MISP
/
misp-packer
mirror of https://github.com/MISP/misp-packer
2
0
Fork 0
Code Issues Releases Wiki Activity

HCL2 Upgrade.

pull/22/head
lluked 2022-03-14 18:41:06 +00:00
parent a117b2df32
commit 58658ca713
13 changed files with 392 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -1,8 +1,3 @@
packer_cache/
output-virtualbox-iso/
output-vmware-iso/
output/
scripts/INSTALL.sh*
*.checksum
misp-deploy.json
packerlog-vbox.txt
packerlog-vmware.txt

86
README.md
View File

@ -1,64 +1,40 @@
# Build Automated Machine Images for MISP
Build a virtual machine for MISP based on Ubuntu 18.04 server
(for VirtualBox or VMWare).
Fork of misp-packer
## Requirements
Works with ubuntu 20.04.4 iso
* [VirtualBox](https://www.virtualbox.org)
* [Packer](https://www.packer.io) from the Packer website
* *index-fancy* -> https://github.com/Vestride/fancy-index (on deployment side)
* *rhash* -> sudo apt install rhash (on the builder side)
Changes:
## Usage
- .json packer file converted to hcl2 with builtin packer converter.
- required_plugins defined to allow installation with packer init.
- Variables seperated into "variables.pkr.hcl" file.
- Other common settings between builders turned into variables and defaults set.
- Default variable overides in "variables.auto.pkrvars.hcl" file.
- VirtualBox modifyvm variables moved to main source block where compatible.
- Removed VirtualBox modifyvm variables that are setting a value that is already the default.
- Created seperate `user-data` files as ubunu 20.04 uses `enp0s3` interface in virtualbox and `ens33` in vmware.
- Created seperate issue files for virtualbox and vmware due to different networking interfaces.
- Removed VirtualBox port forwards for Jupyter as it seems it is no longer installed.
- Removed VirtualBox port forwards for Viper and Misp Dashboard as current Install script staes they are broken and not installed.
- Boot command changed as was not working while testing.
- Cloud config files are now mounted as cidata instead of using http.
- INSTALL.sh needs placing in scripts folder as build scripts which download the file have not been updated.
- Output directory has changed to "output/${var.vm_name}_{{ .Builder }}/". Easy enough to change back if wanted.
- Post Processor checksum is used to create checksums for boxes.
Launch the generation with the VirtualBox builder:
To-do:
$./build_vbox.sh
- Update .sh scripts (This was not done as I wasn't too familiar with what a lot of them did).
- Full Testing as I have limited experience with misp.
A VirtualBox image will be generated and stored in the folder
*output-virtualbox-iso*.
Instructions:
- Read Notes
- Run `packer init .` to install required plugins.
- Place latest [INSTALL.sh]("https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh") in scripts folder.
- Run `Packer build -only=vmware-iso .` for vmware build. `Packer build -only=vmware-iso.ubuntu .` on mac.
- Run `Packer build -only=virtualbox-iso .` for virtualbox build. `Packer build -only=virtualbox-iso.ubuntu .` on mac
- Run `Packer build .` to build both.
Default credentials are displayed (Web interface, SSH and MariaDB) at the end
of the process. You can directly import the image in VirtualBox.
The sha1 and sha512 checksums of the generated VM will be stored in the files
*packer_virtualbox-iso_virtualbox-iso_sha1.checksum* and
*packer_virtualbox-iso_virtualbox-iso_sha512.checksum* respectively.
In case you encounter a problem with the ``MISP_BASEURL``, you can still change
it when the VM is running. For example the IP address of your VM is
``172.16.100.123`` you can set ``MISP_BASEURL`` from your host with the command:
$ ssh misp@172.16.100.123 sudo -u www-data /var/www/MISP/app/Console/cake Baseurl http://172.16.100.123
If you want to build an image for VMWare you will need to install it and to
use the VMWare builder with the command:
$ packer build -only=vmware-iso misp.json
You can also launch all builders in parallel.
### Modules activated by default in the VM
* [MISP galaxy](https://github.com/MISP/misp-galaxy)
* [MISP modules](https://github.com/MISP/misp-modules)
* [MISP taxonomies](https://github.com/MISP/misp-taxonomies)
* [MISP noticelists](https://github.com/MISP/misp-noticelist)
* [MISP warninglists](https://github.com/MISP/misp-warninglists)
* [MISP ZMQ](https://github.com/MISP/misp-book/tree/master/misp-zmq)
* [MISP dashboard](https://github.com/MISP/misp-dashboard)
## Automatic export to GitHub
$ GITHUB_AUTH_TOKEN=<your-github-auth-token>
$ TAG=$(curl https://api.github.com/repos/MISP/MISP/releases/latest | jq -r '.tag_name')
$ ./upload.sh github_api_token=$GITHUB_AUTH_TOKEN owner=MISP repo=MISP tag=$TAG filename=./output-virtualbox-iso/MISP_demo.ova
## Upload latest release
curl -s https://api.github.com/repos/MISP/MISP/tags |jq -r '.[0] | .name'
You can add these lines in the *post-processors* section of the file
*misp.json* if you want to automate the process.
Notes:
- Timing is important, different hosts load at different speeds, boot_wait needs changing to suit the build host. Seperate variables exist for Virtualbox and VMWare.

