diff --git a/README.rst b/README.rst
index 508782f..98a93ca 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,12 @@
-Deployment of MISP with Vagrant
-===============================
+Development environment for MISP
+================================
+
+Vagrant is convenient to use in order to setup your development environment.
+
+This VM uses `synced folders `_
+feature of Vagrant in order to let you work on the MISP source code on your
+host machine while the softwares (Apache, PHP, MariaDB, etc.) and libraries
+will be installed on the guest Vagrant machine.
Installation of VirtualBox and Vagrant
@@ -17,13 +24,23 @@ MISP will be automatically deployed in an Ubuntu Zesty Server.
.. code-block:: bash
- $ git clone https://github.com/MISP/misp-vagrant.git
- $ cd misp-vagrant/
+ $ git clone https://github.com/MISP/MISP.git
+ $ cd MISP/vagrant/
$ vagrant up
Once the VM will be configured by Vagrant, go to the address
-http://127.0.0.1:5000. Use the user/password: admin@admin.test/admin
+http://127.0.0.1:5000.
+You can now edit the source code with your favorite editor and test it in your
+browser. The only thing is to not forget to restart Apache in the VM after a
+modification.
+
+If you do not want a development environment with synced folders:
+
+ $ git clone https://github.com/MISP/misp-vagrant.git
+ $ cd misp-vagrant/
+ $ MISP_ENV='demo'
+ $ vagrant up
Modules activated by default in the VM:
diff --git a/Vagrantfile b/Vagrantfile
index e67cca2..5ee3611 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,126 +1,134 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
-VAGRANTFILE_API_VERSION = "2"
-
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
- # All Vagrant configuration is done here. The most common configuration
- # options are documented and commented below. For a complete reference,
- # please see the online documentation at vagrantup.com.
-
- # Every Vagrant virtual environment requires a box to build off of.
- config.vm.box = "ubuntu/zesty64"
- #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0"
- config.vm.provision :shell, path: "bootstrap.sh"
-
- # Disable automatic box update checking. If you disable this, then
- # boxes will only be checked for updates when the user runs
- # `vagrant box outdated`. This is not recommended.
- # config.vm.box_check_update = false
-
- # Create a forwarded port mapping which allows access to a specific port
- # within the machine from a port on the host machine. In the example below,
- # accessing "localhost:8080" will access port 80 on the guest machine.
- config.vm.network :forwarded_port, guest: 80, host: 5000
- config.vm.network :forwarded_port, guest: 6666, host: 6666
-
- # Create a private network, which allows host-only access to the machine
- # using a specific IP.
- # config.vm.network "private_network", ip: "192.168.33.10"
-
- # Create a public network, which generally matched to bridged network.
- # Bridged networks make the machine appear as another physical device on
- # your network.
- # config.vm.network "public_network"
-
- # If true, then any SSH connections made will enable agent forwarding.
- # Default value: false
- # config.ssh.forward_agent = true
-
- # Share an additional folder to the guest VM. The first argument is
- # the path on the host to the actual folder. The second argument is
- # the path on the guest to mount the folder. And the optional third
- # argument is a set of non-required options.
- # config.vm.synced_folder "../", "/"
-
- # Provider-specific configuration so you can fine-tune various
- # backing providers for Vagrant. These expose provider-specific options.
- # Example for VirtualBox:
- #
- config.vm.provider "virtualbox" do |vb|
- # # Don't boot with headless mode
- # vb.gui = true
- #
- # # Use VBoxManage to customize the VM. For example to change memory:
- vb.customize ["modifyvm", :id, "--memory", "4096"]
- vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"]
- end
- #
- # View the documentation for the provider you're using for more
- # information on available options.
-
- # Enable provisioning with CFEngine. CFEngine Community packages are
- # automatically installed. For example, configure the host as a
- # policy server and optionally a policy file to run:
- #
- # config.vm.provision "cfengine" do |cf|
- # cf.am_policy_hub = true
- # # cf.run_file = "motd.cf"
- # end
- #
- # You can also configure and bootstrap a client to an existing
- # policy server:
- #
- # config.vm.provision "cfengine" do |cf|
- # cf.policy_server_address = "10.0.2.15"
- # end
-
- # Enable provisioning with Puppet stand alone. Puppet manifests
- # are contained in a directory path relative to this Vagrantfile.
