mirror of https://github.com/MISP/misp-vagrant
Various improvements.
parent
a21dab32a2
commit
c2947a6b6f
|
@ -5,10 +5,13 @@ This script is a work in progress! Almost working :-)
|
||||||
|
|
||||||
TODO:
|
TODO:
|
||||||
|
|
||||||
* check the GPG key generation and the generation of the SSL certificate;
|
* check the generation of the SSL certificate;
|
||||||
* check the configuration of postfix;
|
* check the configuration of postfix;
|
||||||
* configure redis connection;
|
* configure redis connection;
|
||||||
* make the background workers start on boot;
|
* make the background workers start on boot.
|
||||||
|
|
||||||
|
Improvements:
|
||||||
|
|
||||||
* provide more options through variables (for the gpg keys, etc.).
|
* provide more options through variables (for the gpg keys, etc.).
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||||
# vb.gui = true
|
# vb.gui = true
|
||||||
#
|
#
|
||||||
# # Use VBoxManage to customize the VM. For example to change memory:
|
# # Use VBoxManage to customize the VM. For example to change memory:
|
||||||
vb.customize ["modifyvm", :id, "--memory", "2048"]
|
vb.customize ["modifyvm", :id, "--memory", "4096"]
|
||||||
vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"]
|
vb.customize ["modifyvm", :id, "--name", "MISP - Ubuntu 17.04"]
|
||||||
end
|
end
|
||||||
#
|
#
|
||||||
|
|
124
bootstrap.sh
124
bootstrap.sh
|
@ -41,6 +41,9 @@ apt-get -qq update
|
||||||
echo -e "\n--- Install base packages ---\n"
|
echo -e "\n--- Install base packages ---\n"
|
||||||
apt-get -y install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
|
apt-get -y install curl gcc git gnupg-agent make python openssl redis-server sudo vim zip > /dev/null 2>&1
|
||||||
|
|
||||||
|
# To prevent a random error when cloning with Git: 'RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.'
|
||||||
|
git config --global http.postBuffer 1048576000
|
||||||
|
git config --global https.postBuffer 1048576000
|
||||||
|
|
||||||
echo -e "\n--- Installing and configuring Postfix ---\n"
|
echo -e "\n--- Installing and configuring Postfix ---\n"
|
||||||
# # Postfix Configuration: Satellite system
|
# # Postfix Configuration: Satellite system
|
||||||
|
@ -53,11 +56,10 @@ apt-get install -y postfix > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Installing MariaDB specific packages and settings ---\n"
|
echo -e "\n--- Installing MariaDB specific packages and settings ---\n"
|
||||||
|
|
||||||
apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
|
apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
|
||||||
# Secure the MariaDB installation (especially by setting a strong root password)
|
# Secure the MariaDB installation (especially by setting a strong root password)
|
||||||
sleep 7 # give some time to the DB to launch...
|
sleep 7 # give some time to the DB to launch...
|
||||||
apt-get install -y expect
|
apt-get install -y expect > /dev/null 2>&1
|
||||||
expect -f - <<-EOF
|
expect -f - <<-EOF
|
||||||
set timeout 10
|
set timeout 10
|
||||||
spawn mysql_secure_installation
|
spawn mysql_secure_installation
|
||||||
|
@ -79,7 +81,7 @@ expect -f - <<-EOF
|
||||||
send -- "y\r"
|
send -- "y\r"
|
||||||
expect eof
|
expect eof
|
||||||
EOF
|
EOF
|
||||||
apt-get purge -y expect
|
apt-get purge -y expect > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Installing Apache2 ---\n"
|
echo -e "\n--- Installing Apache2 ---\n"
|
||||||
|
@ -112,22 +114,22 @@ git config core.filemode false
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Installing Mitre's STIX ---\n"
|
echo -e "\n--- Installing Mitre's STIX ---\n"
|
||||||
apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools
|
apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
|
||||||
cd $PATH_TO_MISP/app/files/scripts
|
cd $PATH_TO_MISP/app/files/scripts
|
||||||
git clone https://github.com/CybOXProject/python-cybox.git
|
git clone https://github.com/CybOXProject/python-cybox.git
|
||||||