0
http/meta-data → cidata/meta-data
View File

28
cidata/virtualbox/user-data Normal file
View File

@ -0,0 +1,28 @@
#cloud-config
autoinstall:
version: 1
apt:
geoip: true
preserve_sources_list: true
identity:
hostname: misp-vm
username: 'misp'
password: '$6$Zw5jtOmRPBqrzFT7$st/15FZrcYhlt7bgv70ILUsPfzEuFumiZF.CdXJ9VdVXXLHI4WIjJ6MS/5g3410L1ogCO5O7B7ro.XEFZ2P0o0'
keyboard:
layout: us
variant: ''
locale: en_US
network:
network:
version: 2
ethernets:
enp0s3:
dhcp4: true
dhcp-identifier: mac
ssh:
allow-pw: true
authorized-keys: []
install-server: true
storage:
layout:
name: lvm

5
http/user-data → cidata/vmware/user-data
View File

@ -25,7 +25,4 @@ autoinstall:
install-server: true
storage:
layout:
name: lvm
late-commands:
- sed -i 's/^#*\(send dhcp-client-identifier\).*$/\1 = hardware;/' /target/etc/dhcp/dhclient.conf
- 'sed -i "s/dhcp4: true/&\n dhcp-identifier: mac/" /target/etc/netplan/00-installer-config.yaml'
name: lvm

28
conffiles/issue
View File

@ -1,28 +0,0 @@
Ubuntu 18.04.1 LTS \n \l
Welcome to the MISP Threat Sharing VM.
---
IP address: \4{eth0}
---
MISP http://\4{eth0} admin@admin.test / admin
https://\4{eth0}
MISP-modules (API) http://\4{eth0}:6666 (no credentials)
MISP-dashboard http://\4{eth0}:8001 (no credentials)
Viper-web http://\4{eth0}:8888 admin / Password1234
jupyter-notebook http://\4{eth0}:8889
The default system credentials are: misp / Password1234
On VirtualBox port-forwarding from your host to the guest is in place.
Below are the forwards as we need to use ports >1024 for some.
MISP -> 8080 and :8443
ssh -> 2222
misp-modules -> 1666
If this fails, make sure the host machine is not occupying one of the forwarded ports or a firewall is active.
----

