├── .gitignore
├── README.md
├── ansible.cfg
├── misp.yml
├── roles
    ├── misp
    │   ├── defaults
    │   │   └── main.yml
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── tasks
    │   │   ├── backup.yml
    │   │   ├── main.yml
    │   │   ├── modules.yml
    │   │   └── new_data_location.yml
    │   ├── templates
    │   │   ├── misp
    │   │   │   ├── config
    │   │   │   │   ├── bootstrap.php
    │   │   │   │   ├── config.php
    │   │   │   │   ├── core.php
    │   │   │   │   └── database.php
    │   │   │   ├── misp_backup
    │   │   │   └── misp_restore
    │   │   └── mysql
    │   │   │   └── .my.cnf
    │   └── vars
    │   │   └── main.yml
    ├── mysql
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   └── empty
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── tasks
    │   │   └── main.yml
    │   └── vars
    │   │   └── main.yml
    └── nginx
    │   ├── defaults
    │       └── main.yml
    │   ├── files
    │       └── empty
    │   ├── handlers
    │       └── main.yml
    │   ├── meta
    │       └── main.yml
    │   ├── tasks
    │       └── main.yml
    │   ├── templates
    │       └── nginx
    │       │   └── misp
    │   └── vars
    │       └── main.yml
└── ssh.cfg


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | tmp
3 | .DS_Store
4 | *.retry
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | MISP - Ansible installation script
 2 | ----------------------------------------
 3 | 
 4 | - V0.2
 5 |   * Data location management
 6 |   * misp-modules installation
 7 | 
 8 | - V0.1
 9 |   * Nginx support only
10 |   * Backup script provided
11 | 
12 | Instructions
13 | ----------------------------------------
14 | - From the ansible repository, run the following command:
15 | 
16 | ```bash
17 | ansible-playbook -i <host>, misp.yml -k -K -u <user>
18 | ```
19 | 
20 | - If you want to move the MISP data location to <path> (MySQL database, MISP files and tmp), add the following parameter to ansible-playbook:
21 | 
22 | ```bash
23 | --extra-vars "data_location=<path>"
24 | ```
25 | 
26 | - Update the self-signed certificate in /etc/nginx/ssl
27 | - Create and export your GPG key:
28 | 
29 | ```bash
30 | sudo -u www-data gpg --homedir /opt/misp-server/misp/.gnupg --gen-key
31 | sudo -u www-data gpg --homedir /opt/misp-server/misp/.gnupg --export --armor YOUR-EMAIL > /opt/misp-server/misp/app/webroot/gpg.asc
32 | ```
33 | 
34 | - Login with:
35 |   * user: admin@admin.test
36 |   * password: admin
37 | and update the admin password
38 | 
39 | - Configure MISP in administration panel, server settings
40 | 
41 | Notes
42 | ----------------------------------------
43 | - the user must have admin rights
44 | - a self-signed certificate is generated to allow you to test the installation
45 | - installation directory is: /opt/misp-server/misp
46 | - backup directory is: /opt/misp-server/backup
47 | 
48 | Backup script
49 | ----------------------------------------
50 | If enabled, a backup script create each day a new archive with a MySQL misp database dump and misp files to allow easy restore.
51 | - these archives are created in: /opt/misp-server/backup
52 | - a script to easy restore MISP from an archive is provided in the same directory
53 | - to use the restore script, login as misp user and run the following command:
54 | 
55 | ```bash
56 | ./misp_restore <archive_timestamp>.tar.gz
57 | ```
58 | 
59 | 


--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [ssh_connection]
2 | ssh_args = -F ssh.cfg
3 | pipelining = True
4 | 


--------------------------------------------------------------------------------
/misp.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: all
 3 |   become: true
 4 |   roles:
 5 |     - { role: mysql}
 6 |     - { role: misp}
 7 |     - { role: nginx}
 8 | 
 9 |   vars_prompt:
10 |   - name: "proxy_host"
11 |     prompt: "Enter the proxy host (e.g. myproxy.be)"  
12 |     private: no
13 |   - name: "proxy_port"
14 |     prompt: "Enter the proxy port (e.g. 3128)"  
15 |     private: no
16 |   - name: "servername"
17 |     prompt: "Enter the servername address to use for the webserver (e.g. misp.com)"  
18 |     private: no
19 |   - name: "mysql_root_old_pass"
20 |     prompt: "MySQL root password (current or default/empty)"  
21 |     private: yes
22 |   - name: "mysql_root_new_pass"
23 |     prompt: "MySQL root password (new/current)"
24 |     private: yes
25 |   - name: mysql_misp_password
26 |     prompt: "Enter the mysql misp user password"  
27 |     private: yes
28 |   - name: enable_auto_backup
29 |     prompt: "Do you want to enable automatic backup everyday ? (y/n)"
30 |     private: no
31 |   - name: install_modules
32 |     prompt: "Do you want to install misp-modules ? (y/n)"
33 |     private: no


--------------------------------------------------------------------------------
/roles/misp/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # default lower priority variables for this role
3 | data_location: /opt/misp-server/misp/app
4 | 


--------------------------------------------------------------------------------
/roles/misp/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Handlers file
3 | 


--------------------------------------------------------------------------------
/roles/misp/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Role dependancies
3 | 


--------------------------------------------------------------------------------
/roles/misp/tasks/backup.yml:
--------------------------------------------------------------------------------
 1 | ############################################
 2 | #####           BACKUP                  ####
 3 | ############################################
 4 | 
 5 | - name: Create MISP server directory
 6 |   file:
 7 |     path: "{{ item }}"
 8 |     owner: misp
 9 |     group: misp-server
10 |     mode: 02775
11 |     state: directory
12 |   with_items: 
13 |     - "{{data_location}}/backup"
14 | 
15 | - name: Copy backup script
16 |   become: true
17 |   template:
18 |     src: misp/{{item}}
19 |     dest: /bin/{{item}}
20 |     mode: 0755
21 |   with_items:
22 |     - misp_backup
23 | 
24 | - name: Copy restore script
25 |   template:
26 |     src: misp/{{item}}
27 |     dest: "{{data_location}}/backup/{{item}}"
28 |     mode: 0755
29 |     owner: misp
30 |     group: misp
31 |   with_items:
32 |     - misp_restore
33 | 
34 | - name: Create backup cronjob
35 |   become: true
36 |   become_user: misp
37 |   cron:
38 |     name: "misp backup cronjob"
39 |     minute: "0"
40 |     hour: "4"
41 |     job: "sh /bin/misp_backup"
42 | 


