├── .gitignore ├── .travis.yml ├── README.md ├── docker-compose.yml ├── template.env └── web ├── Dockerfile ├── INSTALL_NODB.sh ├── INSTALL_NODB.sh.sha1 ├── INSTALL_NODB.sh.sha256 ├── INSTALL_NODB.sh.sha384 ├── INSTALL_NODB.sh.sha512 ├── healthcheck.patch ├── misp-ssl.conf ├── run.sh └── wait-for-it.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | data 3 | proxy/ssl/misp.crt 4 | proxy/ssl/misp.key 5 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: minimal 2 | 3 | env: 4 | - DOCKER_COMPOSE_VERSION=1.24.0 5 | 6 | before_install: 7 | - sudo rm /usr/local/bin/docker-compose 8 | - curl -L -o ~/docker-compose https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` 9 | - sudo mv ~/docker-compose /usr/local/bin 10 | - sudo chmod +x /usr/local/bin/docker-compose 11 | - bash -c "[ -f .travis.yml ] || echo 'Could not find docker-compose'" 12 | 13 | 14 | script: 15 | - docker-compose build 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hello potential user/contributor 2 | 3 | This project is outside of the main MISP umbrella and does not have much 4 | community traction/use. As such it has not seen any love in a long time. 5 | This also means using the code in this repository is not recommended 6 | for users new to MISP. 7 | 8 | Alternatives to this repository may be 9 | * [/MISP/misp-docker](https://github.com/MISP/misp-docker) 10 | * [/MISP/docker-misp](https://github.com/MISP/docker-misp) 11 | * [Install scripts](https://github.com/MISP/MISP/tree/2.4/INSTALL) 12 | 13 | Be aware that general issues in this repository will most likely not be 14 | acted upon - however, pull requests are mostly welcome. 15 | 16 | MISP Docker 17 | =========== 18 | 19 | [![](https://travis-ci.org/MISP/misp-docker.svg?branch=master)](https://travis-ci.org/yaleman/misp-docker) 20 | 21 | The files in this repository are used to create a Docker container running a [MISP](http://www.misp-project.org) ("Malware Information Sharing Platform") instance. 22 | 23 | I rewrote the Docker file to split the components in multiple containers (which is more in the philosophy of Docker). Therefore there is no longer a Dockerfile in the root directory. 24 | 25 | The MISP container needs at least a MySQL container to store the data. By default it listen to port 443 and port 80, which is redirected to 443. 26 | 27 | The build is based on Ubuntu and will install all the required components, using the INSTALL script provided in the MISP repository. 28 | 29 | Using the Install script has the advantage that we can rely on a tested installation routine which is maintained and kept up to date. The amount of custom work to be done in the Dockerfile and run.sh files is limited to the necessary to make MISP container compliant. 30 | 31 | The following configuration steps are performed automatically: 32 | * Reconfiguration of the base URL in `config.php` 33 | * Generation of a new salt in `config.php` 34 | * Generation of a self-signed certificate 35 | * Optimization of the PHP environment (php.ini) to match the MISP recommended values 36 | * Creation of the MySQL database 37 | * Generation of the admin PGP key 38 | * Installation of misp modules 39 | 40 | # Building your image 41 | 42 | ## Fetch files 43 | ``` 44 | $ git clone https://github.com/MISP/misp-docker 45 | $ cd misp-docker 46 | # Copy template.env to .env (on the root directory) and edit the environment variables at .env file 47 | $ cp template.env .env 48 | $ vi .env 49 | ``` 50 | 51 | ## Build the containers 52 | ``` 53 | $ docker-compose build 54 | or 55 | $ docker-compose -f docker-compose.yml build 56 | ``` 57 | 58 | ## Run containers 59 | ``` 60 | $ docker-compose up 61 | or 62 | $ docker-compose -f docker-compose.yml up 63 | ``` 64 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | web: 5 | build: web 6 | depends_on: 7 | - db 8 | container_name: misp_web 9 | image: misp:latest 10 | restart: unless-stopped 11 | ports: 12 | - "80:80" 13 | - "443:443" 14 | volumes: 15 | - /dev/urandom:/dev/random 16 | - ${DATA_DIR:-./data}/web:/var/www/MISP 17 | environment: 18 | - MYSQL_HOST=${MYSQL_HOST:-misp_db} 19 | - MYSQL_DATABASE=${MYSQL_DATABASE:-misp} 20 | - MYSQL_USER=${MYSQL_USER:-misp} 21 | - MYSQL_PASSWORD=${MYSQL_PASSWORD:-misp} 22 | - MISP_ADMIN_EMAIL=${MISP_ADMIN_EMAIL:-admin@admin.test} 23 | - MISP_ADMIN_PASSPHRASE=${MISP_ADMIN_PASSPHRASE:-admin} 24 | - MISP_BASEURL=${MISP_BASEURL:-https://localhost} 25 | - POSTFIX_RELAY_HOST=${POSTFIX_RELAY_HOST:-relay.fqdn} 26 | - TIMEZONE=${TIMEZONE:-UTC} 27 | entrypoint: "wait-for-it.sh -t 0 -h ${MYSQL_HOST:-misp_db} -p 3306 -- /run.sh" 28 | 29 | db: 30 | container_name: misp_db 31 | image: mysql/mysql-server:5.7 32 | hostname: ${MYSQL_HOST:-misp_db} 33 | restart: unless-stopped 34 | volumes: 35 | - ${DATA_DIR:-./data}/db:/var/lib/mysql 36 | environment: 37 | - MYSQL_DATABASE=${MYSQL_DATABASE:-misp} 38 | - MYSQL_USER=${MYSQL_USER:-misp} 39 | - MYSQL_PASSWORD=${MYSQL_PASSWORD:-misp} 40 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-misp} 41 | 42 | volumes: 43 | web: 44 | db: 45 | -------------------------------------------------------------------------------- /template.env: -------------------------------------------------------------------------------- 1 | MYSQL_HOST=misp_db 2 | MYSQL_DATABASE=misp 3 | MYSQL_USER=misp 4 | MYSQL_PASSWORD=misp 5 | MYSQL_ROOT_PASSWORD=misp 6 | 7 | MISP_ADMIN_EMAIL=admin@admin.test 8 | MISP_ADMIN_PASSPHRASE=admin 9 | MISP_BASEURL=https://localhost 10 | 11 | POSTFIX_RELAY_HOST=relay.fqdn 12 | TIMEZONE=Europe/Brussels 13 | 14 | DATA_DIR=./data 15 | -------------------------------------------------------------------------------- /web/Dockerfile: -------------------------------------------------------------------------------- 1 | 2 | FROM ubuntu:focal 3 | 4 | # Install core components 5 | ENV DEBIAN_FRONTEND noninteractive 6 | 7 | RUN apt-get update && \ 8 | apt-get dist-upgrade -y && apt-get upgrade && apt-get autoremove -y && apt-get clean && \ 9 | apt-get install -y software-properties-common && \ 10 | apt-get install -y postfix && \ 11 | apt-get install -y mysql-client curl gcc git gnupg-agent \ 12 | make openssl redis-server sudo vim zip locales wget iproute2 supervisor cron 13 | 14 | RUN add-apt-repository ppa:deadsnakes/ppa 15 | RUN apt-get update && apt-get -y install python3.9 python3-pip 16 | RUN pip3 install --upgrade pip 17 | 18 | 19 | RUN locale-gen en_US.UTF-8 20 | ENV LANG en_US.UTF-8 21 | 22 | RUN useradd misp && usermod -aG sudo misp 23 | 24 | # Install script 25 | COPY --chown=misp:misp INSTALL_NODB.sh* ./ 26 | RUN chmod +x INSTALL_NODB.sh 27 | RUN echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers 28 | 29 | 30 | USER misp 31 | 32 | RUN bash INSTALL_NODB.sh -A -u 33 | 34 | USER root 35 | 36 | RUN pip3 list -o | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U ; exit 0 #Hack error code 37 | 38 | 39 | # Supervisord Setup 40 | RUN ( \ 41 | echo '[supervisord]'; \ 42 | echo 'nodaemon = true'; \ 43 | echo ''; \ 44 | echo '[program:postfix]'; \ 45 | echo 'process_name = master'; \ 46 | echo 'directory = /etc/postfix'; \ 47 | echo 'command = /usr/sbin/postfix -c /etc/postfix start'; \ 48 | echo 'startsecs = 0'; \ 49 | echo 'autorestart = false'; \ 50 | echo ''; \ 51 | echo '[program:redis-server]'; \ 52 | echo 'command=redis-server /etc/redis/redis.conf'; \ 53 | echo 'user=redis'; \ 54 | echo ''; \ 55 | echo '[program:apache2]'; \ 56 | echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"'; \ 57 | echo ''; \ 58 | echo '[program:resque]'; \ 59 | echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh'; \ 60 | echo 'startsecs = 0'; \ 61 | echo 'autorestart = false'; \ 62 | echo 'user=www-data'; \ 63 | echo ''; \ 64 | echo '[program:misp-modules]'; \ 65 | echo 'command=/bin/bash -c "/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s"'; \ 66 | echo 'startsecs = 0'; \ 67 | echo 'autorestart = false'; \ 68 | echo 'user=www-data'; \ 69 | ) >> /etc/supervisor/conf.d/supervisord.conf 70 | 71 | # Add run script 72 | # Trigger to perform first boot operations 73 | ADD run.sh /run.sh 74 | # Ensure that wait for it is included in the path and executable 75 | ADD wait-for-it.sh /usr/local/bin/wait-for-it.sh 76 | RUN chmod +x /usr/local/bin/wait-for-it.sh 77 | RUN mv /etc/apache2/sites-available/misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf.bak 78 | ADD misp-ssl.conf /etc/apache2/sites-available/misp-ssl.conf 79 | RUN chmod 0755 /run.sh && touch /.firstboot.tmp 80 | # Make a backup of /var/www/MISP to restore it to the local moint point at first boot 81 | WORKDIR /var/www/MISP 82 | RUN tar czpf /root/MISP.tgz . 83 | 84 | VOLUME /var/www/MISP 85 | EXPOSE 80 86 | ENTRYPOINT ["/run.sh"] 87 | -------------------------------------------------------------------------------- /web/INSTALL_NODB.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ############################################################ 3 | ###### # 4 | ##### Please AutoGenerated... ## 5 | #### Do NOT was ### 6 | ### Manually It #### 7 | ## Change this Script... ##### 8 | # ###### 9 | ############################################################ 10 | ############################################################ 11 | #INSTALLATION INSTRUCTIONS # 12 | ########################################################## 13 | #------------------------- for Debian Flavored Linux Distributions 14 | # 15 | #-------------------------------------------------------| 16 | # 0/ Quick MISP Instance on Debian Based Linux - Status | 17 | #-------------------------------------------------------| 18 | # 19 | # 20200513: Ubuntu 20.04 tested and working. -- sCl 20 | # 20200412: Ubuntu 18.04.4 tested and working. -- sCl 21 | # 20190302: Ubuntu 18.04.2 tested and working. -- sCl 22 | # 20190208: Kali Linux tested and working. -- sCl 23 | # 24 | # 25 | #-------------------------------------------------------------------------------------------------| 26 | # 1/ For other Debian based Linux distributions, download script and run as **unprivileged** user | 27 | #-------------------------------------------------------------------------------------------------| 28 | # 29 | # The following installs only MISP Core: 30 | # $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c 31 | # 32 | # This will install MISP Core and misp-modules 33 | # $ wget --no-cache -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh ; bash /tmp/INSTALL.sh -c -M 34 | # 35 | # 36 | #-------------------------------------------------------| 37 | # 2/ For Kali, download and run Installer Script | 38 | #-------------------------------------------------------| 39 | # 40 | # To install MISP on Kali copy paste the following to your shell: 41 | # # wget --no-cache -O /tmp/misp-kali.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/misp-kali.sh 42 | # NO other version then 2020.x supported, kthxbai. 43 | # /!\ Please read the installer script before randomly doing the above. 44 | # The script is tested on a plain vanilla Kali Linux Boot CD and installs quite a few dependencies. 45 | # 46 | # 47 | #----------------------------------------------------------| 48 | # 3/ The following script has been partially autogenerated | 49 | #----------------------------------------------------------| 50 | # 51 | # To generate this script yourself, the following steps need to be taken. 52 | # $ git clone https://github.com/SteveClement/xsnippet.git 53 | # Make sure xsnippet resides somewhere in your $PATH - It is a shell script so a simple, copy to somewhere sane is enough. 