25
conffiles/virtualbox/issue Normal file
View File

@ -0,0 +1,25 @@
Ubuntu 20.04.4 LTS \n \l
Welcome to the MISP Threat Sharing VM.
---
IP address: \4{enp0s3}
---
MISP http://\4{enp0s3} admin@admin.test / admin
https://\4{enp0s3}
MISP-Modules (API) http://\4{enp0s3}:6666 (Auth Key)
The default system credentials are: misp / Password1234
On VirtualBox port-forwarding from your host to the guest is in place.
Below are the forwards as we need to use ports >1024 for some.
SSH -> 2222
MISP -> 8080 and 8443
MISP-Modules (API) -> 1666 (API)
If this fails, make sure the host machine is not occupying one of the forwarded ports or a firewall is active.
----

16
conffiles/vmware/issue Normal file
View File

@ -0,0 +1,16 @@
Ubuntu 20.04.4 LTS \n \l
Welcome to the MISP Threat Sharing VM.
---
IP address: \4{ens33}
---
MISP http://\4{ens33} admin@admin.test / admin
https://\4{ens33}
MISP-Modules (API) http://\4{ens33}:6666 (Auth Key)
The default system credentials are: misp / Password1234
----

174
misp.json
View File

@ -1,174 +0,0 @@
{
"_comment": "MISP VM Autogen packer build system",
"builders": [
{
"boot_command": [
"{{ user `boot_command_prefix` }}",
"autoinstall ds=nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/",
"<enter>"
],
"disk_size": "{{ user `disk_size` }}",
"export_opts": [
"--manifest",
"--vsys", "0",
"--eulafile", "/tmp/LICENSE-misp",
"--description", "{{ user `vm_description` }}",
"--version", "{{ user `vm_version` }}"
],
"format": "ova",
"guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso",
"guest_os_type": "Ubuntu_64",
"hard_drive_interface": "sata",
"headless": "{{ user `headless` }}",
"http_directory": "http",
"http_port_max": 9011,
"http_port_min": 9001,
"iso_checksum": "{{ user `iso_checksum` }}",
"iso_checksum_type": "{{ user `iso_checksum_type` }}",
"iso_urls": [
"{{ user `iso_path` }}/{{ user `iso_name` }}",
"{{ user `iso_url` }}"
],
"shutdown_command": "echo {{ user `ssh_pass` }} | sudo -S shutdown -P now",
"ssh_password": "{{ user `ssh_pass` }}",
"ssh_pty": "true",
"ssh_timeout": "20m",
"ssh_username": "{{ user `ssh_user` }}",
"type": "virtualbox-iso",
"vboxmanage": [
[ "modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "ssh,tcp,,2222,0.0.0.0,22" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "http,tcp,,8080,,80" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "https,tcp,,8443,,443" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "dashboard,tcp,,8001,0.0.0.0,8001" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "viper,tcp,,8888,0.0.0.0,8888" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "jupyter-notebook,tcp,,8889,0.0.0.0,8889" ],
[ "modifyvm", "{{.Name}}", "--natpf1", "misp-modules,tcp,,1666,0.0.0.0,6666" ],
[ "modifyvm", "{{.Name}}", "--audio", "none" ],
[ "modifyvm", "{{.Name}}", "--graphicscontroller", "vmsvga" ],
[ "modifyvm", "{{.Name}}", "--usb", "off" ],
[ "modifyvm", "{{.Name}}", "--vrde", "off" ],
[ "modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}" ],
[ "modifyvm", "{{.Name}}", "--vram", "32" ]
],
"vm_name": "{{user `vm_name`}}"
},
{
"boot_command": [