--------------------------------------------------------------------------------
/roles/misp/tasks/main.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | # Install basic packages
  3 | - name: Create misp user
  4 |   user:
  5 |     name: misp
  6 |     state: present
  7 | 
  8 | - name: Create Ansible directory
  9 |   file: 
 10 |     path: "/home/misp/ansible"
 11 |     owner: misp
 12 |     group: misp
 13 |     mode: 0775
 14 |     state: directory
 15 | 
 16 | - name: Install all needed packages
 17 |   apt: 
 18 |     pkg: "{{ item }}"
 19 |     state: latest
 20 |     update_cache: yes
 21 |   with_items: 
 22 |     - gcc
 23 |     - zip
 24 |     - php-pear
 25 |     - git
 26 |     - redis-server
 27 |     - make
 28 |     - python-dev
 29 |     - python-pip
 30 |     - libxml2-dev
 31 |     - libxslt1-dev
 32 |     - zlib1g-dev
 33 |     - php5-dev
 34 |     - curl
 35 |     - gnupg-agent
 36 |     - php5-mysql
 37 |     - php5-redis
 38 | 
 39 | ######### MISP users and groups #########
 40 | 
 41 | - name: Add MISP group
 42 |   group:
 43 |     name: "{{ item }}"
 44 |     state: present
 45 |     system: yes
 46 |   with_items:
 47 |     - "misp-server"
 48 | 
 49 | - name: Add misp in misp-server
 50 |   user:
 51 |     name: misp
 52 |     append: yes
 53 |     groups: misp-server
 54 |     state: present
 55 | 
 56 | - name: Add www-data in misp-server
 57 |   user: 
 58 |     name: www-data
 59 |     append: yes
 60 |     groups: misp-server
 61 | 
 62 | ######### MISP directories #########
 63 | 
 64 | - name: Create MISP server directory
 65 |   file:
 66 |     path: "{{ item }}"
 67 |     owner: misp
 68 |     group: misp-server
 69 |     mode: 02775
 70 |     state: directory
 71 |   with_items: 
 72 |     - "/opt/misp-server"
 73 |     - "/opt/misp-server/misp"
 74 |     - "/opt/misp-server/tmp"
 75 | 
 76 | ######### PEAR: CRYPTPGP #########
 77 | - name: Configure PEAR proxy
 78 |   shell: "{{ item }}"
 79 |   args:
 80 |     creates: /home/misp/ansible/ansible_shell_pear_configure_proxy.log
 81 |   with_items:
 82 |     - "pear config-set http_proxy http://{{proxy_host}}:{{proxy_port}} > /home/misp/ansible/ansible_shell_pear_configure_proxy.log"
 83 | 
 84 | - name: Configure PEAR tmp
 85 |   shell: "{{ item }}"
 86 |   args:
 87 |     creates: /home/misp/ansible/ansible_shell_pear_configure_tmp.log
 88 |   with_items:
 89 |     - pear config-set temp_dir /opt/misp-server/tmp/ > /home/misp/ansible/ansible_shell_pear_configure_tmp.log
 90 | 
 91 | - name: Install CryptGPG
 92 |   pear:
 93 |     name: Crypt_GPG
 94 |     state: present
 95 | 
 96 | ######### MISP REPOSITORY #########
 97 | 
 98 | - name: Clone MISP repository
 99 |   become: true
100 |   become_user: misp
101 |   git: 
102 |     repo: "https://github.com/MISP/MISP.git"
103 |     dest: "/opt/misp-server/misp"
104 |     recursive: yes
105 |     force: no
106 |     update: no
107 |     accept_hostkey: yes
108 | 
109 | - name: Configure Git
110 |   git_config:
111 |     name: core.filemode
112 |     scope: global
113 |     value: false
114 | 
115 | - name: Create scripts directories
116 |   file: 
117 |     path: "{{ item }}"
118 |     owner: misp
119 |     group: misp-server
120 |     mode: 02775
121 |     state: directory
122 |   with_items:
123 |     - "/opt/misp-server/misp/app/files/scripts/python-cybox"
124 |     - "/opt/misp-server/misp/app/files/scripts/python-stix"
125 | 
126 | - name: Clone MISP depedencies | Python-Cybox
127 |   become: true
128 |   become_user: misp
129 |   git: 
130 |     repo: "https://github.com/CybOXProject/python-cybox.git"
131 |     dest: "/opt/misp-server/misp/app/files/scripts/python-cybox"
132 |     force: no
133 |     update: no
134 |     accept_hostkey: yes
135 | 
136 | - name: Clone MISP depedencies | Python-Stix
137 |   become: true
138 |   become_user: misp
139 |   git: 
140 |     repo: "https://github.com/STIXProject/python-stix.git"
141 |     dest: "/opt/misp-server/misp/app/files/scripts/python-stix"
142 |     force: no
143 |     update: no
144 |     accept_hostkey: yes
145 | 
146 | - name: Install MISP depedencies | Python-Cybox
147 |   become: true
148 |   shell: "{{ item }}"
149 |   args:
150 |     chdir: /opt/misp-server/misp/app/files/scripts/python-cybox
151 |     creates: /home/misp/ansible/ansible_shell_pythoncybox_setup.log
152 |   with_items:
153 |     - python setup.py install > /home/misp/ansible/ansible_shell_pythoncybox_setup.log
154 | 
155 | - name: Install MISP depedencies | Python-Stix
156 |   become: true
157 |   shell: "{{ item }}"
158 |   args:
159 |     chdir: /opt/misp-server/misp/app/files/scripts/python-stix
160 |     creates: /home/misp/ansible/ansible_shell_pythonstix_setup.log
161 |   with_items:
162 |     - python setup.py install > /home/misp/ansible/ansible_shell_pythonstix_setup.log
163 | 
164 | ######### CAKE PHP #########
165 | 
166 | - name: Curl PHP installer
167 |   shell: "{{ item }}"
168 |   args:
169 |     chdir: /opt/misp-server/misp/app/
170 |     creates: /home/misp/ansible/ansible_shell_curl_php.log
171 |   with_items:
172 |     - curl -s https://getcomposer.org/installer | php > /home/misp/ansible/ansible_shell_curl_php.log
173 | 
174 | - name: Install COMPOSER in /bin
175 |   copy:
176 |     remote_src: True
177 |     src: /opt/misp-server/misp/app/composer.phar
178 |     dest: /usr/local/bin/composer
179 |     owner: root
180 |     group: root
181 |     mode: 0755
182 | 
183 | - name: Cake-resque installation
184 |   composer:
185 |     command: "require"
186 |     arguments: "kamisama/cake-resque:4.1.2"
187 |     working_dir: "/opt/misp-server/misp/app"
188 |   register: cakeresque_install
189 | 
190 | - name: Vendor configure
191 |   composer:
192 |     command: "config"
193 |     arguments: "vendor-dir Vendor"
194 |     working_dir: "/opt/misp-server/misp/app"
195 |   when: cakeresque_install.changed
196 | 
197 | - name: PHP composer install
198 |   composer:
199 |     command: "install"
200 |     arguments: ""
201 |     working_dir: "/opt/misp-server/misp/app"
202 | 
203 | - name: Copy CakeResque config file
204 |   copy:
205 |     remote_src: True
206 |     src: /opt/misp-server/misp/INSTALL/setup/config.php
207 |     dest: /opt/misp-server/misp/app/Plugin/CakeResque/Config/config.php
208 |     force: yes
209 |     owner: misp
210 |     group: misp-server
211 |     mode: 0774
212 | 
213 | ######### MISP CONFIGURATION #########
214 | 
215 | - name: Copy MISP configuration files
216 |   template: 
217 |     src: "misp/config/{{item}}"
218 |     dest: "/opt/misp-server/misp/app/Config/{{item}}"
219 |     force: yes
220 |     owner: misp
221 |     group: misp-server
222 |     mode: 0774
223 |   with_items:
224 |     - bootstrap.php
225 |     - config.php
226 |     - core.php
227 |     - database.php
228 | 
229 | ######### GNUPG #########
230 | 
231 | - name: Create the directory for GNUPG
232 |   file: 
233 |     path: "/opt/misp-server/misp/.gnupg"
234 |     owner: misp
235 |     group: misp-server
236 |     mode: 0770
237 |     state: directory
238 | 
239 | ######### MISP WORKERS #########
240 | 
241 | - name: Check MISP worker launcher permissions
242 |   file: 
243 |     path: /opt/misp-server/misp/app/Console/worker/start.sh
244 |     owner: misp
245 |     group: misp-server
246 |     mode: 0764
247 | 
248 | - name: Check MISP worker autolaunch at boot
249 |   lineinfile:
250 |     state: present
251 |     dest: /etc/rc.local
252 |     insertbefore: "exit 0"
253 |     line: "su misp -c 'bash /opt/misp-server/misp/app/Console/worker/start.sh'"
254 | 
255 | - name: MISP app and its tmp directories permissions
256 |   file:
257 |     path: "{{ item }}"
258 |     owner: misp
259 |     group: misp-server
260 |     mode: 02775
261 |     state: directory
262 |   with_items: 
263 |     - "/opt/misp-server/misp/app"
264 |     - "/opt/misp-server/misp/app/tmp"
265 | 
266 | ######### ADD-ON #########
267 | 
268 | - name: Install ZeroMQ
269 |   pip: 
270 |     name: pyzmq
271 |     state: latest
272 | 
273 | - name: Install Python client for Redis
274 |   pip: 
275 |     name: redis
276 |     state: latest
277 | 
278 | ######### MYSQL CONFIGURATION #########
279 | 
280 | - name: MySQL | Create MISP database
281 |   become: true
282 |   mysql_db:
283 |     login_user: root
284 |     login_password: "{{ mysql_root_new_pass }}"
285 |     name: misp
286 |     state: present
287 |   register: mysql_init
288 | 
289 | - name: MySQL | Create MISP user
290 |   become: true
291 |   mysql_user:
292 |     login_user: root
293 |     login_password: "{{ mysql_root_new_pass }}"
294 |     name: misp
295 |     password: "{{mysql_misp_password}}"
296 |     priv: "misp.*:ALL,GRANT"
297 |     state: present
298 |   register: mysql_init
299 | 
300 | - name: MySQL | Create password file
301 |   template: 
302 |     src: "mysql/{{item}}"
303 |     dest: "/home/misp/{{item}}"
304 |     force: no
305 |     owner: misp
306 |     group: misp
307 |     mode: 0600
308 |   with_items:
309 |     - .my.cnf
310 | 
311 | - name: MySQL | Create password file for root
312 |   template: 
313 |     src: "mysql/{{item}}"
314 |     dest: "/root/{{item}}"
315 |     force: no
316 |     owner: root
317 |     group: root
318 |     mode: 0600
319 |   with_items:
320 |     - .my.cnf
321 | 
322 | - name: MySQL | Initialize MISP database
323 |   shell: "{{ item }}"
324 |   with_items:
325 |     - mysql -D misp < /opt/misp-server/misp/INSTALL/MYSQL.sql
326 |   when: mysql_init.changed
327 | 
328 | ######### PERMISSIONS #########
329 | 
330 | - name: Fix all files permissions
331 |   file:
332 |     path: /opt/misp-server/misp
333 |     recurse: yes
334 |     state: directory
335 |     mode: "g=u"
336 | 
337 | #######       BACKUP      #######
338 | 
339 | - name: Configure and enable MISP backup
340 |   include: backup.yml
341 |   when: enable_auto_backup == 'y'
342 | 
343 | ####### NEW DATA LOCATION #######
344 | 
345 | - name: Change DATA location of MISP
346 |   include: new_data_location.yml
347 |   when: data_location != '/opt/misp-server/misp/app'
348 | 
349 | #######   MISP-MODULES    #######
350 | 
351 | - name: Install misp-modules
352 |   include: modules.yml
353 |   when: install_modules == 'y'
354 | 