git clone https://github.com/STIXProject/python-stix.git
|
git clone https://github.com/STIXProject/python-stix.git
|
||||||
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
cd $PATH_TO_MISP/app/files/scripts/python-cybox
|
||||||
git checkout v2.1.0.12
|
git checkout v2.1.0.12
|
||||||
python setup.py install
|
python setup.py install > /dev/null 2>&1
|
||||||
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
cd $PATH_TO_MISP/app/files/scripts/python-stix
|
||||||
git checkout v1.1.1.4
|
git checkout v1.1.1.4
|
||||||
python setup.py install
|
python setup.py install > /dev/null 2>&1
|
||||||
# install mixbox to accomodate the new STIX dependencies:
|
# install mixbox to accomodate the new STIX dependencies:
|
||||||
cd $PATH_TO_MISP/app/files/scripts/
|
cd $PATH_TO_MISP/app/files/scripts/
|
||||||
git clone https://github.com/CybOXProject/mixbox.git
|
git clone https://github.com/CybOXProject/mixbox.git
|
||||||
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
cd $PATH_TO_MISP/app/files/scripts/mixbox
|
||||||
git checkout v1.0.2
|
git checkout v1.0.2
|
||||||
python setup.py install
|
python setup.py install > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Retrieving CakePHP... ---\n"
|
echo -e "\n--- Retrieving CakePHP... ---\n"
|
||||||
|
@ -173,17 +175,6 @@ sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=$OPENSSL_C/ST
|
||||||
echo -e "\n--- Add a VirtualHost for MISP ---\n"
|
echo -e "\n--- Add a VirtualHost for MISP ---\n"
|
||||||
cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName misp.local
|
|
||||||
|
|
||||||
Redirect permanent / https://$FQDN
|
|
||||||
|
|
||||||
LogLevel warn
|
|
||||||
ErrorLog /var/log/apache2/misp.local_error.log
|
|
||||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
|
||||||
ServerSignature Off
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<VirtualHost *:443>
|
|
||||||
ServerAdmin me@me.local
|
ServerAdmin me@me.local
|
||||||
ServerName misp.local
|
ServerName misp.local
|
||||||
DocumentRoot $PATH_TO_MISP/app/webroot
|
DocumentRoot $PATH_TO_MISP/app/webroot
|
||||||
|
@ -194,17 +185,46 @@ cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
||||||
Require all granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
SSLEngine On
|
|
||||||
SSLCertificateFile /etc/ssl/private/misp.local.crt
|
|
||||||
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
|
||||||
#SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
|
||||||
|
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
ErrorLog /var/log/apache2/misp.local_error.log
|
ErrorLog /var/log/apache2/misp.local_error.log
|
||||||
CustomLog /var/log/apache2/misp.local_access.log combined
|
CustomLog /var/log/apache2/misp.local_access.log combined
|
||||||
ServerSignature Off
|
ServerSignature Off
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
EOF
|
EOF
|
||||||
|
# cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
|
||||||
|
# <VirtualHost *:80>
|
||||||
|
# ServerName misp.local
|
||||||
|
#
|
||||||
|
# Redirect permanent / https://$FQDN
|
||||||
|
#
|
||||||
|
# LogLevel warn
|
||||||
|
# ErrorLog /var/log/apache2/misp.local_error.log
|
||||||
|
# CustomLog /var/log/apache2/misp.local_access.log combined
|
||||||
|
# ServerSignature Off
|
||||||
|
# </VirtualHost>
|
||||||
|
#
|
||||||
|
# <VirtualHost *:443>
|
||||||
|
# ServerAdmin me@me.local
|
||||||
|
# ServerName misp.local
|
||||||
|
# DocumentRoot $PATH_TO_MISP/app/webroot
|
||||||
|
#
|
||||||
|
# <Directory $PATH_TO_MISP/app/webroot>
|
||||||
|
# Options -Indexes
|
||||||
|
# AllowOverride all
|
||||||
|
# Require all granted
|
||||||
|
# </Directory>
|
||||||
|
#
|
||||||
|
# SSLEngine On
|
||||||
|
# SSLCertificateFile /etc/ssl/private/misp.local.crt
|
||||||
|
# SSLCertificateKeyFile /etc/ssl/private/misp.local.key
|
||||||
|
# #SSLCertificateChainFile /etc/ssl/private/misp-chain.crt
|
||||||
|
#
|
||||||
|
# LogLevel warn
|
||||||
|
# ErrorLog /var/log/apache2/misp.local_error.log
|