"{{ user `boot_command_prefix` }}",
"autoinstall ds=nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/",
"<enter>"
],
"boot_wait": "5s",
"disk_size": "{{ user `disk_size` }}",
"guest_os_type": "ubuntu-64",
"headless": "{{ user `headless` }}",
"http_directory": "http",
"http_port_min": 9001,
"http_port_max": 9011,
"iso_checksum": "{{ user `iso_checksum` }}",
"iso_checksum_type": "{{ user `iso_checksum_type` }}",
"iso_urls": [
"{{ user `iso_path` }}/{{ user `iso_name` }}",
"{{ user `iso_url` }}"
],
"memory": "{{ user `memory` }}",
"shutdown_command": "echo {{user `ssh_pass`}} |sudo -S shutdown -P now",
"skip_compaction": false,
"ssh_pty": "true",
"ssh_timeout": "30m",
"ssh_handshake_attempts": "90",
"ssh_username": "{{user `ssh_user`}}",
"ssh_password": "{{user `ssh_pass`}}",
"type": "vmware-iso",
"vm_name": "{{ user `vm_name` }}"
}
],
"provisioners": [
{
"environment_vars": [
"DESKTOP={{user `desktop`}}",
"UPDATE={{user `update`}}",
"http_proxy={{user `http_proxy`}}",
"https_proxy={{user `https_proxy`}}",
"no_proxy={{user `no_proxy`}}"
],
"execute_command": "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
"inline": [
"echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"
],
"type": "shell"
},
{
"execute_command": "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
"script": "scripts/extend.sh",
"type": "shell"
},
{
"execute_command": "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
"script": "scripts/users.sh",
"type": "shell"
},
{
"destination": "/tmp/INSTALL.sh",
"source": "scripts/INSTALL.sh",
"type": "file"
},
{
"environment_vars": [
"PACKER=1",
"DEBIAN_FRONTEND=noninteractive"
],
"execute_command": "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -u {{user `ssh_user`}} -E -S bash '{{ .Path }}'",
"inline": [
"chmod u+x /tmp/INSTALL.sh",
"/tmp/INSTALL.sh -A -u"
],
"pause_before": "10s",
"type": "shell"
},
{
"destination": "/tmp/crontab",
"source": "conffiles/crontab",
"type": "file"
},
{
"destination": "/tmp/issue",
"source": "conffiles/issue",
"type": "file"
},
{
"execute_command": "echo '{{user `ssh_pass`}}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
"expect_disconnect": "true",
"pause_after": "30s",
"pause_before": "10s",
"script": "scripts/clean.sh",
"type": "shell"
}
],
"variables": {
"boot_command_prefix": "<enter><enter><f6><esc><wait> ",
"cpus": "1",
"desktop": "false",
"disk_size": "25000",
"headless": "true",
"hostname": "misp",
"http_proxy": "{{env `http_proxy`}}",
"https_proxy": "{{env `https_proxy`}}",
"iso_checksum": "302c990c6d69575ff24c96566e5c7e26bf36908abb0cd546e22687c46fb07bf8dba595bf77a9d4fd9ab63e75c0437c133f35462fd41ea77f6f616140cd0e5e6a",
"iso_checksum_type": "sha512",
"iso_name": "ubuntu-20.04.1-live-server-amd64.iso",
"iso_path": "iso",
"iso_url": "https://releases.ubuntu.com/20.04/ubuntu-20.04.1-live-server-amd64.iso",
"memory": "3072",
"no_proxy": "{{env `no_proxy`}}",
"ovftool_path": "ovftool",
"ssh_fullname": "MISP User",
"ssh_user": "misp",
"ssh_pass": "Password1234",
"update": "true",
"vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.",
"vm_name": "MISP_demo",
"vm_version": "2.4"
}
}