--------------------------------------------------------------------------------
/roles/misp/tasks/modules.yml:
--------------------------------------------------------------------------------
 1 | ############################################
 2 | #####          MISP-MODULES             ####
 3 | ############################################
 4 | 
 5 | - name: Install all needed packages
 6 |   apt:
 7 |     pkg: "{{ item }}"
 8 |     state: latest
 9 |     update_cache: yes
10 |   with_items:
11 |     - python3-dev
12 |     - python3-pip
13 |     - libpq5
14 |     - libjpeg-dev
15 |     - libjpeg8-dev
16 | 
17 | - name: Clone MISP-MODULES git
18 |   become: true
19 |   git:
20 |     repo: "https://github.com/MISP/misp-modules.git"
21 |     dest: "/usr/local/src/misp-modules"
22 |     recursive: yes
23 |     force: no
24 |     update: no
25 |     accept_hostkey: yes
26 | 
27 | - name: Install MISP-MODULES requirements
28 |   become: true
29 |   pip:
30 |     executable: pip3
31 |     requirements: "/usr/local/src/misp-modules/REQUIREMENTS"
32 |   environment:
33 |     TMPDIR: /opt/misp-server/tmp
34 |   register: mispmodules_requirements
35 | 
36 | - name: Upgrade MISP-MODULES requirements
37 |   become: True
38 |   args:
39 |     chdir: "/usr/local/src/misp-modules"
40 |   shell: "{{ item }}"
41 |   with_items:
42 |     - pip3 install --upgrade .
43 |   when: mysql_init.changed
44 | 
45 | - name: Check MISP worker autolaunch at boot
46 |   lineinfile:
47 |     state: present
48 |     dest: /etc/rc.local
49 |     insertbefore: "exit 0"
50 |     line: "su misp -c 'misp-modules -s'"
51 | 


--------------------------------------------------------------------------------
/roles/misp/tasks/new_data_location.yml:
--------------------------------------------------------------------------------
  1 | ############################################
  2 | #####        NEW DATA LOCATION          ####
  3 | ############################################
  4 | 
  5 | - name: Create MISP backup and data directories
  6 |   file:
  7 |     path: "{{ item }}"
  8 |     owner: misp
  9 |     group: misp-server
 10 |     mode: 0775
 11 |     state: directory
 12 |   with_items:
 13 |     - "{{data_location}}/backup"
 14 | 
 15 | ######### MOVE MYSQL DATA #########
 16 | 
 17 | - name: MySQL | Stop service to move data
 18 |   service:
 19 |     name: mysql
 20 |     state: stopped
 21 |     enabled: yes
 22 |   when: mysql_init.changed
 23 | 
 24 | - name: MySQL | Copy data
 25 |   shell: "{{ item }}"
 26 |   with_items:
 27 |     - "cp -R -p /var/lib/mysql {{data_location}} "
 28 |   sudo: yes
 29 |   when: mysql_init.changed
 30 | 
 31 | - name: MySQL | Update MySQL configuration
 32 |   replace:
 33 |     dest: /etc/mysql/my.cnf
 34 |     regexp: '/var/lib/mysql'
 35 |     replace: '{{data_location}}/mysql'
 36 |   when: mysql_init.changed
 37 | 
 38 | - name: MySQL | Update AppArmor configuration
 39 |   replace:
 40 |     dest: /etc/apparmor.d/usr.sbin.mysqld
 41 |     regexp: '/var/lib/mysql/'
 42 |     replace: '{{data_location}}/mysql/'
 43 |   when: mysql_init.changed
 44 | 
 45 | - name: MySQL | Reload service AppArmor
 46 |   service:
 47 |     name: apparmor
 48 |     state: reloaded
 49 |     enabled: yes
 50 |   when: mysql_init.changed
 51 | 
 52 | - name: MySQL | Start service after moving data
 53 |   service:
 54 |     name: mysql
 55 |     state: restarted
 56 |     enabled: yes
 57 |   when: mysql_init.changed
 58 | 
 59 | - name: MySQL | Check if old data directory is removed
 60 |   file:
 61 |     path: /var/lib/mysql
 62 |     state: absent
 63 |   sudo: yes
 64 | 
 65 | #### MISP DATA MOVE ####
 66 | 
 67 | # Copy with SHELL since Ansible does not currently support recursive remote copying
 68 | - name: Copy tmp data
 69 |   shell: "{{ item }}"
 70 |   with_items:
 71 |     - "cp -rp /opt/misp-server/misp/app/tmp {{data_location}}/ "
 72 |   sudo: yes
 73 |   when: mysql_init.changed
 74 | 
 75 | - name: Remove old MISP tmp data directory
 76 |   file:
 77 |     path: /opt/misp-server/misp/app/tmp
 78 |     state: absent
 79 |   sudo: yes
 80 |   when: mysql_init.changed
 81 | 
 82 | - name: Link MISP tmp data directory to new data location
 83 |   file:
 84 |     src: "{{data_location}}/tmp"
 85 |     dest: /opt/misp-server/misp/app/tmp
 86 |     state: link
 87 |     force: yes
 88 |     owner: misp
 89 |     group: misp-server
 90 |     mode: 777
 91 | 
 92 | # Copy with SHELL since Ansible does not currently support recursive remote copying
 93 | - name: Copy MISP file data directory to /DATA
 94 |   shell: "{{ item }}"
 95 |   with_items:
 96 |     - "cp -rp /opt/misp-server/misp/app/files {{data_location}}/ "
 97 |   sudo: yes
 98 |   when: mysql_init.changed
 99 | 
100 | - name: Remove old MISP files data directory
101 |   file:
102 |     path: /opt/misp-server/misp/app/files
103 |     state: absent
104 |   sudo: yes
105 |   when: mysql_init.changed
106 | 
107 | - name: Link MISP file data directory to /DATA
108 |   file:
109 |     src: "{{data_location}}/files"
110 |     dest: /opt/misp-server/misp/app/files
111 |     state: link
112 |     force: yes
113 |     owner: misp
114 |     group: misp-server
115 |     mode: 777
116 | 