- # You will need to create the manifests directory and a manifest in
- # the file default.pp in the manifests_path directory.
- #
- # config.vm.provision "puppet" do |puppet|
- # puppet.manifests_path = "manifests"
- # puppet.manifest_file = "site.pp"
- # end
-
- # Enable provisioning with chef solo, specifying a cookbooks path, roles
- # path, and data_bags path (all relative to this Vagrantfile), and adding
- # some recipes and/or roles.
- #
- # config.vm.provision "chef_solo" do |chef|
- # chef.cookbooks_path = "../my-recipes/cookbooks"
- # chef.roles_path = "../my-recipes/roles"
- # chef.data_bags_path = "../my-recipes/data_bags"
- # chef.add_recipe "mysql"
- # chef.add_role "web"
- #
- # # You may also specify custom JSON attributes:
- # chef.json = { :mysql_password => "foo" }
- # end
-
- # Enable provisioning with chef server, specifying the chef server URL,
- # and the path to the validation key (relative to this Vagrantfile).
- #
- # The Opscode Platform uses HTTPS. Substitute your organization for
- # ORGNAME in the URL and validation key.
- #
- # If you have your own Chef Server, use the appropriate URL, which may be
- # HTTP instead of HTTPS depending on your configuration. Also change the
- # validation key to validation.pem.
- #
- # config.vm.provision "chef_client" do |chef|
- # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
- # chef.validation_key_path = "ORGNAME-validator.pem"
- # end
- #
- # If you're using the Opscode platform, your validator client is
- # ORGNAME-validator, replacing ORGNAME with your organization name.
- #
- # If you have your own Chef Server, the default validation client name is
- # chef-validator, unless you changed the configuration.
- #
- # chef.validation_client_name = "ORGNAME-validator"
-end
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+MISP_ENV = ENV['MISP_ENV'] || 'dev'
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+ # All Vagrant configuration is done here. The most common configuration
+ # options are documented and commented below. For a complete reference,
+ # please see the online documentation at vagrantup.com.
+
+ # Every Vagrant virtual environment requires a box to build off of.
+ #config.vm.box = "bento/ubuntu-16.04"
+ config.vm.box = "ubuntu/zesty64"
+ #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0"
+ config.vm.provision :shell, path: "bootstrap.sh", args: "#{MISP_ENV}"
+
+ # Disable automatic box update checking. If you disable this, then
+ # boxes will only be checked for updates when the user runs
+ # `vagrant box outdated`. This is not recommended.
+ # config.vm.box_check_update = false
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine. In the example below,
+ # accessing "localhost:8080" will access port 80 on the guest machine.
+ config.vm.network :forwarded_port, guest: 80, host: 5000
+ config.vm.network :forwarded_port, guest: 6666, host: 6666
+
+ # Create a private network, which allows host-only access to the machine
+ # using a specific IP.
+ # config.vm.network "private_network", ip: "192.168.33.10"
+
+ # Create a public network, which generally matched to bridged network.
+ # Bridged networks make the machine appear as another physical device on
+ # your network.
+ # config.vm.network "public_network"
+
+ # If true, then any SSH connections made will enable agent forwarding.
+ # Default value: false
+ # config.ssh.forward_agent = true
+
+ # Share an additional folder to the guest VM. The first argument is
+ # the path on the host to the actual folder. The second argument is
+ # the path on the guest to mount the folder. And the optional third
+ # argument is a set of non-required options.
+ disabled = true
+ if MISP_ENV == "dev"
+ disabled = false
+ end
+ config.vm.synced_folder "..", "/var/www/MISP",
+ owner: "www-data", group: "www-data", disabled: disabled
+
+ # Provider-specific configuration so you can fine-tune various
+ # backing providers for Vagrant. These expose provider-specific options.
