INSTALLATION INSTRUCTIONS

for Tsurugi Linux

0/ Quick MISP Instance on Tsurugi Linux - Status

This has been tested by @SteveClement on 20190408

Tsurugi can be found here.

1/ Prepare Tsurugi with a MISP User


openssh-server

It seems there are issues with the openssh-server package, thus we need to reconfigure to re-create the keys. (Only if ssh is NOT working)

sudo update-rc.d -f ssh remove
sudo update-rc.d -f ssh defaults
sudo dpkg-reconfigure openssh-server
sudo systemctl restart ssh

If you installed Tsurugi to your disk, the locale is a little all over the place. We assume en_US to be default unless you know what you're doing, go with that default.

sudo sed -i 's/ja_JP/en_US/g' /etc/default/locale
sudo sed -i 's/ja_JP.UTF/# ja_JP.UTF/g' /etc/locale.gen
sudo dpkg-reconfigure locales

To install MISP on Tsurugi copy paste this in your r00t shell:

wget -O /tmp/misp-tsurugi.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/xINSTALL.tsurugi.txt && bash /tmp/misp-tsurugi.sh

Warning

Please read the installer script before randomly doing the above. The script is tested on a plain vanilla Tsurugi Linux Boot CD and installs quite a few dependencies.

```bash

!/usr/bin/env bash

INSTALLATION INSTRUCTIONS

------------------------- for Tsurugi Linux

0/ Quick MISP Instance on Tsurugi Linux - Status

---------------------------------------------

1/ Prepare Tsurugi with a MISP User

--------------------------------

You will need a working OpenSSH server, reconfigure as follows:

sudo update-rc.d -f ssh remove

sudo update-rc.d -f ssh defaults

sudo dpkg-reconfigure openssh-server

sudo systemctl restart ssh

If you installed tsurugi the locale is a little all over the place. I assume en_US to be default unless you know what you're doing.

sudo sed -i 's/ja_JP/en_US/g' /etc/default/locale

sudo sed -i 's/ja_JP.UTF/# ja_JP.UTF/g' /etc/locale.gen

sudo dpkg-reconfigure locales

To install MISP on Tsurugi copy paste this in your r00t shell:

wget -O /tmp/misp-tsurugi.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.tsurugi.txt && bash /tmp/misp-tsurugi.sh

/! Please read the installer script before randomly doing the above.

The script is tested on a plain vanilla Tsurugi Linux Boot CD and installs quite a few dependencies.

MISP_USER='misp' MISP_PASSWORD='Password1234'

function tsurugiOnRootR0ckz() { if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 elif [[ $(id $MISP_USER >/dev/null; echo $?) -ne 0 ]]; then useradd -s /bin/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data $MISP_USER echo MISP_USER:MISP_PASSWORD | chpasswd else echo "User ${MISP_USER} exists, skipping creation" adduser $MISP_USER www-data fi }

function installMISPonTsurugi() { # MISP configuration variables PATH_TO_MISP='/var/www/MISP' MISP_BASEURL='https://misp.local' MISP_LIVE='1' CAKE="${PATH_TO_MISP}/app/Console/cake"

# Database configuration DBHOST='localhost' DBNAME='misp' DBUSER_ADMIN='root' DBPASSWORD_ADMIN="(openssl rand -hex 32)" DBUSER_MISP='misp' DBPASSWORD_MISP="(openssl rand -hex 32)"

# Webserver configuration FQDN='misp.local'

# OpenSSL configuration OPENSSL_CN=$FQDN OPENSSL_C='LU' OPENSSL_ST='State' OPENSSL_L='Location' OPENSSL_O='Organization' OPENSSL_OU='Organizational Unit' OPENSSL_EMAILADDRESS='info@localhost'

# GPG configuration GPG_REAL_NAME='Autogenerated Key' GPG_COMMENT='WARNING: MISP AutoGenerated Key consider this Key VOID!' GPG_EMAIL_ADDRESS='admin@admin.test' GPG_KEY_LENGTH='2048' GPG_PASSPHRASE='Password1234'

# php.ini configuration upload_max_filesize=50M post_max_size=50M max_execution_time=300 memory_limit=2048M session.sid_length=32 session.use_strict_mode=1

PHP_INI=/etc/php/7.0/apache2/php.ini

# apt config export DEBIAN_FRONTEND=noninteractive

# sudo config to run $LUSER commands SUDO="sudo -H -u ${MISP_USER}" SUDO_WWW="sudo -H -u www-data"

echo "Admin (${DBUSER_ADMIN}) DB Password: {DBPASSWORD_ADMIN}" echo "User ({DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"

echo "-----------------------------------------------------------------------" echo "Disabling sleep etc…" gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' xset s 0 0 xset dpms 0 0 xset s off

