-
Notifications
You must be signed in to change notification settings - Fork 16
/
bootstrap
557 lines (488 loc) · 26.5 KB
/
bootstrap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
#!/usr/bin/env bash
MISP_BRANCH='2.4'
# MISP Configurables
PATH_TO_MISP='/var/www/MISP'
CAKE="${PATH_TO_MISP}/app/Console/cake"
MISP_BASEURL=''
MISP_LIVE='1'
# Database configuration
DBHOST='localhost'
DBNAME='misp'
DBUSER_ADMIN='root'
DBPASSWORD_ADMIN="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer"
DBUSER_MISP='misp'
DBPASSWORD_MISP="zgPKzFasIUj1LLGfzfhDVxRLOObzJLer"
# Webserver configuration
FQDN='localhost'
# GPG configuration
GPG_REAL_NAME='Auto-generated Key'
GPG_COMMENT='WARNING: MISP Cloud Auto-generated Key'
GPG_EMAIL_ADDRESS='admin@admin.test'
GPG_KEY_LENGTH='2048'
GPG_PASSPHRASE='Password1234'
# php.ini configuration
upload_max_filesize=50M
post_max_size=50M
max_execution_time=300
memory_limit=512M
PHP_INI='/etc/php/7.2/apache2/php.ini'
echo "--- Process started ... ---"
echo "--- Performing OS changes (branding) ... ---"
apt-get install -y update-motd > /dev/null 2>&1
cat > /etc/motd <<EOF
__ __ _____ _____ _____
| \/ |_ _|/ ____| __ \
| \ / | | | | (___ | |__) |
| |\/| | | | \___ \| ___/
| | | |_| |_ ____) | |
|_| |_|_____|_____/|_|
* MISP Project: https://github.com/MISP/MISP
* AMI Documentation: https://github.com/misp/misp-cloud
EOF
cat > /etc/update-motd.d/51-cloudguest <<EOF
EOF
echo "--- Upgrading base system and autoremoving packages ---"
apt -qq update > /dev/null 2>&1
# Prevent dialog of dpkg for config overwrite
DEBIAN_FRONTEND=noninteractive apt -yq upgrade > /dev/null 2>&1
# Clean up
apt -y autoremove > /dev/null 2>&1
echo "--- Install base packages ---"
apt-get -y install curl net-tools gcc git gnupg-agent make python openssl redis-server sudo tmux vim virtualenvwrapper zip python3-pythonmagick tesseract-ocr htop imagemagick asciidoctor jq > /dev/null 2>&1
echo "--- Installing and configuring Postfix ---"
# # Postfix Configuration: Satellite system
# # change the relay server later with:
# postconf -e 'relayhost = example.com'
# postfix reload
echo "postfix postfix/mailname string `hostname`.misp.local" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Satellite system'" | debconf-set-selections
apt-get install -y postfix > /dev/null 2>&1
echo "--- Installing MariaDB specific packages and settings ---"
apt-get install -y mariadb-client mariadb-server > /dev/null 2>&1
# Secure the MariaDB installation (especially by setting a strong root password)
sleep 10 # give some time to the DB to launch...
systemctl restart mariadb.service
sleep 10
apt-get install -y expect > /dev/null 2>&1
## do we need to spawn mysql_secure_install with sudo in future?
expect -f - <<-EOF
set timeout 10
spawn mysql_secure_installation
expect "Enter current password for root (enter for none):"
send -- "\r"
expect "Set root password?"
send -- "y\r"
expect "New password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Re-enter new password:"
send -- "${DBPASSWORD_ADMIN}\r"
expect "Remove anonymous users?"
send -- "y\r"
expect "Disallow root login remotely?"
send -- "y\r"
expect "Remove test database and access to it?"
send -- "y\r"
expect "Reload privilege tables now?"