+ # Example for VirtualBox:
+ #
+ config.vm.provider "virtualbox" do |vb|
+ # # Don't boot with headless mode
+ # vb.gui = true
+ #
+ # # Use VBoxManage to customize the VM. For example to change memory:
+ vb.customize ["modifyvm", :id, "--memory", "4096"]
+ vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04 - DEV"]
+ end
+ #
+ # View the documentation for the provider you're using for more
+ # information on available options.
+
+ # Enable provisioning with CFEngine. CFEngine Community packages are
+ # automatically installed. For example, configure the host as a
+ # policy server and optionally a policy file to run:
+ #
+ # config.vm.provision "cfengine" do |cf|
+ # cf.am_policy_hub = true
+ # # cf.run_file = "motd.cf"
+ # end
+ #
+ # You can also configure and bootstrap a client to an existing
+ # policy server:
+ #
+ # config.vm.provision "cfengine" do |cf|
+ # cf.policy_server_address = "10.0.2.15"
+ # end
+
+ # Enable provisioning with Puppet stand alone. Puppet manifests
+ # are contained in a directory path relative to this Vagrantfile.
+ # You will need to create the manifests directory and a manifest in
+ # the file default.pp in the manifests_path directory.
+ #
+ # config.vm.provision "puppet" do |puppet|
+ # puppet.manifests_path = "manifests"
+ # puppet.manifest_file = "site.pp"
+ # end
+
+ # Enable provisioning with chef solo, specifying a cookbooks path, roles
+ # path, and data_bags path (all relative to this Vagrantfile), and adding
+ # some recipes and/or roles.
+ #
+ # config.vm.provision "chef_solo" do |chef|
+ # chef.cookbooks_path = "../my-recipes/cookbooks"
+ # chef.roles_path = "../my-recipes/roles"
+ # chef.data_bags_path = "../my-recipes/data_bags"
+ # chef.add_recipe "mysql"
+ # chef.add_role "web"
+ #
+ # # You may also specify custom JSON attributes:
+ # chef.json = { :mysql_password => "foo" }
+ # end
+
+ # Enable provisioning with chef server, specifying the chef server URL,
+ # and the path to the validation key (relative to this Vagrantfile).
+ #
+ # The Opscode Platform uses HTTPS. Substitute your organization for
+ # ORGNAME in the URL and validation key.
+ #
+ # If you have your own Chef Server, use the appropriate URL, which may be
+ # HTTP instead of HTTPS depending on your configuration. Also change the
+ # validation key to validation.pem.
+ #
+ # config.vm.provision "chef_client" do |chef|
+ # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
+ # chef.validation_key_path = "ORGNAME-validator.pem"
+ # end
+ #
+ # If you're using the Opscode platform, your validator client is
+ # ORGNAME-validator, replacing ORGNAME with your organization name.
+ #
+ # If you have your own Chef Server, the default validation client name is
+ # chef-validator, unless you changed the configuration.
+ #
+ # chef.validation_client_name = "ORGNAME-validator"
+end
diff --git a/bootstrap.sh b/bootstrap.sh
index cace66d..db8723b 100644
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -1,5 +1,9 @@
#! /usr/bin/env bash
+MISP_ENV=$1
+
+echo $MISP_ENV
+
# Database configuration
DBHOST='localhost'
DBNAME='misp'
@@ -10,57 +14,54 @@ DBPASSWORD_MISP="$(openssl rand -hex 32)"
# Webserver configuration
PATH_TO_MISP='/var/www/MISP'
-MISP_BASEURL='http://127.0.0.1:5000'
+MISP_BASEURL='http://127.0.0.1'
MISP_LIVE='1'
FQDN='localhost'
# OpenSSL configuration
-OPENSSL_C='Luxembourg'
-OPENSSL_ST='Luxembourg'
-OPENSSL_L='Luxembourg'
-OPENSSL_O='SMILE'
-OPENSSL_OU='CIRCL'
-OPENSSL_CN='circl.lu'
-OPENSSL_EMAILADDRESS='info@circl.lu'
+OPENSSL_C='LU'
+OPENSSL_ST='State'
+OPENSSL_L='Location'
+OPENSSL_O='Organization'
+OPENSSL_OU='Organizational Unit'
+OPENSSL_CN='Common Name'
+OPENSSL_EMAILADDRESS='info@localhost'
# GPG configuration
-GPG_REAL_NAME='Cedric'
-GPG_EMAIL_ADDRESS='info@circl.lu'
+GPG_REAL_NAME='Real name'
+GPG_EMAIL_ADDRESS='info@localhost'
GPG_KEY_LENGTH='2048'
GPG_PASSPHRASE=''
-echo -e "\n--- Installing MISP... ---\n"
+echo "\n--- Installing MISP... ---\n"
-echo -e "\n--- Updating packages list ---\n"
-apt-get -qq update
+echo "\n--- Updating packages list ---\n"
+sudo apt-get -qq update
-echo -e "\n--- Install base packages ---\n"
-apt-get -y install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
+echo "\n--- Install base packages ---\n"
+sudo apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
-# To prevent a random error when cloning with Git: 'RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.'