# Update all expired keys, needed for MongoDB key. apt-key list | \ grep "expired: " | \ sed -ne 's|pub ./[^ ]* .|\1|gp' | \ xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys

apt update apt install -qy etckeeper # Skip dist-upgrade for now, pulls in 500+ updated packages #sudo apt -y dist-upgrade git config --global user.email "root@tsurugi.lan" git config --global user.name "Root User" apt install -qy postfix

apt install -qy \ curl gcc git gnupg-agent make openssl redis-server zip libyara-dev python3-yara python3-redis python3-zmq \ mariadb-client \ mariadb-server \ apache2 apache2-doc apache2-utils \ libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-mbstring php-pear php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-opcache php7.0-readline php7.0-gd \ python3-dev python3-pip libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \ libxml2-dev libxslt1-dev zlib1g-dev python3-setuptools expect

apt install -qy haveged systemctl restart haveged

systemctl restart mysql.service

a2dismod status a2enmod ssl rewrite headers a2dissite 000-default a2ensite default-ssl

pecl channel-update pecl.php.net

yes '' |pecl install redis

echo "extension=redis.so" | tee /etc/php/7.0/mods-available/redis.ini

phpenmod redis

# You can make Python 3 default, if you wish to. #update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 #update-alternatives --install /usr/bin/python python /usr/bin/python3.5 2

mkdir ${PATH_TO_MISP} chown www-data:www-data ${PATH_TO_MISP} cd ${PATH_TO_MISP} ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP}

${SUDO_WWW} git config core.filemode false

cp -p /etc/lsb-release /etc/lsb-release.tmp sudo sed -i 's/TSURUGI/Ubuntu/g' /etc/lsb-release sudo sed -i 's/bamboo/xenial/g' /etc/lsb-release sudo add-apt-repository ppa:jonathonf/python-3.6 -y sudo apt-get update sudo apt-get install python3.6 python3.6-dev -y mv /etc/lsb-release.tmp /etc/lsb-release ${SUDO_WWW} virtualenv -p python3.6 ${PATH_TO_MISP}/venv

cd ${PATH_TO_MISP}/app/files/scripts ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git

mkdir /var/www/.cache chown www-data:www-data /var/www/.cache

cd ${PATH_TO_MISP}/app/files/scripts/python-stix ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .

cd ${PATH_TO_MISP}/app/files/scripts/python-cybox ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .

cd ${PATH_TO_MISP}/app/files/scripts/mixbox ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .

cd ${PATH_TO_MISP} ${SUDO_WWW} git submodule update --init --recursive # Make git ignore filesystem permission differences for submodules ${SUDO_WWW} git submodule foreach --recursive git config core.filemode false

# install PyMISP cd ${PATH_TO_MISP}/PyMISP ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .

cd ${PATH_TO_MISP}/app mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer ${SUDO_WWW} php composer.phar install

${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php

chown -R www-data:www-data ${PATH_TO_MISP} chmod -R 750 ${PATH_TO_MISP} chmod -R g+ws ${PATH_TO_MISP}/app/tmp chmod -R g+ws ${PATH_TO_MISP}/app/files chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp

if [ ! -e /var/lib/mysql/misp/users.ibd ]; then echo " set timeout 10 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send -- \"\r\" expect \"Set root password?\" send -- \"y\r\" expect \"New password:\" send -- \"{DBPASSWORD_ADMIN}\r\" expect \"Re-enter new password:\" send -- \"{DBPASSWORD_ADMIN}\r\" expect \"Remove anonymous users?\" send -- \"y\r\" expect \"Disallow root login remotely?\" send -- \"y\r\" expect \"Remove test database and access to it?\" send -- \"y\r\" expect \"Reload privilege tables now?\" send -- \"y\r\" expect eof" | expect -f -

mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBNAME@localhost identified by '$DBPASSWORD_MISP';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"

update-rc.d mysql enable
update-rc.d apache2 enable
update-rc.d redis-server enable

${SUDO_WWW} cat ${PATH_TO_MISP}/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME

echo "<?php