54 | # $ git clone https://github.com/MISP/MISP.git 55 | # $ cd MISP/INSTALL ; ./INSTALL.tpl.sh 56 | # 57 | ## 58 | ### 59 | ####----------------\ 60 | ## Developer Note | 61 | ####--------------------------------------------------------------------------------------------------| 62 | ## In theory the order does not matter as everything is a self-contained function. | 63 | # That said, ideally leave the order as is and do NOT change the lines as they are place-holders. | 64 | # Script files that do NOT have a #_name.sh are scripts that have NO functions. This is by design. | 65 | #-----------------------------------------------------------------------------------------------------| 66 | # 67 | # ToC # 68 | # 69 | #### BEGIN AUTOMATED SECTION #### 70 | # 71 | # $ eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | grep -v \`\`\`)" 72 | # $ MISPvars 73 | MISPvars () { 74 | debug "Setting generic ${LBLUE}MISP${NC} variables shared by all flavours" 2> /dev/null 75 | # Local non-root MISP user 76 | MISP_USER="${MISP_USER:-misp}" 77 | MISP_PASSWORD="${MISP_PASSWORD:-$(openssl rand -hex 32)}" 78 | 79 | # The web server user 80 | # RHEL/CentOS 81 | if [[ -f "/etc/redhat-release" ]]; then 82 | WWW_USER="apache" 83 | SUDO_WWW="sudo -H -u ${WWW_USER} " 84 | # Debian flavoured 85 | elif [[ -f "/etc/debian_version" ]]; then 86 | WWW_USER="www-data" 87 | SUDO_WWW="sudo -H -u ${WWW_USER} " 88 | # OpenBSD 89 | elif [[ "$(uname -s)" == "OpenBSD" ]]; then 90 | WWW_USER="www" 91 | PATH_TO_MISP="${PATH_TO_MISP:-/var/www/htdocs/MISP}" 92 | SUDO_WWW="doas -u www " 93 | SUDO_CMD="doas " 94 | # NetBSD 95 | elif [[ "$(uname -s)" == "NetBSD" ]]; then 96 | WWW_USER="www" 97 | PATH_TO_MISP="$PATH_TO_MISP:-/usr/pkg/share/httpd/htdocs/MISP}" 98 | SUDO_WWW="sudo -H -u ${WWW_USER} " 99 | else 100 | # I am feeling lucky 101 | WWW_USER="www-data" 102 | SUDO_WWW="sudo -H -u ${WWW_USER} " 103 | fi 104 | 105 | # MISP configuration variables 106 | PATH_TO_MISP="${PATH_TO_MISP:-/var/www/MISP}" 107 | PATH_TO_MISP_SCRIPTS="${PATH_TO_MISP}/app/files/scripts" 108 | 109 | 110 | FQDN="${FQDN:-misp.local}" 111 | 112 | MISP_BASEURL="${MISP_BASEURL:-""}" 113 | 114 | MISP_LIVE="1" 115 | 116 | # Database configuration 117 | DBHOST="${DBHOST:-localhost}" 118 | DBNAME="${DBNAME:-misp}" 119 | DBUSER_ADMIN="${DBUSER_ADMIN:-root}" 120 | DBPASSWORD_ADMIN="${DBPASSWORD_ADMIN:-$(openssl rand -hex 32)}" 121 | DBUSER_MISP="${DBUSER_MISP:-misp}" 122 | DBPASSWORD_MISP="${DBPASSWORD_MISP:-$(openssl rand -hex 32)}" 123 | 124 | # OpenSSL configuration 125 | OPENSSL_CN=${FQDN} 126 | OPENSSL_C="LU" 127 | OPENSSL_ST="State" 128 | OPENSSL_L="Location" 129 | OPENSSL_O="Organization" 130 | OPENSSL_OU="Organizational Unit" 131 | OPENSSL_EMAILADDRESS="info@${FQDN}" 132 | 133 | # GPG configuration 134 | GPG_REAL_NAME="Autogenerated Key" 135 | # On a REAL install, please do not set a comment, see here for why: https://www.debian-administration.org/users/dkg/weblog/97 136 | GPG_COMMENT="WARNING: MISP AutoGenerated Key consider this Key VOID!" 137 | GPG_EMAIL_ADDRESS="admin@admin.test" 138 | # 3072 bits used as per suggestions here: https://riseup.net/en/security/message-security/openpgp/best-practices 139 | GPG_KEY_LENGTH="3072" 140 | GPG_PASSPHRASE="$(openssl rand -hex 32)" 141 | 142 | # debug alias to make sure people are not confused when blindly copy pasting blobs of code 143 | alias debug="echo -e" 144 | 145 | # checkAptLock alias to make sure people are not confused when blindly copy pasting blobs of code 146 | alias checkAptLock="echo 'Function used in Installer to make sure apt is not locked'" 147 | 148 | # php.ini configuration 149 | upload_max_filesize="50M" 150 | post_max_size="50M" 151 | max_execution_time="300" 152 | memory_limit="2048M" 153 | 154 | CAKE="${PATH_TO_MISP}/app/Console/cake" 155 | 156 | # sudo config to run $LUSER commands 157 | if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then 158 | SUDO_CMD="sudo -H -u ${MISP_USER} -g staff" 159 | else 160 | SUDO_CMD="sudo -H -u ${MISP_USER}" 161 | fi 162 | 163 | echo "The following DB Passwords were generated..." 164 | echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}" 165 | echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}" 166 | } 167 | 168 | # Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default 169 | DEBUG= 170 | 171 | case "$-" in 172 | *x*) NO_PROGRESS=1; DEBUG=1 ;; 173 | *) NO_PROGRESS=0 ;; 174 | esac 175 | 176 | ## Function Section ## 177 | 178 | ## Usage of this script 179 | usage () { 180 | if [ "$0" == "bash" ]; then 181 | WEB_INSTALL=1 182 | SCRIPT_NAME="Web Installer Command" 183 | else 184 | SCRIPT_NAME=$0 185 | fi 186 | 187 | space 188 | echo -e "Please specify what type of ${LBLUE}MISP${NC} setup you want to install." 189 | space 190 | echo -e "${SCRIPT_NAME} -c | Install ONLY ${LBLUE}MISP${NC} Core" # core 191 | echo -e " -M | ${LBLUE}MISP${NC} modules" # modules 192 | ## FIXME: The current state of misp-dashboard is broken, disabling any use. 193 | ##echo -e " -D | ${LBLUE}MISP${NC} dashboard" # dashboard 194 | ## FIXME: The current state of Viper is broken, disabling any use. 195 | ##echo -e " -V | Viper" # viper 196 | echo -e " -m | Mail 2 ${LBLUE}MISP${NC}" # mail2 197 | echo -e " -S | Experimental ssdeep correlations" # ssdeep 198 | echo -e " -A | Install ${YELLOW}all${NC} of the above" # all 199 | space 200 | echo -e " -C | Only do ${YELLOW}pre-install checks and exit${NC}" # pre 201 | space 202 | echo -e " -u | Do an unattended Install, no questions asked" # UNATTENDED 203 | echo -e "${HIDDEN} -U | Attempt and upgrade of selected item${NC}" # UPGRADE 204 | echo -e "${HIDDEN} -N | Nuke this MISP Instance${NC}" # NUKE 205 | echo -e "${HIDDEN} -f | Force test install on current Ubuntu LTS schim, add -B for 18.04 -> 18.10, or -BB 18.10 -> 19.10)${NC}" # FORCE 206 | echo -e "Options can be combined: ${SCRIPT_NAME} -c -D # Will install Core+Dashboard" 207 | space 208 | echo -e "Recommended is either a barebone MISP install (ideal for syncing from other instances) or" 209 | echo -e "MISP + modules - ${SCRIPT_NAME} -c -M" 210 | echo -e "" 211 | echo -e "" 212 | echo -e "Interesting environment variables that get considered are:" 213 | echo -e "" 214 | echo -e "MISP_USER/MISP_PASSWORD # Local username on machine, default: misp/opensslGeneratedPassword" 215 | echo -e "" 216 | echo -e "PATH_TO_MISP # Where MISP will be installed, default: /var/www/MISP (recommended)" 217 | echo -e "" 218 | echo -e "DBHOST/DBNAME # database hostname, MISP database name, default: localhost/misp" 219 | echo -e "DBUSER_ADMIN/DBPASSWORD_ADMIN # MySQL admin user, default: root/opensslGeneratedPassword" 220 | echo -e "DBUSER_MISP/DBPASSWORD_MISP # MISP database user, default: misp/opensslGeneratedPassword" 221 | echo -e "" 222 | echo -e "You need to export the variable(s) to be taken into account. (or specified in-line when invoking INSTALL.sh)" 223 | space 224 | } 225 | 226 | # Check if element is contained in array 227 | containsElement () { 228 | local e match="$1" 229 | shift 230 | for e; do [[ "$e" == "$match" ]] && return 0; done 231 | return 1 232 | } 233 | 234 | checkOpt () { 235 | # checkOpt feature 236 | containsElement $1 "${options[@]}" 237 | } 238 | 239 | setOpt () { 240 | options=() 241 | for o in $@; do 242 | case "$o" in 243 | ("-c") echo "core"; CORE=1 ;; 244 | ("-V") echo "viper"; VIPER=1 ;; 245 | ("-M") echo "modules"; MODULES=1 ;; 246 | ("-D") echo "dashboard"; DASHBOARD=1 ;; 247 | ("-m") echo "mail2"; MAIL2=1 ;; 248 | ("-S") echo "ssdeep"; SSDEEP=1 ;; 249 | ("-A") echo "all"; ALL=1 ;; 250 | ("-C") echo "pre"; PRE=1 ;; 251 | ("-U") echo "upgrade"; UPGRADE=1 ;; 252 | ("-N") echo "nuke"; NUKE=1 ;; 253 | ("-u") echo "unattended"; UNATTENDED=1 ;; 254 | ("-ni") echo "noninteractive"; NONINTERACTIVE=1 ;; 255 | ("-f") echo "force"; FORCE=1 ;; 256 | (*) echo "$o is not a valid argument"; exit 1 ;; 257 | esac 258 | done 259 | } 260 | 261 | # check if command_exists 262 | command_exists () { 263 | command -v "$@" > /dev/null 2>&1 264 | } 265 | 266 | # TODO: fix os detection mess 267 | # Try to detect what we are running on 268 | checkCoreOS () { 269 | # lsb_release can exist on any platform. RedHat package: redhat-lsb 270 | LSB_RELEASE=$(which lsb_release > /dev/null ; echo $?) 271 | APT=$(which apt > /dev/null 2>&1; echo -n $?) 272 | APT_GET=$(which apt-get > /dev/null 2>&1; echo $?) 273 | 274 | # debian specific 275 | # /etc/debian_version 276 | ## os-release #generic 277 | # /etc/os-release 278 | 279 | # Redhat checks 280 | if [[ -f "/etc/redhat-release" ]]; then 281 | echo "This is some redhat flavour" 282 | REDHAT=1 283 | RHfla=$(cat /etc/redhat-release | cut -f 1 -d\ | tr '[:upper:]' '[:lower:]') 284 | fi 285 | } 286 | 287 | # Extract debian flavour 288 | checkFlavour () { 289 | FLAVOUR="" 290 | # Every system that we officially support has /etc/os-release 291 | if [ -r /etc/os-release ]; then 292 | FLAVOUR="$(. /etc/os-release && echo "$ID"| tr '[:upper:]' '[:lower:]')" 293 | fi 294 | 295 | case "${FLAVOUR}" in 296 | ubuntu) 297 | if command_exists lsb_release; then 298 | dist_version="$(lsb_release --codename | cut -f2)" 299 | fi 300 | if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then 301 | dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" 302 | fi 303 | ;; 304 | debian|raspbian) 305 | dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" 306 | case "$dist_version" in 307 | 10) 308 | dist_version="buster" 309 | ;; 310 | 9) 311 | dist_version="stretch" 312 | ;; 313 | esac 314 | ;; 315 | centos) 316 | if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then 317 | dist_version="$(. /etc/os-release && echo "$VERSION_ID")" 318 | dist_version=${dist_version:0:1} 319 | fi 320 | echo "${FLAVOUR} support is experimental at the moment" 321 | ;; 322 | rhel|ol|sles) 323 | if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then 324 | dist_version="$(. /etc/os-release && echo "$VERSION_ID")" 325 | dist_version=${dist_version:0:1} # Only interested about major version 326 | fi 327 | # Only tested for RHEL 7 so far 328 | echo "${FLAVOUR} support is experimental at the moment" 329 | ;; 330 | *) 331 | if command_exists lsb_release; then 332 | dist_version="$(lsb_release --release | cut -f2)" 333 | fi 334 | if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then 335 | dist_version="$(. /etc/os-release && echo "$VERSION_ID")" 336 | fi 337 | ;; 338 | esac 339 | 340 | # FIXME: The below want to be refactored 341 | if [ "${FLAVOUR}" == "ubuntu" ]; then 342 | RELEASE=$(lsb_release -s -r) 343 | debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1} ${RELEASE}${NC}" 344 | else 345 | debug "We detected the following Linux flavour: ${YELLOW}$(tr '[:lower:]' '[:upper:]' <<< ${FLAVOUR:0:1})${FLAVOUR:1}${NC}" 346 | fi 347 | } 348 | 349 | 350 | # Check if this is a forked Linux distro 351 | check_forked () { 352 | # Check for lsb_release command existence, it usually exists in forked distros 353 | if command_exists lsb_release; then 354 | # Check if the `-u` option is supported 355 | set +e 356 | lsb_release -a -u > /dev/null 2>&1 357 | lsb_release_exit_code=$? 358 | set -e 359 | 360 | # Check if the command has exited successfully, it means we're in a forked distro 361 | if [ "$lsb_release_exit_code" = "0" ]; then 362 | # Print info about current distro 363 | cat <<-EOF 364 | You're using '${FLAVOUR}' version '${dist_version}'. 365 | EOF 366 | # Get the upstream release info 367 | FLAVOUR=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') 368 | dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') 369 | 370 | # Print info about upstream distro 371 | cat <<-EOF 372 | Upstream release is '${FLAVOUR}' version '$dist_version'. 373 | EOF 374 | else 375 | if [[ -r /etc/debian_version ]] && [[ "${FLAVOUR}" != "ubuntu" ]] && [[ "${FLAVOUR}" != "raspbian" ]]; then 376 | # We're Debian and don't even know it! 377 | FLAVOUR=debian 378 | dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" 379 | case "$dist_version" in 380 | 10) 381 | dist_version="buster" 382 | ;; 383 | 9) 384 | dist_version="stretch" 385 | ;; 386 | 8|'Kali Linux 2') 387 | dist_version="jessie" 388 | ;; 389 | esac 390 | fi 391 | fi 392 | fi 393 | } 394 | 395 | checkInstaller () { 396 | # Workaround: shasum is not available on RHEL, only checking sha512 397 | if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then 398 | INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) 399 | chsum=$(cat INSTALL_NODB.sh.sha512) 400 | if [[ "${chsum}" == "${INSTsum}" ]]; then 401 | echo "SHA512 matches" 402 | else 403 | echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}" 404 | # exit 1 # uncomment when/if PR is merged 405 | fi 406 | else 407 | # TODO: Implement $FLAVOUR checks and install depending on the platform we are on 408 | if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then 409 | checkAptLock 410 | sudo apt install libdigest-sha-perl -qyy 411 | fi 412 | # SHAsums to be computed, not the -- notatiation is for ease of use with rhash 413 | SHA_SUMS="--sha1 --sha256 --sha384 --sha512" 414 | for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do 415 | INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) 416 | chsum=$(cat INSTALL_NODB.sh.sha${sum} | cut -f1 -d\ ) 417 | 418 | if [[ "${chsum}" == "${INSTsum}" ]]; then 419 | echo "sha${sum} matches" 420 | else 421 | echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" 422 | echo "Delete installer, re-download and please run again." 423 | exit 1 424 | fi 425 | done 426 | fi 427 | } 428 | 429 | # Extract manufacturer 430 | checkManufacturer () { 431 | if [[ -z $(which dmidecode) ]]; then 432 | checkAptLock 433 | sudo apt install dmidecode -qy 434 | fi 435 | MANUFACTURER=$(sudo dmidecode -s system-manufacturer) 436 | debug ${MANUFACTURER} 437 | } 438 | 439 | # Dynamic horizontal spacer if needed, for autonomeous an no progress bar install, we are static. 440 | space () { 441 | if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then 442 | echo "--------------------------------------------------------------------------------" 443 | return 444 | fi 445 | # Check terminal width 446 | num=`tput cols` 447 | for i in `seq 1 $num`; do 448 | echo -n "-" 449 | done 450 | echo "" 451 | } 452 | 453 | # Spinner so the user knows something is happening 454 | spin() 455 | { 456 | if [[ "$NO_PROGRESS" == "1" ]]; then 457 | return 458 | fi 459 | spinner="/|\\-/|\\-" 460 | while : 461 | do 462 | for i in `seq 0 7` 463 | do 464 | echo -n "${spinner:$i:1}" 465 | echo -en "\010" 466 | sleep 0.