mirror of https://github.com/MISP/misp-packer
Return the value of the sha1 and sha512 checksums of the generated VM, thanks to a post-processor. Various improvemts to the bootstrap script.
parent
a71c4772c6
commit
2e49d297e0
|
@ -16,7 +16,9 @@ Launch the generation with the VirtualBox builder:
|
|||
$ packer build -only=virtualbox-iso misp.json
|
||||
|
||||
A VirtualBox image will be generated and stored in the folder
|
||||
*output-virtualbox-iso*. You can directly import it in VirtualBox.
|
||||
*output-virtualbox-iso*. Default credentials are displayed (Web interface, SSH
|
||||
and MariaDB) at the end of the process. You can directly import the image in
|
||||
VirtualBox.
|
||||
|
||||
If you want to build an image for VMWare you will need to install it and to
|
||||
use the VMWare builder with the command:
|
||||
|
@ -36,3 +38,6 @@ You can also launch all builders in parallel.
|
|||
$ GITHUB_AUTH_TOKEN=<your-github-auth-token>
|
||||
$ TAG=$(curl https://api.github.com/repos/MISP/MISP/releases/latest | jq -r '.tag_name')
|
||||
$ ./upload.sh github_api_token=$GITHUB_AUTH_TOKEN owner=MISP repo=MISP tag=$TAG filename=./output-virtualbox-iso/MISP_demo.ova
|
||||
|
||||
You can add these lines in the *post-processors* section of the file
|
||||
*misp.json* if you want to automate the process.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"variables": {
|
||||
"ssh_name": "packer",
|
||||
"ssh_pass": "packer",
|
||||
"ssh_name": "misp",
|
||||
"ssh_pass": "Password1234",
|
||||
"hostname": "packer",
|
||||
"vm_name": "MISP_demo",
|
||||
"disk_size": "10000"
|
||||
|
@ -96,5 +96,10 @@
|
|||
"execute_command" : "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
|
||||
"script": "scripts/bootstrap.sh",
|
||||
"pause_before": "10s"
|
||||
}],
|
||||
|
||||
"post-processors":[{
|
||||
"type": "checksum",
|
||||
"checksum_types": ["sha1", "sha512"]
|
||||
}]
|
||||
}
|
||||
|
|
|
@ -47,10 +47,10 @@ d-i partman-auto-lvm/guided_size string max
|
|||
d-i mirror/http/proxy string
|
||||
|
||||
# Default user, change
|
||||
d-i passwd/user-fullname string packer
|
||||
d-i passwd/username string packer
|
||||
d-i passwd/user-password password packer
|
||||
d-i passwd/user-password-again password packer
|
||||
d-i passwd/user-fullname string misp
|
||||
d-i passwd/username string misp
|
||||
d-i passwd/user-password password Password1234
|
||||
d-i passwd/user-password-again password Password1234
|
||||
d-i user-setup/encrypt-home boolean false
|
||||
d-i user-setup/allow-password-weak boolean true
|
||||
|
||||
|
@ -58,7 +58,7 @@ d-i user-setup/allow-password-weak boolean true
|
|||
d-i pkgsel/install-language-support boolean false
|
||||
|
||||
# Individual additional packages to install
|
||||
d-i pkgsel/include string build-essential ssh
|
||||
d-i pkgsel/include string ssh
|
||||
|
||||
#For the update
|
||||
d-i pkgsel/update-policy select none
|
||||
|
|
|
@ -32,28 +32,28 @@ GPG_PASSPHRASE=''
|
|||
|
||||
|
||||
|
||||
echo -e "\n--- Installing MISP... ---\n"
|
||||
echo "\n--- Installing MISP... ---\n"
|
||||
|
||||
|
||||
echo -e "\n--- Updating packages list ---\n"
|
||||
echo "\n--- Updating packages list ---\n"
|
||||
sudo apt-get -qq update
|
||||
|
||||
|
||||
echo -e "\n--- Install base packages ---\n"
|
||||
echo "\n--- Install base packages ---\n"
|
||||
sudo apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Installing and configuring Postfix ---\n"
|
||||
echo "\n--- Installing and configuring Postfix ---\n"
|
||||
# # Postfix Configuration: Satellite system
|
||||
# # change the relay server later with:
|
||||
# sudo postconf -e 'relayhost = example.com'
|
||||
# sudo postfix reload
|
||||
echo "postfix postfix/mailname string `hostname`.ourdomain.org" | debconf-set-selections
|
||||
echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections
|
||||
echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections
|
||||
sudo apt-get install -y postfix > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Installing MariaDB specific packages and settings ---\n"
|
||||
echo "\n--- Installing MariaDB specific packages and settings ---\n"
|
||||
sudo apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
|
||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||
sleep 7 # give some time to the DB to launch...