class DATABASE_CONFIG { public $default = array( 'datasource' => 'Database/Mysql', //'datasource' => 'Database/Postgres', 'persistent' => false, 'host' => 'DBHOST', 'login' => 'DBUSER_MISP', 'port' => 3306, // MySQL & MariaDB //'port' => 5432, // PostgreSQL 'password' => 'DBPASSWORD_MISP', 'database' => 'DBNAME', 'prefix' => '', 'encoding' => 'utf8', ); }" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/Config/database.php else echo "There might be a database already existing here: /var/lib/mysql/misp/users.ibd" echo "Skipping any creations…" sleep 3 fi

openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C={OPENSSL_C}/ST={OPENSSL_ST}/L={OPENSSL_L}/O={OPENSSL_O}/OU={OPENSSL_OU}/CN={OPENSSL_CN}/emailAddress=${OPENSSL_EMAILADDRESS}" \ -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt

if [ ! -e /etc/rc.local ] then echo '#!/bin/sh -e' | tee -a /etc/rc.local echo 'exit 0' | tee -a /etc/rc.local chmod u+x /etc/rc.local fi

cd /var/www mkdir misp-dashboard chown www-data:www-data misp-dashboard {SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git cd misp-dashboard {SUDO_WWW} {PATH_TO_MISP}/venv/bin/pip install zmq redis /var/www/misp-dashboard/install_dependencies.sh sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local sed -i -e 'i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/misp-dashboard/start_all.sh\n' /etc/rc.local sed -i -e 'i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local sed -i -e 'i \sudo -u misp /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 &\n' /etc/rc.local sed -i -e 'i \git_dirs="/usr/local/src/misp-modules/ /var/www/misp-dashboard /usr/local/src/faup /usr/local/src/mail_to_misp /usr/local/src/misp-modules /usr/local/src/viper /var/www/misp-dashboard"\n' /etc/rc.local sed -i -e '$i \for d in git_dirs; do\n' /etc/rc.local sed -i -e 'i echo "Updating {d}"\n' /etc/rc.local sed -i -e 'i cd d && sudo git pull &\n' /etc/rc.local sed -i -e 'i \done\n' /etc/rc.local ${SUDO_WWW} bash /var/www/misp-dashboard/start_all.sh

apt install libapache2-mod-wsgi-py3 -y

echo " ServerAdmin admin@localhost.lu ServerName misp.local

      Redirect permanent / https://misp.local

      LogLevel warn
      ErrorLog /var/log/apache2/misp.local_error.log
      CustomLog /var/log/apache2/misp.local_access.log combined
      ServerSignature Off

ServerAdmin admin@localhost.lu ServerName misp.local DocumentRoot ${PATH_TO_MISP}/app/webroot

      <Directory ${PATH_TO_MISP}/app/webroot>
              Options -Indexes
              AllowOverride all
                Require all granted
              Order allow,deny
              allow from all
      </Directory>

      SSLEngine On
      SSLCertificateFile /etc/ssl/private/misp.local.crt
      SSLCertificateKeyFile /etc/ssl/private/misp.local.key

# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt

      LogLevel warn
      ErrorLog /var/log/apache2/misp.local_error.log
      CustomLog /var/log/apache2/misp.local_access.log combined
      ServerSignature Off
      Header set X-Content-Type-Options nosniff
      Header set X-Frame-Options DENY

" | tee /etc/apache2/sites-available/misp-ssl.conf

echo "127.0.0.1 misp.local" | tee -a /etc/hosts

echo " ServerAdmin admin@misp.local ServerName misp.local

  DocumentRoot /var/www/misp-dashboard

  WSGIDaemonProcess misp-dashboard \
     user=misp group=misp \
     python-home=/var/www/misp-dashboard/DASHENV \
     processes=1 \
     threads=15 \
     maximum-requests=5000 \
     listen-backlog=100 \
     queue-timeout=45 \
     socket-timeout=60 \
     connect-timeout=15 \
     request-timeout=60 \
     inactivity-timeout=0 \
     deadlock-timeout=60 \
     graceful-timeout=15 \
     shutdown-timeout=5 \
     send-buffer-size=0 \
     receive-buffer-size=0 \
     header-buffer-size=0

  WSGIScriptAlias / /var/www/misp-dashboard/misp-dashboard.wsgi

  <Directory /var/www/misp-dashboard>
      WSGIProcessGroup misp-dashboard
      WSGIApplicationGroup %{GLOBAL}
      Require all granted
  </Directory>

  LogLevel info
  ErrorLog /var/log/apache2/misp-dashboard.local_error.log
  CustomLog /var/log/apache2/misp-dashboard.local_access.log combined
  ServerSignature Off

