misp-packer/verify.txt

122 lines
4.4 KiB
Plaintext

How to verify the Automate MISP-VMs?
------------------------------------
In this directory you will find the following files:
- OVA File (VirtualBox export of the VM)
- ZIP File (ZIP Packae of the VMware VM)
- ASC File (PGP Armored file of the above files)
- checksums Directory (The directory with all the checksums of the above files)
Verify VirtualBox OVA
---------------------
1. Download signatures
Download the OVA and the ASC into the same directory.
2. Verify signatures
On the command line verify the PGP signature first, example:
$ gpg --keyserver pgp.circl.lu --recv-key 0x34F20B13
$ gpg --verify MISP_v2.4.107@latest.ova.asc MISP_v2.4.107@latest.ova
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
3. Download SFV files
Now download the checksum file and its signature, and verify.
$ wget https://www.circl.lu/misp-images/latest/checksums/MISP_v2.4.107@latest-CHECKSUM.sfv
$ wget https://www.circl.lu/misp-images/latest/checksums/MISP_v2.4.107@latest-CHECKSUM.sfv.asc
$ gpg --verify MISP_v2.4.107@latest-CHECKSUM.sfv.asc MISP_v2.4.107@latest-CHECKSUM.sfv
gpg: Signature made Wed 15 May 2019 07:15:10 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: BAD signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
If you get a BAD signature, please download again.
Next, use rhash or go with the manual way.
rhash
-----
$ cat MISP_v2.4.107@latest-CHECKSUM.sfv |sed 's/@\(.*\)-/@latest-/g' |sed 's/@\(.*\).ova/@latest.ova/g' |rhash -c -v --percents -
--( Verifying MISP_v2.4.107@latest-CHECKSUM.sfv )-------------------------------
MISP_v2.4.107@latest-VMware.zip OK
MISP_v2.4.107@latest.ova OK
--------------------------------------------------------------------------------
Everything OK
Manual (not recommended)
------------------------
Take any file you want to verify, with sha1-sum for example.
$ shasum MISP_v2.4.107@8a51109.nvram | cut -f 1 -d\ |grep -o -i -f - MISP_@8a51109.sfv
D3A2EBF751E31C6972F89DEC4F57D69C4681A142
If you get back a shasum, it worked, the file is safe and sound.
Now you could do this, for all files, for all the checksums (sha1/256/384/512) OR just use rhash.
Verify VMware
-------------
1. Download signatures
Download the ZIP and the ASC into the same directory.
2. Verify signatures
On the command line verify the PGP signature first, example:
$ gpg --verify MISP_v2.4.107@latest-VMware.zip.asc MISP_v2.4.107@latest-VMware.zip
gpg: Signature made Wed 15 May 2019 07:04:42 PM JST
gpg: using RSA key EDEC891834F20B13
gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) <misp-vm@circl.lu>" [ultimate]
Do step number 3 from above.
$ unzip MISP_v2.4.107@latest-VMware.zip
Archive: MISP_v2.4.107@latest-VMware.zip
inflating: VMware/disk-s001.vmdk
inflating: VMware/disk-s002.vmdk
inflating: VMware/disk-s003.vmdk
inflating: VMware/disk-s004.vmdk
inflating: VMware/disk-s005.vmdk
inflating: VMware/disk-s006.vmdk
inflating: VMware/disk-s007.vmdk
inflating: VMware/disk.vmdk
inflating: VMware/MISP_v2.4@8a51109.sfv
inflating: VMware/MISP_v2.4.107@8a51109.nvram
extracting: VMware/MISP_v2.4.107@8a51109.vmsd
inflating: VMware/MISP_v2.4.107@8a51109.vmx
inflating: VMware/MISP_v2.4.107@8a51109.vmxf
$ cd VMware
$ rhash -c -v --percents MISP_v2.4@8a51109.sfv
Config file: /etc/rhashrc
--( Verifying MISP_v2.4@8a51109.sfv )-----------------------------------------------
disk-s001.vmdk OK
disk-s002.vmdk OK
disk-s003.vmdk OK
disk-s004.vmdk OK
disk-s005.vmdk OK
disk-s006.vmdk OK
disk-s007.vmdk OK
disk.vmdk OK
MISP_v2.4.107@8a51109.nvram OK
MISP_v2.4.107@8a51109.vmsd OK
MISP_v2.4.107@8a51109.vmx OK
MISP_v2.4.107@8a51109.vmxf OK
--------------------------------------------------------------------------------
Everything OK
You can be more or less confident that verything is fine.