initial commit. WIP.

README.rst

@@ -0,0 +1,26 @@
+Deployment of the MISP with Vagrant
+===================================
+
+This script is a work in progress!
+
+Installation of VirtualBox and Vagrant
+--------------------------------------
+
+.. code-block:: bash
+
+    $ sudo apt-get install virtualbox vagrant
+
+
+Deployment of MISP
+------------------
+
+MISP will be automatically deployed in an Ubuntu Zesty Server.
+
+.. code-block:: bash
+
+    $ git clone https://github.com/MISP/misp-vagrant.git
+    $ cd misp-vagrant/
+    $ vagrant up
+
+Once the VM will be configured by Vagrant, go to the address
+http://127.0.0.1:5000.

Vagrantfile

@@ -0,0 +1,125 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "ubuntu/zesty64"
+  #config.vm.box_url = "https://atlas.hashicorp.com/ubuntu/boxes/zesty64/versions/20170412.1.0"
+  config.vm.provision :shell, path: "bootstrap.sh"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network "forwarded_port", guest: 80, host: 5001
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # If true, then any SSH connections made will enable agent forwarding.
+  # Default value: false
+  # config.ssh.forward_agent = true
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../", "/"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider "virtualbox" do |vb|
+  #   # Don't boot with headless mode
+  #   vb.gui = true
+  #
+  #   # Use VBoxManage to customize the VM. For example to change memory:
+    vb.customize ["modifyvm", :id, "--memory", "2048"]
+    vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"]
+  end
+  #
+  # View the documentation for the provider you're using for more
+  # information on available options.
+
+  # Enable provisioning with CFEngine. CFEngine Community packages are
+  # automatically installed. For example, configure the host as a
+  # policy server and optionally a policy file to run:
+  #
+  # config.vm.provision "cfengine" do |cf|
+  #   cf.am_policy_hub = true
+  #   # cf.run_file = "motd.cf"
+  # end
+  #
+  # You can also configure and bootstrap a client to an existing
+  # policy server:
+  #
+  # config.vm.provision "cfengine" do |cf|
+  #   cf.policy_server_address = "10.0.2.15"
+  # end
+
+  # Enable provisioning with Puppet stand alone.  Puppet manifests
+  # are contained in a directory path relative to this Vagrantfile.
+  # You will need to create the manifests directory and a manifest in
+  # the file default.pp in the manifests_path directory.
+  #
+  # config.vm.provision "puppet" do |puppet|
+  #   puppet.manifests_path = "manifests"
+  #   puppet.manifest_file  = "site.pp"
+  # end
+
+  # Enable provisioning with chef solo, specifying a cookbooks path, roles
+  # path, and data_bags path (all relative to this Vagrantfile), and adding
+  # some recipes and/or roles.
+  #
+  # config.vm.provision "chef_solo" do |chef|
+  #   chef.cookbooks_path = "../my-recipes/cookbooks"
+  #   chef.roles_path = "../my-recipes/roles"
+  #   chef.data_bags_path = "../my-recipes/data_bags"
+  #   chef.add_recipe "mysql"
+  #   chef.add_role "web"
+  #
+  #   # You may also specify custom JSON attributes:
+  #   chef.json = { :mysql_password => "foo" }
+  # end
+
+  # Enable provisioning with chef server, specifying the chef server URL,
+  # and the path to the validation key (relative to this Vagrantfile).
+  #
+  # The Opscode Platform uses HTTPS. Substitute your organization for
+  # ORGNAME in the URL and validation key.
+  #
+  # If you have your own Chef Server, use the appropriate URL, which may be
+  # HTTP instead of HTTPS depending on your configuration. Also change the
+  # validation key to validation.pem.
+  #
+  # config.vm.provision "chef_client" do |chef|
+  #   chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
+  #   chef.validation_key_path = "ORGNAME-validator.pem"
+  # end
+  #
+  # If you're using the Opscode platform, your validator client is
+  # ORGNAME-validator, replacing ORGNAME with your organization name.
+  #
+  # If you have your own Chef Server, the default validation client name is
+  # chef-validator, unless you changed the configuration.
+  #
+  #   chef.validation_client_name = "ORGNAME-validator"
+end