-git config --global http.postBuffer 1048576000
-git config --global https.postBuffer 1048576000
-echo -e "\n--- Installing and configuring Postfix ---\n"
+echo "\n--- Installing and configuring Postfix ---\n"
# # Postfix Configuration: Satellite system
# # change the relay server later with:
# sudo postconf -e 'relayhost = example.com'
# sudo postfix reload
-echo "postfix postfix/mailname string `hostname`.ourdomain.org" | debconf-set-selections
+echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections
-apt-get install -y postfix > /dev/null 2>&1
+sudo apt-get install -y postfix > /dev/null 2>&1
-echo -e "\n--- Installing MariaDB specific packages and settings ---\n"
-apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
+echo "\n--- Installing MariaDB specific packages and settings ---\n"
+sudo apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
# Secure the MariaDB installation (especially by setting a strong root password)
sleep 7 # give some time to the DB to launch...
-apt-get install -y expect > /dev/null 2>&1
+sudo apt-get install -y expect > /dev/null 2>&1
expect -f - <<-EOF
set timeout 10
spawn mysql_secure_installation
@@ -82,114 +83,117 @@ expect -f - <<-EOF
send -- "y\r"
expect eof
EOF
-apt-get purge -y expect > /dev/null 2>&1
+sudo apt-get purge -y expect > /dev/null 2>&1
-echo -e "\n--- Installing Apache2 ---\n"
-apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
-a2dismod status > /dev/null 2>&1
-a2enmod ssl > /dev/null 2>&1
-a2enmod rewrite > /dev/null 2>&1
-a2dissite 000-default > /dev/null 2>&1
-a2ensite default-ssl > /dev/null 2>&1
+echo "\n--- Installing Apache2 ---\n"
+sudo apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
+sudo a2dismod status > /dev/null 2>&1
+sudo a2enmod ssl > /dev/null 2>&1
+sudo a2enmod rewrite > /dev/null 2>&1
+sudo a2dissite 000-default > /dev/null 2>&1
+sudo a2ensite default-ssl > /dev/null 2>&1
-echo -e "\n--- Installing PHP-specific packages ---\n"
-apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1
+echo "\n--- Installing PHP-specific packages ---\n"
+sudo apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1
-echo -e "\n--- Restarting Apache ---\n"
-systemctl restart apache2 > /dev/null 2>&1
+echo "\n--- Restarting Apache ---\n"
+sudo systemctl restart apache2 > /dev/null 2>&1
-echo -e "\n--- Retrieving MISP ---\n"
-mkdir $PATH_TO_MISP
-chown www-data:www-data $PATH_TO_MISP
+echo "\n--- Retrieving MISP ---\n"
+if [ "$MISP_ENV" != "dev" ]; then
+ mkdir $PATH_TO_MISP
+ sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+fi
+sudo chown www-data:www-data $PATH_TO_MISP
cd $PATH_TO_MISP
-git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
#git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
-git config core.filemode false
+sudo -u www-data git config core.filemode false
# chown -R www-data $PATH_TO_MISP
# chgrp -R www-data $PATH_TO_MISP
# chmod -R 700 $PATH_TO_MISP
-echo -e "\n--- Installing Mitre's STIX ---\n"
-apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
+echo "\n--- Installing Mitre's STIX ---\n"
+sudo apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts
-git clone https://github.com/CybOXProject/python-cybox.git
-git clone https://github.com/STIXProject/python-stix.git
+sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
+sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
cd $PATH_TO_MISP/app/files/scripts/python-cybox
-git checkout v2.1.0.12
-python setup.py install > /dev/null 2>&1
+sudo -u www-data git checkout v2.1.0.12
+sudo python setup.py install > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts/python-stix
-git checkout v1.1.1.4
-python setup.py install > /dev/null 2>&1
+sudo -u www-data git checkout v1.1.1.4
+sudo python setup.py install > /dev/null 2>&1
