├── README.md ├── aws-builds ├── changelog.md ├── dev ├── bootstrap ├── packer-aws.json └── readme.md └── docs └── images ├── ami-listing.png ├── aws1-new.png ├── aws2.png ├── aws3.png ├── aws4.png ├── aws5.png ├── aws6.png └── aws7.png /README.md: -------------------------------------------------------------------------------- 1 | # misp-cloud - Cloud-ready images of MISP 2 | 3 | [![Join the chat at https://gitter.im/MISP/misp-cloud](https://badges.gitter.im/MISP/misp-cloud.svg)](https://gitter.im/MISP/misp-cloud?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) 4 | 5 | The objective of this project is to deliver cloud-ready images of [MISP](https://github.com/MISP/MISP) for testing purposes. 6 | 7 | Currently the following providers are supported: 8 | 9 | - [x] Amazon Web Services (AWS) 10 | - [ ] Microsoft Azure 11 | - [ ] DigitalOcean 12 | 13 | ## Production usage 14 | The image creation process takes into account security updates of the underlaying Operating System as well of MISP itself, which allows you to use the image in production. That being said, it's highly recommended that you change the credentials associated with MISP, DB and salt that is pre-configured with the images. 15 | 16 | We recommend users to read [MISP and Cloud Security](https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security) for details and best pratices for usage of the platform in cloud environments. 17 | 18 | ## Updates 19 | The images are in sync with the development that happens with the project. We do not maintain old versions of the images in any of the providers, so it's safe to consider that each provider has an image with the latest version of MISP, and no other, older, version. 20 | 21 | ## Deploying the images 22 | Please select a provider for the instructions on how to deploy: 23 | * [AWS Instructions](https://github.com/misp/misp-cloud/wiki/AWS-Installation-Guide) - *[Demo Video](https://www.youtube.com/watch?v=o_sQXNmsSHY)* 24 | 25 | ## Credentials & Access 26 | The following are the credentials that you need to know: 27 | 28 | * **MISP Login:** admin@admin.test 29 | * **MISP Pass:** admin 30 | 31 | If you do want to access the **DB**, both the user that runs the MISP DB as well as root, use the following: 32 | * zgPKzFasIUj1LLGfzfhDVxRLOObzJLer 33 | 34 | The images are built from Ubuntu AMI's, therefor the default username to **SSH** into the instance is `ubuntu`. 35 | 36 | ## Optional Features 37 | The following are enabled/installed in the image: 38 | 39 | - ZeroMQ 40 | - MISP modules 41 | - [MISP galaxy](https://github.com/MISP/misp-galaxy) 42 | - [MISP modules](https://github.com/MISP/misp-modules) 43 | - [MISP taxonomies](https://github.com/MISP/misp-taxonomies) 44 | 45 | ## ToDo 46 | - [ ] Pipeline integration with main repository 47 | - [ ] Add MISP-Dashboard 48 | -------------------------------------------------------------------------------- /aws-builds: -------------------------------------------------------------------------------- 1 | ap-northeast-1:ami-0ec1cfdd8b2b7ef18 2 | ap-south-1:ami-0a03116d73711d579 3 | eu-central-1:ami-05d3232b2b330ef80 4 | eu-west-1:ami-00a07aef213e7fa9d 5 | eu-west-2:ami-075c756f37ec92048 6 | eu-west-3:ami-06a8195457a07d0fc 7 | sa-east-1:ami-09df9e1085f84c908 8 | us-east-1:ami-01c465ee4ba927402 9 | us-east-2:ami-03b00c067ae3c63eb 10 | us-west-1:ami-07e79b09121e4163c 11 | us-west-2:ami-043ee06e043edcf5f 12 | -------------------------------------------------------------------------------- /changelog.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) 5 | and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). 6 | 7 | ## [MISP 2.4.132] - 2020-09-25 8 | ### Changed 9 | - MISP 2.4.132 10 | 11 | ## [MISP 2.4.131] - 2020-09-10 12 | ### Changed 13 | - MISP 2.4.131 14 | 15 | ## [MISP 2.4.125] - 2020-05-07 16 | ### Changed 17 | - MISP 2.4.125 18 | - Fixes [Issue #19](https://github.com/MISP/misp-cloud/issues/19) 19 | 20 | ## [MISP 2.4.124] - 2020-04-14 21 | ### Changed 22 | - MISP 2.4.124 23 | 24 | ## [MISP 2.4.123] - 2020-03-11 25 | ### Changed 26 | - MISP 2.4.123 27 | 28 | ## [MISP 2.4.121] - 2020-02-13 29 | ### Changed 30 | - MISP 2.4.121 31 | 32 | ## [MISP 2.4.120] - 2020-01-21 33 | ### Changed 34 | - MISP 2.4.120 35 | - Changelog typo 36 | 37 | ## [MISP 2.4.119] - 2019-12-05 38 | ### Changed 39 | - MISP 2.4.119 40 | - Changelog cleanup 41 | 42 | ## [MISP 2.4.118] - 2019-11-18 43 | ### Changed 44 | - MISP 2.4.118 45 | 46 | ## [MISP 2.4.117] - 2019-10-21 47 | ### Changed 48 | - MISP 2.4.117 49 | 50 | ## [MISP 2.4.116] - 2019-09-17 51 | ### Changed 52 | - MISP 2.4.116 