|
||||
|
@ -82,7 +82,7 @@ EOF
|
|||
sudo apt-get purge -y expect > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Installing Apache2 ---\n"
|
||||
echo "\n--- Installing Apache2 ---\n"
|
||||
sudo apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
|
||||
sudo a2dismod status > /dev/null 2>&1
|
||||
sudo a2enmod ssl > /dev/null 2>&1
|
||||
|
@ -91,15 +91,15 @@ sudo a2dissite 000-default > /dev/null 2>&1
|
|||
sudo a2ensite default-ssl > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Installing PHP-specific packages ---\n"
|
||||
echo "\n--- Installing PHP-specific packages ---\n"
|
||||
sudo apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Restarting Apache ---\n"
|
||||
echo "\n--- Restarting Apache ---\n"
|
||||
sudo systemctl restart apache2 > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Retrieving MISP ---\n"
|
||||
echo "\n--- Retrieving MISP ---\n"
|
||||
mkdir $PATH_TO_MISP
|
||||
sudo chown www-data:www-data $PATH_TO_MISP
|
||||
cd $PATH_TO_MISP
|
||||
|
@ -111,7 +111,7 @@ sudo -u www-data git config core.filemode false
|
|||
# chmod -R 700 $PATH_TO_MISP
|
||||
|
||||
|
||||
echo -e "\n--- Installing Mitre's STIX ---\n"
|
||||
echo "\n--- Installing Mitre's STIX ---\n"
|
||||
sudo apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
|
||||
cd $PATH_TO_MISP/app/files/scripts
|
||||
sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
|
||||
|
@ -130,7 +130,7 @@ sudo -u www-data git checkout v1.0.2
|
|||
sudo python setup.py install > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Retrieving CakePHP... ---\n"
|
||||
echo "\n--- Retrieving CakePHP... ---\n"
|
||||
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
|
||||
cd $PATH_TO_MISP
|
||||
sudo -u www-data git submodule init
|
||||
|
@ -146,7 +146,7 @@ sudo phpenmod redis
|
|||
sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
|
||||
|
||||
|
||||
echo -e "\n--- Setting the permissions... ---\n"
|
||||
echo "\n--- Setting the permissions... ---\n"
|
||||
sudo chown -R www-data:www-data $PATH_TO_MISP
|
||||
sudo chmod -R 750 $PATH_TO_MISP
|
||||
sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
|
||||
|
@ -154,7 +154,7 @@ sudo chmod -R g+ws $PATH_TO_MISP/app/files
|
|||
sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
|
||||
|
||||
|
||||
echo -e "\n--- Creating a database user... ---\n"
|
||||
echo "\n--- Creating a database user... ---\n"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
|
||||
sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
|
||||
|
@ -163,30 +163,30 @@ sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
|
|||
sudo -u www-data mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql
|
||||
|
||||
|
||||
echo -e "\n--- Configuring Apache... ---\n"
|
||||
echo "\n--- Configuring Apache... ---\n"
|
||||
# !!! apache.24.misp.ssl seems to be missing
|
||||
#cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
|
||||
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
|
||||
sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null
|
||||
|
||||
|
||||
echo -e "\n--- Add a VirtualHost for MISP ---\n"
|
||||
echo "\n--- Add a VirtualHost for MISP ---\n"
|
||||
sudo cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin me@me.local
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
ServerAdmin admin@misp.local
|
||||
ServerName misp.local
|
||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
<Directory $PATH_TO_MISP/app/webroot>
|
||||
Options -Indexes
|
||||
AllowOverride all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/misp.local_error.log
|
||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
EOF
|
||||
# cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
||||
|
@ -228,15 +228,15 @@ sudo a2dissite default-ssl
|
|||
sudo a2ensite misp-ssl
|
||||
|
||||
|
||||
echo -e "\n--- Restarting Apache ---\n"
|
||||
echo "\n--- Restarting Apache ---\n"