# install mixbox to accomodate the new STIX dependencies:
cd $PATH_TO_MISP/app/files/scripts/
-git clone https://github.com/CybOXProject/mixbox.git
+sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
cd $PATH_TO_MISP/app/files/scripts/mixbox
-git checkout v1.0.2
-python setup.py install > /dev/null 2>&1
+sudo -u www-data git checkout v1.0.2
+sudo python setup.py install > /dev/null 2>&1
-echo -e "\n--- Retrieving CakePHP... ---\n"
+echo "\n--- Retrieving CakePHP... ---\n"
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
cd $PATH_TO_MISP
-git submodule init
-git submodule update
+sudo -u www-data git submodule init
+sudo -u www-data git submodule update
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
cd $PATH_TO_MISP/app
-php composer.phar require kamisama/cake-resque:4.1.2
-php composer.phar config vendor-dir Vendor
-php composer.phar install
+sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
+sudo -u www-data php composer.phar config vendor-dir Vendor
+sudo -u www-data php composer.phar install
# Enable CakeResque with php-redis
-phpenmod redis
+sudo phpenmod redis
# To use the scheduler worker for scheduled tasks, do the following:
-cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
-echo -e "\n--- Setting the permissions... ---\n"
-chown -R www-data:www-data $PATH_TO_MISP
-chmod -R 750 $PATH_TO_MISP
-chmod -R g+ws $PATH_TO_MISP/app/tmp
-chmod -R g+ws $PATH_TO_MISP/app/files
-chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+echo "\n--- Setting the permissions... ---\n"
+sudo chown -R www-data:www-data $PATH_TO_MISP
+sudo chmod -R 750 $PATH_TO_MISP
+sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-echo -e "\n--- Creating a database user... ---\n"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
+echo "\n--- Creating a database user... ---\n"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
# Import the empty MISP database from MYSQL.sql
-mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql
+sudo -u www-data mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql
-echo -e "\n--- Configuring Apache... ---\n"
+echo "\n--- Configuring Apache... ---\n"
# !!! apache.24.misp.ssl seems to be missing
#cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
# If a valid SSL certificate is not already created for the server, create a self-signed certificate:
-sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
+sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null
-echo -e "\n--- Add a VirtualHost for MISP ---\n"
-cat > /etc/apache2/sites-available/misp-ssl.conf < /etc/apache2/sites-available/misp-ssl.conf <
- ServerAdmin me@me.local
- ServerName misp.local
- DocumentRoot $PATH_TO_MISP/app/webroot
+ ServerAdmin admin@misp.local
+ ServerName misp.local
+ DocumentRoot $PATH_TO_MISP/app/webroot
-
- Options -Indexes
- AllowOverride all
- Require all granted
-
+
+ Options -Indexes
+ AllowOverride all
+ Require all granted
+
- LogLevel warn
- ErrorLog /var/log/apache2/misp.local_error.log
- CustomLog /var/log/apache2/misp.local_access.log combined
- ServerSignature Off
+ LogLevel warn
+ ErrorLog /var/log/apache2/misp.local_error.log
+ CustomLog /var/log/apache2/misp.local_access.log combined
+ ServerSignature Off
EOF
# cat > /etc/apache2/sites-available/misp-ssl.conf <
# EOF
# activate new vhost
-a2dissite default-ssl
-a2ensite misp-ssl
+sudo a2dissite default-ssl
+sudo a2ensite misp-ssl
-echo -e "\n--- Restarting Apache ---\n"
-systemctl restart apache2 > /dev/null 2>&1
+echo "\n--- Restarting Apache ---\n"
+sudo systemctl restart apache2 > /dev/null 2>&1
-echo -e "\n--- Configuring log rotation ---\n"
-cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+echo "\n--- Configuring log rotation ---\n"
+sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