138
misp.pkr.hcl Normal file
View File

@ -0,0 +1,138 @@
## Required plugins
packer {
required_plugins {
virtualbox = {
version = ">= 0.0.1"
source = "github.com/hashicorp/virtualbox"
}
vmware = {
version = ">= 1.0.3"
source = "github.com/hashicorp/vmware"
}
}
}
## Source blocks
source "virtualbox-iso" "ubuntu" {
boot_command = "${var.boot_command}"
boot_wait = "${var.boot_wait_virtualbox}"
cd_files = ["./cidata/meta-data","./cidata/virtualbox/user-data"]
cd_label = "${var.cd_label}"
// cpus = "${var.cpus}"
disk_size = "${var.disk_size}"
export_opts = [
"--manifest",
"--vsys", "0",
"--description", "${var.vm_description}",
"--version", "${var.vm_version}"
]
format = "ova"
gfx_controller = "vmsvga"
gfx_vram_size = "32"
guest_additions_path = "VBoxGuestAdditions_{{ .Version }}.iso"
guest_os_type = "Ubuntu_64"
hard_drive_interface = "sata"
headless = "${var.headless}"
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum}"
iso_urls = ["${var.iso_path}/${var.iso_name}", "${var.iso_url}"]
memory = "${var.memory}"
output_directory = "output/${var.vm_name}_virtualbox/"
shutdown_command = "echo ${var.ssh_pass} | sudo -S shutdown -P now"
ssh_handshake_attempts = "${var.ssh_handshake_attempts}"
ssh_password = "${var.ssh_pass}"
ssh_pty = "${var.ssh_pty}"
ssh_timeout = "${var.ssh_timeout}"
ssh_username = "${var.ssh_username}"
vboxmanage = [
["modifyvm", "{{ .Name }}", "--natpf1", "ssh,tcp,,2222,0.0.0.0,22"],
["modifyvm", "{{ .Name }}", "--natpf1", "http,tcp,,8080,,80"],
["modifyvm", "{{ .Name }}", "--natpf1", "https,tcp,,8443,,443"],
["modifyvm", "{{ .Name }}", "--natpf1", "dashboard,tcp,,8001,0.0.0.0,8001"],
["modifyvm", "{{ .Name }}", "--natpf1", "misp-modules,tcp,,1666,0.0.0.0,6666"],
["modifyvm", "{{ .Name }}", "--vrde", "off"]
]
vm_name = "${var.vm_name}"
}
source "vmware-iso" "ubuntu" {
boot_command = "${var.boot_command}"
boot_wait = "${var.boot_wait_vmware}"
cd_files = ["./cidata/meta-data","./cidata/vmware/user-data"]
cd_label = "${var.cd_label}"
disk_size = "${var.disk_size}"
guest_os_type = "ubuntu-64"
headless = "${var.headless}"
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum}"
iso_urls = ["${var.iso_path}/${var.iso_name}", "${var.iso_url}"]
memory = "${var.memory}"
output_directory = "output/${var.vm_name}_vmware/"
shutdown_command = "echo ${var.ssh_pass} |sudo -S shutdown -P now"
skip_compaction = false
ssh_handshake_attempts = "${var.ssh_handshake_attempts}"
ssh_password = "${var.ssh_pass}"
ssh_pty = "${var.ssh_pty}"
ssh_timeout = "${var.ssh_timeout}"
ssh_username = "${var.ssh_username}"
tools_upload_flavor = "linux"
vm_name = "${var.vm_name}"
}
## Build blocks
build {
sources = ["source.virtualbox-iso.ubuntu", "source.vmware-iso.ubuntu"]
provisioner "shell" {
environment_vars = ["DESKTOP=${var.desktop}", "UPDATE=${var.update}", "http_proxy=${var.http_proxy}", "https_proxy=${var.https_proxy}", "no_proxy=${var.no_proxy}"]
execute_command = "echo '${var.ssh_pass}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'"
inline = ["echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"]
}
provisioner "shell" {
execute_command = "echo '${var.ssh_pass}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'"
script = "scripts/extend.sh"
}
provisioner "shell" {
execute_command = "echo '${var.ssh_pass}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'"
script = "scripts/users.sh"
}
provisioner "file" {
destination = "/tmp/INSTALL.sh"
source = "scripts/INSTALL.sh"
}
provisioner "shell" {
environment_vars = ["PACKER=1", "DEBIAN_FRONTEND=noninteractive"]
execute_command = "echo '${var.ssh_pass}' | {{ .Vars }} sudo -u ${var.ssh_username} -E -S bash '{{ .Path }}'"
inline = ["chmod u+x /tmp/INSTALL.sh", "/tmp/INSTALL.sh -A -u"]
pause_before = "10s"
}
provisioner "file" {
destination = "/tmp/crontab"
source = "conffiles/crontab"
}
provisioner "file" {
destination = "/tmp/issue"
source = "conffiles/${trimsuffix(source.type, "-iso")}/issue"
}
provisioner "shell" {
execute_command = "echo '${var.ssh_pass}' | {{ .Vars }} sudo -E -S sh '{{ .Path }}'"
expect_disconnect = "true"
pause_after = "30s"
pause_before = "10s"
script = "scripts/clean.sh"
}
post-processor "checksum" {
checksum_types = ["sha256"]
output = "output/${var.vm_name}_${trimsuffix(source.type, "-iso")}/${var.vm_name}_{{ .ChecksumType }}.checksum"
}
}