$i 467 | done 468 | done 469 | } 470 | 471 | # Progress bar 472 | progress () { 473 | progress=$[$progress+$1] 474 | if [[ "$NO_PROGRESS" == "1" ]] || [[ "$PACKER" == "1" ]]; then 475 | echo "progress=${progress}" > /tmp/INSTALL.stat 476 | return 477 | fi 478 | bar="#" 479 | 480 | # Prevent progress of overflowing 481 | if [[ $progress -ge 100 ]]; then 482 | echo -ne "##################################################################################################### (100%)\r" 483 | return 484 | fi 485 | # Display progress 486 | for p in $(seq 1 $progress); do 487 | bar+="#" 488 | echo -ne "$bar ($p%)\r" 489 | done 490 | echo -ne '\n' 491 | echo "progress=${progress}" > /tmp/INSTALL.stat 492 | } 493 | 494 | # Check locale 495 | checkLocale () { 496 | debug "Checking Locale" 497 | # If locale is missing, generate and install a common UTF-8 498 | if [[ ! -f /etc/default/locale || $(wc -l /etc/default/locale| cut -f 1 -d\ ) -eq "1" ]]; then 499 | checkAptLock 500 | sudo DEBIAN_FRONTEND=noninteractive apt install locales -qy 501 | sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen 502 | sudo locale-gen en_US.UTF-8 503 | sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 504 | fi 505 | } 506 | 507 | # Simple function to check command exit code 508 | checkFail () { 509 | # '-ne' checks for numerical differences, '==' used for strings 510 | if [[ $2 -ne 0 ]]; then 511 | echo "iAmError: $1" 512 | echo "The last command exited with error code: $2" 513 | exit $2 514 | fi 515 | } 516 | 517 | ask_o () { 518 | 519 | ANSWER="" 520 | 521 | if [ -z "${1}" ]; then 522 | echo "This function needs at least 1 parameter." 523 | exit 1 524 | fi 525 | 526 | [ -z "${2}" ] && OPT1="y" || OPT1="${2}" 527 | [ -z "${3}" ] && OPT2="n" || OPT2="${3}" 528 | 529 | while true; do 530 | case "${ANSWER}" in "${OPT1}" | "${OPT2}") break ;; esac 531 | echo -e -n "${1} (${OPT1}/${OPT2}) " 532 | read ANSWER 533 | ANSWER=$(echo "${ANSWER}" | tr '[:upper:]' '[:lower:]') 534 | done 535 | 536 | } 537 | 538 | clean () { 539 | rm /tmp/INSTALL.stat 540 | rm /tmp/INSTALL.sh.* 541 | rm /tmp/INSTALL_NODB.sh.* 542 | } 543 | 544 | # Check if misp user is present and if run as root 545 | checkID () { 546 | debug "Checking if run as root and $MISP_USER is present" 547 | if [[ $EUID -eq 0 ]]; then 548 | echo "This script cannot be run as a root" 549 | clean > /dev/null 2>&1 550 | exit 1 551 | elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then 552 | if [[ "$UNATTENDED" != "1" ]]; then 553 | echo "There is NO user called '$MISP_USER' create a user '$MISP_USER' (y) or continue as $USER (n)? (y/n) " 554 | read ANSWER 555 | ANSWER=$(echo $ANSWER |tr '[:upper:]' '[:lower:]') 556 | INSTALL_USER=${USER} 557 | else 558 | ANSWER="y" 559 | fi 560 | 561 | if [[ $ANSWER == "y" ]]; then 562 | sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff $MISP_USER 563 | echo $MISP_USER:$MISP_PASSWORD | sudo chpasswd 564 | echo "User $MISP_USER added, password is: $MISP_PASSWORD" 565 | elif [[ $ANSWER == "n" ]]; then 566 | echo "Using $USER as install user, hope that is what you want." 567 | echo -e "${RED}Adding $USER to groups $WWW_USER and staff${NC}" 568 | MISP_USER=$USER 569 | sudo adduser $MISP_USER staff 570 | sudo adduser $MISP_USER $WWW_USER 571 | else 572 | echo "yes or no was asked, try again." 573 | sudo adduser $MISP_USER staff 574 | sudo adduser $MISP_USER $WWW_USER 575 | exit 1 576 | fi 577 | else 578 | echo "User ${MISP_USER} exists, skipping creation" 579 | echo -e "${RED}Adding $MISP_USER to groups $WWW_USER and staff${NC}" 580 | sudo adduser $MISP_USER staff 581 | sudo adduser $MISP_USER $WWW_USER 582 | fi 583 | 584 | # FIXME: the below SUDO_CMD check is a duplicate from global variables, try to have just one check 585 | # sudo config to run $LUSER commands 586 | if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then 587 | SUDO_CMD="sudo -H -u ${MISP_USER} -g staff" 588 | else 589 | SUDO_CMD="sudo -H -u ${MISP_USER}" 590 | fi 591 | 592 | } 593 | 594 | # pre-install check to make sure what we will be installing on, is ready and not a half installed system 595 | preInstall () { 596 | # preInstall needs to be able to be called before ANY action. Install/Upgrade/AddTool 597 | # Pre install wants to be the place too where the following is checked and set via ENV_VAR: 598 | # Check if composer is installed and functioning 599 | # Check if misp db is installed (API call would confirm that the DB indeed works) 600 | # Check apache config (Maybe try to talk to the server via api, this would confirm quite a lot) 601 | # Check if workers are running/installed, maybe kick them if they are not 602 | # /var/www/MISP/app/Config/[bootstrap,databases,core,config].php exists 603 | # /var/www/MISP perms are correct (for $SUDO_WWW useage) 604 | # 605 | 606 | # Check if $PATH_TO_MISP exists and is writable by $WWW_USER 607 | [[ -d "$PATH_TO_MISP" ]] && PATH_TO_MISP_EXISTS=1 && echo "$PATH_TO_MISP exists" 608 | 609 | # .git exists and git is working for $WWW_USER 610 | [[ -d "$PATH_TO_MISP/.git" ]] && PATH_TO_GIT_EXISTS=1 && echo "$PATH_TO_MISP/.git exists" && cd $PATH_TO_MISP && $SUDO_WWW git status 611 | 612 | # .gnupg exists and working correctly 613 | [[ -d "$PATH_TO_MISP/.gnupg" ]] && PATH_TO_GNUPG_EXISTS=1 && echo "$PATH_TO_MISP/.gnupg exists" 614 | 615 | 616 | # Extract username, password and dbname 617 | ##cat database.php |grep -v // |grep -e database -e login -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> 618 | DBPASSWORD_MISP=$(cat database.php |grep -v // |grep -e password |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) 619 | DBUSER_MISP=$(cat database.php |grep -v // |grep -e login |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) 620 | DBNAME=$(cat database.php |grep -v // |grep -e database |tr -d \' |tr -d \ |tr -d , |tr -d \> |cut -f 2 -d=) 621 | AUTH_KEY=$(mysql -h $DBHOST --disable-column-names -B -u $DBUSER_MISP -p"$DBPASSWORD_MISP" $DBNAME -e 'SELECT authkey FROM users WHERE role_id=1 LIMIT 1') 622 | 623 | # Check if db exists 624 | [[ -d "/var/lib/mysql/$DBNAME" ]] && MISP_DB_DIR_EXISTS=1 && echo "/var/lib/mysql/$DBNAME exists" 625 | 626 | echo -e "${RED}Place-holder, not implemented yet.${NC}" 627 | exit 628 | } 629 | 630 | # Upgrade function 631 | upgrade () { 632 | headerJSON="application/json" 633 | Acc="Accept:" 634 | Autho="Authorization:" 635 | CT="Content-Type:" 636 | MISP_BASEURL="https://127.0.0.1" 637 | ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar update ; php composer.phar self-update" 638 | 639 | for URN in $(echo "galaxies warninglists noticelists objectTemplates taxonomies"); do 640 | curl --header "$Autho $AUTH_KEY" --header "$Acc $headerJSON" --header "$CT $headerJSON" -k -X POST $MISP_BASEURL/$URN/update 641 | done 642 | 643 | echo -e "${RED}Place-holder, not implemented yet.${NC}" 644 | exit 645 | } 646 | 647 | # check is /usr/local/src is RW by misp user 648 | checkUsrLocalSrc () { 649 | echo "" 650 | if [[ -e /usr/local/src ]]; then 651 | WRITEABLE=$(sudo -H -u $MISP_USER touch /usr/local/src 2> /dev/null ; echo $?) 652 | if [[ "$WRITEABLE" == "0" ]]; then 653 | echo "Good, /usr/local/src exists and is writeable as $MISP_USER" 654 | else 655 | # TODO: The below might be shorter, more elegant and more modern 656 | #[[ -n $KALI ]] || [[ -n $UNATTENDED ]] && echo "Just do it" 657 | sudo chmod 2775 /usr/local/src 658 | sudo chown root:staff /usr/local/src 659 | fi 660 | else 661 | echo "/usr/local/src does not exist, creating." 662 | mkdir -p /usr/local/src 663 | sudo chmod 2775 /usr/local/src 664 | # TODO: Better handling /usr/local/src permissions 665 | if [[ "$(cat /etc/group |grep staff > /dev/null 2>&1)" == "0" ]]; then 666 | sudo chown root:staff /usr/local/src 667 | fi 668 | fi 669 | } 670 | 671 | kaliSpaceSaver () { 672 | # Future function in case Kali overlay on LiveCD is full 673 | echo "${RED}Not implement${NC}" 674 | } 675 | 676 | # FIXME: Kali now uses kali/kali instead of root/toor 677 | # Because Kali is l33t we make sure we DO NOT run as root 678 | kaliOnTheR0ckz () { 679 | totalRoot=$(df -k | grep /$ |awk '{ print $2 }') 680 | totalMem=$(cat /proc/meminfo|grep MemTotal |grep -Eo '[0-9]{1,}') 681 | overlay=$(df -kh |grep overlay; echo $?) # if 1 overlay NOT present 682 | 683 | if [[ ${totalRoot} -lt 3059034 ]]; then 684 | echo "(If?) You run Kali in LiveCD mode and we need more overlay disk space." 685 | echo "This is defined by the total memory, you have: ${totalMem}kB which is not enough." 686 | echo "6-8Gb should be fine. (need >3Gb overlayFS)" 687 | exit 1 688 | fi 689 | 690 | if [[ ${EUID} -eq 0 ]]; then 691 | echo "This script must NOT be run as root" 692 | exit 1 693 | elif [[ $(id ${MISP_USER} >/dev/null; echo $?) -ne 0 ]]; then 694 | sudo useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff ${MISP_USER} 695 | echo ${MISP_USER}:${MISP_PASSWORD} | sudo chpasswd 696 | else 697 | # TODO: Make sure we consider this further down the road 698 | echo "User ${MISP_USER} exists, skipping creation" 699 | fi 700 | } 701 | 702 | setBaseURL () { 703 | debug "Setting Base URL" 704 | 705 | CONN=$(ip -br -o -4 a |grep UP |head -1 |tr -d "UP") 706 | IFACE=$(echo $CONN |awk {'print $1'}) 707 | IP=$(echo $CONN |awk {'print $2'}| cut -f1 -d/) 708 | 709 | [[ -n ${MANUFACTURER} ]] || checkManufacturer 710 | 711 | if [[ "${MANUFACTURER}" != "innotek GmbH" ]] && [[ "$MANUFACTURER" != "VMware, Inc." ]] && [[ "$MANUFACTURER" != "QEMU" ]]; then 712 | debug "We guess that this is a physical machine and cannot reliably guess what the MISP_BASEURL might be." 713 | 714 | if [[ "${UNATTENDED}" != "1" ]]; then 715 | echo "You can now enter your own MISP_BASEURL, if you wish to NOT do that, the MISP_BASEURL will be empty, which will work, but ideally you configure it afterwards." 716 | echo "Do you want to change it now? (y/n) " 717 | read ANSWER 718 | ANSWER=$(echo ${ANSWER} |tr '[:upper:]' '[:lower:]') 719 | if [[ "${ANSWER}" == "y" ]]; then 720 | if [[ ! -z ${IP} ]]; then 721 | echo "It seems you have an interface called ${IFACE} UP with the following IP: ${IP} - FYI" 722 | echo "Thus your Base URL could be: https://${IP}" 723 | fi 724 | echo "Please enter the Base URL, e.g: 'https://example.org'" 725 | echo "" 726 | echo -n "Enter Base URL: " 727 | read MISP_BASEURL 728 | else 729 | MISP_BASEURL='""' 730 | fi 731 | else 732 | MISP_BASEURL="https://misp.local" 733 | # Webserver configuration 734 | FQDN='misp.local' 735 | fi 736 | elif [[ "${KALI}" == "1" ]]; then 737 | MISP_BASEURL="https://misp.local" 738 | # Webserver configuration 739 | FQDN='misp.local' 740 | elif [[ "${MANUFACTURER}" == "innotek GmbH" ]]; then 741 | MISP_BASEURL='https://localhost:8443' 742 | IP=$(ip addr show | awk '$1 == "inet" {gsub(/\/.*$/, "", $2); print $2}' |grep -v "127.0.0.1" |tail -1) 743 | sudo iptables -t nat -A OUTPUT -p tcp --dport 8443 -j DNAT --to ${IP}:443 744 | # Webserver configuration 745 | FQDN='localhost.localdomain' 746 | elif [[ "${MANUFACTURER}" == "VMware, Inc." ]]; then 747 | MISP_BASEURL='""' 748 | # Webserver configuration 749 | FQDN='misp.local' 750 | else 751 | MISP_BASEURL='""' 752 | # Webserver configuration 753 | FQDN='misp.local' 754 | fi 755 | } 756 | 757 | # Test and install software RNG 758 | installRNG () { 759 | sudo modprobe tpm-rng 2> /dev/null 760 | if [ "$?" -eq "0" ]; then 761 | echo tpm-rng | sudo tee -a /etc/modules 762 | fi 763 | checkAptLock 764 | sudo apt install -qy rng-tools # This might fail on TPM grounds, enable the security chip in your BIOS 765 | sudo service rng-tools start 766 | 767 | if [ "$?" -eq "1" ]; then 768 | sudo apt purge -qy rng-tools 769 | sudo apt install -qy haveged 770 | sudo /etc/init.d/haveged start 771 | fi 772 | } 773 | 774 | # Kali upgrade 775 | kaliUpgrade () { 776 | debug "Running various Kali upgrade tasks" 777 | checkAptLock 778 | sudo DEBIAN_FRONTEND=noninteractive apt update 779 | sudo DEBIAN_FRONTEND=noninteractive apt install --only-upgrade bash libc6 -y 780 | sudo DEBIAN_FRONTEND=noninteractive apt autoremove -y 781 | } 782 | 783 | # Disables sleep 784 | disableSleep () { 785 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 2> /dev/null 786 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 2> /dev/null 787 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type nothing 2> /dev/null 788 | gsettings set org.gnome.desktop.screensaver lock-enabled false 2> /dev/null 789 | gsettings set org.gnome.desktop.screensaver idle-activation-enabled false 2> /dev/null 790 | 791 | setterm -blank 0 -powersave off -powerdown 0 792 | xset s 0 0 2> /dev/null 793 | xset dpms 0 0 2> /dev/null 794 | xset dpms force off 795 | xset s off 2> /dev/null 796 | service sleepd stop 797 | kill $(lsof | grep 'sleepd' | awk '{print $2}') 798 | checkAptLock 799 | } 800 | 801 | # Remove alias if present 802 | if [[ $(type -t checkAptLock) == "alias" ]]; then unalias checkAptLock; fi 803 | # Simple function to make sure APT is not locked 804 | checkAptLock () { 805 | SLEEP=3 806 | if [[ -n ${APT_UPDATED} ]]; then 807 | sudo apt update && APT_UPDATED=1 808 | fi 809 | while [ "$DONE" != "0" ]; do 810 | sudo apt-get check 2> /dev/null > /dev/null && DONE=0 811 | sleep $SLEEP 812 | SLEEP=$[$SLEEP+3] 813 | done 814 | unset DONE 815 | } 816 | 817 | # Install Php 7.0 dependencies 818 | installDepsPhp70 () { 819 | debug "Installing PHP 7.0 dependencies" 820 | PHP_ETC_BASE=/etc/php/7.0 821 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 822 | checkAptLock 823 | sudo apt install -qy \ 824 | libapache2-mod-php \ 825 | php php-cli \ 826 | php-dev \ 827 | php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \ 828 | php-redis php-gnupg \ 829 | php-gd 830 | 831 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 832 | do 833 | sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 834 | done 835 | } 836 | 837 | # Install Php 7.3 deps 838 | installDepsPhp73 () { 839 | debug "Installing PHP 7.3 dependencies" 840 | PHP_ETC_BASE=/etc/php/7.3 841 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 842 | checkAptLock 843 | if [[ ! -n ${KALI} ]]; then 844 | sudo apt install -qy \ 845 | libapache2-mod-php7.3 \ 846 | php7.3 php7.3-cli \ 847 | php7.3-dev \ 848 | php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ 849 | php-redis php-gnupg \ 850 | php-gd 851 | else 852 | sudo apt install -qy \ 853 | libapache2-mod-php7.3 \ 854 | libgpgme-dev \ 855 | php7.3 php7.3-cli \ 856 | php7.3-dev \ 857 | php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ 858 | php7.3-gd 859 | sudo pecl channel-update pecl.php.net 860 | #sudo pear config-set php_ini ${PHP_INI} 861 | echo "" |sudo pecl install redis 862 | sudo pecl install gnupg 863 | echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini 864 | echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini 865 | fi 866 | } 867 | 868 | # Installing core dependencies 869 | installDeps () { 870 | debug "Installing core dependencies" 871 | checkAptLock 872 | sudo apt install -qy etckeeper 873 | # Skip dist-upgrade for now, pulls in 500+ updated packages 874 | #sudo apt -y dist-upgrade 875 | gitMail=$(git config --global --get user.email ; echo $?) 