-echo -e "\n--- MISP configuration ---\n"
+echo "\n--- MISP configuration ---\n"
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
-cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
-cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
-cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
-cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
-cat > $PATH_TO_MISP/app/Config/database.php < $PATH_TO_MISP/app/Config/database.php <gen-key-script <gen-key-script < $PATH_TO_MISP/app/webroot/gpg.asc
+sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-scriptgpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc
-echo -e "\n--- Making the background workers start on boot... ---\n"
-chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
-cat > /etc/systemd/system/workers.service < /etc/systemd/system/workers.service < /dev/null
+# sudo systemctl restart workers.service > /dev/null
-[Service]
-Type=forking
-User=www-data
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable workers.service > /dev/null
-systemctl restart workers.service > /dev/null
+# With initd:
+if [ ! -e /etc/rc.local ]
+then
+ echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
+ echo 'exit 0' | sudo tee -a /etc/rc.local
+ sudo chmod u+x /etc/rc.local
+fi
+sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
-echo -e "\n--- Installing MISP modules... ---\n"
-apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1
+echo "\n--- Installing MISP modules... ---\n"
+sudo apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1
cd /usr/local/src/
-git clone https://github.com/MISP/misp-modules.git
+sudo git clone https://github.com/MISP/misp-modules.git
cd misp-modules
-pip3 install -I -r REQUIREMENTS > /dev/null 2>&1
-pip3 install -I . > /dev/null 2>&1
-cat > /etc/systemd/system/misp-modules.service < /dev/null 2>&1
+sudo pip3 install -I . > /dev/null 2>&1
+# With systemd:
+# sudo cat > /etc/systemd/system/misp-modules.service < /dev/null
+# sudo systemctl restart misp-modules.service > /dev/null
-[Service]
-Type=forking
-User=www-data
-ExecStart=/bin/sh -c 'misp-modules -l 0.0.0.0 -s &'
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable misp-modules.service > /dev/null
-systemctl restart misp-modules.service > /dev/null
+# With initd:
+sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
-echo -e "\n--- Restarting Apache... ---\n"
-systemctl restart apache2 > /dev/null 2>&1
+
+echo "\n--- Restarting Apache... ---\n"
+sudo systemctl restart apache2 > /dev/null 2>&1
sleep 5
-echo -e "\n--- Updating the galaxies... ---\n"
+echo "\n--- Updating the galaxies... ---\n"
sudo -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/galaxies/update > /dev/null 2>&1
-echo -e "\n--- Updating the taxonomies... ---\n"
+echo "\n--- Updating the taxonomies... ---\n"
curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/taxonomies/update > /dev/null 2>&1
-# echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
+# echo "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
# # ZeroMQ depends on the Python client for Redis
# pip install redis > /dev/null 2>&1
# ## Install ZeroMQ and prerequisites
@@ -378,6 +397,9 @@ curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v h
# pip install pyzmq > /dev/null 2>&1
-echo -e "\e[32mMISP is ready\e[0m"
-echo -e "\e[0mPoint your Web browser to \e[33m$MISP_BASEURL\e[0m"
-echo -e "\e[0mDefault user/pass = \e[33madmin@admin.test/admin\e[0m"
+echo "\e[32mMISP is ready\e[0m"
+echo "Login and passwords for the MISP image are the following:"
+echo "Web interface (default network settings): $MISP_BASEURL"
+echo "MISP admin: admin@admin.test/admin"
+echo "Shell/SSH: misp/Password1234"
+echo "MySQL: $DBUSER_ADMIN/$DBPASSWORD_ADMIN - $DBUSER_MISP/$DBPASSWORD_MISP"