{"id":14702,"date":"2022-11-07T18:51:38","date_gmt":"2022-11-07T15:51:38","guid":{"rendered":"https:\/\/kifarunix.com\/?p=14702"},"modified":"2024-03-09T23:23:56","modified_gmt":"2024-03-09T20:23:56","slug":"install-misp-on-ubuntu","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-misp-on-ubuntu\/","title":{"rendered":"Install MISP on Ubuntu 22.04\/Ubuntu 20.04"},"content":{"rendered":"\n

In this tutorial, you will learn how to install MISP on Ubuntu 22.04\/Ubuntu 20.04. MISP<\/a>, an acronym for Malware Information Sharing Platform, is an open source threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information<\/em>.<\/p>\n\n\n\n

Installing MISP on Ubuntu 22.04\/Ubuntu 20.04<\/h2>\n\n\n\n

To install MISP on Ubuntu, you can use an install script<\/a> or simply do the manual installation so you have an idea of what is going on. We will go the manual way in this guide.<\/p>\n\n\n\n

Run system Update<\/h3>\n\n\n\n

To begin with, ensure your system package cache is up-to-date.<\/p>\n\n\n\n

sudo apt update<\/code><\/pre>\n\n\n\n
Install Postfix anf Other Required Packages<\/h3>\n\n\n\n
If you want to configure MISP to sent out email notifications, you install Postfix to use with your preferred mail relays.<\/p>\n\n\n\n
sudo apt install postfix mailutils curl gcc git gpg-agent make libcaca-dev liblua5.3-dev \\\npython python3 openssl redis-server vim zip unzip virtualenv libfuzzy-dev sqlite3 \\\nmoreutils python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev \\\npython-setuptools openssl cmake<\/code><\/pre>\n\n\n\n
When prompted to choose the Postfix general type of mail configuration, select Internet Site<\/strong><\/p>\n\n\n\n
For the domain part, select your domain part (not FQDN). E.g if your hostname is misp.kifarunix-demo.com<\/strong>, use kifarunix-demo.com<\/strong>.<\/p>\n\n\n\n
Create MISP User Account<\/h3>\n\n\n\n
Run the command below to create MISP user account and add it to other system groups.<\/p>\n\n\n\n
sudo useradd -s \/bin\/bash -m -G adm,cdrom,sudo,dip,plugdev,www-data,staff misp<\/code><\/pre>\n\n\n\n
Set the password for the user account.<\/p>\n\n\n\n
sudo passwd misp<\/code><\/pre>\n\n\n\n
Install LAMP Stack and Required Dependencies<\/h3>\n\n\n\n
Run the command below to install LAMP stack and other required packages.<\/p>\n\n\n\n
Install MariaDB 10.9, current stable release version as of this writing.<\/p>\n\n\n\n
curl -LsS https:\/\/downloads.mariadb.com\/MariaDB\/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=10.9<\/code><\/pre>\n\n\n\n
sudo apt install mariadb-client mariadb-server -y<\/code><\/pre>\n\n\n\n
Install PHP 7.4 and required PHP modules;<\/p>\n\n\n\n
apt install libapache2-mod-php php php-cli php-dev php-json php-xml php-mysql php-opcache \\\nphp-readline php-mbstring php-zip php-redis php-gnupg php-intl php-bcmath php-gd php-curl<\/code><\/pre>\n\n\n\n
On Ubuntu 22.04, check this guide on how to install PHP 7.4 on Ubuntu 22.04<\/a>.<\/p>\n\n\n\n
Next, update the following PHP configuration options;<\/p>\n\n\n\n
