specify the kind of MISP environment (dev or demo) with a environment variable.

2017-08-29 22:14:47 +02:00 · 2017-08-29 22:14:47 +02:00 · 26a2f3646e
parent 1105bee924
commit 26a2f3646e
3 changed files with 329 additions and 282 deletions
--- a/README.rst
+++ b/README.rst
@ -1,5 +1,12 @@
-Deployment of MISP with Vagrant
+Development environment for MISP
-===============================
+================================
 Vagrant is convenient to use in order to setup your development environment.
 This VM uses `synced folders <https://www.vagrantup.com/docs/synced-folders/>`_
 feature of Vagrant in order to let you work on the MISP source code on your
 host machine while the softwares (Apache, PHP, MariaDB, etc.) and libraries
 will be installed on the guest Vagrant machine.
 Installation of VirtualBox and Vagrant
@ -17,13 +24,23 @@ MISP will be automatically deployed in an Ubuntu Zesty Server.
 .. code-block:: bash
-    $ git clone https://github.com/MISP/misp-vagrant.git
+    $ git clone https://github.com/MISP/MISP.git
-    $ cd misp-vagrant/
+    $ cd MISP/vagrant/
    $ vagrant up
 Once the VM will be configured by Vagrant, go to the address
-http://127.0.0.1:5000. Use the user/password: admin@admin.test/admin
+http://127.0.0.1:5000.
 You can now edit the source code with your favorite editor and test it in your
 browser. The only thing is to not forget to restart Apache in the VM after a
 modification.
 If you do not want a development environment with synced folders:
    $ git clone https://github.com/MISP/misp-vagrant.git
    $ cd misp-vagrant/
    $ MISP_ENV='demo'
    $ vagrant up
 Modules activated by default in the VM:
--- a/260
+++ b/260
@ -1,126 +1,134 @@
-# -*- mode: ruby -*-
+# -*- mode: ruby -*-
-# vi: set ft=ruby :
+# vi: set ft=ruby :
-
+
-# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
-VAGRANTFILE_API_VERSION = "2"
+VAGRANTFILE_API_VERSION = "2"
-
+
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+MISP_ENV = ENV['MISP_ENV'] || 'dev'
-  # All Vagrant configuration is done here. The most common configuration
+
-  # options are documented and commented below. For a complete reference,
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  # please see the online documentation at vagrantup.com.
+  # All Vagrant configuration is done here. The most common configuration
-
+  # options are documented and commented below. For a complete reference,
-  # Every Vagrant virtual environment requires a box to build off of.
+  # please see the online documentation at vagrantup.com.
-  config.vm.box = "ubuntu/zesty64"
+
-  #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0"
+  # Every Vagrant virtual environment requires a box to build off of.
-  config.vm.provision :shell, path: "bootstrap.sh"
+  #config.vm.box = "bento/ubuntu-16.04"
-
+  config.vm.box = "ubuntu/zesty64"
-  # Disable automatic box update checking. If you disable this, then
+  #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0"
-  # boxes will only be checked for updates when the user runs
+  config.vm.provision :shell, path: "bootstrap.sh", args: "#{MISP_ENV}"
-  # `vagrant box outdated`. This is not recommended.
+
-  # config.vm.box_check_update = false
+  # Disable automatic box update checking. If you disable this, then
-
+  # boxes will only be checked for updates when the user runs
-  # Create a forwarded port mapping which allows access to a specific port
+  # `vagrant box outdated`. This is not recommended.
-  # within the machine from a port on the host machine. In the example below,
+  # config.vm.box_check_update = false
-  # accessing "localhost:8080" will access port 80 on the guest machine.
+
-  config.vm.network :forwarded_port, guest: 80, host: 5000
+  # Create a forwarded port mapping which allows access to a specific port
-  config.vm.network :forwarded_port, guest: 6666, host: 6666
+  # within the machine from a port on the host machine. In the example below,
-
+  # accessing "localhost:8080" will access port 80 on the guest machine.
-  # Create a private network, which allows host-only access to the machine
+  config.vm.network :forwarded_port, guest: 80, host: 5000
-  # using a specific IP.
+  config.vm.network :forwarded_port, guest: 6666, host: 6666
-  # config.vm.network "private_network", ip: "192.168.33.10"
+
-
+  # Create a private network, which allows host-only access to the machine
-  # Create a public network, which generally matched to bridged network.