--------------------------------------------------------------------------------
/roles/misp/templates/misp/config/bootstrap.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * This file is loaded automatically by the app/webroot/index.php file after core.php
  4 |  *
  5 |  * This file should load/create any application wide configuration settings, such as
  6 |  * Caching, Logging, loading additional configuration files.
  7 |  *
  8 |  * You should also use this file to include any files that provide global functions/constants
  9 |  * that your application uses.
 10 |  */
 11 | 
 12 | /**
 13 |  * Cache Engine Configuration
 14 |  * Default settings provided below
 15 |  *
 16 |  * File storage engine.
 17 |  *
 18 |  * 	 Cache::config('default', array(
 19 |  *		'engine' => 'File', //[required]
 20 |  *		'duration'=> 3600, //[optional]
 21 |  *		'probability'=> 100, //[optional]
 22 |  * 		'path' => CACHE, //[optional] use system tmp directory - remember to use absolute path
 23 |  * 		'prefix' => 'cake_', //[optional]  prefix every cache file with this string
 24 |  * 		'lock' => false, //[optional]  use file locking
 25 |  * 		'serialize' => true, // [optional]
 26 |  * 		'mask' => 0666, // [optional] permission mask to use when creating cache files
 27 |  *	));
 28 |  *
 29 |  * APC (http://pecl.php.net/package/APC)
 30 |  *
 31 |  * 	 Cache::config('default', array(
 32 |  *		'engine' => 'Apc', //[required]
 33 |  *		'duration'=> 3600, //[optional]
 34 |  *		'probability'=> 100, //[optional]
 35 |  * 		'prefix' => Inflector::slug(APP_DIR) . '_', //[optional]  prefix every cache file with this string
 36 |  *	));
 37 |  *
 38 |  * Xcache (http://xcache.lighttpd.net/)
 39 |  *
 40 |  * 	 Cache::config('default', array(
 41 |  *		'engine' => 'Xcache', //[required]
 42 |  *		'duration'=> 3600, //[optional]
 43 |  *		'probability'=> 100, //[optional]
 44 |  *		'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string
 45 |  *		'user' => 'user', //user from xcache.admin.user settings
 46 |  *		'password' => 'password', //plaintext password (xcache.admin.pass)
 47 |  *	));
 48 |  *
 49 |  * Memcache (http://memcached.org/)
 50 |  *
 51 |  * 	 Cache::config('default', array(
 52 |  *		'engine' => 'Memcache', //[required]
 53 |  *		'duration'=> 3600, //[optional]
 54 |  *		'probability'=> 100, //[optional]
 55 |  * 		'prefix' => Inflector::slug(APP_DIR) . '_', //[optional]  prefix every cache file with this string
 56 |  * 		'servers' => array(
 57 |  * 			'127.0.0.1:11211' // localhost, default port 11211
 58 |  * 		), //[optional]
 59 |  * 		'persistent' => true, // [optional] set this to false for non-persistent connections
 60 |  * 		'compress' => false, // [optional] compress data in Memcache (slower, but uses less memory)
 61 |  *	));
 62 |  *
 63 |  *  Wincache (http://php.net/wincache)
 64 |  *
 65 |  * 	 Cache::config('default', array(
 66 |  *		'engine' => 'Wincache', //[required]
 67 |  *		'duration'=> 3600, //[optional]
 68 |  *		'probability'=> 100, //[optional]
 69 |  *		'prefix' => Inflector::slug(APP_DIR) . '_', //[optional]  prefix every cache file with this string
 70 |  *	));
 71 |  *
 72 |  * Redis (http://http://redis.io/)
 73 |  *
 74 |  * 	 Cache::config('default', array(
 75 |  *		'engine' => 'Redis', //[required]
 76 |  *		'duration'=> 3600, //[optional]
 77 |  *		'probability'=> 100, //[optional]
 78 |  *		'prefix' => Inflector::slug(APP_DIR) . '_', //[optional]  prefix every cache file with this string
 79 |  *		'server' => '127.0.0.1' // localhost
 80 |  *		'port' => 6379 // default port 6379
 81 |  *		'timeout' => 0 // timeout in seconds, 0 = unlimited
 82 |  *		'persistent' => true, // [optional] set this to false for non-persistent connections
 83 |  *	));
 84 |  */
 85 | Cache::config('default', array('engine' => 'File'));
 86 | Configure::load('config');
 87 | 
 88 | if (!Configure::read('MISP.baseurl')) {
 89 | 	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
 90 | 		if ($_SERVER['SERVER_PORT'] == 443) {
 91 | 			Configure::write('MISP.baseurl', sprintf('https://%s', $_SERVER['SERVER_ADDR']));
 92 | 		} else {
 93 | 			Configure::write('MISP.baseurl', sprintf('https://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
 94 | 		}
 95 | 	} else {
 96 | 		if ($_SERVER['SERVER_PORT'] == 80) {
 97 | 			Configure::write('MISP.baseurl', sprintf('http://%s', $_SERVER['SERVER_ADDR']));
 98 | 		} else {
 99 | 			Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
100 | 		}
101 | 	}
102 | }
103 | 
104 | /**
105 |  * Plugins need to be loaded manually, you can either load them one by one or all of them in a single call
106 |  * Uncomment one of the lines below, as you need. make sure you read the documentation on CakePlugin to use more
107 |  * advanced ways of loading plugins
108 |  *
109 |  * CakePlugin::loadAll(); // Loads all plugins at once
110 |  * CakePlugin::load('DebugKit'); //Loads a single plugin named DebugKit
111 |  *
112 |  */
113 | 
114 | CakePlugin::load('SysLog');
115 | CakePlugin::load('Assets'); // having Logable
116 | CakePlugin::load('SysLogLogable');
117 | CakePlugin::load('UrlCache');
118 | 
119 | /**
120 |  * Uncomment the following line to enable client SSL certificate authentication.
121 |  * It's also necessary to configure the plugin — for more information, please read app/Plugin/CertAuth/reame.md
122 |  */
123 | // CakePlugin::load('CertAuth');
124 | 
125 | /**
126 |  * You can attach event listeners to the request lifecyle as Dispatcher Filter . By Default CakePHP bundles two filters:
127 |  *
128 |  * - AssetDispatcher filter will serve your asset files (css, images, js, etc) from your themes and plugins
129 |  * - CacheDispatcher filter will read the Cache.check configure variable and try to serve cached content generated from controllers
130 |  *
131 |  * Feel free to remove or add filters as you see fit for your application. A few examples:
132 |  *
133 |  * Configure::write('Dispatcher.filters', array(
134 |  *		'MyCacheFilter', //  will use MyCacheFilter class from the Routing/Filter package in your app.
135 |  *		'MyPlugin.MyFilter', // will use MyFilter class from the Routing/Filter package in MyPlugin plugin.
136 |  * 		array('callable' => $aFunction, 'on' => 'before', 'priority' => 9), // A valid PHP callback type to be called on beforeDispatch
137 |  *		array('callable' => $anotherMethod, 'on' => 'after'), // A valid PHP callback type to be called on afterDispatch
138 |  *
139 |  * ));
140 |  */
141 | Configure::write('Dispatcher.filters', array(
142 | 	'AssetDispatcher',
143 | 	'CacheDispatcher'
144 | ));
145 | 
146 | /**
147 |  * Configures default file logging options
148 |  */
149 | App::uses('CakeLog', 'Log');
150 | CakeLog::config('debug', array(
151 | 	'engine' => 'FileLog',
152 | 	'types' => array('notice', 'info', 'debug'),
153 | 	'file' => 'debug',
154 | ));
155 | CakeLog::config('error', array(
156 | 	'engine' => 'FileLog',
157 | 	'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
158 | 	'file' => 'error',
159 | ));
160 | 
161 | // comment the following out if you do not with to use the background processing (not recommended)
162 | CakePlugin::loadAll(array(
163 | 	'CakeResque' => array('bootstrap' => true)
164 | ));
165 | 