" | tee /etc/apache2/sites-available/misp-dashboard.conf

a2dissite default-ssl a2ensite misp-ssl a2ensite misp-dashboard

for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit do sed -i "s/^$key./\1 = (eval echo \${key})/" $PHP_INI done sudo sed -i "s/^session.sid_length./\1 = $(eval echo ${session0sid_length})/" $PHP_INI sudo sed -i "s/^session.use_strict_mode.*/\1 = $(eval echo ${session0use_strict_mode})/" $PHP_INI

systemctl restart apache2

cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp chmod 0640 /etc/logrotate.d/misp

${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php

chown -R www-data:www-data ${PATH_TO_MISP}/app/Config chmod -R 750 ${PATH_TO_MISP}/app/Config $CAKE Live $MISP_LIVE $CAKE Baseurl $MISP_BASEURL

echo "%echo Generating a default key Key-Type: 1 Key-Length: $GPG_KEY_LENGTH Subkey-Type: 1 Name-Real: $GPG_REAL_NAME Name-Comment: $GPG_COMMENT Name-Email: $GPG_EMAIL_ADDRESS Expire-Date: 0 Passphrase: $GPG_PASSPHRASE # Do a commit here, so that we can later print "done" %commit %echo done" > /tmp/gen-key-script

${SUDO_WWW} gpg --homedir ${PATH_TO_MISP}/.gnupg --batch --gen-key /tmp/gen-key-script

${SUDO_WWW} sh -c "gpg --homedir ${PATH_TO_MISP}/.gnupg --export --armor $GPG_EMAIL_ADDRESS" | ${SUDO_WWW} tee ${PATH_TO_MISP}/app/webroot/gpg.asc

chmod +x ${PATH_TO_MISP}/app/Console/worker/start.sh

$CAKE userInit -q $CAKE Admin updateDatabase

AUTH_KEY=$(mysql -u DBUSER_MISP -pDBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)

CAKE Admin setSetting "MISP.python_bin" "{PATH_TO_MISP}/venv/bin/python" $CAKE Admin setSetting "Plugin.ZeroMQ_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true $CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 $CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" $CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 $CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 $CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" $CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false $CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false $CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false $CAKE Admin setSetting "GnuPG.email" "admin@admin.test" $CAKE Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg" $CAKE Admin setSetting "GnuPG.password" "Password1234" $CAKE Admin setSetting "MISP.host_org_id" 1 $CAKE Admin setSetting "MISP.email" "info@admin.test" $CAKE Admin setSetting "MISP.disable_emailing" false $CAKE Admin setSetting "MISP.contact" "info@admin.test" $CAKE Admin setSetting "MISP.disablerestalert" true $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true $CAKE Admin setSetting "Plugin.Cortex_services_enable" false $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 $CAKE Admin setSetting "Plugin.Cortex_timeout" 120 $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 $CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 $CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true $CAKE Admin setSetting "Plugin.Sightings_policy" 0 $CAKE Admin setSetting "Plugin.Sightings_anonymise" false $CAKE Admin setSetting "Plugin.Sightings_range" 365 $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" $CAKE Admin setSetting "Plugin.RPZ_serial" "$date00" $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" $CAKE Admin setSetting "Plugin.RPZ_retry" "30m" $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." $CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" $CAKE Admin setSetting "MISP.language" "eng" $CAKE Admin setSetting "MISP.proposals_block_attributes" false $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" $CAKE Admin setSetting "MISP.redis_port" 6379 $CAKE Admin setSetting "MISP.redis_database" 13 $CAKE Admin setSetting "MISP.redis_password" "" $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 $CAKE Admin setSetting "MISP.extended_alert_subject" false $CAKE Admin setSetting "MISP.default_event_threat_level" 4 $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\n\nWe would hereby like to welcome you to the $org MISP community.