send -- "y\r"
expect eof
EOF
apt-get purge -y expect > /dev/null 2>&1
echo "--- Installing Apache2 ---"
apt-get install -y apache2 apache2-doc apache2-utils > /dev/null 2>&1
a2dismod status > /dev/null 2>&1
a2enmod ssl > /dev/null 2>&1
a2enmod rewrite > /dev/null 2>&1
a2enmod headers > /dev/null 2>&1
a2dissite 000-default > /dev/null 2>&1
a2ensite default-ssl > /dev/null 2>&1
echo "--- Installing PHP-specific packages ---"
apt install -qy libapache2-mod-php php php-cli php-dev php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-redis php-gnupg php-gd > /dev/null 2>&1
echo "--- Configuring PHP ---"
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
echo "--- Adding Apache virtualhost ---"
openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj "/CN=MISP-Cloud" -keyout /etc/ssl/private/misp.local.key -out /etc/ssl/private/misp.local.crt > /dev/null 2>&1
cat > /etc/apache2/sites-available/misp-ssl.conf <<EOF
<VirtualHost *:443>
ServerAdmin admin@misp.local
ServerName misp.local
DocumentRoot $PATH_TO_MISP/app/webroot
<Directory $PATH_TO_MISP/app/webroot>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined
ServerSignature Off
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
SSLEngine On
SSLCertificateFile /etc/ssl/private/misp.local.crt
SSLCertificateKeyFile /etc/ssl/private/misp.local.key
</VirtualHost>
EOF
a2dissite default-ssl > /dev/null 2>&1
a2ensite misp-ssl > /dev/null 2>&1
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
echo "--- Retrieving MISP ---"
## Double check perms.
mkdir $PATH_TO_MISP
chown www-data:www-data $PATH_TO_MISP
cd $PATH_TO_MISP
git clone https://github.com/MISP/MISP.git $PATH_TO_MISP > /dev/null 2>&1
git submodule update --init --recursive
git submodule foreach --recursive git config core.filemode false
git config core.filemode false
echo "--- Installing Mitre's STIX ---"
apt-get install -y python-dev python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts
git clone https://github.com/CybOXProject/python-cybox.git > /dev/null 2>&1
git clone https://github.com/STIXProject/python-stix.git > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts/python-cybox
python3 setup.py install > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts/python-stix
python3 setup.py install > /dev/null 2>&1
# install mixbox to accomodate the new STIX dependencies:
cd $PATH_TO_MISP/app/files/scripts/
git clone https://github.com/CybOXProject/mixbox.git > /dev/null 2>&1
cd $PATH_TO_MISP/app/files/scripts/mixbox
python3 setup.py install > /dev/null 2>&1
echo "--- Retrieving CakePHP ---"
# CakePHP is included as a submodule of MISP, execute the following commands to let git fetch it:
cd $PATH_TO_MISP
git submodule init > /dev/null 2>&1
git submodule update > /dev/null 2>&1
# Once done, install CakeResque along with its dependencies if you intend to use the built in background jobs:
# Make composer cache happy
mkdir /var/www/.composer ; chown www-data:www-data /var/www/.composer
cd $PATH_TO_MISP/app
php composer.phar require kamisama/cake-resque:4.1.2 > /dev/null 2>&1
php composer.phar config vendor-dir Vendor > /dev/null 2>&1
php composer.phar install > /dev/null 2>&1
# Enable CakeResque with php-redis
phpenmod redis
phpenmod gnupg
# To use the scheduler worker for scheduled tasks, do the following:
cp -fa $PATH_TO_MISP/INSTALL/setup/config.php $PATH_TO_MISP/app/Plugin/CakeResque/Config/config.php
echo "--- Setting the permissions ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
echo "--- Creating a database user ---"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "create database $DBNAME;"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant usage on *.* to $DBUSER_MISP@localhost identified by '$DBPASSWORD_MISP';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "grant all privileges on $DBNAME.* to '$DBUSER_MISP'@'localhost';"
mysql -u $DBUSER_ADMIN -p$DBPASSWORD_ADMIN -e "flush privileges;"
# Import the empty MISP database from MYSQL.sql
cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP $DBNAME
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
echo "--- Configuring log rotation ---"
cp $PATH_TO_MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp
echo "--- MISP configuration ---"
# There are 4 sample configuration files in /var/www/MISP/app/Config that need to be copied
cp -a $PATH_TO_MISP/app/Config/bootstrap.default.php $PATH_TO_MISP/app/Config/bootstrap.php
cp -a $PATH_TO_MISP/app/Config/database.default.php $PATH_TO_MISP/app/Config/database.php
cp -a $PATH_TO_MISP/app/Config/core.default.php $PATH_TO_MISP/app/Config/core.php
cp -a $PATH_TO_MISP/app/Config/config.default.php $PATH_TO_MISP/app/Config/config.php
cat > $PATH_TO_MISP/app/Config/database.php <<EOF
<?php
class DATABASE_CONFIG {