876 | if [ "$?" -eq "1" ]; then 877 | git config --global user.email "root@kali.lan" 878 | fi 879 | gitUser=$(git config --global --get user.name ; echo $?) 880 | if [ "$?" -eq "1" ]; then 881 | git config --global user.name "Root User" 882 | fi 883 | 884 | [[ -n $KALI ]] || [[ -n $UNATTENDED ]] && sudo DEBIAN_FRONTEND=noninteractive apt install -qy postfix || sudo apt install -qy postfix 885 | 886 | sudo apt install -qy \ 887 | curl gcc git gnupg-agent make openssl redis-server neovim unzip zip libyara-dev python3-yara python3-redis python3-zmq sqlite3 \ 888 | mariadb-client \ 889 | mariadb-server \ 890 | apache2 apache2-doc apache2-utils \ 891 | python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ 892 | libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools 893 | 894 | installRNG 895 | } 896 | 897 | # On Kali, the redis start-up script is broken. This tries to fix it. 898 | fixRedis () { 899 | # As of 20190124 redis-server init.d scripts are broken and need to be replaced 900 | sudo mv /etc/init.d/redis-server /etc/init.d/redis-server_`date +%Y%m%d` 901 | 902 | echo '#! /bin/sh 903 | ### BEGIN INIT INFO 904 | # Provides: redis-server 905 | # Required-Start: $syslog 906 | # Required-Stop: $syslog 907 | # Should-Start: $local_fs 908 | # Should-Stop: $local_fs 909 | # Default-Start: 2 3 4 5 910 | # Default-Stop: 0 1 6 911 | # Short-Description: redis-server - Persistent key-value db 912 | # Description: redis-server - Persistent key-value db 913 | ### END INIT INFO 914 | 915 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 916 | DAEMON=/usr/bin/redis-server 917 | DAEMON_ARGS=/etc/redis/redis.conf 918 | NAME=redis-server 919 | DESC=redis-server 920 | PIDFILE=/var/run/redis.pid 921 | 922 | test -x $DAEMON || exit 0 923 | test -x $DAEMONBOOTSTRAP || exit 0 924 | 925 | set -e 926 | 927 | case "$1" in 928 | start) 929 | echo -n "Starting $DESC: " 930 | touch $PIDFILE 931 | chown redis:redis $PIDFILE 932 | if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS 933 | then 934 | echo "$NAME." 935 | else 936 | echo "failed" 937 | fi 938 | ;; 939 | stop) 940 | echo -n "Stopping $DESC: " 941 | if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON 942 | then 943 | echo "$NAME." 944 | else 945 | echo "failed" 946 | fi 947 | rm -f $PIDFILE 948 | ;; 949 | 950 | restart|force-reload) 951 | ${0} stop 952 | ${0} start 953 | ;; 954 | *) 955 | echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2 956 | exit 1 957 | ;; 958 | esac 959 | 960 | exit 0' | sudo tee /etc/init.d/redis-server 961 | sudo chmod 755 /etc/init.d/redis-server 962 | sudo /etc/init.d/redis-server start 963 | } 964 | 965 | # generate MISP apache conf 966 | genApacheConf () { 967 | echo " 968 | ServerAdmin admin@localhost.lu 969 | ServerName misp.local 970 | 971 | Redirect permanent / https://misp.local 972 | 973 | LogLevel warn 974 | ErrorLog /var/log/apache2/misp.local_error.log 975 | CustomLog /var/log/apache2/misp.local_access.log combined 976 | ServerSignature Off 977 | 978 | 979 | 980 | ServerAdmin admin@localhost.lu 981 | ServerName misp.local 982 | DocumentRoot $PATH_TO_MISP/app/webroot 983 | 984 | 985 | Options -Indexes 986 | AllowOverride all 987 | Require all granted 988 | Order allow,deny 989 | allow from all 990 | 991 | 992 | SSLEngine On 993 | SSLCertificateFile /etc/ssl/private/misp.local.crt 994 | SSLCertificateKeyFile /etc/ssl/private/misp.local.key 995 | # SSLCertificateChainFile /etc/ssl/private/misp-chain.crt 996 | 997 | LogLevel warn 998 | ErrorLog /var/log/apache2/misp.local_error.log 999 | CustomLog /var/log/apache2/misp.local_access.log combined 1000 | ServerSignature Off 1001 | Header set X-Content-Type-Options nosniff 1002 | Header set X-Frame-Options DENY 1003 | " | sudo tee /etc/apache2/sites-available/misp-ssl.conf 1004 | } 1005 | 1006 | # Add git pull update mechanism to rc.local - TODO: Make this better 1007 | gitPullAllRCLOCAL () { 1008 | sudo sed -i -e '$i \git_dirs="/usr/local/src/misp-modules /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local 1009 | sudo sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local 1010 | sudo sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local 1011 | sudo sed -i -e '$i \ cd $d && sudo git pull &\n' /etc/rc.local 1012 | sudo sed -i -e '$i \done\n' /etc/rc.local 1013 | } 1014 | 1015 | 1016 | # Main composer function 1017 | composer () { 1018 | sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer 1019 | ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install --no-dev" 1020 | } 1021 | 1022 | 1023 | # TODO: FIX somehow the alias of the function does not work 1024 | # Composer on php 7.0 does not need any special treatment the provided phar works well 1025 | alias composer70=composer 1026 | # Composer on php 7.2 does not need any special treatment the provided phar works well 1027 | alias composer72=composer 1028 | # Composer on php 7.3 does not need any special treatment the provided phar works well 1029 | alias composer73=composer 1030 | 1031 | # TODO: this is probably a useless function 1032 | # Enable various core services 1033 | enableServices () { 1034 | sudo systemctl daemon-reload 1035 | sudo systemctl enable --now mysql 1036 | sudo systemctl enable --now apache2 1037 | sudo systemctl enable --now redis-server 1038 | } 1039 | 1040 | # TODO: check if this makes sense 1041 | # Generate rc.local 1042 | genRCLOCAL () { 1043 | if [[ ! -e /etc/rc.local ]]; then 1044 | echo '#!/bin/sh -e' | tee -a /etc/rc.local 1045 | echo 'exit 0' | sudo tee -a /etc/rc.local 1046 | chmod u+x /etc/rc.local 1047 | fi 1048 | 1049 | sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local 1050 | sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local 1051 | sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local 1052 | sudo sed -i -e '$i \[ -f /etc/init.d/firstBoot ] && bash /etc/init.d/firstBoot\n' /etc/rc.local 1053 | } 1054 | 1055 | # Run PyMISP tests 1056 | runTests () { 1057 | echo "url = \"${MISP_BASEURL}\" 1058 | key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py 1059 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/ 1060 | 1061 | ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master" 1062 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport] 1063 | ${SUDO_WWW} sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py" 1064 | } 1065 | 1066 | # Nuke the install, meaning remove all MISP data but no packages, this makes testing the installer faster 1067 | nuke () { 1068 | echo -e "${RED}YOU ARE ABOUT TO DELETE ALL MISP DATA! Sleeping 10, 9, 8...${NC}" 1069 | sleep 10 1070 | sudo rm -rvf /usr/local/src/{misp-modules,viper,mail_to_misp,LIEF,faup} 1071 | sudo rm -rvf /var/www/MISP 1072 | sudo mysqladmin -h $DBHOST drop misp 1073 | sudo mysql -h $DBHOST -e "DROP USER misp@localhost" 1074 | } 1075 | 1076 | # Final function to let the user know what happened 1077 | theEnd () { 1078 | space 1079 | echo "Admin (root) DB Password: $DBPASSWORD_ADMIN" |$SUDO_CMD tee /home/${MISP_USER}/mysql.txt 1080 | echo "User (misp) DB Password: $DBPASSWORD_MISP" |$SUDO_CMD tee -a /home/${MISP_USER}/mysql.txt 1081 | echo "Authkey: $AUTH_KEY" |$SUDO_CMD tee -a /home/${MISP_USER}/MISP-authkey.txt 1082 | 1083 | # Commenting out, see: https://github.com/MISP/MISP/issues/5368 1084 | # clear -x 1085 | space 1086 | echo -e "${LBLUE}MISP${NC} Installed, access here: ${MISP_BASEURL}" 1087 | echo 1088 | echo "User: admin@admin.test" 1089 | echo "Password: admin" 1090 | space 1091 | ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && echo -e "${LBLUE}MISP${NC} Dashboard, access here: ${MISP_BASEURL}:8001" 1092 | ##[[ -n $KALI ]] || [[ -n $DASHBOARD ]] || [[ -n $ALL ]] && space 1093 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-web installed, access here: ${MISP_BASEURL}:8888" 1094 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo -e "viper-cli configured with your ${LBLUE}MISP${NC} ${RED}Site Admin Auth Key${NC}" 1095 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo 1096 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "User: admin" 1097 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && echo "Password: Password1234" 1098 | ##[[ -n $KALI ]] || [[ -n $VIPER ]] || [[ -n $ALL ]] && space 1099 | echo -e "The following files were created and need either ${RED}protection or removal${NC} (${YELLOW}shred${NC} on the CLI)" 1100 | echo "/home/${MISP_USER}/mysql.txt" 1101 | echo -e "${RED}Contents:${NC}" 1102 | cat /home/${MISP_USER}/mysql.txt 1103 | echo "/home/${MISP_USER}/MISP-authkey.txt" 1104 | echo -e "${RED}Contents:${NC}" 1105 | cat /home/${MISP_USER}/MISP-authkey.txt 1106 | space 1107 | echo -e "The ${RED}LOCAL${NC} system credentials:" 1108 | echo "User: ${MISP_USER}" 1109 | echo "Password: ${MISP_PASSWORD} # Or the password you used of your custom user" 1110 | space 1111 | echo "GnuPG Passphrase is: ${GPG_PASSPHRASE}" 1112 | space 1113 | echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" 1114 | echo 1115 | echo "sudo postconf -e 'relayhost = example.com'" 1116 | echo "sudo postfix reload" 1117 | space 1118 | echo -e "Enjoy using ${LBLUE}MISP${NC}. For any issues see here: https://github.com/MISP/MISP/issues" 1119 | space 1120 | if [[ "$UNATTENDED" == "1" ]]; then 1121 | echo -e "${RED}Unattended install!${NC}" 1122 | echo -e "This means we guessed the Base URL, it might be wrong, please double check." 1123 | space 1124 | fi 1125 | 1126 | if [[ "$PACKER" == "1" ]]; then 1127 | echo -e "${RED}This was an Automated Packer install!${NC}" 1128 | echo -e "This means we forced an unattended install." 1129 | space 1130 | fi 1131 | 1132 | if [[ "$USER" != "$MISP_USER" && "$UNATTENDED" != "1" ]]; then 1133 | sudo su - ${MISP_USER} 1134 | fi 1135 | } 1136 | ## End Function Section Nothing allowed in .md after this line ## 1137 | 1138 | aptUpgrade () { 1139 | debug "Upgrading system" 1140 | checkAptLock 1141 | 1142 | # If we run in non-interactive mode, make sure we do not stop all of a sudden 1143 | if [[ "${PACKER}" == "1" || "${UNATTENDED}" == "1" ]]; then 1144 | export DEBIAN_FRONTEND=noninteractive 1145 | export DEBIAN_PRIORITY=critical 1146 | sudo -E apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade 1147 | sudo -E apt-get -qy autoclean 1148 | else 1149 | sudo apt-get upgrade -qy 1150 | fi 1151 | } 1152 | 1153 | # check if sudo is installed 1154 | checkSudoKeeper () { 1155 | echo "Checking for sudo and installing etckeeper" 1156 | if [[ ! -f $(which sudo) ]]; then 1157 | echo "Please enter your root password below to install etckeeper" 1158 | su -c "apt install etckeeper -y" 1159 | echo "Please enter your root password below to install sudo" 1160 | su -c "apt install sudo -y" 1161 | echo "Please enter your root password below to install sudo" 1162 | su -c "apt install curl -y" 1163 | echo "Please enter your root password below to add ${MISP_USER} to sudo group" 1164 | su -c "/usr/sbin/adduser ${MISP_USER} sudo" 1165 | echo "We added ${MISP_USER} to group sudo and now we need to log out and in again." 