+  # using a specific IP.
-  # Bridged networks make the machine appear as another physical device on
+  # config.vm.network "private_network", ip: "192.168.33.10"
-  # your network.
+
-  # config.vm.network "public_network"
+  # Create a public network, which generally matched to bridged network.
-
+  # Bridged networks make the machine appear as another physical device on
-  # If true, then any SSH connections made will enable agent forwarding.
+  # your network.
-  # Default value: false
+  # config.vm.network "public_network"
-  # config.ssh.forward_agent = true
+
-
+  # If true, then any SSH connections made will enable agent forwarding.
-  # Share an additional folder to the guest VM. The first argument is
+  # Default value: false
-  # the path on the host to the actual folder. The second argument is
+  # config.ssh.forward_agent = true
-  # the path on the guest to mount the folder. And the optional third
+
-  # argument is a set of non-required options.
+  # Share an additional folder to the guest VM. The first argument is
-  # config.vm.synced_folder "../", "/"
+  # the path on the host to the actual folder. The second argument is
-
+  # the path on the guest to mount the folder. And the optional third
-  # Provider-specific configuration so you can fine-tune various
+  # argument is a set of non-required options.
-  # backing providers for Vagrant. These expose provider-specific options.
+  disabled = true
-  # Example for VirtualBox:
+  if MISP_ENV == "dev"
-  #
+      disabled = false
-  config.vm.provider "virtualbox" do |vb|
+  end
-  #   # Don't boot with headless mode
+  config.vm.synced_folder "..", "/var/www/MISP",
-  #   vb.gui = true
+                        owner: "www-data", group: "www-data", disabled: disabled
-  #
+
-  #   # Use VBoxManage to customize the VM. For example to change memory:
+  # Provider-specific configuration so you can fine-tune various
-    vb.customize ["modifyvm", :id, "--memory", "4096"]
+  # backing providers for Vagrant. These expose provider-specific options.
-    vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"]
+  # Example for VirtualBox:
-  end
+  #
-  #
+  config.vm.provider "virtualbox" do |vb|
-  # View the documentation for the provider you're using for more
+  #   # Don't boot with headless mode
-  # information on available options.
+  #   vb.gui = true
-
+  #
-  # Enable provisioning with CFEngine. CFEngine Community packages are
+  #   # Use VBoxManage to customize the VM. For example to change memory:
-  # automatically installed. For example, configure the host as a
+    vb.customize ["modifyvm", :id, "--memory", "4096"]
-  # policy server and optionally a policy file to run:
+    vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04 - DEV"]
-  #
+  end
-  # config.vm.provision "cfengine" do |cf|
+  #
-  #   cf.am_policy_hub = true
+  # View the documentation for the provider you're using for more
-  #   # cf.run_file = "motd.cf"
+  # information on available options.
-  # end
+
-  #
+  # Enable provisioning with CFEngine. CFEngine Community packages are
-  # You can also configure and bootstrap a client to an existing
+  # automatically installed. For example, configure the host as a
-  # policy server:
+  # policy server and optionally a policy file to run:
-  #
+  #
-  # config.vm.provision "cfengine" do |cf|
+  # config.vm.provision "cfengine" do |cf|
-  #   cf.policy_server_address = "10.0.2.15"
+  #   cf.am_policy_hub = true
-  # end
+  #   # cf.run_file = "motd.cf"
-
+  # end
-  # Enable provisioning with Puppet stand alone.  Puppet manifests
+  #
-  # are contained in a directory path relative to this Vagrantfile.
+  # You can also configure and bootstrap a client to an existing
-  # You will need to create the manifests directory and a manifest in
+  # policy server:
-  # the file default.pp in the manifests_path directory.
+  #
-  #
+  # config.vm.provision "cfengine" do |cf|
-  # config.vm.provision "puppet" do |puppet|
+  #   cf.policy_server_address = "10.0.2.15"
-  #   puppet.manifests_path = "manifests"
+  # end
-  #   puppet.manifest_file  = "site.pp"
+
-  # end
+  # Enable provisioning with Puppet stand alone.  Puppet manifests
-
+  # are contained in a directory path relative to this Vagrantfile.