||||||
|
# CustomLog /var/log/apache2/misp.local_access.log combined
|
||||||
|
# ServerSignature Off
|
||||||
|
# </VirtualHost>
|
||||||
|
# EOF
|
||||||
# activate new vhost
|
# activate new vhost
|
||||||
a2dissite default-ssl
|
a2dissite default-ssl
|
||||||
a2ensite misp-ssl
|
a2ensite misp-ssl
|
||||||
|
@ -220,6 +240,10 @@ cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
|
||||||
|
|
||||||
echo -e "\n--- MISP configuration ---\n"
|
echo -e "\n--- MISP configuration ---\n"
|
||||||
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
|
||||||
|
cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php
|
||||||
|
cp -a $PATH_TO_MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php
|
||||||
|
cp -a $PATH_TO_MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php
|
||||||
|
cp -a $PATH_TO_MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
|
||||||
cat > $PATH_TO_MISP/app/Config/database.php <<EOF
|
cat > $PATH_TO_MISP/app/Config/database.php <<EOF
|
||||||
<?php
|
<?php
|
||||||
class DATABASE_CONFIG {
|
class DATABASE_CONFIG {
|
||||||
|
@ -244,7 +268,7 @@ chmod -R 750 $PATH_TO_MISP/app/Config
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Generating a GPG encryption key... ---\n"
|
echo -e "\n--- Generating a GPG encryption key... ---\n"
|
||||||
apt-get install rng-tools
|
apt-get install rng-tools haveged
|
||||||
mkdir $PATH_TO_MISP/.gnupg
|
mkdir $PATH_TO_MISP/.gnupg
|
||||||
chmod 700 $PATH_TO_MISP/.gnupg
|
chmod 700 $PATH_TO_MISP/.gnupg
|
||||||
cat >gen-key-script <<EOF
|
cat >gen-key-script <<EOF
|
||||||
|
@ -271,32 +295,32 @@ gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $EMAIL_ADDRESS > $PATH_TO_MI
|
||||||
# !!! TODO
|
# !!! TODO
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
|
# echo -e "\n--- Enabling MISP new pub/sub feature (ZeroMQ)... ---\n"
|
||||||
# ZeroMQ depends on the Python client for Redis
|
# # ZeroMQ depends on the Python client for Redis
|
||||||
pip install redis > /dev/null 2>&1
|
# pip install redis > /dev/null 2>&1
|
||||||
## Install ZeroMQ and prerequisites
|
# ## Install ZeroMQ and prerequisites
|
||||||
apt-get install -y pkg-config > /dev/null 2>&1
|
# apt-get install -y pkg-config > /dev/null 2>&1
|
||||||
cd /usr/local/src/
|
# cd /usr/local/src/
|
||||||
git clone git://github.com/jedisct1/libsodium.git > /dev/null 2>&1
|
# git clone git://github.com/jedisct1/libsodium.git > /dev/null 2>&1
|
||||||
cd libsodium
|
# cd libsodium
|
||||||
/autogen.sh > /dev/null 2>&1
|
# /autogen.sh > /dev/null 2>&1
|
||||||
./configure > /dev/null 2>&1
|
# ./configure > /dev/null 2>&1
|
||||||
make check > /dev/null 2>&1
|
# make check > /dev/null 2>&1
|
||||||
make > /dev/null 2>&1
|
# make > /dev/null 2>&1
|
||||||
make install > /dev/null 2>&1
|
# make install > /dev/null 2>&1
|
||||||
ldconfig > /dev/null 2>&1
|
# ldconfig > /dev/null 2>&1
|
||||||
cd /usr/local/src/
|
# cd /usr/local/src/
|
||||||
wget https://archive.org/download/zeromq_4.1.5/zeromq-4.1.5.tar.gz > /dev/null 2>&1
|
# wget https://archive.org/download/zeromq_4.1.5/zeromq-4.1.5.tar.gz > /dev/null 2>&1
|
||||||
tar -xvf zeromq-4.1.5.tar.gz > /dev/null 2>&1
|
# tar -xvf zeromq-4.1.5.tar.gz > /dev/null 2>&1
|
||||||
cd zeromq-4.1.5/
|
# cd zeromq-4.1.5/
|
||||||
./autogen.sh > /dev/null 2>&1
|
# ./autogen.sh > /dev/null 2>&1
|
||||||
./configure > /dev/null 2>&1
|
# ./configure > /dev/null 2>&1
|
||||||
make check > /dev/null 2>&1
|
# make check > /dev/null 2>&1
|
||||||
make > /dev/null 2>&1
|
# make > /dev/null 2>&1
|
||||||
make install > /dev/null 2>&1
|
# make install > /dev/null 2>&1
|
||||||
ldconfig > /dev/null 2>&1
|
# ldconfig > /dev/null 2>&1
|
||||||
## install pyzmq
|
# ## install pyzmq
|
||||||
pip install pyzmq > /dev/null 2>&1
|
# pip install pyzmq > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
echo -e "\n--- Restarting Apache ---\n"
|
echo -e "\n--- Restarting Apache ---\n"
|
||||||
|
|
Loading…
Reference in New Issue