vim \/etc\/php\/7.4\/apache2\/php.ini<\/code><\/pre>\n\n\n\n
upload_max_filesize=\"50M\"\npost_max_size=\"50M\"\nmax_execution_time=\"300\"\nmemory_limit=\"2048M\"<\/code><\/pre>\n\n\n\n
Similarly, update PHP session ID length and set strict session ID mode;<\/p>\n\n\n\n
echo -e 'session0sid_length=\"32\"\\nsession0use_strict_mode=\"1\"' | sudo tee -a \/etc\/php\/7.4\/apache2\/php.ini<\/code><\/pre>\n\n\n\n
Create MISP Database and Database User<\/h3>\n\n\n\n
Login to MySQL and create MISP database and database user<\/p>\n\n\n\n
First of all, run MySQL initial secure script;<\/p>\n\n\n\n
sudo systemctl start mariadb<\/code><\/pre>\n\n\n\n
sudo mysql_secure_installation<\/code><\/pre>\n\n\n\n
Once you have ran the script, proceed to create MISP database and database user;<\/p>\n\n\n\n
sudo mysql -u root -p -e \"create database misp;\"<\/code><\/pre>\n\n\n\n
sudo mysql -u root -p -e \"grant all on misp.* to mispadmin@localhost identified by 'MISP-DB-Password<\/strong>';\"<\/code><\/pre>\n\n\n\n
sudo mysql -u root -p -e \"flush privileges;\"<\/code><\/pre>\n\n\n\n
Import MISP database into database created above;<\/p>\n\n\n\n
sudo -Hu www-data cat \/var\/www\/MISP\/INSTALL\/MYSQL.sql | mysql -u mispadmin -p misp<\/code><\/pre>\n\n\n\n
Installing MISP on Ubuntu<\/h3>\n\n\n\n
Create MISP directory under \/var\/www<\/code>;<\/p>\n\n\n\n
sudo mkdir \/var\/www\/MISP<\/code><\/pre>\n\n\n\n
Clone the MISP Core Github repository into the directory above;<\/p>\n\n\n\n
sudo git clone https:\/\/github.com\/MISP\/MISP.git \/var\/www\/MISP\/<\/code><\/pre>\n\n\n\n
sudo git -C \/var\/www\/MISP\/ submodule update --progress --init --recursive<\/code><\/pre>\n\n\n\n
sudo chown -R www-data: \/var\/www\/MISP<\/code><\/pre>\n\n\n\n
sudo -u www-data git -C \/var\/www\/MISP submodule foreach --recursive git config core.filemode false<\/code><\/pre>\n\n\n\n
sudo -u www-data git -C \/var\/www\/MISP config core.filemode false<\/code><\/pre>\n\n\n\n
Create a python3 virtualenv<\/p>\n\n\n\n
sudo -u www-data virtualenv -p python3 \/var\/www\/MISP\/venv<\/code><\/pre>\n\n\n\n
Create PIP cache directory;<\/p>\n\n\n\n
sudo mkdir \/var\/www\/.cache\/<\/code><\/pre>\n\n\n\n
sudo chown -R www-data: \/var\/www\/.cache\/<\/code><\/pre>\n\n\n\n
Install python-stix<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install ordered-set python-dateutil six weakrefmethod<\/code><\/pre>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install \/var\/www\/MISP\/app\/files\/scripts\/misp-stix<\/code><\/pre>\n\n\n\n
Install PyMISP;<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install \/var\/www\/MISP\/PyMISP<\/code><\/pre>\n\n\n\n
Remove libfaup;<\/p>\n\n\n\n
cd \/tmp<\/code><\/pre>\n\n\n\n
git clone https:\/\/github.com\/stricaud\/faup.git faup<\/code><\/pre>\n\n\n\n
sudo git clone https:\/\/github.com\/stricaud\/gtcaca.git gtcaca<\/code><\/pre>\n\n\n\n
sudo chown -R misp: faup gtcaca<\/code><\/pre>\n\n\n\n
sudo mkdir gtcaca\/build && cd gtcaca\/build<\/code><\/pre>\n\n\n\n