public \$default = array(
'datasource' => 'Database/Mysql',
//'datasource' => 'Database/Postgres',
'persistent' => false,
'host' => '$DBHOST',
'login' => '$DBUSER_MISP',
'port' => 3306, // MySQL & MariaDB
//'port' => 5432, // PostgreSQL
'password' => '$DBPASSWORD_MISP',
'database' => '$DBNAME',
'prefix' => '',
'encoding' => 'utf8',
);
}
EOF
# and make sure the file permissions are still OK
chown -R www-data:www-data $PATH_TO_MISP/app/Config
chmod -R 750 $PATH_TO_MISP/app/Config
# Set some MISP directives with the command line tool
$CAKE Live $MISP_LIVE > /dev/null
# Enable ZeroMQ
$CAKE Admin setSetting "Plugin.ZeroMQ_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_port" 50000 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_database" 1 > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_include_attachments" false > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false > /dev/null
$CAKE Admin setSetting "Plugin.ZeroMQ_audit_notifications_enable" false > /dev/null
# Enable GnuPG
$CAKE Admin setSetting "GnuPG.email" "admin@admin.test" > /dev/null
$CAKE Admin setSetting "GnuPG.homedir" ${PATH_TO_MISP}/.gnupg > /dev/null
$CAKE Admin setSetting "GnuPG.binary" `which gpg` > /dev/null
$CAKE Admin setSetting "GnuPG.password" "Password1234" > /dev/null
# Enable Enrichment set better timeouts
$CAKE Admin setSetting "Plugin.Enrichment_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hover_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hover_timeout" 150 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_cve_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_dns_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_vmray_submit_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_asn_history_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_circl_passivedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_circl_passivessl_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_countrycode_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_domaintools_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_eupi_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_farsight_passivedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_ipasn_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_passivetotal_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_sourcecache_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_virustotal_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_whois_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_shodan_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_reversedns_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_geoip_country_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_wiki_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_iprep_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_threatminer_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_otx_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_threatcrowd_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_vulndb_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_crowdstrike_falcon_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_yara_syntax_validator_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_hashdd_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_onyphe_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_onyphe_full_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_rbl_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Enrichment_xforceexchange_enabled" false > /dev/null
# Enable Import modules set better timout
$CAKE Admin setSetting "Plugin.Import_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Import_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Import_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_csvimport_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Import_vmray_import_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_testimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_ocr_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_cuckooimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_goamlimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_email_import_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_mispjson_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_openiocimport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Import_threatanalyzer_import_enabled" false > /dev/null
# Enable Export modules set better timout
$CAKE Admin setSetting "Plugin.Export_services_enable" true > /dev/null
$CAKE Admin setSetting "Plugin.Export_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Export_services_port" 6666 > /dev/null
$CAKE Admin setSetting "Plugin.Export_timeout" 300 > /dev/null