\n\n Use the credentials below to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nPassword: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team" $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\n\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nYour temporary password: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team" $CAKE Admin setSetting "MISP.enableEventBlacklisting" true $CAKE Admin setSetting "MISP.enableOrgBlacklisting" true $CAKE Admin setSetting "MISP.log_client_ip" false $CAKE Admin setSetting "MISP.log_auth" false $CAKE Admin setSetting "MISP.disableUserSelfManagement" false $CAKE Admin setSetting "MISP.block_event_alert" false $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" $CAKE Admin setSetting "MISP.block_old_event_alert" false $CAKE Admin setSetting "MISP.block_old_event_alert_age" "" $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false $CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated install" $CAKE Admin setSetting "MISP.footermidright" "Please configure accordingly and do not use in production" $CAKE Admin setSetting "MISP.welcome_text_top" "Autogenerated install, please configure and harden accordingly" $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on Tsurugi" $CAKE Admin setSetting "Security.password_policy_length" 12 CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*|.{16,}/' $CAKE Admin setSetting "Session.autoRegenerate" 0 $CAKE Admin setSetting "Session.timeout" 600 $CAKE Admin setSetting "Session.cookie_timeout" 3600 $CAKE Live $MISP_LIVE CAKE Admin updateGalaxies CAKE Admin updateTaxonomies CAKE Admin updateWarningLists CAKE Admin updateNoticeLists CAKE Admin updateObjectTemplates "31337" sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sysctl vm.overcommit_memory=1\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local sed -i -e 'i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log 2> /dev/null &\n' /etc/rc.local ${SUDO_WWW} bash ${PATH_TO_MISP}/app/Console/worker/start.sh cd /usr/local/src/ git clone https://github.com/MISP/misp-modules.git cd misp-modules # pip3 install chown www-data . apt install libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev -y

${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I -r REQUIREMENTS ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -I . ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install maec python-magic wand lief yara-python plyara ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install stix2 gem install pygments.rb gem install asciidoctor-pdf --pre ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/misp-modules -l 127.0.0.1 -s & $CAKE Admin setSetting "Plugin.Enrichment_services_enable" true $CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true $CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 $CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 $CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true $CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true $CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" $CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 $CAKE Admin setSetting "Plugin.Import_services_enable" true $CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" $CAKE Admin setSetting "Plugin.Import_services_port" 6666 $CAKE Admin setSetting "Plugin.Import_timeout" 300 $CAKE Admin setSetting "Plugin.Import_ocr_enabled" true $CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true $CAKE Admin setSetting "Plugin.Export_services_enable" true $CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" $CAKE Admin setSetting "Plugin.Export_services_port" 6666 $CAKE Admin setSetting "Plugin.Export_timeout" 300 CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true cd /usr/local/src/ apt-get install -y libssl-dev swig python3-ssdeep p7zip-full unrar-free sqlite python3-pyclamd exiftool radare2 git clone https://github.com/viper-framework/viper.git chown -R MISP_USER:MISP_USER viper cd viper virtualenv -p python3.6 venv MISP_USER viper cd viper virtualenv -p python3.6 venv SUDO git submodule update --init --recursive sed -i 's/yara-python==3.7.0//g' requirements-modules.txt ./venv/bin/pip install scrapy ./venv/bin/pip install -r requirements.txt sed -i '1 s/^.