|
||||
sudo systemctl restart apache2 > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Configuring log rotation ---\n"
|
||||
echo "\n--- Configuring log rotation ---\n"
|
||||
sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||
|
||||
|
||||
echo -e "\n--- MISP configuration ---\n"
|
||||
echo "\n--- MISP configuration ---\n"
|
||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||
sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||
|
@ -268,7 +268,7 @@ sudo $PATH_TO_MISP/app/Console/cake Baseurl $MISP_BASEURL
|
|||
sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
|
||||
|
||||
|
||||
echo -e "\n--- Generating a GPG encryption key... ---\n"
|
||||
echo "\n--- Generating a GPG encryption key... ---\n"
|
||||
sudo apt-get install -y rng-tools haveged
|
||||
sudo -u www-data mkdir $PATH_TO_MISP/.gnupg
|
||||
sudo chmod 700 $PATH_TO_MISP/.gnupg
|
||||
|
@ -292,7 +292,7 @@ rm gen-key-script
|
|||
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-scriptgpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc
|
||||
|
||||
|
||||
echo -e "\n--- Making the background workers start on boot... ---\n"
|
||||
echo "\n--- Making the background workers start on boot... ---\n"
|
||||
sudo chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
|
||||
# With systemd:
|
||||
# sudo cat > /etc/systemd/system/workers.service <<EOF
|
||||
|
@ -320,7 +320,7 @@ fi
|
|||
sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
|
||||
|
||||
|
||||
# echo -e "\n--- Installing MISP modules... ---\n"
|
||||
# echo "\n--- Installing MISP modules... ---\n"
|
||||
# sudo apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1
|
||||
# cd /usr/local/src/
|
||||
# sudo git clone https://github.com/MISP/misp-modules.git
|
||||
|
@ -343,21 +343,21 @@ sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start
|
|||
# sudo systemctl restart misp-modules.service > /dev/null
|
||||
|
||||
|
||||
echo -e "\n--- Restarting Apache... ---\n"
|
||||
echo "\n--- Restarting Apache... ---\n"
|
||||
sudo systemctl restart apache2 > /dev/null 2>&1
|
||||
sleep 5
|
||||
|
||||
echo -e "\n--- Updating the galaxies... ---\n"
|
||||
echo "\n--- Updating the galaxies... ---\n"
|
||||
sudo -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null
|
||||
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
|
||||
curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/galaxies/update > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\n--- Updating the taxonomies... ---\n"
|
||||
echo "\n--- Updating the taxonomies... ---\n"
|
||||
curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/taxonomies/update > /dev/null 2>&1
|
||||
|
||||
|
||||
# echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
|
||||
# echo "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
|
||||
# # ZeroMQ depends on the Python client for Redis
|
||||
# pip install redis > /dev/null 2>&1
|
||||
# ## Install ZeroMQ and prerequisites
|
||||
|
@ -385,9 +385,9 @@ curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v h
|
|||
# pip install pyzmq > /dev/null 2>&1
|
||||
|
||||
|
||||
echo -e "\e[32mMISP is ready\e[0m"
|
||||
echo -e "Login and passwords for the MISP image are the following:"
|
||||
echo -e "Web interface (default network settings): $MISP_BASEURL"
|
||||
echo -e "MISP admin: admin@admin.test/admin"
|
||||
echo -e "Shell/SSH: packer/packer"
|
||||
echo -e "MySQL: $DBUSER_ADMIN/$DBPASSWORD_ADMIN - $DBUSER_MISP/$DBPASSWORD_MISP"
|
||||
echo "\e[32mMISP is ready\e[0m"
|
||||
echo "Login and passwords for the MISP image are the following:"
|
||||
echo "Web interface (default network settings): $MISP_BASEURL"
|
||||
echo "MISP admin: admin@admin.test/admin"
|
||||
echo "Shell/SSH: misp/Password1234"
|
||||
echo "MySQL: $DBUSER_ADMIN/$DBPASSWORD_ADMIN - $DBUSER_MISP/$DBPASSWORD_MISP"
|
||||
|
|
Loading…
Reference in New Issue