53 | 54 | ## [MISP 2.4.115] - 2019-09-11 55 | ### Changed 56 | - MISP 2.4.115 57 | 58 | ## [MISP 2.4.114] - 2019-08-31 59 | ### Changed 60 | - MISP 2.4.114 61 | - Fixes [Issue #13](https://github.com/MISP/misp-cloud/issues/13) 62 | 63 | ## [MISP 2.4.113] - 2019-08-20 64 | ### Changed 65 | - MISP 2.4.113 66 | 67 | ## [MISP 2.4.111] - 2019-07-23 68 | ### Changed 69 | - MISP 2.4.111 70 | 71 | ## [2.4.110] - 2019-07-08 72 | ### Changed 73 | - MISP 2.4.110 74 | 75 | ## [2.4.109] - 2019-06-14 76 | ### Changed 77 | - MISP 2.4.109 78 | 79 | ## [2.4.108] - 2019-06-05 80 | ### Changed 81 | - MISP 2.4.108 82 | 83 | ## [2.4.107] - 2019-05-14 84 | ### Changed 85 | - MISP 2.4.107 86 | - Fixes [Issue #11](https://github.com/MISP/misp-cloud/issues/11) 87 | 88 | ## [2.4.106] - 2019-04-26 89 | ### Changed 90 | - MISP 2.4.106 91 | 92 | ## [2.4.105] - 2019-04-10 93 | ### Changed 94 | - MISP 2.4.105 95 | - Fixes [Issue #9](https://github.com/MISP/misp-cloud/issues/9) 96 | 97 | ## [2.4.103] - 2019-03-07 98 | ### Changed 99 | - MISP 2.4.103 100 | 101 | ## [2.4.102] - 2019-02-03 102 | ### Changed 103 | - MISP 2.4.102 104 | 105 | ## [2.4.101] - 2019-01-20 106 | ### Changed 107 | - MISP 2.4.101 108 | 109 | ## [2.4.99] - 2018-12-06 110 | ### Changed 111 | - MISP 2.4.99 112 | 113 | ## [2.4.98] - 2018-11-27 114 | ### Changed 115 | - MISP 2.4.98 116 | 117 | ## [2.4.97] - 2018-10-31 118 | ### Changed 119 | - MISP 2.4.97 120 | - [PR #6](https://github.com/MISP/misp-cloud/pull/6/) 121 | 122 | ## [2.4.96] - 2018-10-9 123 | ### Changed 124 | - MISP 2.4.96 125 | 126 | ## [2.4.95] - 2018-09-7 127 | ### Added 128 | - Builds in AWS now include the MISP version number in the image description *[(Screenshot)](https://github.com/MISP/misp-cloud/blob/master/docs/images/ami-listing.png)* 129 | 130 | ### Changed 131 | - MISP 2.4.95 132 | - Bootstrap script updated for non-interactive dpkg 133 | - us-west-2 - Additional region added (Fixes Issue [#4](https://github.com/MISP/misp-cloud/issues/4)) 134 | 135 | ## [2.4.94] - 2018-09-29 136 | ### Added 137 | - GnuPG is enabled by default 138 | 139 | ### Changed 140 | - Base OS has changed to Ubuntu 18.04 141 | - Better defaults for MISP configuration 142 | - MISP 2.4.94 143 | - Updated development files, "MISP and Cloud Security" and AWS installation guide 144 | 145 | ### Removed 146 | - [Viper](https://github.com/viper-framework/viper) is not included 147 | - [Mail2MISP](https://github.com/MISP/mail_to_misp) is not included 148 | - [MISP-Dashboard](https://github.com/MISP/misp-dashboard/) is not included 149 | -------------------------------------------------------------------------------- /dev/bootstrap: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | MISP_BRANCH='2.4' 4 | 5 | # MISP Configurables 6 | PATH_TO_MISP='/var/www/MISP' 7 | CAKE="${PATH_TO_MISP}/app/Console/cake" 8 | MISP_BASEURL='' 9 | MISP_LIVE='1' 10 | 11 | # Database configuration 12 | DBHOST='localhost' 13 | DBNAME='misp' 14 | DBUSER_ADMIN='root' 15 | DBPASSWORD_ADMIN="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer" 16 | DBUSER_MISP='misp' 17 | DBPASSWORD_MISP="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer" 18 | 19 | # Webserver configuration 20 | FQDN='localhost' 21 | 22 | # GPG configuration 23 | GPG_REAL_NAME='Auto-generated Key' 24 | GPG_COMMENT='WARNING: MISP Cloud Auto-generated Key' 25 | GPG_EMAIL_ADDRESS='admin@admin.test' 26 | GPG_KEY_LENGTH='2048' 27 | GPG_PASSPHRASE='Password1234' 28 | 29 | # php.ini configuration 30 | upload_max_filesize=50M 31 | post_max_size=50M 32 | max_execution_time=300 33 | memory_limit=512M 34 | PHP_INI='/etc/php/7.2/apache2/php.ini' 35 | 36 | echo "--- Process started ... ---" 37 | 38 | echo "--- Performing OS changes (branding) ... ---" 39 | apt-get install -y update-motd > /dev/null 2>&1 40 | cat > /etc/motd < /etc/update-motd.d/51-cloudguest < /dev/null 2>&1 56 | # Prevent dialog of dpkg for config overwrite 57 | DEBIAN_FRONTEND=noninteractive apt -yq upgrade > /dev/null 2>&1 58 | # Clean up 59 | apt -y autoremove > /dev/null 2>&1 60 | 61 | echo "--- Install base packages ---" 62 | apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo tmux vim virtualenvwrapper zip python3-pythonmagick tesseract-ocr htop imagemagick asciidoctor jq > /dev/null 2>&1 63 | 64 | echo "--- Installing and configuring Postfix ---" 65 | # # Postfix Configuration: Satellite system 66 | # # change the relay server later with: 67 | # postconf -e 'relayhost = example.com' 68 | # postfix reload 69 | echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections 70 | echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections 71 | apt-get install -y postfix > /dev/null 2>&1 72 | 73 | echo "--- Installing MariaDB specific packages and settings ---" 74 | apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1 75 | # Secure the MariaDB installation (especially by setting a strong root password) 76 | sleep 10 # give some time to the DB to launch... 