OPTIONAL)
  TZ: Europe/Berlin
  # MISP-Modules (OPTIONAL)
  MISP_MODULES_DEBUG: "false"
  # Logging options (OPTIONAL)
  LOG_SYSLOG_ENABLED: "no"

misp-redis: # https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/ image: redis:alpine _~~

Install misp-module on an offline instance.¶

First, you need to grab all necessary packages for example like this :

Use pip wheel to create an archive _~ mkdir misp-modules-offline pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/* _~ On offline machine : _~ mkdir misp-modules-bundle tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle cd misp-modules-bundle ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done _~ Next you can follow standard install procedure.