--------------------------------------------------------------------------------
/roles/misp/templates/misp/config/config.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | $config = array (
 3 |   'debug' => 0,
 4 |   'Security' => 
 5 |   array (
 6 |     'level' => 'medium',
 7 |     'salt' => 'juFghZsg7128Eeyo<Qu2eeNfterd-dd+',
 8 |     'cipherSeed' => '',
 9 |     //'auth'=>array('CertAuth.Certificate'), // additional authentication methods
10 |   ),
11 |   'MISP' => 
12 |   array (
13 |     'baseurl' => 'https://{{servername}}',
14 |     'footermidleft' => '',
15 |     'footermidright' => '',
16 |     'org' => '',
17 |     'showorg' => true,
18 |     'background_jobs' => true,
19 |     'cached_attachments' => true,
20 |     'email' => '',
21 |     'contact' => '',
22 |     'cveurl' => 'http://cve.circl.lu/cve/',
23 |     'disablerestalert' => false,
24 |     'default_event_distribution' => '1',
25 |     'default_attribute_distribution' => 'event',
26 |     'tagging' => true,
27 |     'full_tags_on_event_index' => true,
28 |     'footer_logo' => '',
29 |     'take_ownership_xml_import' => false,
30 |     'unpublishedprivate' => false,
31 |   	'disable_emailing' => false,
32 |   ),
33 |   'GnuPG' => 
34 |   array (
35 |     'onlyencrypted' => false,
36 |     'email' => '',
37 |     'homedir' => '/opt/misp-server/misp/.gnupg',
38 |     'password' => '',
39 |     'bodyonlyencrypted' => false,
40 |   ),
41 |   'Proxy' =>
42 |   array (
43 |     'host' => '{{proxy_host}}',
44 |     'port' => '{{proxy_port}}',
45 |     'method' => '',
46 |     'user' => '',
47 |     'password' => '',
48 |   ),
49 |   'SecureAuth' => 
50 |   array (
51 |     'amount' => 5,
52 |     'expire' => 300,
53 |   ),
54 |   // Uncomment the following to enable client SSL certificate authentication
55 |   /*
56 |   'CertAuth' => 
57 |   array(
58 |     'ca'    => array( 'FIRST.Org' ), // allowed CAs
59 |     'caId'          => 'O',          // which attribute will be used to verify the CA
60 |     'userModel'     => 'User',       // name of the User class to check if user exists 
61 |     'userModelKey'  => 'nids_sid',   // User field that will be used for querying 
62 |     'map'           => array(        // maps client certificate attributes to User properties
63 |       'O'           => 'org',
64 |       'emailAddress'=>'email',
65 |     ),
66 |     'syncUser'      => true,         // should the User be synchronized with an external REST API
67 |     'userDefaults'=> array(          // default user attributes, only used when creating new users
68 |       'role_id'   => 4,
69 |     ),
70 |     'restApi'       => array(        // API parameters
71 |       'url'         => 'https://example.com/data/users',  // URL to query
72 |       'headers'     => array(),                           // additional headers, used for authentication
73 |       'param'       => array( 'email' => 'email'),        // query parameters to add to the URL, mapped to USer properties 
74 |       'map'         =>  array(                            // maps REST result to the User properties
75 |         'uid'       => 'nids_sid',
76 |         'team'      => 'org',
77 |         'email'     => 'email',
78 |         'pgp_public'=> 'gpgkey',
79 |       ),
80 |     ),
81 |   ),
82 |   */
83 | );
84 | 