77 | systemctl restart mariadb.service 78 | sleep 10 79 | apt-get install -y expect > /dev/null 2>&1 80 | ## do we need to spawn mysql_secure_install with sudo in future? 81 | expect -f - <<-EOF 82 | set timeout 10 83 | spawn mysql_secure_installation 84 | expect "Enter current password for root (enter for none):" 85 | send -- "\r" 86 | expect "Set root password?" 87 | send -- "y\r" 88 | expect "New password:" 89 | send -- "${DBPASSWORD_ADMIN}\r" 90 | expect "Re-enter new password:" 91 | send -- "${DBPASSWORD_ADMIN}\r" 92 | expect "Remove anonymous users?" 93 | send -- "y\r" 94 | expect "Disallow root login remotely?" 95 | send -- "y\r" 96 | expect "Remove test database and access to it?" 97 | send -- "y\r" 98 | expect "Reload privilege tables now?" 99 | send -- "y\r" 100 | expect eof 101 | EOF 102 | apt-get purge -y expect > /dev/null 2>&1 103 | 104 | echo "--- Installing Apache2 ---" 105 | apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1 106 | a2dismod status > /dev/null 2>&1 107 | a2enmod ssl > /dev/null 2>&1 108 | a2enmod rewrite > /dev/null 2>&1 109 | a2enmod headers > /dev/null 2>&1 110 | a2dissite 000-default > /dev/null 2>&1 111 | a2ensite default-ssl > /dev/null 2>&1 112 | 113 | echo "--- Installing PHP-specific packages ---" 114 | apt install -qy libapache2-mod-php php php-cli php-dev php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-redis php-gnupg php-gd > /dev/null 2>&1 115 | 116 | echo "--- Configuring PHP ---" 117 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 118 | do 119 | sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 120 | done 121 | 122 | echo "--- Adding Apache virtualhost ---" 123 | 124 | openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/CN=MISP-Cloud" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null 2>&1 125 | 126 | cat > /etc/apache2/sites-available/misp-ssl.conf < 128 | ServerAdmin admin@misp.local 129 | ServerName misp.local 130 | DocumentRoot $PATH_TO_MISP/app/webroot 131 | 132 | Options -Indexes 133 | AllowOverride all 134 | Require all granted 135 | 136 | LogLevel warn 137 | ErrorLog /var/log/apache2/misp.local_error.log 138 | CustomLog /var/log/apache2/misp.local_access.log combined 139 | ServerSignature Off 140 | Header set X-Content-Type-Options nosniff 141 | Header set X-Frame-Options DENY 142 | SSLEngine On 143 | SSLCertificateFile /etc/ssl/private/misp.local.crt 144 | SSLCertificateKeyFile /etc/ssl/private/misp.local.key 145 | 146 | EOF 147 | 148 | a2dissite default-ssl > /dev/null 2>&1 149 | a2ensite misp-ssl > /dev/null 2>&1 150 | 151 | echo "--- Restarting Apache ---" 152 | systemctl restart apache2 > /dev/null 2>&1 153 | 154 | echo "--- Retrieving MISP ---" 155 | ## Double check perms. 156 | mkdir $PATH_TO_MISP 157 | chown www-data:www-data $PATH_TO_MISP 158 | cd $PATH_TO_MISP 159 | git clone https://github.com/MISP/MISP.git $PATH_TO_MISP > /dev/null 2>&1 160 | git submodule update --init --recursive 161 | git submodule foreach --recursive git config core.filemode false 162 | git config core.filemode false 163 | 164 | echo "--- Installing Mitre's STIX ---" 165 | apt-get install -y python-dev python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1 166 | cd $PATH_TO_MISP/app/files/scripts 167 | git clone https://github.com/CybOXProject/python-cybox.git > /dev/null 2>&1 168 | git clone https://github.com/STIXProject/python-stix.git > /dev/null 2>&1 169 | cd $PATH_TO_MISP/app/files/scripts/python-cybox 170 | python3 setup.py install > /dev/null 2>&1 171 | cd $PATH_TO_MISP/app/files/scripts/python-stix 172 | python3 setup.py install > /dev/null 2>&1 173 | # install mixbox to accomodate the new STIX dependencies: 174 | cd $PATH_TO_MISP/app/files/scripts/ 175 | git clone https://github.com/CybOXProject/mixbox.git > /dev/null 2>&1 176 | cd $PATH_TO_MISP/app/files/scripts/mixbox 177 | python3 setup.py install > /dev/null 2>&1 178 | 179 | echo "--- Retrieving CakePHP ---" 180 | # CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it: 181 | cd $PATH_TO_MISP 182 | git submodule init > /dev/null 2>&1 183 | git submodule update > /dev/null 2>&1 184 | # Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs: 185 | # Make composer cache happy 186 | mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer 187 | cd $PATH_TO_MISP/app 188 | php composer.phar require kamisama/cake-resque:4.1.2 > /dev/null 2>&1 189 | php composer.phar config vendor-dir Vendor > /dev/null 2>&1 190 | php composer.phar install > /dev/null 2>&1 191 | 192 | # Enable CakeResque with php-redis 193 | phpenmod redis 194 | phpenmod gnupg 195 | 196 | # To use the scheduler worker for scheduled tasks, do the following: 197 | cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php 198 | 199 | echo "--- Setting the permissions ---" 200 | chown -R www-data:www-data $PATH_TO_MISP 201 | chmod -R 750 $PATH_TO_MISP 202 | chmod -R g+ws $PATH_TO_MISP/app/tmp 203 | chmod -R g+ws $PATH_TO_MISP/app/files 204 | chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp 205 | 206 | echo "--- Creating a database user ---" 207 | mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;" 208 | mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBUSER_MISP@localhost identified by '$DBPASSWORD_MISP';" 209 | mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';" 210 | mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;" 211 | # Import the empty MISP database from MYSQL.sql 212 | cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME 213 | 214 | echo "--- Restarting Apache ---" 215 | systemctl restart apache2 > /dev/null 2>&1 216 | 217 | echo "--- Configuring log rotation ---" 218 | cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp 219 | 220 | 221 | echo "--- MISP configuration ---" 222 | # There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied 223 | cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php 224 | cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php 225 | cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php 226 | cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php 227 | cat > $PATH_TO_MISP/app/Config/database.php < 'Database/Mysql', 232 | //'datasource' => 'Database/Postgres', 233 | 'persistent' => false, 234 | 'host' => '$DBHOST', 235 | 'login' => '$DBUSER_MISP', 236 | 'port' => 3306, // MySQL & MariaDB 237 | //'port' => 5432, // PostgreSQL 238 | 'password' => '$DBPASSWORD_MISP', 239 | 'database' => '$DBNAME', 240 | 'prefix' => '', 241 | 'encoding' => 'utf8', 242 | ); 243 | } 244 | EOF 245 | # and make sure the file permissions are still OK 246 | chown -R www-data:www-data $PATH_TO_MISP/app/Config 247 | chmod -R 750 $PATH_TO_MISP/app/Config 248 | # Set some MISP directives with the command line tool 249 | $CAKE Live $MISP_LIVE > /dev/null 250 | 251 | # Enable ZeroMQ 252 | $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true > /dev/null 253 | $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true > /dev/null 254 | $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true > /dev/null 255 | $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true > /dev/null 256 | $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true > /dev/null 257 | $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true > /dev/null 258 | $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true > /dev/null 259 | $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true > /dev/null 260 | $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 > /dev/null 261 | $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" > /dev/null 262 | $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 > /dev/null 263 | $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 > /dev/null 264 | $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" > /dev/null 265 | $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false > /dev/null 266 | $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false > /dev/null 267 | $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false > /dev/null 268 | 269 | # Enable GnuPG 270 | $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" > /dev/null 271 | $CAKE Admin setSetting "GnuPG.homedir" ${PATH_TO_MISP}/.gnupg > /dev/null 272 | $CAKE Admin setSetting "GnuPG.binary" `which gpg` > /dev/null 273 | $CAKE Admin setSetting "GnuPG.password" "Password1234" > /dev/null 274 | 275 | # Enable Enrichment set better timeouts 276 | $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true > /dev/null 277 | $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true > /dev/null 278 | $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 > /dev/null 279 | $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 > /dev/null 280 | $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true > /dev/null 281 | $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true > /dev/null 282 | $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" > /dev/null 