1166 | exit 1167 | else 1168 | sudo apt update 1169 | sudo apt install etckeeper -y 1170 | fi 1171 | } 1172 | 1173 | installCoreDeps () { 1174 | debug "Installing core dependencies" 1175 | # Install the dependencies: (some might already be installed) 1176 | sudo apt-get install curl gcc git gpg-agent make python python3 openssl redis-server sudo vim zip unzip virtualenv libfuzzy-dev sqlite3 moreutils -qy 1177 | 1178 | # Install MariaDB (a MySQL fork/alternative) 1179 | sudo apt-get install mariadb-client mariadb-server -qy 1180 | 1181 | # Install Apache2 1182 | sudo apt-get install apache2 apache2-doc apache2-utils -qy 1183 | 1184 | # install Mitre's STIX and its dependencies by running the following commands: 1185 | sudo apt-get install python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy 1186 | } 1187 | 1188 | # Install Php 7.4 dependencies 1189 | installDepsPhp74 () { 1190 | debug "Installing PHP 7.4 dependencies" 1191 | PHP_ETC_BASE=/etc/php/7.4 1192 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 1193 | checkAptLock 1194 | sudo apt install -qy \ 1195 | libapache2-mod-php \ 1196 | php php-cli \ 1197 | php-dev \ 1198 | php-json php-xml php-mysql php7.4-opcache php-readline php-mbstring php-zip \ 1199 | php-redis php-gnupg \ 1200 | php-intl php-bcmath \ 1201 | php-gd 1202 | 1203 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 1204 | do 1205 | sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 1206 | done 1207 | } 1208 | 1209 | # Install Php 7.3 deps 1210 | installDepsPhp73 () { 1211 | debug "Installing PHP 7.3 dependencies" 1212 | PHP_ETC_BASE=/etc/php/7.3 1213 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 1214 | checkAptLock 1215 | if [[ ! -n ${KALI} ]]; then 1216 | sudo apt install -qy \ 1217 | libapache2-mod-php7.3 \ 1218 | php7.3 php7.3-cli \ 1219 | php7.3-dev \ 1220 | php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ 1221 | php-redis php-gnupg \ 1222 | php-gd 1223 | else 1224 | sudo apt install -qy \ 1225 | libapache2-mod-php7.3 \ 1226 | libgpgme-dev \ 1227 | php7.3 php7.3-cli \ 1228 | php7.3-dev \ 1229 | php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \ 1230 | php7.3-gd 1231 | sudo pecl channel-update pecl.php.net 1232 | #sudo pear config-set php_ini ${PHP_INI} 1233 | echo "" |sudo pecl install redis 1234 | sudo pecl install gnupg 1235 | echo extension=gnupg.so | sudo tee ${PHP_ETC_BASE}/mods-available/gnupg.ini 1236 | echo extension=redis.so | sudo tee ${PHP_ETC_BASE}/mods-available/redis.ini 1237 | fi 1238 | } 1239 | 1240 | # Install Php 7.2 dependencies 1241 | installDepsPhp72 () { 1242 | debug "Installing PHP 7.2 dependencies" 1243 | PHP_ETC_BASE=/etc/php/7.2 1244 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 1245 | checkAptLock 1246 | sudo apt install -qy \ 1247 | libapache2-mod-php \ 1248 | php php-cli \ 1249 | php-dev \ 1250 | php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \ 1251 | php-redis php-gnupg \ 1252 | php-intl php-bcmath \ 1253 | php-gd 1254 | 1255 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 1256 | do 1257 | sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 1258 | done 1259 | } 1260 | 1261 | # Install Php 7.0 dependencies 1262 | installDepsPhp70 () { 1263 | debug "Installing PHP 7.0 dependencies" 1264 | PHP_ETC_BASE=/etc/php/7.0 1265 | PHP_INI=${PHP_ETC_BASE}/apache2/php.ini 1266 | checkAptLock 1267 | sudo apt install -qy \ 1268 | libapache2-mod-php \ 1269 | php php-cli \ 1270 | php-dev \ 1271 | php-json php-xml php-mysql php-opcache php-readline php-mbstring php-zip \ 1272 | php-redis php-gnupg \ 1273 | php-gd 1274 | 1275 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 1276 | do 1277 | sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 1278 | done 1279 | } 1280 | 1281 | ## 1_prepareDB.sh ## 1282 | apacheConfig () { 1283 | debug "Generating Apache config, if this hangs, make sure you have enough entropy (install: haveged or wait)" 1284 | sudo cp ${PATH_TO_MISP}/INSTALL/apache.24.misp.ssl /etc/apache2/sites-available/misp-ssl.conf 1285 | 1286 | if [[ ! -z ${MISP_BASEURL} ]] && [[ "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "http" || "$(echo $MISP_BASEURL|cut -f 1 -d :)" == "https" ]]; then 1287 | 1288 | echo "Potentially replacing misp.local with $MISP_BASEURL in misp-ssl.conf" 1289 | 1290 | fi 1291 | 1292 | # If a valid SSL certificate is not already created for the server, 1293 | # create a self-signed certificate: 1294 | sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ 1295 | -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ 1296 | -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt 1297 | 1298 | # Enable modules, settings, and default of SSL in Apache 1299 | sudo a2dismod status 1300 | sudo a2enmod ssl 1301 | sudo a2enmod rewrite 1302 | sudo a2enmod headers 1303 | sudo a2dissite 000-default 1304 | sudo a2ensite default-ssl 1305 | 1306 | # Apply all changes 1307 | sudo systemctl restart apache2 1308 | # activate new vhost 1309 | sudo a2dissite default-ssl 1310 | sudo a2ensite misp-ssl 1311 | 1312 | # Restart apache 1313 | sudo systemctl restart apache2 1314 | } 1315 | 1316 | installCore () { 1317 | debug "Installing ${LBLUE}MISP${NC} core" 1318 | # Download MISP using git in the /var/www/ directory. 1319 | if [[ ! -d ${PATH_TO_MISP} ]]; then 1320 | sudo mkdir ${PATH_TO_MISP} 1321 | sudo chown ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} 1322 | false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}; done 1323 | false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done 1324 | # Make git ignore filesystem permission differences for submodules 1325 | ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule foreach --recursive git config core.filemode false 1326 | 1327 | # Make git ignore filesystem permission differences 1328 | ${SUDO_WWW} git -C ${PATH_TO_MISP} config core.filemode false 1329 | 1330 | # Create a python3 virtualenv 1331 | ${SUDO_WWW} virtualenv -p python3 ${PATH_TO_MISP}/venv 1332 | 1333 | # make pip happy 1334 | sudo mkdir /var/www/.cache/ 1335 | sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache 1336 | 1337 | # install python-stix dependencies 1338 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ordered-set python-dateutil six weakrefmethod 1339 | debug "Install misp-stix" 1340 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/app/files/scripts/misp-stix 1341 | 1342 | debug "Install PyMISP" 1343 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/PyMISP 1344 | 1345 | # FIXME: Remove libfaup etc once the egg has the library baked-in 1346 | sudo apt-get install cmake libcaca-dev liblua5.3-dev -y 1347 | cd /tmp 1348 | false; while [[ $? -ne 0 ]]; do [[ ! -d "faup" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/faup.git faup; done 1349 | false; while [[ $? -ne 0 ]]; do [[ ! -d "gtcaca" ]] && ${SUDO_CMD} git clone https://github.com/stricaud/gtcaca.git gtcaca; done 1350 | sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca 1351 | cd gtcaca 1352 | ${SUDO_CMD} mkdir -p build 1353 | cd build 1354 | ${SUDO_CMD} cmake .. && ${SUDO_CMD} make 1355 | sudo make install 1356 | cd ../../faup 1357 | ${SUDO_CMD} mkdir -p build 1358 | cd build 1359 | ${SUDO_CMD} cmake .. && ${SUDO_CMD} make 1360 | sudo make install 1361 | sudo ldconfig 1362 | 1363 | # install pydeep 1364 | false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git; done 1365 | 1366 | # install lief 1367 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief 1368 | 1369 | # install zmq needed by mispzmq 1370 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis 1371 | 1372 | # install python-magic 1373 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic 1374 | 1375 | # install plyara 1376 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara 1377 | else 1378 | debug "Trying to git pull existing install" 1379 | ${SUDO_WWW} git pull -C ${PATH_TO_MISP} 1380 | false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done 1381 | 1382 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U setuptools pip lief zmq redis python-magic plyara 1383 | 1384 | ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/PyMISP 1385 | false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U git+https://github.com/kbandla/pydeep.git; done 1386 | fi 1387 | } 1388 | 1389 | installCake () { 1390 | debug "Installing CakePHP" 1391 | # Make composer cache happy 1392 | # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ 1393 | sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer 1394 | ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install --no-dev" 1395 | 1396 | # Enable CakeResque with php-redis 1397 | sudo phpenmod redis 1398 | sudo phpenmod gnupg 1399 | 1400 | # To use the scheduler worker for scheduled tasks, do the following: 1401 | ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php 1402 | 1403 | # If you have multiple MISP instances on the same system, don't forget to have a different Redis per MISP instance for the CakeResque workers 1404 | # The default Redis port can be updated in Plugin/CakeResque/Config/config.php 1405 | } 1406 | 1407 | # Main function to fix permissions to something sane 1408 | permissions () { 1409 | debug "Setting permissions" 1410 | sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} 1411 | sudo chmod -R 750 ${PATH_TO_MISP} 1412 | sudo chmod -R g+ws ${PATH_TO_MISP}/app/tmp 1413 | sudo chmod -R g+ws ${PATH_TO_MISP}/app/files 1414 | sudo chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp 1415 | } 1416 | 1417 | configMISP () { 1418 | debug "Generating ${LBLUE}MISP${NC} config files" 1419 | # There are 4 sample configuration files in ${PATH_TO_MISP}/app/Config that need to be copied 1420 | ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php 1421 | ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php 1422 | ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php 1423 | ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php 1424 | 1425 | echo " 'Database/Mysql', 1429 | //'datasource' => 'Database/Postgres', 1430 | 'persistent' => false, 1431 | 'host' => '$DBHOST', 1432 | 'login' => '$DBUSER_MISP', 1433 | 'port' => 3306, // MySQL & MariaDB 1434 | //'port' => 5432, // PostgreSQL 1435 | 'password' => '$DBPASSWORD_MISP', 1436 | 'database' => '$DBNAME', 1437 | 'prefix' => '', 1438 | 'encoding' => 'utf8', 1439 | ); 1440 | }" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php 1441 | 1442 | # Important! Change the salt key in ${PATH_TO_MISP}/app/Config/config.php 1443 | # The salt key must be a string at least 32 bytes long. 1444 | # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user 1445 | # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, 1446 | # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) 1447 | 1448 | # and make sure the file permissions are still OK 1449 | sudo chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP}/app/Config 1450 | sudo chmod -R 750 ${PATH_TO_MISP}/app/Config 1451 | } 1452 | 1453 | # Core cake commands to tweak MISP and aleviate some of the configuration pains 1454 | # The $RUN_PHP is ONLY set on RHEL/CentOS installs and can thus be ignored 1455 | # This file is NOT an excuse to NOT read the settings and familiarize ourselves with them ;) 1456 | 1457 | coreCAKE () { 1458 | debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}" 1459 | 1460 | # IF you have logged in prior to running this, it will fail but the fail is NON-blocking 1461 | $SUDO_WWW $RUN_PHP -- $CAKE userInit -q 1462 | 1463 | # This makes sure all Database upgrades are done, without logging in. 1464 | $SUDO_WWW $RUN_PHP -- $CAKE Admin runUpdates 1465 | 1466 | # The default install is Python >=3.6 in a virtualenv, setting accordingly 1467 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python" 1468 | 1469 | # Set default role 1470 | # TESTME: The following seem defunct, please test. 1471 | # $SUDO_WWW $RUN_PHP -- $CAKE setDefaultRole 3 1472 | 1473 | # Tune global time outs 1474 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.autoRegenerate" 0 1475 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.timeout" 600 1476 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.cookieTimeout" 3600 1477 | 1478 | # Set the default temp dir 1479 | ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.tmpdir" "${PATH_TO_MISP}/app/tmp" 1480 | 1481 | # Change base url, either with this CLI command or in the UI 1482 | $SUDO_WWW $RUN_PHP -- $CAKE Baseurl $MISP_BASEURL 1483 | # example: 'baseurl' => 'https://', 1484 | # alternatively, you can leave this field empty if you would like to use relative pathing in MISP 1485 | # 'baseurl' => '', 1486 | # The base url of the application (in the format https://www.mymispinstance.com) as visible externally/by other MISPs. 1487 | # MISP will encode this URL in sharing groups when including itself. If this value is not set, the baseurl is used as a fallback. 1488 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.external_baseurl" $MISP_BASEURL 1489 | 1490 | # Enable GnuPG 1491 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS" 1492 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg" 1493 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE" 1494 | # FIXME: what if we have not gpg binary but a gpg2 one? 1495 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.binary" "$(which gpg)" 1496 | 1497 | # Enable installer org and tune some configurables 1498 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.host_org_id" 1 1499 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.email" "info@admin.test" 1500 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_emailing" true --force 1501 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.contact" "info@admin.test" 1502 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disablerestalert" true 1503 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true 1504 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_tag_collection" 0 1505 | 1506 | # Provisional Cortex tunes 1507 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_enable" false 1508 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" 1509 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 1510 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 1511 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_authkey" false 1512 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false 1513 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false 1514 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true 1515 | 1516 | # Various plugin sightings settings 1517 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_policy" 0 1518 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_anonymise" false 1519 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_anonymise_as" 1 1520 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_range" 365 1521 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_sighting_db_enable" false 1522 | 1523 | # Plugin CustomAuth tuneable 1524 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false 1525 | 1526 | # RPZ Plugin settings 1527 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" 1528 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" 1529 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" 1530 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" 1531 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" 1532 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" 1533 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" 1534 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" 1535 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." 