$CAKE Admin setSetting "Plugin.Export_pdfexport_enabled" true > /dev/null
$CAKE Admin setSetting "Plugin.Export_testexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_testexport_restrict" 1 > /dev/null
$CAKE Admin setSetting "Plugin.Export_cef_export_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_liteexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_goamlexport_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_threat_connect_export_enabled" false > /dev/null
$CAKE Admin setSetting "Plugin.Export_threatStream_misp_export_enabled" false > /dev/null
# Enable installer org and tune some configurables
$CAKE Admin setSetting "MISP.host_org_id" 1 > /dev/null
$CAKE Admin setSetting "MISP.email" "info@admin.test" > /dev/null
$CAKE Admin setSetting "MISP.disable_emailing" true > /dev/null
$CAKE Admin setSetting "MISP.contact" "info@admin.test" > /dev/null
$CAKE Admin setSetting "MISP.disablerestalert" true > /dev/null
$CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true > /dev/null
# Provisional Cortex tunes
$CAKE Admin setSetting "Plugin.Cortex_services_enable" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_timeout" 120 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_port" 9000 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_timeout" 120 > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_services_authkey" "" > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false > /dev/null
$CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true > /dev/null
# Provisional Elastic Search tunes
$CAKE Admin setSetting "Plugin.ElasticSearch_logging_enable" false > /dev/null
# Various plugin sightings settings
$CAKE Admin setSetting "Plugin.Sightings_policy" 0 > /dev/null
$CAKE Admin setSetting "Plugin.Sightings_anonymise" false > /dev/null
$CAKE Admin setSetting "Plugin.Sightings_range" 365 > /dev/null
# Plugin CustomAuth tuneable
$CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false > /dev/null
# RPZ Plugin settings
$CAKE Admin setSetting "Plugin.RPZ_policy" "DROP" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_refresh" "2h" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_retry" "30m" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_expiry" "30d" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ttl" "1w" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ns" "localhost." > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_ns_alt" "" > /dev/null
$CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost" > /dev/null
# Force defaults to make MISP Server Settings less RED
$CAKE Admin setSetting "MISP.language" "eng" > /dev/null
$CAKE Admin setSetting "MISP.proposals_block_attributes" false > /dev/null
## Redis block
$CAKE Admin setSetting "MISP.redis_host" "127.0.0.1" > /dev/null
$CAKE Admin setSetting "MISP.redis_port" 6379 > /dev/null
$CAKE Admin setSetting "MISP.redis_database" 13 > /dev/null
$CAKE Admin setSetting "MISP.redis_password" "" > /dev/null
# Force defaults to make MISP Server Settings less YELLOW
$CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40 > /dev/null
$CAKE Admin setSetting "MISP.extended_alert_subject" false > /dev/null
$CAKE Admin setSetting "MISP.default_event_threat_level" 4 > /dev/null
$CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null
$CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" > /dev/null
$CAKE Admin setSetting "MISP.enableEventBlacklisting" true > /dev/null
$CAKE Admin setSetting "MISP.enableOrgBlacklisting" true > /dev/null
$CAKE Admin setSetting "MISP.log_client_ip" false > /dev/null
$CAKE Admin setSetting "MISP.log_auth" false > /dev/null
$CAKE Admin setSetting "MISP.disableUserSelfManagement" false > /dev/null
$CAKE Admin setSetting "MISP.block_event_alert" false > /dev/null
$CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" > /dev/null
$CAKE Admin setSetting "MISP.block_old_event_alert" false > /dev/null
$CAKE Admin setSetting "MISP.block_old_event_alert_age" "" > /dev/null
$CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false > /dev/null
$CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email. " > /dev/null
$CAKE Admin setSetting "MISP.footermidleft" "This is an autogenerated AMI." > /dev/null
$CAKE Admin setSetting "MISP.footermidright" "https://github.com/MISP/misp-cloud/" > /dev/null
$CAKE Admin setSetting "MISP.welcome_text_top" "Production usage is considered harmful. Read: https://github.com/MISP/misp-cloud/wiki/MISP-and-Cloud-Security" > /dev/null
$CAKE Admin setSetting "MISP.download_attachments_on_load" true > /dev/null
$CAKE Admin setSetting "MISP.title_text" "MISP" > /dev/null
$CAKE Admin setSetting "MISP.terms_download" false > /dev/null
$CAKE Admin setSetting "MISP.showorgalternate" false > /dev/null
$CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name" > /dev/null