--------------------------------------------------------------------------------
/roles/misp/templates/misp/config/core.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * This is core configuration file.
  4 |  *
  5 |  * Use it to configure core behavior of Cake.
  6 |  *
  7 |  * PHP 5
  8 |  *
  9 |  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 10 |  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 11 |  *
 12 |  * Licensed under The MIT License
 13 |  * Redistributions of files must retain the above copyright notice.
 14 |  *
 15 |  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 16 |  * @link          http://cakephp.org CakePHP(tm) Project
 17 |  * @package       app.Config
 18 |  * @since         CakePHP(tm) v 0.2.9
 19 |  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 20 |  */
 21 | 
 22 | /**
 23 |  * CakePHP Debug Level:
 24 |  *
 25 |  * Production Mode:
 26 |  * 	0: No error messages, errors, or warnings shown. Flash messages redirect.
 27 |  *
 28 |  * Development Mode:
 29 |  * 	1: Errors and warnings shown, model caches refreshed, flash messages halted.
 30 |  * 	2: As in 1, but also with full debug messages and SQL output.
 31 |  *
 32 |  * In production mode, flash messages redirect after a time interval.
 33 |  * In development mode, you need to click the flash message to continue.
 34 |  */
 35 | 	Configure::write('debug', 0);	// 0 = for production, 2 = full debug mode
 36 | 
 37 | /**
 38 |  * Configure the Error handler used to handle errors for your application.  By default
 39 |  * ErrorHandler::handleError() is used.  It will display errors using Debugger, when debug > 0
 40 |  * and log errors with CakeLog when debug = 0.
 41 |  *
 42 |  * Options:
 43 |  *
 44 |  * - `handler` - callback - The callback to handle errors. You can set this to any callable type,
 45 |  *    including anonymous functions.
 46 |  * - `level` - int - The level of errors you are interested in capturing.
 47 |  * - `trace` - boolean - Include stack traces for errors in log files.
 48 |  *
 49 |  * @see ErrorHandler for more information on error handling and configuration.
 50 |  */
 51 | 	Configure::write('Error', array(
 52 | 		'handler' => 'ErrorHandler::handleError',
 53 | 		'level' => E_ALL & ~E_DEPRECATED,
 54 | 		'trace' => true
 55 | 	));
 56 | 
 57 | /**
 58 |  * Configure the Exception handler used for uncaught exceptions.  By default,
 59 |  * ErrorHandler::handleException() is used. It will display a HTML page for the exception, and
 60 |  * while debug > 0, framework errors like Missing Controller will be displayed.  When debug = 0,
 61 |  * framework errors will be coerced into generic HTTP errors.
 62 |  *
 63 |  * Options:
 64 |  *
 65 |  * - `handler` - callback - The callback to handle exceptions. You can set this to any callback type,
 66 |  *   including anonymous functions.
 67 |  * - `renderer` - string - The class responsible for rendering uncaught exceptions.  If you choose a custom class you
 68 |  *   should place the file for that class in app/Lib/Error. This class needs to implement a render method.
 69 |  * - `log` - boolean - Should Exceptions be logged?
 70 |  *
 71 |  * @see ErrorHandler for more information on exception handling and configuration.
 72 |  */
 73 | 	Configure::write('Exception', array(
 74 | 		'handler' => 'ErrorHandler::handleException',
 75 | 		'renderer' => 'ExceptionRenderer',
 76 | 		'log' => true,
 77 | 		'skipLog' => array(
 78 | 			'NotFoundException',
 79 | 		)
 80 | 	));
 81 | 
 82 | /**
 83 |  * Application wide charset encoding
 84 |  */
 85 | 	Configure::write('App.encoding', 'UTF-8');
 86 | 
 87 | /**
 88 |  * To configure CakePHP *not* to use mod_rewrite and to
 89 |  * use CakePHP pretty URLs, remove these .htaccess
 90 |  * files:
 91 |  *
 92 |  * /.htaccess
 93 |  * /app/.htaccess
 94 |  * /app/webroot/.htaccess
 95 |  *
 96 |  * And uncomment the App.baseUrl below:
 97 |  */
 98 | 	//Configure::write('App.baseUrl', env('SCRIPT_NAME'));
 99 | 
100 | /**
101 |  * Uncomment the define below to use CakePHP prefix routes.
102 |  *
103 |  * The value of the define determines the names of the routes
104 |  * and their associated controller actions:
105 |  *
106 |  * Set to an array of prefixes you want to use in your application. Use for
107 |  * admin or other prefixed routes.
108 |  *
109 |  * 	Routing.prefixes = array('admin', 'manager');
110 |  *
111 |  * Enables:
112 |  *	`admin_index()` and `/admin/controller/index`
113 |  *	`manager_index()` and `/manager/controller/index`
114 |  *
115 |  */
116 |     Configure::write('Routing.prefixes', array('admin'));
117 | 
118 | /**
119 |  * Turn off all caching application-wide.
120 |  *
121 |  */
122 | 	Configure::write('Cache.disable', false);
123 | 
124 | /**
125 |  * Enable cache checking.
126 |  *
127 |  * If set to true, for view caching you must still use the controller
128 |  * public $cacheAction inside your controllers to define caching settings.
129 |  * You can either set it controller-wide by setting public $cacheAction = true,
130 |  * or in each action using $this->cacheAction = true.
131 |  *
132 |  */
133 | 	//Configure::write('Cache.check', true);
134 | 
135 | /**
136 |  * Defines the default error type when using the log() function. Used for
137 |  * differentiating error logging and debugging. Currently PHP supports LOG_DEBUG.
138 |  */
139 | 	define('LOG_ERROR', LOG_ERR);
140 | 
141 | /**
142 |  * Session configuration.
143 |  *
144 |  * Contains an array of settings to use for session configuration. The defaults key is
145 |  * used to define a default preset to use for sessions, any settings declared here will override
146 |  * the settings of the default config.
147 |  *
148 |  * ## Options
149 |  *
150 |  * - `Session.cookie` - The name of the cookie to use. Defaults to 'CAKEPHP'
151 |  * - `Session.timeout` - The number of minutes you want sessions to live for. This timeout is handled by CakePHP
152 |  * - `Session.cookieTimeout` - The number of minutes you want session cookies to live for.
153 |  * - `Session.checkAgent` - Do you want the user agent to be checked when starting sessions? You might want to set the
154 |  *    value to false, when dealing with older versions of IE, Chrome Frame or certain web-browsing devices and AJAX
155 |  * - `Session.defaults` - The default configuration set to use as a basis for your session.
156 |  *    There are four builtins: php, cake, cache, database.
157 |  * - `Session.handler` - Can be used to enable a custom session handler.  Expects an array of of callables,
158 |  *    that can be used with `session_save_handler`.  Using this option will automatically add `session.save_handler`
159 |  *    to the ini array.
160 |  * - `Session.autoRegenerate` - Enabling this setting, turns on automatic renewal of sessions, and
161 |  *    sessionids that change frequently. See CakeSession::$requestCountdown.
162 |  * - `Session.ini` - An associative array of additional ini values to set.
163 |  *
164 |  * The built in defaults are:
165 |  *
166 |  * - 'php' - Uses settings defined in your php.ini.
167 |  * - 'cake' - Saves session files in CakePHP's /tmp directory.
168 |  * - 'database' - Uses CakePHP's database sessions.
169 |  * - 'cache' - Use the Cache class to save sessions.
170 |  *
171 |  * To define a custom session handler, save it at /app/Model/Datasource/Session/<name>.php.
172 |  * Make sure the class implements `CakeSessionHandlerInterface` and set Session.handler to <name>
173 |  *
174 |  * To use database sessions, run the app/Config/Schema/sessions.php schema using
175 |  * the cake shell command: cake schema create Sessions
176 |  *
177 |  */
178 | 	Configure::write('Session', array(
179 | 		'timeout' => 60,	// Session timeout, default is 1 hour
180 | 		'defaults' => 'database'
181 | 	));
182 | 
183 | /**
184 |  * The level of CakePHP security.
185 |  */
186 | 	Configure::write('Security.level', 'medium');
187 | 
188 | /**
189 |  * A random string used in security hashing methods.
190 |  */
191 | 	Configure::write('Security.salt', 'Rooraenietu8Eeyo<Qu2eeNfterd-dd+');
192 | 
193 | /**
194 |  * A random numeric string (digits only) used to encrypt/decrypt strings.
195 |  */
196 | 	Configure::write('Security.cipherSeed', '395786739573056621429506834955');
197 | 
198 | /**
199 |  * Apply timestamps with the last modified time to static assets (js, css, images).
200 |  * Will append a querystring parameter containing the time the file was modified. This is
201 |  * useful for invalidating browser caches.
202 |  *
203 |  * Set to `true` to apply timestamps when debug > 0. Set to 'force' to always enable
204 |  * timestamping regardless of debug value.
205 |  */
206 | 	//Configure::write('Asset.timestamp', true);
207 | 
208 | /**
209 |  * Compress CSS output by removing comments, whitespace, repeating tags, etc.
210 |  * This requires a/var/cache directory to be writable by the web server for caching.
211 |  * and /vendors/csspp/csspp.php
212 |  *
213 |  * To use, prefix the CSS link URL with '/ccss/' instead of '/css/' or use HtmlHelper::css().
214 |  */
215 | 	//Configure::write('Asset.filter.css', 'css.php');
216 | 
217 | /**
218 |  * Plug in your own custom JavaScript compressor by dropping a script in your webroot to handle the
219 |  * output, and setting the config below to the name of the script.
220 |  *
221 |  * To use, prefix your JavaScript link URLs with '/cjs/' instead of '/js/' or use JavaScriptHelper::link().
222 |  */
223 | 	//Configure::write('Asset.filter.js', 'custom_javascript_output_filter.php');
224 | 
225 | /**
226 |  * The classname and database used in CakePHP's
227 |  * access control lists.
228 |  */
229 | 	Configure::write('Acl.classname', 'DbAcl');
230 | 	Configure::write('Acl.database', 'default');
231 | 
232 | /**
233 |  * Uncomment this line and correct your server timezone to fix
234 |  * any date & time related errors.
235 |  */
236 | 	//date_default_timezone_set('UTC');
237 | 
238 | /**
239 |  * Pick the caching engine to use.  If APC is enabled use it.
240 |  * If running via cli - apc is disabled by default. ensure it's available and enabled in this case
241 |  *
242 |  * Note: 'default' and other application caches should be configured in app/Config/bootstrap.php.
243 |  *       Please check the comments in boostrap.php for more info on the cache engines available
244 |  *       and their setttings.
245 |  */
246 | $engine = 'File';
247 | if (extension_loaded('apc') && function_exists('apc_dec') && (php_sapi_name() !== 'cli' || ini_get('apc.enable_cli'))) {
248 | 	$engine = 'Apc';
249 | }
250 | 
251 | // In development mode, caches should expire quickly.
252 | $duration = '+999 days';
253 | if (Configure::read('debug') >= 1) {
254 | 	$duration = '+10 seconds';
255 | }
256 | 
257 | // Prefix each application on the same server with a different string, to avoid Memcache and APC conflicts.
258 | $prefix = 'myapp_';
259 | 
260 | /**
261 |  * Configure the cache used for general framework caching.  Path information,
262 |  * object listings, and translation cache files are stored with this configuration.
263 |  */
264 | Cache::config('_cake_core_', array(
265 | 	'engine' => $engine,
266 | 	'prefix' => $prefix . 'cake_core_',
267 | 	'path' => CACHE . 'persistent' . DS,
268 | 	'serialize' => ($engine === 'File'),
269 | 	'duration' => $duration
270 | ));
271 | 
272 | /**
273 |  * Configure the cache for model and datasource caches.  This cache configuration
274 |  * is used to store schema descriptions, and table listings in connections.
275 |  */
276 | Cache::config('_cake_model_', array(
277 | 	'engine' => $engine,
278 | 	'prefix' => $prefix . 'cake_model_',
279 | 	'path' => CACHE . 'models' . DS,
280 | 	'serialize' => ($engine === 'File'),
281 | 	'duration' => $duration
282 | ));
283 | 
284 | 
285 | //Comment the following out if you do not with to use the background workers (not recommended)
286 | require_once dirname(__DIR__) . '/Vendor/autoload.php';