1536 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" false 1537 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" 1538 | 1539 | # Force defaults to make MISP Server Settings less RED 1540 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.language" "eng" 1541 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.proposals_block_attributes" false 1542 | 1543 | # Redis block 1544 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" 1545 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_port" 6379 1546 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_database" 13 1547 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_password" "" 1548 | 1549 | # Force defaults to make MISP Server Settings less YELLOW 1550 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 1551 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.extended_alert_subject" false 1552 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_threat_level" 4 1553 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" 1554 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" 1555 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableEventBlocklisting" true 1556 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableOrgBlocklisting" true 1557 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_client_ip" false 1558 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_auth" false 1559 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disableUserSelfManagement" false 1560 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_login_change" false 1561 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_password_change" false 1562 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_add" false 1563 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert" false 1564 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" 1565 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert" false 1566 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" 1567 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_by_date" "" 1568 | $SUDO_WWW $RUN_PHP -- ${CAKE} Admin setSetting "MISP.event_alert_republish_ban" false 1569 | $SUDO_WWW $RUN_PHP -- ${CAKE} Admin setSetting "MISP.event_alert_republish_ban_threshold" 5 1570 | $SUDO_WWW $RUN_PHP -- ${CAKE} Admin setSetting "MISP.event_alert_republish_ban_refresh_on_retry" false 1571 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false 1572 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email." 1573 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install" 1574 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly" 1575 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure" 1576 | # TODO: Make sure $FLAVOUR is correct 1577 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings" 1578 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.attachments_dir" "$PATH_TO_MISP/app/files" 1579 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.download_attachments_on_load" true 1580 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.title_text" "MISP" 1581 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.terms_download" false 1582 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showorgalternate" false 1583 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name" 1584 | 1585 | # Force defaults to make MISP Server Settings less GREEN 1586 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "debug" 0 1587 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.auth_enforced" false 1588 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.rest_client_baseurl" "" 1589 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.advanced_authkeys" false 1590 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_length" 12 1591 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' 1592 | $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.self_registration_message" "If you would like to send us a registration request, please fill out the form below. Make sure you fill out as much information as possible in order to ease the task of the administrators." 1593 | 1594 | # It is possible to updateMISP too, only here for reference how to to that on the CLI. 1595 | ## $SUDO_WWW $RUN_PHP -- $CAKE Admin updateMISP 1596 | 1597 | # Set MISP Live 1598 | $SUDO_WWW $RUN_PHP -- $CAKE Live $MISP_LIVE 1599 | } 1600 | 1601 | # This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates 1602 | updateGOWNT () { 1603 | # AUTH_KEY Place holder in case we need to **curl** somehing in the future 1604 | # 1605 | $SUDO_WWW $RUN_MYSQL -- mysql -h $DBHOST -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1 > /tmp/auth.key 1606 | AUTH_KEY=$(cat /tmp/auth.key) 1607 | rm /tmp/auth.key 1608 | 1609 | debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates" 1610 | # Update the galaxies… 1611 | # TODO: Fix updateGalaxies 1612 | $SUDO_WWW $RUN_PHP -- $CAKE Admin updateGalaxies 1613 | # Updating the taxonomies… 1614 | $SUDO_WWW $RUN_PHP -- $CAKE Admin updateTaxonomies 1615 | # Updating the warning lists… 1616 | $SUDO_WWW $RUN_PHP -- $CAKE Admin updateWarningLists 1617 | # Updating the notice lists… 1618 | $SUDO_WWW $RUN_PHP -- $CAKE Admin updateNoticeLists 1619 | # Updating the object templates… 1620 | $SUDO_WWW $RUN_PHP -- $CAKE Admin updateObjectTemplates "1337" 1621 | } 1622 | 1623 | # Generate GnuPG key 1624 | setupGnuPG () { 1625 | if [ ! -d $PATH_TO_MISP/.gnupg ]; then 1626 | # The email address should match the one set in the config.php 1627 | # set in the configuration menu in the administration menu configuration file 1628 | echo "%echo Generating a default key 1629 | Key-Type: default 1630 | Key-Length: $GPG_KEY_LENGTH 1631 | Subkey-Type: default 1632 | Name-Real: $GPG_REAL_NAME 1633 | Name-Comment: $GPG_COMMENT 1634 | Name-Email: $GPG_EMAIL_ADDRESS 1635 | Expire-Date: 0 1636 | Passphrase: $GPG_PASSPHRASE 1637 | # Do a commit here, so that we can later print "done" 1638 | %commit 1639 | %echo done" > /tmp/gen-key-script 1640 | 1641 | $SUDO_WWW gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script 1642 | 1643 | # Export the public key to the webroot 1644 | $SUDO_WWW sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | $SUDO_WWW tee $PATH_TO_MISP/app/webroot/gpg.asc 1645 | fi 1646 | } 1647 | 1648 | logRotation () { 1649 | # MISP saves the stdout and stderr of its workers in ${PATH_TO_MISP}/app/tmp/logs 1650 | # To rotate these logs install the supplied logrotate script: 1651 | sudo cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp 1652 | sudo chmod 0640 /etc/logrotate.d/misp 1653 | } 1654 | 1655 | backgroundWorkers () { 1656 | debug "Setting up background workers" 1657 | # To make the background workers start on boot 1658 | sudo chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh 1659 | 1660 | if [ ! -e /etc/rc.local ] 1661 | then 1662 | echo '#!/bin/sh -e' | sudo tee -a /etc/rc.local 1663 | echo 'exit 0' | sudo tee -a /etc/rc.local 1664 | sudo chmod u+x /etc/rc.local 1665 | fi 1666 | 1667 | echo "[Unit] 1668 | Description=MISP background workers 1669 | After=network.target 1670 | 1671 | [Service] 1672 | Type=forking 1673 | User=${WWW_USER} 1674 | Group=${WWW_USER} 1675 | ExecStart=${PATH_TO_MISP}/app/Console/worker/start.sh 1676 | Restart=always 1677 | RestartSec=10 1678 | 1679 | [Install] 1680 | WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-workers.service 1681 | 1682 | sudo systemctl daemon-reload 1683 | sudo systemctl enable --now misp-workers 1684 | 1685 | # Add the following lines before the last line (exit 0). Make sure that you replace www-data with your apache user: 1686 | sudo sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local 1687 | sudo sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local 1688 | sudo sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local 1689 | } 1690 | 1691 | # Main MISP Modules install function 1692 | mispmodules () { 1693 | cd /usr/local/src/ 1694 | sudo apt-get install cmake libcaca-dev liblua5.3-dev -y 1695 | ## TODO: checkUsrLocalSrc in main doc 1696 | if [[ ! -d /usr/local/src/misp-modules ]]; then 1697 | debug "Cloning misp-modules" 1698 | false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/misp-modules.git; done 1699 | else 1700 | false; while [[ $? -ne 0 ]]; do $SUDO_CMD git -C /usr/local/src/misp-modules pull; done 1701 | fi 1702 | 1703 | # Install faup/gtcaca 1704 | [[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/faup.git faup; done 1705 | [[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca; done 1706 | sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca 1707 | # Install gtcaca 1708 | cd gtcaca 1709 | $SUDO_CMD mkdir -p build 1710 | cd build 1711 | $SUDO_CMD cmake .. && $SUDO_CMD make 1712 | sudo make install 1713 | cd /usr/local/src/faup 1714 | # Install faup 1715 | $SUDO_CMD mkdir -p build 1716 | cd build 1717 | $SUDO_CMD cmake .. && $SUDO_CMD make 1718 | sudo make install 1719 | sudo ldconfig 1720 | 1721 | cd /usr/local/src/misp-modules 1722 | # some misp-modules dependencies 1723 | sudo apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y 1724 | # If you build an egg, the user you build it as need write permissions in the CWD 1725 | sudo chgrp $WWW_USER . 1726 | sudo chmod og+w . 1727 | $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS 1728 | sudo chgrp staff . 1729 | $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install -I . 1730 | $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install censys pyfaup 1731 | 1732 | # Start misp-modules as a service 1733 | sudo cp /usr/local/src/misp-modules/etc/systemd/system/misp-modules.service /etc/systemd/system/ 1734 | sudo systemctl daemon-reload 1735 | sudo systemctl enable --now misp-modules 1736 | 1737 | # Sleep 9 seconds to give misp-modules a chance to spawn 1738 | sleep 9 1739 | 1740 | # Enable Enrichment, set better timeouts 1741 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true 1742 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true 1743 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_popover_only" false 1744 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 1745 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 1746 | # TODO:"Investigate why the next one fails" 1747 | #$SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" true 1748 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true 1749 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true 1750 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_btc_steroids_enabled" true 1751 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" true 1752 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" true 1753 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_yara_query_enabled" true 1754 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pdf_enabled" true 1755 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_docx_enabled" true 1756 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_xlsx_enabled" true 1757 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_pptx_enabled" true 1758 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_ods_enabled" true 1759 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_odt_enabled" true 1760 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" 1761 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 1762 | 1763 | # Enable Import modules, set better timeout 1764 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_enable" true 1765 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" 1766 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_services_port" 6666 1767 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_timeout" 300 1768 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true 1769 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_mispjson_enabled" true 1770 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" true 1771 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" true 1772 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true 1773 | 1774 | # Enable Export modules, set better timeout 1775 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_enable" true 1776 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" 1777 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_services_port" 6666 1778 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_timeout" 300 1779 | $SUDO_WWW $CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true 1780 | } 1781 | 1782 | # Main