-  # Enable provisioning with chef solo, specifying a cookbooks path, roles
+  # You will need to create the manifests directory and a manifest in
-  # path, and data_bags path (all relative to this Vagrantfile), and adding
+  # the file default.pp in the manifests_path directory.
-  # some recipes and/or roles.
+  #
-  #
+  # config.vm.provision "puppet" do |puppet|
-  # config.vm.provision "chef_solo" do |chef|
+  #   puppet.manifests_path = "manifests"
-  #   chef.cookbooks_path = "../my-recipes/cookbooks"
+  #   puppet.manifest_file  = "site.pp"
-  #   chef.roles_path = "../my-recipes/roles"
+  # end
-  #   chef.data_bags_path = "../my-recipes/data_bags"
+
-  #   chef.add_recipe "mysql"
+  # Enable provisioning with chef solo, specifying a cookbooks path, roles
-  #   chef.add_role "web"
+  # path, and data_bags path (all relative to this Vagrantfile), and adding
-  #
+  # some recipes and/or roles.
-  #   # You may also specify custom JSON attributes:
+  #
-  #   chef.json = { :mysql_password => "foo" }
+  # config.vm.provision "chef_solo" do |chef|
-  # end
+  #   chef.cookbooks_path = "../my-recipes/cookbooks"
-
+  #   chef.roles_path = "../my-recipes/roles"
-  # Enable provisioning with chef server, specifying the chef server URL,
+  #   chef.data_bags_path = "../my-recipes/data_bags"
-  # and the path to the validation key (relative to this Vagrantfile).
+  #   chef.add_recipe "mysql"
-  #
+  #   chef.add_role "web"
-  # The Opscode Platform uses HTTPS. Substitute your organization for
+  #
-  # ORGNAME in the URL and validation key.
+  #   # You may also specify custom JSON attributes:
-  #
+  #   chef.json = { :mysql_password => "foo" }
-  # If you have your own Chef Server, use the appropriate URL, which may be
+  # end
-  # HTTP instead of HTTPS depending on your configuration. Also change the
+
-  # validation key to validation.pem.
+  # Enable provisioning with chef server, specifying the chef server URL,
-  #
+  # and the path to the validation key (relative to this Vagrantfile).
-  # config.vm.provision "chef_client" do |chef|
+  #
-  #   chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
+  # The Opscode Platform uses HTTPS. Substitute your organization for
-  #   chef.validation_key_path = "ORGNAME-validator.pem"
+  # ORGNAME in the URL and validation key.
-  # end
+  #
-  #
+  # If you have your own Chef Server, use the appropriate URL, which may be
-  # If you're using the Opscode platform, your validator client is
+  # HTTP instead of HTTPS depending on your configuration. Also change the
-  # ORGNAME-validator, replacing ORGNAME with your organization name.
+  # validation key to validation.pem.
-  #
+  #
-  # If you have your own Chef Server, the default validation client name is
+  # config.vm.provision "chef_client" do |chef|
-  # chef-validator, unless you changed the configuration.
+  #   chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
-  #
+  #   chef.validation_key_path = "ORGNAME-validator.pem"
-  #   chef.validation_client_name = "ORGNAME-validator"