--------------------------------------------------------------------------------
/roles/misp/templates/misp/config/database.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * This is core configuration file.
 4 |  *
 5 |  * Use it to configure core behaviour of Cake.
 6 |  *
 7 |  * PHP 5
 8 |  *
 9 |  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
10 |  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
11 |  *
12 |  * Licensed under The MIT License
13 |  * Redistributions of files must retain the above copyright notice.
14 |  *
15 |  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
16 |  * @link          http://cakephp.org CakePHP(tm) Project
17 |  * @package       app.Config
18 |  * @since         CakePHP(tm) v 0.2.9
19 |  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
20 |  */
21 | /**
22 |  * In this file you set up your database connection details.
23 |  *
24 |  * @package       cake.config
25 |  */
26 | /**
27 |  * Database configuration class.
28 |  * You can specify multiple configurations for production, development and testing.
29 |  *
30 |  * datasource => The name of a supported datasource; valid options are as follows:
31 |  *		Database/Mysql 		- MySQL 4 & 5,
32 |  *		Database/Sqlite		- SQLite (PHP5 only),
33 |  *		Database/Postgres	- PostgreSQL 7 and higher,
34 |  *		Database/Sqlserver	- Microsoft SQL Server 2005 and higher
35 |  *
36 |  * You can add custom database datasources (or override existing datasources) by adding the
37 |  * appropriate file to app/Model/Datasource/Database.  Datasources should be named 'MyDatasource.php',
38 |  *
39 |  *
40 |  * persistent => true / false
41 |  * Determines whether or not the database should use a persistent connection
42 |  *
43 |  * host =>
44 |  * the host you connect to the database. To add a socket or port number, use 'port' => #
45 |  *
46 |  * prefix =>
47 |  * Uses the given prefix for all the tables in this database.  This setting can be overridden
48 |  * on a per-table basis with the Model::$tablePrefix property.
49 |  *
50 |  * schema =>
51 |  * For Postgres specifies which schema you would like to use the tables in. Postgres defaults to 'public'.
52 |  *
53 |  * encoding =>
54 |  * For MySQL, Postgres specifies the character encoding to use when connecting to the
55 |  * database. Uses database default not specified.
56 |  *
57 |  * unix_socket =>
58 |  * For MySQL to connect via socket specify the `unix_socket` parameter instead of `host` and `port`
59 |  */
60 | class DATABASE_CONFIG {
61 | 
62 | 	public $default = array(
63 | 		'datasource' => 'Database/Mysql',
64 | 		'persistent' => false,
65 | 		'host' => 'localhost',
66 | 		'login' => 'misp',
67 | 		'port' => 3306,
68 | 		'password' => '{{mysql_misp_password}}',
69 | 		'database' => 'misp',
70 | 		'prefix' => '',
71 | 		//'encoding' => 'utf8',
72 | 	);
73 | }
74 | 


--------------------------------------------------------------------------------
/roles/misp/templates/misp/misp_backup:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | ###########################################
 4 | #######      MISP BACKUP SCRIPT     #######
 5 | ###########################################
 6 | 
 7 | TIMESTAMP=`date +%m%d%Y%H%M`
 8 | BACKUP_PATH='{{data_location}}/backup'
 9 | BACKUP_DIR="$BACKUP_PATH/$TIMESTAMP"
10 | 
11 | BACKUP_MYSQL_DIR="$BACKUP_DIR/mysql"
12 | BACKUP_FILES_DIR="$BACKUP_DIR/misp"
13 | 
14 | MISP_FILES="{{data_location}}/files"
15 | MISP_CONF="/opt/misp-server/misp/app/Config"
16 | 
17 | mkdir "$BACKUP_DIR"
18 | mkdir "$BACKUP_MYSQL_DIR"
19 | mkdir "$BACKUP_FILES_DIR"
20 | 
21 | #### 1 | MYSQL ####
22 | mysqldump -u misp --opt --single-transaction misp > "$BACKUP_MYSQL_DIR/mysql_dump.sql"
23 | 
24 | #### 2 | CONFIGURATION FILES ####
25 | cp -R $MISP_CONF $BACKUP_FILES_DIR
26 | 
27 | #### 3 | FILES ####
28 | cp -R $MISP_FILES $BACKUP_FILES_DIR
29 | 
30 | cd $BACKUP_PATH
31 | tar -cpzf ${TIMESTAMP}.tar.gz ./${TIMESTAMP} 
32 | rm -rf $BACKUP_DIR
33 | 
34 | #### Remove old backups ####
35 | find . -mtime +30 -exec rm {} \;
36 | 