MISP Dashboard install function 1783 | mispDashboard () { 1784 | debug "Install misp-dashboard" 1785 | # Install pyzmq to main MISP venv 1786 | debug "Installing PyZMQ" 1787 | $SUDO_WWW ${PATH_TO_MISP}/venv/bin/pip install pyzmq 1788 | cd /var/www 1789 | sudo mkdir misp-dashboard 1790 | sudo chown $WWW_USER:$WWW_USER misp-dashboard 1791 | 1792 | false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git; done 1793 | cd misp-dashboard 1794 | sudo -H /var/www/misp-dashboard/install_dependencies.sh 1795 | sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg 1796 | sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/apache2/ports.conf 1797 | sudo apt install libapache2-mod-wsgi-py3 net-tools -y 1798 | echo " 1799 | ServerAdmin admin@misp.local 1800 | ServerName misp.local 1801 | 1802 | DocumentRoot /var/www/misp-dashboard 1803 | 1804 | WSGIDaemonProcess misp-dashboard \ 1805 | user=misp group=misp \ 1806 | python-home=/var/www/misp-dashboard/DASHENV \ 1807 | processes=1 \ 1808 | threads=15 \ 1809 | maximum-requests=5000 \ 1810 | listen-backlog=100 \ 1811 | queue-timeout=45 \ 1812 | socket-timeout=60 \ 1813 | connect-timeout=15 \ 1814 | request-timeout=60 \ 1815 | inactivity-timeout=0 \ 1816 | deadlock-timeout=60 \ 1817 | graceful-timeout=15 \ 1818 | eviction-timeout=0 \ 1819 | shutdown-timeout=5 \ 1820 | send-buffer-size=0 \ 1821 | receive-buffer-size=0 \ 1822 | header-buffer-size=0 \ 1823 | response-buffer-size=0 \ 1824 | server-metrics=Off 1825 | 1826 | WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi 1827 | 1828 | 1829 | WSGIProcessGroup misp-dashboard 1830 | WSGIApplicationGroup %{GLOBAL} 1831 | Require all granted 1832 | 1833 | 1834 | LogLevel info 1835 | ErrorLog /var/log/apache2/misp-dashboard.local_error.log 1836 | CustomLog /var/log/apache2/misp-dashboard.local_access.log combined 1837 | ServerSignature Off 1838 | " | sudo tee /etc/apache2/sites-available/misp-dashboard.conf 1839 | 1840 | # Enable misp-dashboard in apache and reload 1841 | sudo a2ensite misp-dashboard 1842 | sudo systemctl restart apache2 1843 | 1844 | # Needs to be started after apache2 is reloaded so the port status check works 1845 | $SUDO_WWW bash /var/www/misp-dashboard/start_all.sh 1846 | 1847 | # Add misp-dashboard to rc.local to start on boot. 1848 | sudo sed -i -e '$i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh > /tmp/misp-dashboard_rc.local.log\n' /etc/rc.local 1849 | } 1850 | 1851 | dashboardCAKE () { 1852 | # Enable ZeroMQ for misp-dashboard 1853 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true 1854 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true 1855 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true 1856 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true 1857 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true 1858 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true 1859 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true 1860 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true 1861 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 1862 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" 1863 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 1864 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 1865 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" 1866 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false 1867 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false 1868 | $SUDO_WWW $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false 1869 | } 1870 | 1871 | # Main mail2misp install function 1872 | mail2misp () { 1873 | debug "Installing Mail2${LBLUE}MISP${NC}" 1874 | cd /usr/local/src/ 1875 | sudo apt-get install cmake libcaca-dev liblua5.3-dev -y 1876 | false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git; done 1877 | ## TODO: The below fails miserably (obviously) if faup/gtcac dirs exist, let's just make the dangerous assumption (for the sake of the installer, that they exist) 1878 | ##[[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/faup.git faup; done 1879 | ##[[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca; done 1880 | sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca 1881 | cd gtcaca 1882 | $SUDO_CMD mkdir -p build 1883 | cd build 1884 | $SUDO_CMD cmake .. && $SUDO_CMD make 1885 | sudo make install 1886 | cd ../../faup 1887 | $SUDO_CMD mkdir -p build 1888 | cd build 1889 | $SUDO_CMD cmake .. && $SUDO_CMD make 1890 | sudo make install 1891 | sudo ldconfig 1892 | cd ../../mail_to_misp 1893 | $SUDO_CMD virtualenv -p python3 venv 1894 | $SUDO_CMD ./venv/bin/pip install lief 1895 | $SUDO_CMD ./venv/bin/pip install -r requirements.txt 1896 | $SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py 1897 | ##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py 1898 | $SUDO_CMD sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py 1899 | $SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py 1900 | } 1901 | 1902 | ssdeep () { 1903 | debug "Install ssdeep 2.14.1" 1904 | cd /usr/local/src 1905 | $SUDO_CMD wget https://github.com/ssdeep-project/ssdeep/releases/download/release-2.14.1/ssdeep-2.14.1.tar.gz 1906 | $SUDO_CMD tar zxvf ssdeep-2.14.1.tar.gz 1907 | cd ssdeep-2.14.1 1908 | $SUDO_CMD ./configure --datadir=/usr --prefix=/usr --localstatedir=/var --sysconfdir=/etc 1909 | $SUDO_CMD make 1910 | sudo make install 1911 | 1912 | #installing ssdeep_php 1913 | sudo pecl channel-update pecl.php.net 1914 | sudo pecl install ssdeep 1915 | 1916 | # You should add "extension=ssdeep.so" to mods-available - Check /etc/php for your current version 1917 | echo "extension=ssdeep.so" | sudo tee ${PHP_ETC_BASE}/mods-available/ssdeep.ini 1918 | sudo phpenmod ssdeep 1919 | sudo service apache2 restart 1920 | } 1921 | 1922 | # viper-web is broken ATM 1923 | # Main Viper install function 1924 | viper () { 1925 | export PATH=$PATH:/home/misp/.local/bin 1926 | debug "Installing Viper dependencies" 1927 | cd /usr/local/src/ 1928 | sudo apt-get install \ 1929 | libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 \ 1930 | python3-magic python3-sqlalchemy python3-prettytable libffi-dev libfreetype6-dev libpng-dev -qy 1931 | if [[ -f "/etc/debian_version" ]]; then 1932 | if [[ "$(cat /etc/debian_version)" == "9.9" ]]; then 1933 | sudo apt-get install libpython3.5-dev -qy 1934 | fi 1935 | fi 1936 | echo "Cloning Viper" 1937 | false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper.git; done 1938 | false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git; done 1939 | sudo chown -R $MISP_USER:$MISP_USER viper 1940 | sudo chown -R $MISP_USER:$MISP_USER viper-web 1941 | cd viper 1942 | echo "Creating virtualenv" 1943 | $SUDO_CMD virtualenv -p python3 venv 1944 | echo "Submodule update" 1945 | # TODO: Check for current user install permissions 1946 | $SUDO_CMD git submodule update --init --recursive 1947 | echo "pip install deps" 1948 | $SUDO_CMD ./venv/bin/pip install pefile olefile jbxapi Crypto pypdns pypssl r2pipe pdftools virustotal-api SQLAlchemy PrettyTable python-magic scrapy lief 1949 | $SUDO_CMD ./venv/bin/pip install . 1950 | echo 'update-modules' |/usr/local/src/viper/venv/bin/viper 1951 | cd /usr/local/src/viper-web 1952 | $SUDO_CMD sed -i '1 s/^.*$/\#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web 1953 | $SUDO_CMD /usr/local/src/viper/venv/bin/pip install -r requirements.txt 1954 | echo "Launching viper-web" 1955 | $SUDO_CMD /usr/local/src/viper-web/viper-web -p 8888 -H 0.0.0.0 & 1956 | echo 'PATH="/home/misp/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |sudo tee -a /etc/environment 1957 | echo ". /etc/environment" >> /home/${MISP_USER}/.profile 1958 | 1959 | # TODO: Perms, MISP_USER_HOME, nasty hack cuz Kali on R00t 1960 | if [ -f /home/${MISP_USER}/.viper/viper.conf ]; then 1961 | VIPER_HOME="/home/${MISP_USER}/.viper" 1962 | else 1963 | VIPER_HOME="${HOME}/.viper" 1964 | fi 1965 | 1966 | echo "Setting misp_url/misp_key" 1967 | $SUDO_CMD sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" ${VIPER_HOME}/viper.conf 1968 | $SUDO_CMD sed -i "s/^misp_key\ =/misp_key\ =\ $AUTH_KEY/g" ${VIPER_HOME}/viper.conf 1969 | # Reset admin password to: admin/Password1234 1970 | echo "Fixing admin.db with default password" 1971 | VIPER_COUNT=0 1972 | while [ "$(sudo sqlite3 ${VIPER_HOME}/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256$100000$iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo $?)" -ne "0" ]; do 1973 | # FIXME This might lead to a race condition, the while loop is sub-par 1974 | sudo chown $MISP_USER:$MISP_USER ${VIPER_HOME}/admin.db 1975 | echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…" 1976 | sleep 6 1977 | VIPER_COUNT=$[$VIPER_COUNT+1] 1978 | if [[ "$VIPER_COUNT" > '10' ]]; then 1979 | echo "Something is wrong with updating viper. Continuing without db update." 1980 | break 1981 | fi 1982 | done 1983 | 1984 | # Add viper-web to rc.local to be started on boot 1985 | sudo sed -i -e '$i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 > /tmp/viper-web_rc.local.log &\n' /etc/rc.local 1986 | } 1987 | 1988 | 1989 | enableReposRHEL () { 1990 | sudo subscription-manager refresh 1991 | sudo subscription-manager repos --enable rhel-7-server-optional-rpms 1992 | sudo subscription-manager repos --enable rhel-7-server-extras-rpms 1993 | sudo subscription-manager repos --enable rhel-server-rhscl-7-rpms 1994 | } 1995 | 1996 | centosEPEL () { 1997 | # We need some packages from the Extra Packages for Enterprise Linux repository 1998 | sudo yum install epel-release -y 1999 | 2000 | # Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides 2001 | # Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL 2002 | sudo yum install centos-release-scl -y 2003 | } 2004 | 2005 | enableEPEL () { 2006 | sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y 2007 | } 2008 | 2009 | yumInstallCoreDeps () { 2010 | # Install the dependencies: 2011 | sudo yum install gcc git zip rh-git218 \ 2012 | httpd24 \ 2013 | mod_ssl \ 2014 | rh-redis32 \ 2015 | rh-mariadb102 \ 2016 | libxslt-devel zlib-devel ssdeep-devel -y 2017 | 2018 | # Enable and start redis 2019 | sudo systemctl enable --now rh-redis32-redis.service 2020 | 2021 | WWW_USER="apache" 2022 | SUDO_WWW="sudo -H -u $WWW_USER" 2023 | RUN_PHP="/usr/bin/scl enable rh-php72" 2024 | PHP_INI="/etc/opt/rh/rh-php72/php.ini" 2025 | # Install PHP 7.2 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php72/ 2026 | sudo yum install rh-php72 rh-php72-php-fpm rh-php72-php-devel \ 2027 | rh-php72-php-mysqlnd \ 2028 | rh-php72-php-mbstring \ 2029 | rh-php72-php-xml \ 2030 | rh-php72-php-bcmath \ 2031 | rh-php72-php-opcache \ 2032 | rh-php72-php-zip \ 2033 | rh-php72-php-gd -y 2034 | 2035 | # Python 3.6 is now available in RHEL 7.7 base 2036 | sudo yum install python3 python3-devel -y 2037 | 2038 | sudo systemctl enable --now rh-php72-php-fpm.service 2039 | } 2040 | 2041 | installCoreRHEL () { 2042 | # Download MISP using git in the $PATH_TO_MISP directory. 2043 | sudo mkdir -p $(dirname $PATH_TO_MISP) 2044 | sudo chown $WWW_USER:$WWW_USER $(dirname $PATH_TO_MISP) 2045 | cd $(dirname $PATH_TO_MISP) 2046 | $SUDO_WWW git clone https://github.com/MISP/MISP.git 2047 | cd $PATH_TO_MISP 2048 | ##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) 2049 | # if the last shortcut doesn't work, specify the latest version manually 2050 | # example: git checkout tags/v2.4.XY 2051 | # the message regarding a "detached HEAD state" is expected behaviour 2052 | # (you only have to create a new branch, if you want to change stuff and do a pull request for example) 2053 | 2054 | # Fetch submodules 2055 | $SUDO_WWW git submodule update --init --recursive 2056 | # Make git ignore filesystem permission differences for submodules 2057 | $SUDO_WWW git submodule foreach --recursive git config core.filemode false 2058 | # Make git ignore filesystem permission differences 2059 | $SUDO_WWW git config core.filemode false 2060 | 2061 | # Create a python3 virtualenv 2062 | sudo pip3 install virtualenv 2063 | $SUDO_WWW python3 -m venv $PATH_TO_MISP/venv 2064 | sudo mkdir /usr/share/httpd/.cache 2065 | sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache 2066 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools 2067 | 2068 | # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules 2069 | UMASK=$(umask) 2070 | umask 0022 2071 | 2072 | # install python-stix dependencies 2073 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install ordered-set python-dateutil six weakrefmethod 2074 | 2075 | # install zmq 2076 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq 2077 | 2078 | # install redis 2079 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U redis 2080 | 2081 | # lief needs manual compilation 2082 | sudo yum install devtoolset-7 cmake3 cppcheck libcxx-devel -y 2083 | 2084 | cd $PATH_TO_MISP/app/files/scripts/lief 2085 | $SUDO_WWW git config core.filemode false 2086 | $SUDO_WWW mkdir build 2087 | cd build 2088 | $SUDO_WWW scl enable devtoolset-7 "bash -c 'cmake3 \ 2089 | -DLIEF_PYTHON_API=on \ 2090 | -DPYTHON_VERSION=3.6 \ 2091 | -DPYTHON_EXECUTABLE=$PATH_TO_MISP/venv/bin/python \ 2092 | -DLIEF_DOC=off \ 2093 | -DCMAKE_BUILD_TYPE=Release \ 2094 | ..'" 2095 | $SUDO_WWW make -j3 pyLIEF 2096 | 2097 | if [ $? == 2 ]; then 2098 | # In case you get "internal compiler error: Killed (program cc1plus)" 2099 | # You ran out of memory. 