bootstrap.sh

@@ -0,0 +1,120 @@
+#! /usr/bin/env bash
+
+# Variables
+APPENV='local'
+
+DBHOST='localhost'
+DBNAME='misp'
+DBUSER_AMIN='root'
+DBPASSWORD_AMIN='root'
+DBUSER_MISP='misp'
+DBPASSWORD_MISP='XXXXdbpasswordhereXXXXX'
+
+PATH_TO_MISP='/var/www/MISP'
+IP='127.0.0.1'
+FQDN='localhost'
+
+
+
+echo -e "\n--- Installing now... ---\n"
+
+echo -e "\n--- Updating packages list ---\n"
+apt-get -qq update
+
+echo -e "\n--- Install base packages ---\n"
+apt-get -y install vim git > /dev/null 2>&1
+
+echo -e "\n--- Install Postfix ---\n"
+# sudo apt-get install postfix
+# # Postfix Configuration: Satellite system
+# # change the relay server later with:
+# sudo postconf -e 'relayhost = example.com'
+# sudo postfix reload
+
+echo -e "\n--- Updating packages list ---\n"
+apt-get -qq update
+
+#
+# TODO: replace MySQL by MariaDB
+#
+
+echo -e "\n--- Install MySQL specific packages and settings ---\n"
+echo "mysql-server mysql-server/root_password password $DBPASSWORD_AMIN" | debconf-set-selections
+echo "mysql-server mysql-server/root_password_again password $DBPASSWORD_AMIN" | debconf-set-selections
+# echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | debconf-set-selections
+# echo "phpmyadmin phpmyadmin/app-password-confirm password $DBPASSWORD_AMIN" | debconf-set-selections
+# echo "phpmyadmin phpmyadmin/mysql/admin-pass password $DBPASSWORD_AMIN" | debconf-set-selections
+# echo "phpmyadmin phpmyadmin/mysql/app-pass password $DBPASSWORD_AMIN" | debconf-set-selections
+# echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect none" | debconf-set-selections
+apt-get -y install mysql-server phpmyadmin > /dev/null 2>&1
+
+echo -e "\n--- Installing PHP-specific packages ---\n"
+apt-get -y install php apache2 libapache2-mod-php php-curl php-gd php-mcrypt php-mysql php-pear php-apcu php-xml php-mbstring php-intl php-imagick > /dev/null 2>&1
+
+echo -e "\n--- Enabling mod-rewrite and ssl ---\n"
+a2enmod rewrite > /dev/null 2>&1
+a2enmod ssl > /dev/null 2>&1
+
+echo -e "\n--- Allowing Apache override to all ---\n"
+sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
+
+#echo -e "\n--- We want to see the PHP errors, turning them on ---\n"
+#sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/apache2/php.ini
+#sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/apache2/php.ini
+
+echo -e "\n--- Setting up our MySQL user for MISP ---\n"
+mysql -u root -p$DBPASSWORD_AMIN -e "CREATE USER '$DBUSER_MISP'@'localhost' IDENTIFIED BY '$DBPASSWORD_MISP';"
+mysql -u root -p$DBPASSWORD_AMIN -e "GRANT ALL PRIVILEGES ON * . * TO '$DBUSER_MISP'@'localhost';"
+mysql -u root -p$DBPASSWORD_AMIN -e "FLUSH PRIVILEGES;"
+
+
+mkdir $PATH_TO_MISP
+git clone https://github.com/MISP/MISP.git /var/www/MISP
+# chown -R www-data $PATH_TO_MISP
+# chgrp -R www-data $PATH_TO_MISP
+# chmod -R 700 $PATH_TO_MISP
+
+
+
+echo -e "\n--- Add a VirtualHost for MISP ---\n"
+cat > /etc/apache2/sites-enabled/000-default.conf <<EOF
+<VirtualHost $FQDN:80>
+        ServerName $FQDN
+
+        Redirect permanent / https://$FQDN
+        
+        LogLevel warn
+        ErrorLog /var/log/apache2/misp.local_error.log
+        CustomLog /var/log/apache2/misp.local_access.log combined
+        ServerSignature Off
+</VirtualHost>
+        
+<VirtualHost $FQDN:443>
+        ServerAdmin admin@$FQDN
+        ServerName $FQDN
+        DocumentRoot $PATH_TO_MISP/app/webroot
+        <Directory $PATH_TO_MISP/app/webroot>
+            Options -Indexes
+            AllowOverride all
+            Order allow,deny
+            allow from all
+        </Directory>
+        
+        SSLEngine On
+        SSLCertificateFile /etc/ssl/private/misp.local.crt
+        SSLCertificateKeyFile /etc/ssl/private/misp.local.key
+        #SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
+        
+        LogLevel warn
+        ErrorLog /var/log/apache2/misp.local_error.log
+        CustomLog /var/log/apache2/misp.local_access.log combined
+        ServerSignature Off
+</VirtualHost>
+EOF
+
+
+echo -e "\n--- Restarting Apache ---\n"
+service apache2 restart > /dev/null 2>&1
+
+
+echo -e "\n--- MISP is ready! Point your Web browser to http://127.0.0.1:5000 ---\n"