7
variables.auto.pkrvars.hcl Normal file
View File

@ -0,0 +1,7 @@
## Overide default variables to suit build.
boot_wait_virtualbox = "7s"
boot_wait_vmware = "10s"
headless = "false"
cpus = "2"
memory = "4096"
vm_name = "MISP-Ubuntu"

145
variables.pkr.hcl Normal file
View File

@ -0,0 +1,145 @@
# Read the documentation for variables here:
# https://www.packer.io/docs/templates/hcl_templates/variables
variable "boot_command" {
type = list (string)
default = [
"<enter><wait2>",
"<enter><wait2>",
"<f6><esc><wait2>",
"autoinstall<wait2>",
"<spacebar>",
"ds=nocloud;<wait2>",
"<enter>"
]
}
variable "boot_wait_virtualbox" {
type = string
default = "5s"
}
variable "boot_wait_vmware" {
type = string
default = "5s"
}
variable "cd_label" {
type = string
default = "cidata"
}
variable "cpus" {
type = string
default = "1"
}
variable "desktop" {
type = string
default = "false"
}
variable "disk_size" {
type = string
default = "25000"
}
variable "headless" {
type = string
default = "true"
}
variable "hostname" {
type = string
default = "misp"
}
variable "http_proxy" {
type = string
default = "${env("http_proxy")}"
}
variable "https_proxy" {
type = string
default = "${env("https_proxy")}"
}
variable "iso_checksum" {
type = string
default = "https://releases.ubuntu.com/20.04/SHA256SUMS"
}
variable "iso_checksum_type" {
type = string
default = "file"
}
variable "iso_name" {
type = string
default = "ubuntu-20.04.4-live-server-amd64.iso"
}
variable "iso_path" {
type = string
default = "iso"
}
variable "iso_url" {
type = string
default = "https://releases.ubuntu.com/20.04/ubuntu-20.04.4-live-server-amd64.iso"
}
variable "memory" {
type = string
default = "3072"
}
variable "no_proxy" {
type = string
default = "${env("no_proxy")}"
}
variable "ssh_handshake_attempts" {
type = string
default = "90"
}
variable "ssh_pass" {
type = string
default = "Password1234"
}
variable "ssh_username" {
type = string
default = "misp"
}
variable "ssh_pty" {
type = string
default = "true"
}
variable "ssh_timeout" {
type = string
default = "30m"
}
variable "update" {
type = string
default = "true"
}
variable "vm_description" {
type = string
default = "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently."
}
variable "vm_name" {
type = string
default = "MISP_demo"
}
variable "vm_version" {
type = string
default = "2.4"
}