283 | $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 > /dev/null 284 | $CAKE Admin setSetting "Plugin.Enrichment_vmray_submit_enabled" false > /dev/null 285 | $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" false > /dev/null 286 | $CAKE Admin setSetting "Plugin.Enrichment_circl_passivedns_enabled" false > /dev/null 287 | $CAKE Admin setSetting "Plugin.Enrichment_circl_passivessl_enabled" false > /dev/null 288 | $CAKE Admin setSetting "Plugin.Enrichment_countrycode_enabled" false > /dev/null 289 | $CAKE Admin setSetting "Plugin.Enrichment_domaintools_enabled" false > /dev/null 290 | $CAKE Admin setSetting "Plugin.Enrichment_eupi_enabled" false > /dev/null 291 | $CAKE Admin setSetting "Plugin.Enrichment_farsight_passivedns_enabled" false > /dev/null 292 | $CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" false > /dev/null 293 | $CAKE Admin setSetting "Plugin.Enrichment_passivetotal_enabled" false > /dev/null 294 | $CAKE Admin setSetting "Plugin.Enrichment_sourcecache_enabled" false > /dev/null 295 | $CAKE Admin setSetting "Plugin.Enrichment_virustotal_enabled" false > /dev/null 296 | $CAKE Admin setSetting "Plugin.Enrichment_whois_enabled" false > /dev/null 297 | $CAKE Admin setSetting "Plugin.Enrichment_shodan_enabled" false > /dev/null 298 | $CAKE Admin setSetting "Plugin.Enrichment_reversedns_enabled" false > /dev/null 299 | $CAKE Admin setSetting "Plugin.Enrichment_geoip_country_enabled" false > /dev/null 300 | $CAKE Admin setSetting "Plugin.Enrichment_wiki_enabled" false > /dev/null 301 | $CAKE Admin setSetting "Plugin.Enrichment_iprep_enabled" false > /dev/null 302 | $CAKE Admin setSetting "Plugin.Enrichment_threatminer_enabled" false > /dev/null 303 | $CAKE Admin setSetting "Plugin.Enrichment_otx_enabled" false > /dev/null 304 | $CAKE Admin setSetting "Plugin.Enrichment_threatcrowd_enabled" false > /dev/null 305 | $CAKE Admin setSetting "Plugin.Enrichment_vulndb_enabled" false > /dev/null 306 | $CAKE Admin setSetting "Plugin.Enrichment_crowdstrike_falcon_enabled" false > /dev/null 307 | $CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" false > /dev/null 308 | $CAKE Admin setSetting "Plugin.Enrichment_hashdd_enabled" false > /dev/null 309 | $CAKE Admin setSetting "Plugin.Enrichment_onyphe_enabled" false > /dev/null 310 | $CAKE Admin setSetting "Plugin.Enrichment_onyphe_full_enabled" false > /dev/null 311 | $CAKE Admin setSetting "Plugin.Enrichment_rbl_enabled" false > /dev/null 312 | $CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null 313 | $CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null 314 | 315 | # Enable Import modules set better timout 316 | $CAKE Admin setSetting "Plugin.Import_services_enable" true > /dev/null 317 | $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" > /dev/null 318 | $CAKE Admin setSetting "Plugin.Import_services_port" 6666 > /dev/null 319 | $CAKE Admin setSetting "Plugin.Import_timeout" 300 > /dev/null 320 | $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true > /dev/null 321 | $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true > /dev/null 322 | $CAKE Admin setSetting "Plugin.Import_vmray_import_enabled" false > /dev/null 323 | $CAKE Admin setSetting "Plugin.Import_testimport_enabled" false > /dev/null 324 | $CAKE Admin setSetting "Plugin.Import_ocr_enabled" false > /dev/null 325 | $CAKE Admin setSetting "Plugin.Import_cuckooimport_enabled" false > /dev/null 326 | $CAKE Admin setSetting "Plugin.Import_goamlimport_enabled" false > /dev/null 327 | $CAKE Admin setSetting "Plugin.Import_email_import_enabled" false > /dev/null 328 | $CAKE Admin setSetting "Plugin.Import_mispjson_enabled" false > /dev/null 329 | $CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" false > /dev/null 330 | $CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" false > /dev/null 331 | 332 | # Enable Export modules set better timout 333 | $CAKE Admin setSetting "Plugin.Export_services_enable" true > /dev/null 334 | $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" > /dev/null 335 | $CAKE Admin setSetting "Plugin.Export_services_port" 6666 > /dev/null 336 | $CAKE Admin setSetting "Plugin.Export_timeout" 300 > /dev/null 337 | $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true > /dev/null 338 | $CAKE Admin setSetting "Plugin.Export_testexport_enabled" false > /dev/null 339 | $CAKE Admin setSetting "Plugin.Export_testexport_restrict" 1 > /dev/null 340 | $CAKE Admin setSetting "Plugin.Export_cef_export_enabled" false > /dev/null 341 | $CAKE Admin setSetting "Plugin.Export_liteexport_enabled" false > /dev/null 