+  # end
-end
+  #
  # If you're using the Opscode platform, your validator client is
  # ORGNAME-validator, replacing ORGNAME with your organization name.
  #
  # If you have your own Chef Server, the default validation client name is
  # chef-validator, unless you changed the configuration.
  #
  #   chef.validation_client_name = "ORGNAME-validator"
 end
--- a/bootstrap.sh
+++ b/bootstrap.sh
@ -1,5 +1,9 @@
 #! /usr/bin/env bash
 MISP_ENV=$1
 echo $MISP_ENV
 # Database configuration
 DBHOST='localhost'
 DBNAME='misp'
@ -10,57 +14,54 @@ DBPASSWORD_MISP="$(openssl rand -hex 32)"
 # Webserver configuration
 PATH_TO_MISP='/var/www/MISP'
-MISP_BASEURL='http://127.0.0.1:5000'
+MISP_BASEURL='http://127.0.0.1'
 MISP_LIVE='1'
 FQDN='localhost'
 # OpenSSL configuration
-OPENSSL_C='Luxembourg'
+OPENSSL_C='LU'
-OPENSSL_ST='Luxembourg'
+OPENSSL_ST='State'
-OPENSSL_L='Luxembourg'
+OPENSSL_L='Location'
-OPENSSL_O='SMILE'
+OPENSSL_O='Organization'
-OPENSSL_OU='CIRCL'
+OPENSSL_OU='Organizational Unit'
-OPENSSL_CN='circl.lu'
+OPENSSL_CN='Common Name'
-OPENSSL_EMAILADDRESS='info@circl.lu'
+OPENSSL_EMAILADDRESS='info@localhost'
 # GPG configuration
-GPG_REAL_NAME='Cedric'
+GPG_REAL_NAME='Real name'
-GPG_EMAIL_ADDRESS='info@circl.lu'
+GPG_EMAIL_ADDRESS='info@localhost'
 GPG_KEY_LENGTH='2048'
 GPG_PASSPHRASE=''
-echo -e "\n--- Installing MISP... ---\n"
+echo "\n--- Installing MISP... ---\n"
-echo -e "\n--- Updating packages list ---\n"
+echo "\n--- Updating packages list ---\n"
-apt-get -qq update
+sudo apt-get -qq update
-echo -e "\n--- Install base packages ---\n"
+echo "\n--- Install base packages ---\n"
-apt-get -y install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
+sudo apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
 # To prevent a random error when cloning with Git: 'RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.'
 git config --global http.postBuffer 1048576000
 git config --global https.postBuffer 1048576000
-echo -e "\n--- Installing and configuring Postfix ---\n"
+echo "\n--- Installing and configuring Postfix ---\n"
 # # Postfix Configuration: Satellite system
 # # change the relay server later with:
 # sudo postconf -e 'relayhost = example.com'
 # sudo postfix reload
-echo "postfix postfix/mailname string `hostname`.ourdomain.org" | debconf-set-selections
+echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections
 echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections
-apt-get install -y postfix > /dev/null 2>&1
+sudo apt-get install -y postfix > /dev/null 2>&1
-echo -e "\n--- Installing MariaDB specific packages and settings ---\n"
+echo "\n--- Installing MariaDB specific packages and settings ---\n"
-apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
+sudo apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
 # Secure the MariaDB installation (especially by setting a strong root password)
 sleep 7 # give some time to the DB to launch...
-apt-get install -y expect > /dev/null 2>&1
+sudo apt-get install -y expect > /dev/null 2>&1
 expect -f - <<-EOF
  set timeout 10
  spawn mysql_secure_installation
@ -82,114 +83,117 @@ expect -f - <<-EOF
  send -- "y\r"
  expect eof
 EOF
-apt-get purge -y expect > /dev/null 2>&1
+sudo apt-get purge -y expect > /dev/null 2>&1
-echo -e "\n--- Installing Apache2 ---\n"
+echo "\n--- Installing Apache2 ---\n"
-apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
+sudo apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
-a2dismod status > /dev/null 2>&1
+sudo a2dismod status > /dev/null 2>&1
-a2enmod ssl > /dev/null 2>&1
+sudo a2enmod ssl > /dev/null 2>&1
-a2enmod rewrite > /dev/null 2>&1
+sudo a2enmod rewrite > /dev/null 2>&1
-a2dissite 000-default > /dev/null 2>&1
+sudo a2dissite 000-default > /dev/null 2>&1
-a2ensite default-ssl > /dev/null 2>&1
+sudo a2ensite default-ssl > /dev/null 2>&1
-echo -e "\n--- Installing PHP-specific packages ---\n"
+echo "\n--- Installing PHP-specific packages ---\n"
-apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1
+sudo apt-get install -y libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml > /dev/null 2>&1
-echo -e "\n--- Restarting Apache ---\n"
+echo "\n--- Restarting Apache ---\n"
-systemctl restart apache2 > /dev/null 2>&1
+sudo systemctl restart apache2 > /dev/null 2>&1