121
verify.txt
View File

@ -1,121 +0,0 @@
How to verify the Automate MISP-VMs?
------------------------------------
In this directory you will find the following files:
- OVA File (VirtualBox export of the VM)
- ZIP File (ZIP Packae of the VMware VM)
- ASC File (PGP Armored file of the above files)
- checksums Directory (The directory with all the checksums of the above files)
Verify VirtualBox OVA
---------------------
1. Download signatures
Download the OVA and the ASC into the same directory.
2. Verify signatures
On the command line verify the PGP signature first, example:
$ gpg --keyserver pgp.circl.lu --recv-key 0x34F20B13
$ gpg --verify MISP_v2.4.107@latest.ova.asc MISP_v2.4.107@latest.ova
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
3. Download SFV files
Now download the checksum file and its signature, and verify.
$ wget https://www.circl.lu/misp-images/latest/checksums/MISP_v2.4.107@latest-CHECKSUM.sfv
$ wget https://www.circl.lu/misp-images/latest/checksums/MISP_v2.4.107@latest-CHECKSUM.sfv.asc
$ gpg --verify MISP_v2.4.107@latest-CHECKSUM.sfv.asc MISP_v2.4.107@latest-CHECKSUM.sfv
gpg: Signature made Wed 15 May 2019 07:15:10 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: BAD signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
If you get a BAD signature, please download again.
Next, use rhash or go with the manual way.
rhash
-----
$ cat MISP_v2.4.107@latest-CHECKSUM.sfv |sed 's/@\(.*\)-/@latest-/g' |sed 's/@\(.*\).ova/@latest.ova/g' |rhash -c -v --percents -
--( Verifying MISP_v2.4.107@latest-CHECKSUM.sfv )-------------------------------
MISP_v2.4.107@latest-VMware.zip OK
MISP_v2.4.107@latest.ova OK
--------------------------------------------------------------------------------
Everything OK
Manual (not recommended)
------------------------
Take any file you want to verify, with sha1-sum for example.
$ shasum MISP_v2.4.107@8a51109.nvram | cut -f 1 -d\ |grep -o -i -f - MISP_@8a51109.sfv
D3A2EBF751E31C6972F89DEC4F57D69C4681A142
If you get back a shasum, it worked, the file is safe and sound.
Now you could do this, for all files, for all the checksums (sha1/256/384/512) OR just use rhash.
Verify VMware
-------------
1. Download signatures
Download the ZIP and the ASC into the same directory.
2. Verify signatures
On the command line verify the PGP signature first, example:
$ gpg --verify MISP_v2.4.107@latest-VMware.zip.asc MISP_v2.4.107@latest-VMware.zip
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
Do step number 3 from above.
$ unzip MISP_v2.4.107@latest-VMware.zip
Archive: MISP_v2.4.107@latest-VMware.zip
inflating: VMware/disk-s001.vmdk
inflating: VMware/disk-s002.vmdk
inflating: VMware/disk-s003.vmdk
inflating: VMware/disk-s004.vmdk
inflating: VMware/disk-s005.vmdk
inflating: VMware/disk-s006.vmdk
inflating: VMware/disk-s007.vmdk
inflating: VMware/disk.vmdk
inflating: VMware/MISP_v2.4@8a51109.sfv
inflating: VMware/MISP_v2.4.107@8a51109.nvram
extracting: VMware/MISP_v2.4.107@8a51109.vmsd
inflating: VMware/MISP_v2.4.107@8a51109.vmx
inflating: VMware/MISP_v2.4.107@8a51109.vmxf
$ cd VMware
$ rhash -c -v --percents MISP_v2.4@8a51109.sfv
Config file: /etc/rhashrc
--( Verifying MISP_v2.4@8a51109.sfv )-----------------------------------------------
disk-s001.vmdk OK
disk-s002.vmdk OK
disk-s003.vmdk OK
disk-s004.vmdk OK
disk-s005.vmdk OK
disk-s006.vmdk OK
disk-s007.vmdk OK
disk.vmdk OK
MISP_v2.4.107@8a51109.nvram OK
MISP_v2.4.107@8a51109.vmsd OK
MISP_v2.4.107@8a51109.vmx OK
MISP_v2.4.107@8a51109.vmxf OK
--------------------------------------------------------------------------------
Everything OK
You can be more or less confident that verything is fine.