*/#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli sed -i '1 s/^.MISP_USER viper cd viper virtualenv -p python3.6 venv MISP_USER viper cd viper virtualenv -p python3.6 venv SUDO git submodule update --init --recursive sed -i 's/yara-python==3.7.0//g' requirements-modules.txt ./venv/bin/pip install scrapy ./venv/bin/pip install -r requirements.txt sed -i '1 s/^.*/#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli sed -i '1 s/^./#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-cli sed -i '1 s/^./#!\/usr\/local\/src\/viper\/venv\/bin\/python/' viper-web $SUDO /usr/local/src/viper/viper-cli -h > /dev/null SUDO /usr/local/src/viper/viper-web -p 8888 -H 0.0.0.0 & echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/src/viper:/var/www/MISP/app/Console"' |tee -a /etc/environment echo ". /etc/environment" >> /home/{MISP_USER}/.profile SUDO sed -i "s/^misp_url\ =/misp_url\ =\ http:\/\/localhost/g" /home/{MISP_USER}/.viper/viper.conf $SUDO sed -i "s/^misp_key =/misp_key = AUTH_KEY/g" /home/{MISP_USER}/.viper/viper.conf

while [ "(sqlite3 /home/{MISP_USER}/.viper/admin.db 'UPDATE auth_user SET password="pbkdf2_sha256100000iXgEJh8hz7Cf$vfdDAwLX8tko1t0M1TLTtGlxERkNnltUnMhbv56wK/U="'; echo ?)" -ne "0" ]; do # FIXME This might lead to a race condition, the while loop is sub-par chown MISP_USER:MISP_USER /home/MISP_USER /home/MISP_USER /home/MISP_USER /home/{MISP_USER}/.viper/admin.db echo "Updating viper-web admin password, giving process time to start-up, sleeping 5, 4, 3,…" sleep 6 done

chown -R www-data:www-data ${PATH_TO_MISP} chmod -R 750 ${PATH_TO_MISP} chmod -R g+ws ${PATH_TO_MISP}/app/tmp chmod -R g+ws ${PATH_TO_MISP}/app/files chmod -R g+ws ${PATH_TO_MISP}/app/files/scripts/tmp

cd /usr/local/src/

apt-get install cmake libcaca-dev liblua5.3-dev -y git clone https://github.com/MISP/mail_to_misp.git git clone https://github.com/stricaud/faup.git faup git clone https://github.com/stricaud/gtcaca.git gtcaca chown -R {MISP_USER}:{MISP_USER} faup mail_to_misp gtcaca cd gtcaca $SUDO_CMD mkdir -p build cd build $SUDO_CMD cmake .. && $SUDO_CMD make sudo make install cd ../../faup $SUDO_CMD mkdir -p build cd build $SUDO_CMD cmake .. && $SUDO_CMD make sudo make install sudo ldconfig cd ../../mail_to_misp $SUDO_CMD virtualenv -p python3 venv $SUDO_CMD ./venv/bin/pip install lief $SUDO_CMD ./venv/bin/pip install -r requirements.txt SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py ##SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py $SUDO_CMD sed -i "s/^misp_url = 'YOUR_MISP_URL'/misp_url = 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '{AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py echo "" echo "Admin (root) DB Password: DBPASSWORD_ADMIN" > /home/{MISP_USER}/mysql.txt echo "User (misp) DB Password: DBPASSWORD_MISP" >> /home/{MISP_USER}/mysql.txt echo "Authkey: AUTH_KEY" > /home/{MISP_USER}/MISP-authkey.txt

clear echo "-------------------------------------------------------------------------" echo "MISP Installed, access here: https://misp.local" echo "User: admin@admin.test" echo "Password: admin" echo "MISP Dashboard, access here: http://misp.local:8001" echo "-------------------------------------------------------------------------" cat /home/{MISP_USER}/mysql.txt cat /home/{MISP_USER}/MISP-authkey.txt echo "-------------------------------------------------------------------------" echo "The LOCAL system credentials:" echo "User: ${MISP_USER}" echo "Password: ${MISP_PASSWORD}" echo "-------------------------------------------------------------------------" echo "viper-web installed, access here: http://misp.local:8888" echo "viper-cli configured with your MISP Site Admin Auth Key" echo "User: admin" echo "Password: Password1234" echo "-------------------------------------------------------------------------" echo "To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:" echo "" echo "sudo postconf -e 'relayhost = example.com'" echo "sudo postfix reload" echo "-------------------------------------------------------------------------" echo "Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues" su - misp }

tsurugiOnRootR0ckz installMISPonTsurugi