-echo -e "\n--- Retrieving MISP ---\n"
+echo "\n--- Retrieving MISP ---\n"
-mkdir $PATH_TO_MISP
+if [ "$MISP_ENV" != "dev" ]; then
-chown www-data:www-data $PATH_TO_MISP
+    mkdir $PATH_TO_MISP
    sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
 fi
 sudo chown www-data:www-data $PATH_TO_MISP
 cd $PATH_TO_MISP
-git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
+sudo -u www-data git clone https://github.com/MISP/MISP.git $PATH_TO_MISP
 #git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
-git config core.filemode false
+sudo -u www-data git config core.filemode false
 # chown -R www-data $PATH_TO_MISP
 # chgrp -R www-data $PATH_TO_MISP
 # chmod -R 700 $PATH_TO_MISP
-echo -e "\n--- Installing Mitre's STIX ---\n"
+echo "\n--- Installing Mitre's STIX ---\n"
-apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
+sudo apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
 cd $PATH_TO_MISP/app/files/scripts
-git clone https://github.com/CybOXProject/python-cybox.git
+sudo -u www-data git clone https://github.com/CybOXProject/python-cybox.git
-git clone https://github.com/STIXProject/python-stix.git
+sudo -u www-data git clone https://github.com/STIXProject/python-stix.git
 cd $PATH_TO_MISP/app/files/scripts/python-cybox
-git checkout v2.1.0.12
+sudo -u www-data git checkout v2.1.0.12
-python setup.py install > /dev/null 2>&1
+sudo python setup.py install > /dev/null 2>&1
 cd $PATH_TO_MISP/app/files/scripts/python-stix
-git checkout v1.1.1.4
+sudo -u www-data git checkout v1.1.1.4
-python setup.py install > /dev/null 2>&1
+sudo python setup.py install > /dev/null 2>&1
 # install mixbox to accomodate the new STIX dependencies:
 cd $PATH_TO_MISP/app/files/scripts/
-git clone https://github.com/CybOXProject/mixbox.git
+sudo -u www-data git clone https://github.com/CybOXProject/mixbox.git
 cd $PATH_TO_MISP/app/files/scripts/mixbox
-git checkout v1.0.2
+sudo -u www-data git checkout v1.0.2
-python setup.py install > /dev/null 2>&1
+sudo python setup.py install > /dev/null 2>&1
-echo -e "\n--- Retrieving CakePHP... ---\n"
+echo "\n--- Retrieving CakePHP... ---\n"
 # CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
 cd $PATH_TO_MISP
-git submodule init
+sudo -u www-data git submodule init
-git submodule update
+sudo -u www-data git submodule update
 # Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
 cd $PATH_TO_MISP/app
-php composer.phar require kamisama/cake-resque:4.1.2
+sudo -u www-data php composer.phar require kamisama/cake-resque:4.1.2
-php composer.phar config vendor-dir Vendor
+sudo -u www-data php composer.phar config vendor-dir Vendor
-php composer.phar install
+sudo -u www-data php composer.phar install
 # Enable CakeResque with php-redis
-phpenmod redis
+sudo phpenmod redis
 # To use the scheduler worker for scheduled tasks, do the following:
-cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
+sudo -u www-data cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
-echo -e "\n--- Setting the permissions... ---\n"
+echo "\n--- Setting the permissions... ---\n"
-chown -R www-data:www-data $PATH_TO_MISP
+sudo chown -R www-data:www-data $PATH_TO_MISP
-chmod -R 750 $PATH_TO_MISP
+sudo chmod -R 750 $PATH_TO_MISP
-chmod -R g+ws $PATH_TO_MISP/app/tmp
+sudo chmod -R g+ws $PATH_TO_MISP/app/tmp
-chmod -R g+ws $PATH_TO_MISP/app/files
+sudo chmod -R g+ws $PATH_TO_MISP/app/files
-chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
+sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
-echo -e "\n--- Creating a database user... ---\n"
+echo "\n--- Creating a database user... ---\n"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
-mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
+sudo mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
 # Import the empty MISP database from MYSQL.sql
-mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql
+sudo -u www-data mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME < /var/www/MISP/INSTALL/MYSQL.sql
-echo -e "\n--- Configuring Apache... ---\n"
+echo "\n--- Configuring Apache... ---\n"
 # !!! apache.24.misp.ssl seems to be missing
 #cp $PATH_TO_MISP/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf
 # If a valid SSL certificate is not already created for the server, create a self-signed certificate:
-sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt
+sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST=$OPENSSL_ST/L=$OPENSSL_L/O=<$OPENSSL_O/OU=$OPENSSL_OU/CN=$OPENSSL_CN/emailAddress=$OPENSSL_EMAILADDRESS" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null
-echo -e "\n--- Add a VirtualHost for MISP ---\n"
+echo "\n--- Add a VirtualHost for MISP ---\n"
-cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
+sudo cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
 <VirtualHost *:80>
-        ServerAdmin me@me.local
+    ServerAdmin admin@misp.local
-        ServerName misp.local
+    ServerName misp.local
-        DocumentRoot $PATH_TO_MISP/app/webroot
+    DocumentRoot $PATH_TO_MISP/app/webroot
-        <Directory $PATH_TO_MISP/app/webroot>
+    <Directory $PATH_TO_MISP/app/webroot>
-            Options -Indexes
+        Options -Indexes
-            AllowOverride all
+        AllowOverride all
-            Require all granted
+        Require all granted
-        </Directory>
+    </Directory>
-        LogLevel warn
+    LogLevel warn
-        ErrorLog /var/log/apache2/misp.local_error.log
+    ErrorLog /var/log/apache2/misp.local_error.log
-        CustomLog /var/log/apache2/misp.local_access.log combined
+    CustomLog /var/log/apache2/misp.local_access.log combined
-        ServerSignature Off
+    ServerSignature Off
 </VirtualHost>
 EOF
 # cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
@ -227,25 +231,25 @@ EOF
 # </VirtualHost>
 # EOF
 # activate new vhost
-a2dissite default-ssl
+sudo a2dissite default-ssl
-a2ensite misp-ssl
+sudo a2ensite misp-ssl
-echo -e "\n--- Restarting Apache ---\n"
+echo "\n--- Restarting Apache ---\n"
-systemctl restart apache2 > /dev/null 2>&1
+sudo systemctl restart apache2 > /dev/null 2>&1
-echo -e "\n--- Configuring log rotation ---\n"
+echo "\n--- Configuring log rotation ---\n"
-cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
+sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
-echo -e "\n--- MISP configuration ---\n"
+echo "\n--- MISP configuration ---\n"
 # There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
-cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
+sudo -u www-data cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
-cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
+sudo -u www-data cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
-cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
+sudo -u www-data cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
-cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
+sudo -u www-data cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
-cat > $PATH_TO_MISP/app/Config/database.php <<EOF
+sudo -u www-data cat > $PATH_TO_MISP/app/Config/database.php <<EOF
 <?php
 class DATABASE_CONFIG {
        public \$default = array(
@ -264,17 +268,17 @@ class DATABASE_CONFIG {
 }
 EOF
 # and make sure the file permissions are still OK
-chown -R www-data:www-data $PATH_TO_MISP/app/Config
+sudo chown -R www-data:www-data $PATH_TO_MISP/app/Config
-chmod -R 750 $PATH_TO_MISP/app/Config
+sudo chmod -R 750 $PATH_TO_MISP/app/Config
 # Set some MISP directives with the command line tool
-$PATH_TO_MISP/app/Console/cake Baseurl $MISP_BASEURL
+sudo $PATH_TO_MISP/app/Console/cake Baseurl $MISP_BASEURL
-$PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
+sudo $PATH_TO_MISP/app/Console/cake Live $MISP_LIVE
-echo -e "\n--- Generating a GPG encryption key... ---\n"
+echo "\n--- Generating a GPG encryption key... ---\n"
-apt-get install -y rng-tools haveged
+sudo apt-get install -y rng-tools haveged
-mkdir $PATH_TO_MISP/.gnupg
+sudo -u www-data mkdir $PATH_TO_MISP/.gnupg
-chmod 700 $PATH_TO_MISP/.gnupg
+sudo chmod 700 $PATH_TO_MISP/.gnupg
 cat >gen-key-script <<EOF
    %echo Generating a default key
    Key-Type: default
@ -289,68 +293,83 @@ cat >gen-key-script <<EOF
    %commit
    %echo done
 EOF
-gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-script
+sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-script
 rm gen-key-script
 # And export the public key to the webroot
-gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc
+sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key gen-key-scriptgpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc
-echo -e "\n--- Making the background workers start on boot... ---\n"
+echo "\n--- Making the background workers start on boot... ---\n"
-chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
+sudo chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
-cat > /etc/systemd/system/workers.service  <<EOF
+# With systemd:
-[Unit]
+# sudo cat > /etc/systemd/system/workers.service  <<EOF
-Description=Start the background workers at boot
+# [Unit]
 # Description=Start the background workers at boot
 #
 # [Service]
 # Type=forking
 # User=www-data
 # ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
 #
 # [Install]
 # WantedBy=multi-user.target
 # EOF
 # sudo systemctl enable workers.service > /dev/null
 # sudo systemctl restart workers.service > /dev/null
-[Service]
+# With initd:
-Type=forking
+if [ ! -e /etc/rc.local ]
-User=www-data
+then
-ExecStart=$PATH_TO_MISP/app/Console/worker/start.sh
+    echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local
-
+    echo 'exit 0' | sudo tee -a /etc/rc.local
-[Install]
+    sudo chmod u+x /etc/rc.local
-WantedBy=multi-user.target
+fi
-EOF
+sudo sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
 systemctl enable workers.service > /dev/null
 systemctl restart workers.service > /dev/null
-echo -e "\n--- Installing MISP modules... ---\n"
+echo "\n--- Installing MISP modules... ---\n"
-apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1
+sudo apt-get install -y python3-dev python3-pip libpq5 libjpeg-dev > /dev/null 2>&1
 cd /usr/local/src/
-git clone https://github.com/MISP/misp-modules.git
+sudo git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
-pip3 install -I -r REQUIREMENTS > /dev/null 2>&1
+sudo pip3 install -I -r REQUIREMENTS > /dev/null 2>&1
-pip3 install -I . > /dev/null 2>&1
+sudo pip3 install -I . > /dev/null 2>&1
-cat > /etc/systemd/system/misp-modules.service  <<EOF
+# With systemd:
-[Unit]
+# sudo cat > /etc/systemd/system/misp-modules.service  <<EOF
-Description=Start the misp modules server at boot
+# [Unit]
 # Description=Start the misp modules server at boot
 #
 # [Service]
 # Type=forking
 # User=www-data
 # ExecStart=/bin/sh -c 'misp-modules -l 0.0.0.0 -s &'
 #
 # [Install]
 # WantedBy=multi-user.target
 # EOF
 # sudo systemctl enable misp-modules.service > /dev/null
 # sudo systemctl restart misp-modules.service > /dev/null
-[Service]
+# With initd:
-Type=forking
+sudo sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
 User=www-data
 ExecStart=/bin/sh -c 'misp-modules -l 0.0.0.0 -s &'
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable misp-modules.service > /dev/null
 systemctl restart misp-modules.service > /dev/null
-echo -e "\n--- Restarting Apache... ---\n"
+
-systemctl restart apache2 > /dev/null 2>&1
+echo "\n--- Restarting Apache... ---\n"
 sudo systemctl restart apache2 > /dev/null 2>&1
 sleep 5
-echo -e "\n--- Updating the galaxies... ---\n"
+echo "\n--- Updating the galaxies... ---\n"
 sudo -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null
 AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
 curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/galaxies/update > /dev/null 2>&1
-echo -e "\n--- Updating the taxonomies... ---\n"
+echo "\n--- Updating the taxonomies... ---\n"
 curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v http://127.0.0.1/taxonomies/update > /dev/null 2>&1
-# echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
+# echo "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
 # # ZeroMQ depends on the Python client for Redis
 # pip install redis > /dev/null 2>&1
 # ## Install ZeroMQ and prerequisites
@ -378,6 +397,9 @@ curl -k -X POST -H "Authorization: $AUTH_KEY" -H "Accept: application/json" -v h
 # pip install pyzmq > /dev/null 2>&1
-echo -e "\e[32mMISP is ready\e[0m"
+echo "\e[32mMISP is ready\e[0m"
-echo -e "\e[0mPoint your Web browser to \e[33m$MISP_BASEURL\e[0m"
+echo "Login and passwords for the MISP image are the following:"
-echo -e "\e[0mDefault user/pass = \e[33madmin@admin.test/admin\e[0m"
+echo "Web interface (default network settings): $MISP_BASEURL"
 echo "MISP admin:  admin@admin.test/admin"
 echo "Shell/SSH: misp/Password1234"
 echo "MySQL:  $DBUSER_ADMIN/$DBPASSWORD_ADMIN - $DBUSER_MISP/$DBPASSWORD_MISP"