sudo cmake .. && sudo make && sudo make install<\/code><\/pre>\n\n\n\n
sudo mkdir -p \/tmp\/faup\/build && cd \/tmp\/faup\/build<\/code><\/pre>\n\n\n\n
sudo cmake .. && sudo make && sudo make install<\/code><\/pre>\n\n\n\n
Create the necessary links and cache to the just installed libraries;<\/p>\n\n\n\n
sudo ldconfig<\/code><\/pre>\n\n\n\n
Install PyDeep;<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install git+https:\/\/github.com\/kbandla\/pydeep.git<\/code><\/pre>\n\n\n\n
Install lief<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install lief<\/code><\/pre>\n\n\n\n
Install zmq<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install zmq redis<\/code><\/pre>\n\n\n\n
Install python-magic<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install python-magic<\/code><\/pre>\n\n\n\n
Install plyara;<\/p>\n\n\n\n
sudo -u www-data \/var\/www\/MISP\/venv\/bin\/pip install plyara<\/code><\/pre>\n\n\n\n
Install CakePHP<\/h3>\n\n\n\n
Create PHP composer directory;<\/p>\n\n\n\n
sudo mkdir -p \/var\/www\/.composer<\/code><\/pre>\n\n\n\n
Set the ownership;<\/p>\n\n\n\n
sudo chown -R www-data: \/var\/www\/.composer<\/code><\/pre>\n\n\n\n
Install CakePHP;<\/p>\n\n\n\n
cd \/var\/www\/MISP\/app<\/code><\/pre>\n\n\n\n
sudo -u www-data php composer.phar install --no-dev<\/code><\/pre>\n\n\n\n
Enable CakeResque with php-redis<\/p>\n\n\n\n
sudo phpenmod redis\nsudo phpenmod gnupg<\/code><\/pre>\n\n\n\n
Enable the use of scheduler worker for scheduled tasks;<\/p>\n\n\n\n
sudo -u www-data cp -fa \/var\/www\/MISP\/INSTALL\/setup\/config.php \/var\/www\/MISP\/app\/Plugin\/CakeResque\/Config\/config.php<\/code><\/pre>\n\n\n\n
Set Proper Permissions and Ownership of MISP directories<\/h3>\n\n\n\n
Once the installation of MISP is done, update the ownership and permissions of the directories;<\/p>\n\n\n\n
sudo chown -R www-data: \/var\/www\/MISP<\/code><\/pre>\n\n\n\n
sudo chmod -R 750 \/var\/www\/MISP<\/code><\/pre>\n\n\n\n
sudo chmod -R g+ws \/var\/www\/MISP\/app\/tmp \/var\/www\/MISP\/app\/files<\/code><\/pre>\n\n\n\n
Enable MISP Log Rotation<\/h3>\n\n\n\n
sudo cp \/var\/www\/MISP\/INSTALL\/misp.logrotate \/etc\/logrotate.d\/misp\nsudo chmod 0640 \/etc\/logrotate.d\/misp<\/code><\/pre>\n\n\n\n
This is how to the config file is like;<\/p>\n\n\n\n
cat \/etc\/logrotate.d\/misp<\/code><\/pre>\n\n\n\n
\/var\/www\/MISP\/app\/tmp\/logs\/*.log {\n    rotate 30\n    dateext\n    missingok\n    notifempty\n    compress\n    daily\n    size 50M\n    maxsize 500M\n    copytruncate\n}\n<\/code><\/pre>\n\n\n\n
Configure MISP<\/h3>\n\n\n\n
Rename the default configurations as follows;<\/p>\n\n\n\n
sudo -u www-data cp -a \/var\/www\/MISP\/app\/Config\/bootstrap{.default,}.php\nsudo -u www-data cp -a \/var\/www\/MISP\/app\/Config\/database{.default,}.php\nsudo -u www-data cp -a \/var\/www\/MISP\/app\/Config\/core{.default,}.php\nsudo -u www-data cp -a \/var\/www\/MISP\/app\/Config\/config{.default,}.php<\/code><\/pre>\n\n\n\n
Update database connection details;<\/p>\n\n\n\n