# Force defaults to make MISP Server Settings less GREEN
$CAKE Admin setSetting "Security.password_policy_length" 12 > /dev/null
$CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' > /dev/null
# Tune global time outs
$CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null
$CAKE Admin setSetting "Session.timeout" 600 > /dev/null
$CAKE Admin setSetting "Session.cookie_timeout" 3600 > /dev/null
echo "--- Generating a GPG encryption key ---"
apt-get install -y rng-tools haveged > /dev/null 2>&1
sudo -u www-data mkdir $PATH_TO_MISP/.gnupg
chmod 700 $PATH_TO_MISP/.gnupg
cat >/tmp/gen-key-script <<EOF
%echo Generating a default key
Key-Type: default
Key-Length: $GPG_KEY_LENGTH
Subkey-Type: default
Name-Real: $GPG_REAL_NAME
Name-Comment: $GPG_COMMENT
Name-Email: $GPG_EMAIL_ADDRESS
Expire-Date: 0
Passphrase: $GPG_PASSPHRASE
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
sudo -u www-data gpg --homedir $PATH_TO_MISP/.gnupg --batch --gen-key /tmp/gen-key-script
rm -f /tmp/gen-key-script
# And export the public key to the webroot
sudo -u www-data sh -c "gpg --homedir $PATH_TO_MISP/.gnupg --export --armor $GPG_EMAIL_ADDRESS > $PATH_TO_MISP/app/webroot/gpg.asc"
echo "--- Making the background workers start on boot ---"
chmod 755 $PATH_TO_MISP/app/Console/worker/start.sh
# With initd:
if [ ! -e /etc/rc.local ]
then
echo '#!/bin/sh -e' | tee -a /etc/rc.local
echo 'exit 0' | tee -a /etc/rc.local
chmod u+x /etc/rc.local
fi
# redis-server requires the following /sys/kernel tweak
sed -i -e '$i \echo never > /sys/kernel/mm/transparent_hugepage/enabled\n' /etc/rc.local
sed -i -e '$i \echo 1024 > /proc/sys/net/core/somaxconn\n' /etc/rc.local
sed -i -e '$i \sysctl vm.overcommit_memory=1\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh\n' /etc/rc.local
sed -i -e '$i \sudo -u www-data misp-modules -l 0.0.0.0 -s &\n' /etc/rc.local
sed -i -e '$i \for d in $git_dirs; do\n' /etc/rc.local
sed -i -e '$i \ echo "Updating ${d}"\n' /etc/rc.local
sed -i -e '$i \ cd $d && git pull &\n' /etc/rc.local
sed -i -e '$i \done\n' /etc/rc.local
echo "--- Installing MISP modules ---"
apt-get install -y libpq5 libjpeg-dev libfuzzy-dev > /dev/null 2>&1
cd /usr/local/src/
git clone https://github.com/MISP/misp-modules.git
sudo chown -R www-data:www-data misp-modules
cd misp-modules
# pip3 install
pip3 install -I -r REQUIREMENTS > /dev/null 2>&1
pip3 install -I . > /dev/null 2>&1
pip3 install lief 2>&1
pip3 install maec 2>&1
pip3 install pathlib 2>&1
pip3 install pymisp python-magic wand yara > /dev/null 2>&1
pip3 install git+https://github.com/kbandla/pydeep.git > /dev/null 2>&1
# install STIX2.0 library to support STIX 2.0 export:
pip3 install stix2 > /dev/null 2>&1
echo "--- Setting the permissions ... ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
echo "--- Restarting Apache ---"
systemctl restart apache2 > /dev/null 2>&1
sleep 5
echo "--- Updating the galaxies ---"
sudo -u www-data -E $PATH_TO_MISP/app/Console/cake userInit -q > /dev/null
AUTH_KEY=$(mysql -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1)
# Update the galaxies
$CAKE Admin updateGalaxies > /dev/null 2>&1
# Updating the taxonomies
$CAKE Admin updateTaxonomies > /dev/null 2>&1
# Updating the warning lists
## $CAKE Admin updateWarningLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/warninglists/update > /dev/null 2>&1
# Updating the notice lists
## $CAKE Admin updateNoticeLists
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/noticelists/update > /dev/null 2>&1
# Updating the object templates
##$CAKE Admin updateObjectTemplates
curl --header "Authorization: $AUTH_KEY" --header "Accept: application/json" --header "Content-Type: application/json" -o /dev/null -s -X POST http://127.0.0.1/objectTemplates/update > /dev/null 2>&1
echo "--- Enabling MISP new pub/sub feature (ZeroMQ) ---"
apt-get install -y pkg-config python-redis python-zmq python3-zmq > /dev/null 2>&1
echo "--- Installing asciidoctor-pdf ---"
gem install asciidoctor-pdf --pre > /dev/null 2>&1
gem install pygments.rb > /dev/null 2>&1
echo "--- Ignoring filemode on all submodules ---"
cd $PATH_TO_MISP
sudo -u www-data git submodule foreach --recursive git config core.filemode false > /dev/null 2>&1
echo "--- autoremove for apt ---"
apt autoremove -y > /dev/null 2>&1
echo "--- Setting Baseurl and making sure Sessions do NOT auto regenerate ---"
$CAKE Baseurl "" > /dev/null 2>&1
$CAKE Admin setSetting "Session.autoRegenerate" 0 > /dev/null 2>&1
echo "--- Setting the permissions ---"
chown -R www-data:www-data $PATH_TO_MISP
chmod -R 750 $PATH_TO_MISP
chmod -R g+ws $PATH_TO_MISP/app/tmp
chmod -R g+ws $PATH_TO_MISP/app/files
chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
chmod 700 $PATH_TO_MISP/.gnupg