--------------------------------------------------------------------------------
/roles/misp/templates/misp/misp_restore:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | ###########################################
 4 | #######      MISP RESTORE SCRIPT    #######
 5 | ###########################################
 6 | 
 7 | ARCHIVE=$1
 8 | EXTRACTION=${ARCHIVE::-7}
 9 | 
10 | BACKUP_MYSQL_DUMP_FILE="./$EXTRACTION/mysql/mysql_dump.sql"
11 | BACKUP_CONFIG_DIR="./$EXTRACTION/misp/Config/"
12 | BACKUP_FILES_DIR="./$EXTRACTION/misp/files/"
13 | 
14 | MISP_INSTALL_DIR="/opt/misp-server/misp/"
15 | MISP_INSTALL_APP_DIR="$MISP_INSTALL_DIR/app/"
16 | 
17 | MYSQL_USER="misp"
18 | MYSQL_DATABASE="misp"
19 | 
20 | echo "------ MISP RESTORE SCRIPT ------"
21 | 
22 | #### 0 | OPEN BACKUP ARCHIVE ####
23 | echo "*** Unpacking $1 ***"
24 | tar -xf $ARCHIVE
25 | echo "Done."
26 | 
27 | #### 1 | RESTORE MYSQL ####
28 | echo "*** Restoring MySQL misp database ***"
29 | echo "Connecting to MySQL database:"
30 | echo "database:$MYSQL_DATABASE"
31 | echo "user:$MYSQL_USER"
32 | mysql -u $MYSQL_USER -p $MYSQL_DATABASE < $BACKUP_MYSQL_DUMP_FILE
33 | echo "Done."
34 | 
35 | #### 2 | RESTORE CONFIGURATION FILES ####
36 | echo "*** Restoring MISP configuration files ***"
37 | cp -R $BACKUP_CONFIG_DIR $MISP_INSTALL_APP_DIR
38 | echo "Done."
39 | 
40 | #### 3 | RESTORE MISP FILES ####
41 | echo "*** Restoring MISP files ***"
42 | cp -R $BACKUP_FILES_DIR $MISP_INSTALL_APP_DIR
43 | echo "Done."
44 | 
45 | echo "------ COMPLETE ------"
46 | 


--------------------------------------------------------------------------------
/roles/misp/templates/mysql/.my.cnf:
--------------------------------------------------------------------------------
1 | [client]
2 | user=misp
3 | password="{{mysql_misp_password}}"
4 | 
5 | [mysqldump]
6 | user=misp
7 | password="{{mysql_misp_password}}"
8 | 


--------------------------------------------------------------------------------
/roles/misp/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | 


--------------------------------------------------------------------------------
/roles/mysql/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # default lower priority variables for this role
3 | 


--------------------------------------------------------------------------------
/roles/mysql/files/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MISP/ansible/b70a14b0da5f31829164c826699df51a06765de4/roles/mysql/files/empty


--------------------------------------------------------------------------------
/roles/mysql/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Handlers file
3 | 
4 | 


--------------------------------------------------------------------------------
/roles/mysql/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Role dependancies
3 | 


--------------------------------------------------------------------------------
/roles/mysql/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: mysql-server - installation
 4 |   apt:
 5 |     pkg: mysql-server
 6 |     state: present
 7 | 
 8 | - name: python-mysqldb - installation
 9 |   apt:
10 |     pkg: python-mysqldb
11 |     state: present
12 | 
13 | - name: MySQL - Update mysql root passwd
14 |   mysql_user:
15 |     name: root 
16 |     host: "{{item}}" 
17 |     password: "{{mysql_root_new_pass}}"
18 |     login_user: root
19 |     login_password: "{{mysql_root_old_pass}}"
20 |   with_items:
21 |     - "{{ansible_hostname}}"
22 |     - 127.0.0.1
23 |     - ::1
24 |     - localhost
25 |   when: mysql_root_new_pass != mysql_root_old_pass and
26 |         mysql_root_new_pass != ""
27 | 
28 | - name: MySQL - Delete anonymous mysql user
29 |   mysql_user:
30 |     name: "" 
31 |     state: absent
32 |     login_user: root
33 |     login_password: "{{mysql_root_new_pass}}"
34 |  
35 | - name: MySQL - Remove mysql test database
36 |   mysql_db:
37 |     name: test 
38 |     state: absent
39 |     login_user: root
40 |     login_password: "{{mysql_root_new_pass}}"
41 | 
42 | - name: Restart MySQL
43 |   service:
44 |     name: mysql
45 |     state: restarted
46 | 


--------------------------------------------------------------------------------
/roles/mysql/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Variables associated with this role
3 | 


--------------------------------------------------------------------------------
/roles/nginx/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # default lower priority variables for this role
3 | 


--------------------------------------------------------------------------------
/roles/nginx/files/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MISP/ansible/b70a14b0da5f31829164c826699df51a06765de4/roles/nginx/files/empty


--------------------------------------------------------------------------------
/roles/nginx/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Handlers file
3 | 
4 | 


--------------------------------------------------------------------------------
/roles/nginx/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Role dependancies
3 | 


--------------------------------------------------------------------------------
/roles/nginx/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - name: Install all needed packages
 4 |   apt: 
 5 |     pkg: "{{ item }}"
 6 |     state: latest
 7 |     update_cache: yes
 8 |   with_items: 
 9 |     - nginx
10 |     - php5-fpm
11 | 
12 | ######### WEB-SERVER CONFIGURATION #########
13 | 
14 | - name: Make NGINX SSL directory
15 |   file: 
16 |     path: /etc/nginx/ssl
17 |     state: directory
18 |     owner: root
19 |     group: root
20 |     mode: 0644
21 |   register: nginx_init
22 | 
23 | - name: Remove default NGINX configuration
24 |   file:
25 |     path: /etc/nginx/{{item}}
26 |     state: absent
27 |   with_items:
28 |     - sites-enabled/default
29 |     - sites-available/default
30 |   register: nginx_init
31 | 
32 | - name: Copy Nginx site configurations
33 |   template: 
34 |     src: nginx/{{item}}
35 |     dest: /etc/nginx/sites-available/{{item}}
36 |     force: no
37 |     mode: 0644
38 |   with_items:
39 |     - misp
40 |   register: nginx_init
41 | 
42 | - name: Create NGINX configuration symlinks
43 |   file:
44 |     src: /etc/nginx/sites-available/{{item}}
45 |     dest: /etc/nginx/sites-enabled/{{item}}
46 |     state: link
47 |   with_items:
48 |     - misp
49 |   register: nginx_init
50 | 
51 | - name: Create self-signed SSL certificate for Nginx
52 |   command: openssl req -new -nodes -x509 -subj "/C=XX/ST=AAAAAAA/L=BBBBBB/O=Organization/CN={{servername}}" -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/misp.key -out /etc/nginx/ssl/misp.crt
53 |   when: nginx_init.changed
54 | 
55 | - name: Restart Nginx
56 |   service:
57 |     name: mysql
58 |     state: restarted
59 |   when: nginx_init.changed
60 | 


--------------------------------------------------------------------------------
/roles/nginx/templates/nginx/misp:
--------------------------------------------------------------------------------
 1 | # MISP WEB SERVER CONFIGURATION
 2 | server {
 3 |     server_name {{servername}};
 4 |     listen 443 ssl spdy;
 5 | 
 6 |     root /opt/misp-server/misp/app/webroot;
 7 |     index index.php;
 8 | 
 9 |     # Configure Crypto Keys/Certificates/DH
10 |     ssl_certificate         /etc/nginx/ssl/misp.crt;
11 |     ssl_certificate_key     /etc/nginx/ssl/misp.key;
12 | 
13 |     # enable HSTS
14 |     add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
15 |     add_header X-Frame-Options SAMEORIGIN;
16 | 
17 |     location / {
18 |         try_files $uri $uri/ /index.php;
19 |     }
20 | 
21 |     location ~ \.php$ {
22 |         fastcgi_split_path_info ^(.+\.php)(/.+)$;
23 |         fastcgi_pass unix:/var/run/php5-fpm.sock;
24 |         fastcgi_index index.php;
25 |         include fastcgi_params;
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/roles/nginx/vars/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Variables associated with this role
3 | 


--------------------------------------------------------------------------------
/ssh.cfg:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | 


--------------------------------------------------------------------------------