342 | $CAKE Admin setSetting "Plugin.Export_goamlexport_enabled" false > /dev/null 343 | $CAKE Admin setSetting "Plugin.Export_threat_connect_export_enabled" false > /dev/null 344 | $CAKE Admin setSetting "Plugin.Export_threatStream_misp_export_enabled" false > /dev/null 345 | 346 | 347 | # Enable installer org and tune some configurables 348 | $CAKE Admin setSetting "MISP.host_org_id" 1 > /dev/null 349 | $CAKE Admin setSetting "MISP.email" "info@admin.test" > /dev/null 350 | $CAKE Admin setSetting "MISP.disable_emailing" true > /dev/null 351 | $CAKE Admin setSetting "MISP.contact" "info@admin.test" > /dev/null 352 | $CAKE Admin setSetting "MISP.disablerestalert" true > /dev/null 353 | $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true > /dev/null 354 | 355 | # Provisional Cortex tunes 356 | $CAKE Admin setSetting "Plugin.Cortex_services_enable" false > /dev/null 357 | $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null 358 | $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null 359 | $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 > /dev/null 360 | $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null 361 | $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null 362 | $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 > /dev/null 363 | $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" > /dev/null 364 | $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false > /dev/null 365 | $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false > /dev/null 366 | $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true > /dev/null 367 | 368 | # Provisional Elastic Search tunes 369 | $CAKE Admin setSetting "Plugin.ElasticSearch_logging_enable" false > /dev/null 370 | 371 | # Various plugin sightings settings 372 | $CAKE Admin setSetting "Plugin.Sightings_policy" 0 > /dev/null 373 | $CAKE Admin setSetting "Plugin.Sightings_anonymise" false > /dev/null 374 | $CAKE Admin setSetting "Plugin.Sightings_range" 365 > /dev/null 375 | 376 | # Plugin CustomAuth tuneable 377 | $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false > /dev/null 378 | 379 | # RPZ Plugin settings 380 | 381 | $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" > /dev/null 382 | $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" > /dev/null 383 | $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" > /dev/null 384 | $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" > /dev/null 385 | $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" > /dev/null 386 | $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" > /dev/null 387 | $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" > /dev/null 388 | $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" > /dev/null 389 | $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." > /dev/null 390 | $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" > /dev/null 391 | $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" > /dev/null 392 | 393 | # Force defaults to make MISP Server Settings less RED 394 | $CAKE Admin setSetting "MISP.language" "eng" > /dev/null 395 | $CAKE Admin setSetting "MISP.proposals_block_attributes" false > /dev/null 396 | ## Redis block 397 | $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" > /dev/null 398 | $CAKE Admin setSetting "MISP.redis_port" 6379 > /dev/null 399 | $CAKE Admin setSetting "MISP.redis_database" 13 > /dev/null 400 | $CAKE Admin setSetting "MISP.redis_password" "" > /dev/null 401 | 402 | # Force defaults to make MISP Server Settings less YELLOW 403 | $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 > /dev/null 404 | $CAKE Admin setSetting "MISP.extended_alert_subject" false > /dev/null 405 | $CAKE Admin setSetting "MISP.default_event_threat_level" 4 > /dev/null 406 | $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null 407 | $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null 408 | $CAKE Admin setSetting "MISP.enableEventBlacklisting" true > /dev/null 409 | $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true > /dev/null 410 | $CAKE Admin setSetting "MISP.log_client_ip" false > /dev/null 411 | $CAKE Admin setSetting "MISP.log_auth" false > /dev/null 412 | $CAKE Admin setSetting "MISP.disableUserSelfManagement" false > /dev/null 413 | $CAKE Admin setSetting "MISP.block_event_alert" false > /dev/null 414 | $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" > /dev/null 415 | $CAKE Admin setSetting "MISP.block_old_event_alert" false > /dev/null 416 | $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" > /dev/null 417 | $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false > /dev/null 418 | $CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email. " > /dev/null 419 | $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated AMI." > /dev/null 420 | $CAKE Admin setSetting "MISP.footermidright" "https://github.com/MISP/misp-cloud/" > /dev/null 421 | $CAKE Admin setSetting "MISP.welcome_text_top" "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security" > /dev/null 422 | $CAKE Admin setSetting "MISP.download_attachments_on_load" true > /dev/null 423 | $CAKE Admin setSetting "MISP.title_text" "MISP" > /dev/null 424 | $CAKE Admin setSetting "MISP.terms_download" false > /dev/null 425 | $CAKE Admin setSetting "MISP.showorgalternate" false > /dev/null 426 | $CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name" > /dev/null 427 | 428 | # Force defaults to make MISP Server Settings less GREEN 429 | $CAKE Admin setSetting "Security.password_policy_length" 12 > /dev/null 430 | $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' > /dev/null 431 | 432 | # Tune global time outs 433 | $CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null 434 | $CAKE Admin setSetting "Session.timeout" 600 > /dev/null 435 | $CAKE Admin setSetting "Session.cookie_timeout" 3600 > /dev/null 436 | 437 | echo "--- Generating a GPG encryption key ---" 438 | apt-get install -y rng-tools haveged > /dev/null 2>&1 439 | sudo -u www-data mkdir $PATH_TO_MISP/.gnupg 440 | chmod 700 $PATH_TO_MISP/.gnupg 441 | cat >/tmp/gen-key-script < $PATH_TO_MISP/app/webroot/gpg.asc" 459 | 460 | echo "--- Making the background workers start on boot ---" 461 | chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh 462 | 463 | # With initd: 464 | if [ ! -e /etc/rc.local ] 465 | then 466 | echo '#!/bin/sh -e' | tee -a /etc/rc.local 467 | echo 'exit 0' | tee -a /etc/rc.local 468 | chmod u+x /etc/rc.local 469 | fi 470 | 471 | # redis-server requires the following /sys/kernel tweak 472 | sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local 473 | sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local 474 | sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local 475 | sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local 476 | sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local 477 | sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local 478 | sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local 479 | sed -i -e '$i \ cd $d && git pull &\n' /etc/rc.local 480 | sed -i -e '$i \done\n' /etc/rc.local 481 | 482 | echo "--- Installing MISP modules ---" 483 | apt-get install -y libpq5 libjpeg-dev libfuzzy-dev > /dev/null 2>&1 484 | cd /usr/local/src/ 485 | git clone https://github.com/MISP/misp-modules.git 486 | sudo chown -R www-data:www-data misp-modules 487 | cd misp-modules 488 | 489 | # pip3 install 490 | pip3 install -I -r REQUIREMENTS > /dev/null 2>&1 491 | pip3 install -I . > /dev/null 2>&1 492 | pip3 install lief 2>&1 493 | pip3 install maec 2>&1 494 | pip3 install pathlib 2>&1 495 | pip3 install pymisp python-magic wand yara > /dev/null 2>&1 496 | pip3 install git+https://github.com/kbandla/pydeep.git > /dev/null 2>&1 497 | 498 | # install STIX2.0 library to support STIX 2.0 export: 499 | pip3 install stix2 > /dev/null 2>&1 500 | 501 | echo "--- Setting the permissions ... ---" 502 | chown -R www-data:www-data $PATH_TO_MISP 503 | chmod -R 750 $PATH_TO_MISP 504 | chmod -R g+ws $PATH_TO_MISP/app/tmp 505 | chmod -R g+ws $PATH_TO_MISP/app/files 506 | chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp 507 | 508 | echo "--- Restarting Apache ---" 509 | systemctl restart apache2 > /dev/null 2>&1 510 | sleep 5 511 | 512 | echo "--- Updating the galaxies ---" 513 | sudo -u www-data -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null 514 | AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1) 515 | # Update the galaxies 516 | $CAKE Admin updateGalaxies > /dev/null 2>&1 517 | 518 | # Updating the taxonomies 519 | $CAKE Admin updateTaxonomies > /dev/null 2>&1 520 | 521 | # Updating the warning lists 522 | ## $CAKE Admin updateWarningLists 523 | curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/warninglists/update > /dev/null 2>&1 524 | 525 | # Updating the notice lists 526 | ## $CAKE Admin updateNoticeLists 527 | curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/noticelists/update > /dev/null 2>&1 528 | 529 | # Updating the object templates 530 | ##$CAKE Admin updateObjectTemplates 531 | curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/objectTemplates/update > /dev/null 2>&1 532 | 533 | echo "--- Enabling MISP new pub/sub feature (ZeroMQ) ---" 534 | apt-get install -y pkg-config python-redis python-zmq python3-zmq > /dev/null 2>&1 535 | 536 | echo "--- Installing asciidoctor-pdf ---" 537 | gem install asciidoctor-pdf --pre > /dev/null 2>&1 538 | gem install pygments.rb > /dev/null 2>&1 539 | 540 | echo "--- Ignoring filemode on all submodules ---" 541 | cd $PATH_TO_MISP 542 | sudo -u www-data git submodule foreach --recursive git config core.filemode false > /dev/null 2>&1 543 | 544 | echo "--- autoremove for apt ---" 545 | apt autoremove -y > /dev/null 2>&1 546 | 547 | echo "--- Setting Baseurl and making sure Sessions do NOT auto regenerate ---" 548 | $CAKE Baseurl "" > /dev/null 2>&1 549 | $CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null 2>&1 550 | 551 | echo "--- Setting the permissions ---" 552 | chown -R www-data:www-data $PATH_TO_MISP 553 | chmod -R 750 $PATH_TO_MISP 554 | chmod -R g+ws $PATH_TO_MISP/app/tmp 555 | chmod -R g+ws $PATH_TO_MISP/app/files 556 | chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp 557 | chmod 700 $PATH_TO_MISP/.gnupg 558 | -------------------------------------------------------------------------------- /dev/packer-aws.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "profile": "default", 4 | "destination_regions": "eu-west-1,eu-west-2,eu-west-3,eu-central-1,us-east-1,us-east-2,us-west-1,ap-northeast-1,sa-east-1,us-west-2,ap-south-1", 5 | "hostname": "misp" 6 | }, 7 | "builders": [{ 8 | "type": "amazon-ebs", 9 | "region": "eu-central-1", 10 | "ami_groups": "all", 11 | "source_ami_filter": { 12 | "filters": { 13 | "virtualization-type": "hvm", 14 | "name": "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*", 15 | "root-device-type": "ebs" 16 | }, 17 | "owners": ["099720109477"], 18 | "most_recent": true 19 | }, 20 | "instance_type": "t2.medium", 21 | "ami_regions": "{{user `destination_regions`}}", 22 | "ssh_username": "ubuntu", 23 | "ami_name": "MISP-{{timestamp}}", 24 | "ami_description": "MISP - Malware Information Sharing Platform", 25 | "tags": { 26 | "Amazon_AMI_Management_Identifier": "misp-build" 27 | } 28 | }], 29 | "provisioners": [ 30 | { 31 | "type": "shell", 32 | "execute_command" : "{{ .Vars }} sudo -H -E sh '{{ .Path }}'", 33 | "script": "/home/ubuntu/misp/bootstrap", 34 | "pause_before": "10s" 35 | } 36 | ], 37 | "post-processors":[{ 38 | "type": "amazon-ami-management", 39 | "regions": "{{user `destination_regions`}}", 40 | "identifier": "misp-build", 41 | "keep_releases": "1" 42 | } 43 | ] 44 | } 45 | -------------------------------------------------------------------------------- /dev/readme.md: -------------------------------------------------------------------------------- 1 | # Development notes 2 | 3 | We make some of the development files available in case they are of interest to you. MISP Cloud is heavily based on [misp-packer](https://github.com/MISP/misp-packer) for the bootstrap portion of the project. Other files include the configuration files for [Packer](https://packer.io), the tool we utilize to create and manage the images. 4 | 5 | Check Packer [Starter Guide](https://www.packer.io/intro/index.html) if you would like to learn more. 6 | -------------------------------------------------------------------------------- /docs/images/ami-listing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/ami-listing.png -------------------------------------------------------------------------------- /docs/images/aws1-new.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws1-new.png -------------------------------------------------------------------------------- /docs/images/aws2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws2.png -------------------------------------------------------------------------------- /docs/images/aws3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws3.png -------------------------------------------------------------------------------- /docs/images/aws4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws4.png -------------------------------------------------------------------------------- /docs/images/aws5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws5.png -------------------------------------------------------------------------------- /docs/images/aws6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws6.png -------------------------------------------------------------------------------- /docs/images/aws7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MISP/misp-cloud/fa0d41bdfb0f2398c90c7e77cfaef583c1f6c7a0/docs/images/aws7.png --------------------------------------------------------------------------------