2100 | # Create some swap 2101 | sudo dd if=/dev/zero of=/var/swap.img bs=1024k count=4000 2102 | sudo mkswap /var/swap.img 2103 | sudo swapon /var/swap.img 2104 | # And compile again 2105 | $SUDO_WWW make -j3 pyLIEF 2106 | sudo swapoff /var/swap.img 2107 | sudo rm /var/swap.img 2108 | fi 2109 | 2110 | # The following adds a PYTHONPATH to where the pyLIEF module has been compiled 2111 | echo $PATH_TO_MISP/app/files/scripts/lief/build/api/python |$SUDO_WWW tee $PATH_TO_MISP/venv/lib/python3.6/site-packages/lief.pth 2112 | 2113 | # install magic, pydeep 2114 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U python-magic git+https://github.com/kbandla/pydeep.git plyara 2115 | 2116 | # install PyMISP 2117 | cd $PATH_TO_MISP/PyMISP 2118 | $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U . 2119 | 2120 | # FIXME: Remove libfaup etc once the egg has the library baked-in 2121 | # BROKEN: This needs to be tested on RHEL/CentOS 2122 | ##sudo apt-get install cmake libcaca-dev liblua5.3-dev -y 2123 | cd /tmp 2124 | [[ ! -d "faup" ]] && $SUDO_CMD git clone https://github.com/stricaud/faup.git faup 2125 | [[ ! -d "gtcaca" ]] && $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca 2126 | sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca 2127 | cd gtcaca 2128 | $SUDO_CMD mkdir -p build 2129 | cd build 2130 | $SUDO_CMD cmake .. && $SUDO_CMD make 2131 | sudo make install 2132 | cd ../../faup 2133 | $SUDO_CMD mkdir -p build 2134 | cd build 2135 | $SUDO_CMD cmake .. && $SUDO_CMD make 2136 | sudo make install 2137 | sudo ldconfig 2138 | 2139 | # Enable dependencies detection in the diagnostics page 2140 | # This allows MISP to detect GnuPG, the Python modules' versions and to read the PHP settings. 2141 | # The LD_LIBRARY_PATH setting is needed for rh-git218 to work 2142 | echo "env[PATH] = /opt/rh/rh-git218/root/usr/bin:/opt/rh/rh-redis32/root/usr/bin:/opt/rh/rh-php72/root/usr/bin:/usr/local/bin:/usr/bin:/bin" |sudo tee -a /etc/opt/rh/rh-php72/php-fpm.d/www.conf 2143 | sudo sed -i.org -e 's/^;\(clear_env = no\)/\1/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf 2144 | sudo systemctl restart rh-php72-php-fpm.service 2145 | umask $UMASK 2146 | } 2147 | 2148 | installCake_RHEL () 2149 | { 2150 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP 2151 | sudo mkdir /usr/share/httpd/.composer 2152 | sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.composer 2153 | cd $PATH_TO_MISP/app 2154 | # Update composer.phar (optional) 2155 | #EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" 2156 | #$SUDO_WWW $RUN_PHP -- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" 2157 | #$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" 2158 | #$SUDO_WWW $RUN_PHP "php composer-setup.php" 2159 | #$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');" 2160 | $SUDO_WWW $RUN_PHP "php composer.phar install --no-dev" 2161 | 2162 | ## sudo yum install php-redis -y 2163 | sudo scl enable rh-php72 'pecl channel-update pecl.php.net' 2164 | sudo scl enable rh-php72 'yes no|pecl install redis' 2165 | echo "extension=redis.so" |sudo tee /etc/opt/rh/rh-php72/php.d/99-redis.ini 2166 | 2167 | sudo ln -s /usr/lib64/libfuzzy.so /usr/lib/libfuzzy.so 2168 | sudo scl enable rh-php72 'pecl install ssdeep' 2169 | echo "extension=ssdeep.so" |sudo tee /etc/opt/rh/rh-php72/php.d/99-ssdeep.ini 2170 | 2171 | # Install gnupg extension 2172 | sudo yum install gpgme-devel -y 2173 | sudo scl enable rh-php72 'pecl install gnupg' 2174 | echo "extension=gnupg.so" |sudo tee /etc/opt/rh/rh-php72/php.d/99-gnupg.ini 2175 | sudo systemctl restart rh-php72-php-fpm.service 2176 | 2177 | # If you have not yet set a timezone in php.ini 2178 | echo 'date.timezone = "Asia/Tokyo"' |sudo tee /etc/opt/rh/rh-php72/php.d/timezone.ini 2179 | 2180 | # Recommended: Change some PHP settings in /etc/opt/rh/rh-php72/php.ini 2181 | # max_execution_time = 300 2182 | # memory_limit = 2048M 2183 | # upload_max_filesize = 50M 2184 | # post_max_size = 50M 2185 | for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit 2186 | do 2187 | sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI 2188 | done 2189 | sudo systemctl restart rh-php72-php-fpm.service 2190 | 2191 | # To use the scheduler worker for scheduled tasks, do the following: 2192 | sudo cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php 2193 | } 2194 | 2195 | apacheConfig_RHEL () { 2196 | # Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/ 2197 | # A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7 2198 | 2199 | sudo cp $PATH_TO_MISP/INSTALL/apache.misp.centos7.ssl /etc/httpd/conf.d/misp.ssl.conf 2200 | #sudo sed -i "s/SetHandler/\#SetHandler/g" /etc/httpd/conf.d/misp.ssl.conf 2201 | sudo rm /etc/httpd/conf.d/ssl.conf 2202 | sudo chmod 644 /etc/httpd/conf.d/misp.ssl.conf 2203 | sudo sed -i '/Listen 80/a Listen 443' /etc/httpd/conf/httpd.conf 2204 | 2205 | # If a valid SSL certificate is not already created for the server, create a self-signed certificate: 2206 | echo "The Common Name used below will be: ${OPENSSL_CN}" 2207 | # This will take a rather long time, be ready. (13min on a VM, 8GB Ram, 1 core) 2208 | if [[ ! -e "/etc/pki/tls/certs/dhparam.pem" ]]; then 2209 | sudo openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 4096 2210 | fi 2211 | sudo openssl genrsa -des3 -passout pass:xxxx -out /tmp/misp.local.key 4096 2212 | sudo openssl rsa -passin pass:xxxx -in /tmp/misp.local.key -out /etc/pki/tls/private/misp.local.key 2213 | sudo rm /tmp/misp.local.key 2214 | sudo openssl req -new -subj "/C=${OPENSSL_C}/ST=${OPENSSL_ST}/L=${OPENSSL_L}/O=${OPENSSL_O}/OU=${OPENSSL_OU}/CN=${OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" -key /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.csr 2215 | sudo openssl x509 -req -days 365 -in /etc/pki/tls/certs/misp.local.csr -signkey /etc/pki/tls/private/misp.local.key -out /etc/pki/tls/certs/misp.local.crt 2216 | sudo ln -s /etc/pki/tls/certs/misp.local.csr /etc/pki/tls/certs/misp-chain.crt 2217 | cat /etc/pki/tls/certs/dhparam.pem |sudo tee -a /etc/pki/tls/certs/misp.local.crt 2218 | 2219 | sudo systemctl restart httpd.service 2220 | 2221 | # Since SELinux is enabled, we need to allow httpd to write to certain directories 2222 | sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files 2223 | sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/terms 2224 | sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/tmp 2225 | sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Plugin/CakeResque/tmp 2226 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/cake 2227 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Console/worker/*.sh 2228 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*.py 2229 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/*/*.py 2230 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/files/scripts/lief/build/api/python/lief.so 2231 | sudo chcon -t httpd_sys_script_exec_t $PATH_TO_MISP/app/Vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry 2232 | sudo chcon -R -t bin_t $PATH_TO_MISP/venv/bin/* 2233 | find $PATH_TO_MISP/venv -type f -name "*.so*" -or -name "*.so.*" | xargs sudo chcon -t lib_t 2234 | # Only run these if you want to be able to update MISP from the web interface 2235 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/.git 2236 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/tmp 2237 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Lib 2238 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config 2239 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/orgs 2240 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom 2241 | sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq 2242 | } 2243 | 2244 | firewall_RHEL () { 2245 | # Allow httpd to connect to the redis server and php-fpm over tcp/ip 2246 | sudo setsebool -P httpd_can_network_connect on 2247 | 2248 | # Allow httpd to send emails from php 2249 | sudo setsebool -P httpd_can_sendmail on 2250 | 2251 | # Enable and start the httpd service 2252 | sudo systemctl enable --now httpd.service 2253 | 2254 | # Open a hole in the iptables firewall 2255 | sudo firewall-cmd --zone=public --add-port=80/tcp --permanent 2256 | sudo firewall-cmd --zone=public --add-port=443/tcp --permanent 2257 | sudo firewall-cmd --reload 2258 | } 2259 | 2260 | # Main function to fix permissions to something sane 2261 | permissions_RHEL () { 2262 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP 2263 | ## ? chown -R root:$WWW_USER $PATH_TO_MISP 2264 | sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \; 2265 | sudo chmod -R g+r,o= $PATH_TO_MISP 2266 | ## **Note :** For updates through the web interface to work, apache must own the $PATH_TO_MISP folder and its subfolders as shown above, which can lead to security issues. If you do not require updates through the web interface to work, you can use the following more restrictive permissions : 2267 | sudo chmod -R 750 $PATH_TO_MISP 2268 | sudo chmod -R g+xws $PATH_TO_MISP/app/tmp 2269 | sudo chmod -R g+ws $PATH_TO_MISP/app/files 2270 | sudo chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp 2271 | sudo chmod -R g+rw $PATH_TO_MISP/venv 2272 | sudo chmod -R g+rw $PATH_TO_MISP/.git 2273 | sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP/app/files 2274 | sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP/app/files/terms 2275 | sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP/app/files/scripts/tmp 2276 | sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Plugin/CakeResque/tmp 2277 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config 2278 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/tmp 2279 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/webroot/img/orgs 2280 | sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/webroot/img/custom 2281 | } 2282 | 2283 | logRotation_RHEL () { 2284 | # MISP saves the stdout and stderr of its workers in $PATH_TO_MISP/app/tmp/logs 2285 | # To rotate these logs install the supplied logrotate script: 2286 | 2287 | sudo cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp 2288 | sudo chmod 0640 /etc/logrotate.d/misp 2289 | 2290 | # Now make logrotate work under SELinux as well 2291 | # Allow logrotate to modify the log files 2292 | sudo semanage fcontext -a -t httpd_sys_rw_content_t "$PATH_TO_MISP(/.*)?" 2293 | sudo semanage fcontext -a -t httpd_log_t "$PATH_TO_MISP/app/tmp/logs(/.*)?" 2294 | sudo chcon -R -t httpd_log_t $PATH_TO_MISP/app/tmp/logs 2295 | # Impact of the following: ?!?!?!!?111 2296 | ##sudo restorecon -R $PATH_TO_MISP 2297 | 2298 | # Allow logrotate to read /var/www 2299 | sudo checkmodule -M -m -o /tmp/misplogrotate.mod $PATH_TO_MISP/INSTALL/misplogrotate.te 2300 | sudo semodule_package -o /tmp/misplogrotate.pp -m /tmp/misplogrotate.mod 2301 | sudo semodule -i /tmp/misplogrotate.pp 2302 | } 2303 | 2304 | configMISP_RHEL () { 2305 | # There are 4 sample configuration files in $PATH_TO_MISP/app/Config that need to be copied 2306 | $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php 2307 | $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php 2308 | $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php 2309 | $SUDO_WWW cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php 2310 | 2311 | echo " 'Database/Mysql', 2315 | //'datasource' => 'Database/Postgres', 2316 | 'persistent' => false, 2317 | 'host' => '$DBHOST', 2318 | 'login' => '$DBUSER_MISP', 2319 | 'port' => 3306, // MySQL & MariaDB 2320 | //'port' => 5432, // PostgreSQL 2321 | 'password' => '$DBPASSWORD_MISP', 2322 | 'database' => '$DBNAME', 2323 | 'prefix' => '', 2324 | 'encoding' => 'utf8', 2325 | ); 2326 | }" | $SUDO_WWW tee $PATH_TO_MISP/app/Config/database.php 2327 | 2328 | # Configure the fields in the newly created files: 2329 | # config.php : baseurl (example: 'baseurl' => 'http://misp',) - don't use "localhost" it causes issues when browsing externally 2330 | # core.php : Uncomment and set the timezone: `// date_default_timezone_set('UTC');` 2331 | # database.php : login, port, password, database 2332 | # DATABASE_CONFIG has to be filled 2333 | # With the default values provided in section 6, this would look like: 2334 | # class DATABASE_CONFIG { 2335 | # public $default = array( 2336 | # 'datasource' => 'Database/Mysql', 2337 | # 'persistent' => false, 2338 | # 'host' => 'localhost', 2339 | # 'login' => 'misp', // grant usage on *.* to misp@localhost 2340 | # 'port' => 3306, 2341 | # 'password' => 'XXXXdbpasswordhereXXXXX', // identified by 'XXXXdbpasswordhereXXXXX'; 2342 | # 'database' => 'misp', // create database misp; 2343 | # 'prefix' => '', 2344 | # 'encoding' => 'utf8', 2345 | # ); 2346 | #} 2347 | 2348 | # Important! Change the salt key in $PATH_TO_MISP/app/Config/config.php 2349 | # The admin user account will be generated on the first login, make sure that the salt is changed before you create that user 2350 | # If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt, 2351 | # delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin) 2352 | 2353 | # If you want to be able to change configuration parameters from the webinterface: 2354 | sudo chown $WWW_USER:$WWW_USER $PATH_TO_MISP/app/Config/config.php 2355 | sudo chcon -t httpd_sys_rw_content_t $PATH_TO_MISP/app/Config/config.php 2356 | 2357 | # Generate a GPG encryption key. 2358 | cat >/tmp/gen-key-script <