From 26a2f3646ea68fd3cc40c6dcfb14011496dc1603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Tue, 29 Aug 2017 22:14:47 +0200 Subject: [PATCH] specify the kind of MISP environment (dev or demo) with a environment variable. --- README.rst | 27 ++++- Vagrantfile | 260 +++++++++++++++++++++-------------------- bootstrap.sh | 324 +++++++++++++++++++++++++++------------------------ 3 files changed, 329 insertions(+), 282 deletions(-) diff --git a/README.rst b/README.rst index 508782f..98a93ca 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,12 @@ -Deployment of MISP with Vagrant -=============================== +Development environment for MISP +================================ + +Vagrant is convenient to use in order to setup your development environment. + +This VM uses `synced folders `_ +feature of Vagrant in order to let you work on the MISP source code on your +host machine while the softwares (Apache, PHP, MariaDB, etc.) and libraries +will be installed on the guest Vagrant machine. Installation of VirtualBox and Vagrant @@ -17,13 +24,23 @@ MISP will be automatically deployed in an Ubuntu Zesty Server. .. code-block:: bash - $ git clone https://github.com/MISP/misp-vagrant.git - $ cd misp-vagrant/ + $ git clone https://github.com/MISP/MISP.git + $ cd MISP/vagrant/ $ vagrant up Once the VM will be configured by Vagrant, go to the address -http://127.0.0.1:5000. Use the user/password: admin@admin.test/admin +http://127.0.0.1:5000. +You can now edit the source code with your favorite editor and test it in your +browser. The only thing is to not forget to restart Apache in the VM after a +modification. + +If you do not want a development environment with synced folders: + + $ git clone https://github.com/MISP/misp-vagrant.git + $ cd misp-vagrant/ + $ MISP_ENV='demo' + $ vagrant up Modules activated by default in the VM: diff --git a/Vagrantfile b/Vagrantfile index e67cca2..5ee3611 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,126 +1,134 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - # All Vagrant configuration is done here. The most common configuration - # options are documented and commented below. For a complete reference, - # please see the online documentation at vagrantup.com. - - # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "ubuntu/zesty64" - #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0" - config.vm.provision :shell, path: "bootstrap.sh" - - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. - # config.vm.box_check_update = false - - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - config.vm.network :forwarded_port, guest: 80, host: 5000 - config.vm.network :forwarded_port, guest: 6666, host: 6666 - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.33.10" - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - # config.vm.network "public_network" - - # If true, then any SSH connections made will enable agent forwarding. - # Default value: false - # config.ssh.forward_agent = true - - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - # config.vm.synced_folder "../", "/" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - config.vm.provider "virtualbox" do |vb| - # # Don't boot with headless mode - # vb.gui = true - # - # # Use VBoxManage to customize the VM. For example to change memory: - vb.customize ["modifyvm", :id, "--memory", "4096"] - vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"] - end - # - # View the documentation for the provider you're using for more - # information on available options. - - # Enable provisioning with CFEngine. CFEngine Community packages are - # automatically installed. For example, configure the host as a - # policy server and optionally a policy file to run: - # - # config.vm.provision "cfengine" do |cf| - # cf.am_policy_hub = true - # # cf.run_file = "motd.cf" - # end - # - # You can also configure and bootstrap a client to an existing - # policy server: - # - # config.vm.provision "cfengine" do |cf| - # cf.policy_server_address = "10.0.2.15" - # end - - # Enable provisioning with Puppet stand alone. Puppet manifests - # are contained in a directory path relative to this Vagrantfile. - # You will need to create the manifests directory and a manifest in - # the file default.pp in the manifests_path directory. - # - # config.vm.provision "puppet" do |puppet| - # puppet.manifests_path = "manifests" - # puppet.manifest_file = "site.pp" - # end - - # Enable provisioning with chef solo, specifying a cookbooks path, roles - # path, and data_bags path (all relative to this Vagrantfile), and adding - # some recipes and/or roles. - # - # config.vm.provision "chef_solo" do |chef| - # chef.cookbooks_path = "../my-recipes/cookbooks" - # chef.roles_path = "../my-recipes/roles" - # chef.data_bags_path = "../my-recipes/data_bags" - # chef.add_recipe "mysql" - # chef.add_role "web" - # - # # You may also specify custom JSON attributes: - # chef.json = { :mysql_password => "foo" } - # end - - # Enable provisioning with chef server, specifying the chef server URL, - # and the path to the validation key (relative to this Vagrantfile). - # - # The Opscode Platform uses HTTPS. Substitute your organization for - # ORGNAME in the URL and validation key. - # - # If you have your own Chef Server, use the appropriate URL, which may be - # HTTP instead of HTTPS depending on your configuration. Also change the - # validation key to validation.pem. - # - # config.vm.provision "chef_client" do |chef| - # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" - # chef.validation_key_path = "ORGNAME-validator.pem" - # end - # - # If you're using the Opscode platform, your validator client is - # ORGNAME-validator, replacing ORGNAME with your organization name. - # - # If you have your own Chef Server, the default validation client name is - # chef-validator, unless you changed the configuration. - # - # chef.validation_client_name = "ORGNAME-validator" -end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +MISP_ENV = ENV['MISP_ENV'] || 'dev' + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + # Every Vagrant virtual environment requires a box to build off of. + #config.vm.box = "bento/ubuntu-16.04" + config.vm.box = "ubuntu/zesty64" + #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0" + config.vm.provision :shell, path: "bootstrap.sh", args: "#{MISP_ENV}" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + config.vm.network :forwarded_port, guest: 80, host: 5000 + config.vm.network :forwarded_port, guest: 6666, host: 6666 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # If true, then any SSH connections made will enable agent forwarding. + # Default value: false + # config.ssh.forward_agent = true + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + disabled = true + if MISP_ENV == "dev" + disabled = false + end + config.vm.synced_folder "..", "/var/www/MISP", + owner: "www-data", group: "www-data", disabled: disabled + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Don't boot with headless mode + # vb.gui = true + # + # # Use VBoxManage to customize the VM. For example to change memory: + vb.customize ["modifyvm", :id, "--memory", "4096"] + vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04 - DEV"] + end + # + # View the documentation for the provider you're using for more + # information on available options. + + # Enable provisioning with CFEngine. CFEngine Community packages are + # automatically installed. For example, configure the host as a + # policy server and optionally a policy file to run: + # + # config.vm.provision "cfengine" do |cf| + # cf.am_policy_hub = true + # # cf.run_file = "motd.cf" + # end + # + # You can also configure and bootstrap a client to an existing + # policy server: + # + # config.vm.provision "cfengine" do |cf| + # cf.policy_server_address = "10.0.2.15" + # end + + # Enable provisioning with Puppet stand alone. Puppet manifests + # are contained in a directory path relative to this Vagrantfile. + # You will need to create the manifests directory and a manifest in + # the file default.pp in the manifests_path directory. + # + # config.vm.provision "puppet" do |puppet| + # puppet.manifests_path = "manifests" + # puppet.manifest_file = "site.pp" + # end + + # Enable provisioning with chef solo, specifying a cookbooks path, roles + # path, and data_bags path (all relative to this Vagrantfile), and adding + # some recipes and/or roles. + # + # config.vm.provision "chef_solo" do |chef| + # chef.cookbooks_path = "../my-recipes/cookbooks" + # chef.roles_path = "../my-recipes/roles" + # chef.data_bags_path = "../my-recipes/data_bags" + # chef.add_recipe "mysql" + # chef.add_role "web" + # + # # You may also specify custom JSON attributes: + # chef.json = { :mysql_password => "foo" } + # end + + # Enable provisioning with chef server, specifying the chef server URL, + # and the path to the validation key (relative to this Vagrantfile). + # + # The Opscode Platform uses HTTPS. Substitute your organization for + # ORGNAME in the URL and validation key. + # + # If you have your own Chef Server, use the appropriate URL, which may be + # HTTP instead of HTTPS depending on your configuration. Also change the + # validation key to validation.pem. + # + # config.vm.provision "chef_client" do |chef| + # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" + # chef.validation_key_path = "ORGNAME-validator.pem" + # end + # + # If you're using the Opscode platform, your validator client is + # ORGNAME-validator, replacing ORGNAME with your organization name. + # + # If you have your own Chef Server, the default validation client name is + # chef-validator, unless you changed the configuration. + # + # chef.validation_client_name = "ORGNAME-validator" +end diff --git a/bootstrap.sh b/bootstrap.sh index cace66d..db8723b 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,5 +1,9 @@ #! /usr/bin/env bash +MISP_ENV=$1 + +echo $MISP_ENV + # Database configuration DBHOST='localhost' DBNAME='misp' @@ -10,57 +14,54 @@ DBPASSWORD_MISP="$(openssl rand -hex 32)" # Webserver configuration PATH_TO_MISP='/var/www/MISP' -MISP_BASEURL='http://127.0.0.1:5000' +MISP_BASEURL='http://127.0.0.1' MISP_LIVE='1' FQDN='localhost' # OpenSSL configuration -OPENSSL_C='Luxembourg' -OPENSSL_ST='Luxembourg' -OPENSSL_L='Luxembourg' -OPENSSL_O='SMILE' -OPENSSL_OU='CIRCL' -OPENSSL_CN='circl.lu' -OPENSSL_EMAILADDRESS='info@circl.lu' +OPENSSL_C='LU' +OPENSSL_ST='State' +OPENSSL_L='Location' +OPENSSL_O='Organization' +OPENSSL_OU='Organizational Unit' +OPENSSL_CN='Common Name' +OPENSSL_EMAILADDRESS='info@localhost' # GPG configuration -GPG_REAL_NAME='Cedric' -GPG_EMAIL_ADDRESS='info@circl.lu' +GPG_REAL_NAME='Real name' +GPG_EMAIL_ADDRESS='info@localhost' GPG_KEY_LENGTH='2048' GPG_PASSPHRASE='' -echo -e "\n--- Installing MISP... ---\n" +echo "\n--- Installing MISP... ---\n" -echo -e "\n--- Updating packages list ---\n" -apt-get -qq update +echo "\n--- Updating packages list ---\n" +sudo apt-get -qq update -echo -e "\n--- Install base packages ---\n" -apt-get -y install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1 +echo "\n--- Install base packages ---\n" +sudo apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1 -# To prevent a random error when cloning with Git: 'RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.' -git config --global http.postBuffer 1048576000 -git config --global https.postBuffer 1048576000 -echo -e "\n--- Installing and configuring Postfix ---\n" +echo "\n--- Installing and configuring Postfix ---\n" # # Postfix Configuration: Satellite system # # change the relay server later with: # sudo postconf -e 'relayhost = example.com' # sudo postfix reload -echo "postfix postfix/mailname string `hostname`.ourdomain.org" | debconf-set-selections +echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections -apt-get install -y postfix > /dev/null 2>&1 +sudo apt-get install -y postfix > /dev/null 2>&1 -echo -e "\n--- Installing MariaDB specific packages and settings ---\n" -apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1 +echo "\n--- Installing MariaDB specific packages and settings ---\n" +sudo apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1 # Secure the MariaDB installation (especially by setting a strong root password) sleep 7 # give some time to the DB to launch... -apt-get install -y expect > /dev/null 2>&1 +sudo apt-get install -y expect > /dev/null 2>&1 expect -f - <<-EOF set timeout 10 spawn mysql_secure_installation @@ -82,114 +83,117 @@ expect -f - <<-EOF send -- "y\r" expect eof EOF -apt-get purge -y expect > /dev/null 2>&1 +sudo apt-get purge -y expect > /dev/null 2>&1 -echo -e "\n--- Installing Apache2 ---\n" -apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1 -a2dismod status > /dev/null 2>&1 -a2enmod ssl > /dev/null 2>&1 -a2enmod rewrite > /dev/null 2>&1 -a2dissite 000-default > /dev/null 2>&1 -a2ensite default-ssl > /dev/null 2>&1 +echo "\n--- Installing Apache2 ---\n" +sudo apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1 +sudo a2dismod status > /dev/null 2>&1 +sudo a2enmod ssl > /dev/null 2>&1 +sudo a2enmod rewrite > /dev/null 2>&1 +sudo a2dissite 000-default > /dev/null 2>&1 +sudo a2ensite default-ssl > /dev/null 2>&1 -echo -e "\n--- Installing PHP-specific packages ---\n" -apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1 +echo "\n--- Installing PHP-specific packages ---\n" +sudo apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1 -echo -e "\n--- Restarting Apache ---\n" -systemctl restart apache2 > /dev/null 2>&1 +echo "\n--- Restarting Apache ---\n" +sudo systemctl restart apache2 > /dev/null 2>&1 -echo -e "\n--- Retrieving MISP ---\n" -mkdir $PATH_TO_MISP -chown www-data:www-data $PATH_TO_MISP +echo "\n--- Retrieving MISP ---\n" +if [ "$MISP_ENV" != "dev" ]; then + mkdir $PATH_TO_MISP + sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP +fi +sudo chown www-data:www-data $PATH_TO_MISP cd $PATH_TO_MISP -git clone https://github.com/MISP/MISP.git $PATH_TO_MISP +sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP #git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) -git config core.filemode false +sudo -u www-data git config core.filemode false # chown -R www-data $PATH_TO_MISP # chgrp -R www-data $PATH_TO_MISP # chmod -R 700 $PATH_TO_MISP -echo -e "\n--- Installing Mitre's STIX ---\n" -apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1 +echo "\n--- Installing Mitre's STIX ---\n" +sudo apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1 cd $PATH_TO_MISP/app/files/scripts -git clone https://github.com/CybOXProject/python-cybox.git -git clone https://github.com/STIXProject/python-stix.git +sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git +sudo -u www-data git clone https://github.com/STIXProject/python-stix.git cd $PATH_TO_MISP/app/files/scripts/python-cybox -git checkout v2.1.0.12 -python setup.py install > /dev/null 2>&1 +sudo -u www-data git checkout v2.1.0.12 +sudo python setup.py install > /dev/null 2>&1 cd $PATH_TO_MISP/app/files/scripts/python-stix -git checkout v1.1.1.4 -python setup.py install > /dev/null 2>&1 +sudo -u www-data git checkout v1.1.1.4 +sudo python setup.py install > /dev/null 2>&1 # install mixbox to accomodate the new STIX dependencies: cd $PATH_TO_MISP/app/files/scripts/ -git clone https://github.com/CybOXProject/mixbox.git +sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git cd $PATH_TO_MISP/app/files/scripts/mixbox -git checkout v1.0.2 -python setup.py install > /dev/null 2>&1 +sudo -u www-data git checkout v1.0.2 +sudo python setup.py install > /dev/null 2>&1 -echo -e "\n--- Retrieving CakePHP... ---\n" +echo "\n--- Retrieving CakePHP... ---\n" # CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it: cd $PATH_TO_MISP -git submodule init -git submodule update +sudo -u www-data git submodule init +sudo -u www-data git submodule update # Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs: cd $PATH_TO_MISP/app -php composer.phar require kamisama/cake-resque:4.1.2 -php composer.phar config vendor-dir Vendor -php composer.phar install +sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2 +sudo -u www-data php composer.phar config vendor-dir Vendor +sudo -u www-data php composer.phar install # Enable CakeResque with php-redis -phpenmod redis +sudo phpenmod redis # To use the scheduler worker for scheduled tasks, do the following: -cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php +sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php -echo -e "\n--- Setting the permissions... ---\n" -chown -R www-data:www-data $PATH_TO_MISP -chmod -R 750 $PATH_TO_MISP -chmod -R g+ws $PATH_TO_MISP/app/tmp -chmod -R g+ws $PATH_TO_MISP/app/files -chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp +echo "\n--- Setting the permissions... ---\n" +sudo chown -R www-data:www-data $PATH_TO_MISP +sudo chmod -R 750 $PATH_TO_MISP +sudo chmod -R g+ws $PATH_TO_MISP/app/tmp +sudo chmod -R g+ws $PATH_TO_MISP/app/files +sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp -echo -e "\n--- Creating a database user... ---\n" -mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" -mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" -mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" -mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" +echo "\n--- Creating a database user... ---\n" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" +sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" # Import the empty MISP database from MYSQL.sql -mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql +sudo -u www-data mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql -echo -e "\n--- Configuring Apache... ---\n" +echo "\n--- Configuring Apache... ---\n" # !!! apache.24.misp.ssl seems to be missing #cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf # If a valid SSL certificate is not already created for the server, create a self-signed certificate: -sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt +sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null -echo -e "\n--- Add a VirtualHost for MISP ---\n" -cat > /etc/apache2/sites-available/misp-ssl.conf < /etc/apache2/sites-available/misp-ssl.conf < - ServerAdmin me@me.local - ServerName misp.local - DocumentRoot $PATH_TO_MISP/app/webroot + ServerAdmin admin@misp.local + ServerName misp.local + DocumentRoot $PATH_TO_MISP/app/webroot - - Options -Indexes - AllowOverride all - Require all granted - + + Options -Indexes + AllowOverride all + Require all granted + - LogLevel warn - ErrorLog /var/log/apache2/misp.local_error.log - CustomLog /var/log/apache2/misp.local_access.log combined - ServerSignature Off + LogLevel warn + ErrorLog /var/log/apache2/misp.local_error.log + CustomLog /var/log/apache2/misp.local_access.log combined + ServerSignature Off EOF # cat > /etc/apache2/sites-available/misp-ssl.conf < # EOF # activate new vhost -a2dissite default-ssl -a2ensite misp-ssl +sudo a2dissite default-ssl +sudo a2ensite misp-ssl -echo -e "\n--- Restarting Apache ---\n" -systemctl restart apache2 > /dev/null 2>&1 +echo "\n--- Restarting Apache ---\n" +sudo systemctl restart apache2 > /dev/null 2>&1 -echo -e "\n--- Configuring log rotation ---\n" -cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp +echo "\n--- Configuring log rotation ---\n" +sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp -echo -e "\n--- MISP configuration ---\n" +echo "\n--- MISP configuration ---\n" # There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied -cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php -cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php -cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php -cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php -cat > $PATH_TO_MISP/app/Config/database.php < $PATH_TO_MISP/app/Config/database.php <gen-key-script <gen-key-script < $PATH_TO_MISP/app/webroot/gpg.asc +sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-scriptgpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc -echo -e "\n--- Making the background workers start on boot... ---\n" -chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh -cat > /etc/systemd/system/workers.service < /etc/systemd/system/workers.service < /dev/null +# sudo systemctl restart workers.service > /dev/null -[Service] -Type=forking -User=www-data -ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh - -[Install] -WantedBy=multi-user.target -EOF -systemctl enable workers.service > /dev/null -systemctl restart workers.service > /dev/null +# With initd: +if [ ! -e /etc/rc.local ] +then + echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local + echo 'exit 0' | sudo tee -a /etc/rc.local + sudo chmod u+x /etc/rc.local +fi +sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local -echo -e "\n--- Installing MISP modules... ---\n" -apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1 +echo "\n--- Installing MISP modules... ---\n" +sudo apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1 cd /usr/local/src/ -git clone https://github.com/MISP/misp-modules.git +sudo git clone https://github.com/MISP/misp-modules.git cd misp-modules -pip3 install -I -r REQUIREMENTS > /dev/null 2>&1 -pip3 install -I . > /dev/null 2>&1 -cat > /etc/systemd/system/misp-modules.service < /dev/null 2>&1 +sudo pip3 install -I . > /dev/null 2>&1 +# With systemd: +# sudo cat > /etc/systemd/system/misp-modules.service < /dev/null +# sudo systemctl restart misp-modules.service > /dev/null -[Service] -Type=forking -User=www-data -ExecStart=/bin/sh -c 'misp-modules -l 0.0.0.0 -s &' - -[Install] -WantedBy=multi-user.target -EOF -systemctl enable misp-modules.service > /dev/null -systemctl restart misp-modules.service > /dev/null +# With initd: +sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local -echo -e "\n--- Restarting Apache... ---\n" -systemctl restart apache2 > /dev/null 2>&1 + +echo "\n--- Restarting Apache... ---\n" +sudo systemctl restart apache2 > /dev/null 2>&1 sleep 5 -echo -e "\n--- Updating the galaxies... ---\n" +echo "\n--- Updating the galaxies... ---\n" sudo -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/galaxies/update > /dev/null 2>&1 -echo -e "\n--- Updating the taxonomies... ---\n" +echo "\n--- Updating the taxonomies... ---\n" curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/taxonomies/update > /dev/null 2>&1 -# echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n" +# echo "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n" # # ZeroMQ depends on the Python client for Redis # pip install redis > /dev/null 2>&1 # ## Install ZeroMQ and prerequisites @@ -378,6 +397,9 @@ curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v h # pip install pyzmq > /dev/null 2>&1 -echo -e "\e[32mMISP is ready\e[0m" -echo -e "\e[0mPoint your Web browser to \e[33m$MISP_BASEURL\e[0m" -echo -e "\e[0mDefault user/pass = \e[33madmin@admin.test/admin\e[0m" +echo "\e[32mMISP is ready\e[0m" +echo "Login and passwords for the MISP image are the following:" +echo "Web interface (default network settings): $MISP_BASEURL" +echo "MISP admin: admin@admin.test/admin" +echo "Shell/SSH: misp/Password1234" +echo "MySQL: $DBUSER_ADMIN/$DBPASSWORD_ADMIN - $DBUSER_MISP/$DBPASSWORD_MISP"