sudo vim \/var\/www\/MISP\/app\/Config\/database.php<\/code><\/pre>\n\n\n\n
class DATABASE_CONFIG {\n\n        public $default = array(\n                'datasource' => 'Database\/Mysql',\n                \/\/'datasource' => 'Database\/Postgres',\n                'persistent' => false,\n                'host' => 'localhost',\n                'login' => 'mispadmin<\/strong>',\n                'port' => 3306, \/\/ MySQL & MariaDB\n                \/\/'port' => 5432, \/\/ PostgreSQL\n                'password' => 'MISP-DB-Password<\/strong><\/strong>',\n                'database' => 'misp<\/strong>',\n                'prefix' => '',\n                'encoding' => 'utf8',\n        );\n}\n<\/code><\/pre>\n\n\n\n
Save and exit the file;<\/p>\n\n\n\n
Generate MISP GnuPG key;<\/h3>\n\n\n\n
Create a batch file to define variable required for non-interactive GPG keys generation.<\/p>\n\n\n\n
tee > ~\/misp-gpg-batch-file << 'EOL'\nKey-Type: default\nKey-Length: 4096\nSubkey-Type: default\nName-Real: MISP-gpg-key\nName-Email: admin@kifarunix-demo.com\nExpire-Date: 0\nPassphrase: 42e9865a824b4e237c5146b0af888016de8\nEOL\n<\/code><\/pre>\n\n\n\n
sudo -u www-data gpg --homedir \/var\/www\/MISP\/.gnupg --batch --gen-key ~\/misp-gpg-batch-file<\/code><\/pre>\n\n\n\n
Sample output;<\/p>\n\n\n\n
gpg: directory '\/var\/www\/MISP\/.gnupg' created\ngpg: keybox '\/var\/www\/MISP\/.gnupg\/pubring.kbx' created\ngpg: \/var\/www\/MISP\/.gnupg\/trustdb.gpg: trustdb created\ngpg: key DA6AA0A6057E4C28 marked as ultimately trusted\ngpg: directory '\/var\/www\/MISP\/.gnupg\/openpgp-revocs.d' created\ngpg: revocation certificate stored as '\/var\/www\/MISP\/.gnupg\/openpgp-revocs.d\/757A0C2F91D894522A388A04DA6AA0A6057E4C28.rev'<\/code><\/pre>\n\n\n\n
Export the public key to MISP webroot<\/p>\n\n\n\n
sudo -u www-data gpg --homedir \/var\/www\/MISP\/.gnupg --export --armor admin@kifarunix-demo.com \\\n| sudo -u www-data tee \/var\/www\/MISP\/app\/webroot\/gpg.asc<\/code><\/pre>\n\n\n\n
Setup MISP Background Workers<\/h3>\n\n\n\n
Create a systemd service for MISP background workers;<\/p>\n\n\n\n
sudo tee \/etc\/systemd\/system\/misp-workers.service << 'EOL'\n[Unit]\nDescription=MISP background workers\nAfter=network.target\n\n[Service]\nType=forking\nUser=www-data\nGroup=www-data\nExecStart=\/var\/www\/MISP\/app\/Console\/worker\/start.sh\nRestart=always\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n
Reload systemd configs and start the service;<\/p>\n\n\n\n
sudo systemctl daemon-reload\nsudo systemctl enable --now misp-workers<\/code><\/pre>\n\n\n\n
Confirm status;<\/p>\n\n\n\n
systemctl status misp-workers.service<\/code><\/pre>\n\n\n\n
\u25cf misp-workers.service - MISP background workers\n     Loaded: loaded (\/etc\/systemd\/system\/misp-workers.service; enabled; vendor preset: enabled)\n     Active: active (running) since Fri 2022-11-04 20:24:54 UTC; 10s ago\n    Process: 62522 ExecStart=\/var\/www\/MISP\/app\/Console\/worker\/start.sh (code=exited, status=0\/SUCCESS)\n      Tasks: 12 (limit: 4610)\n     Memory: 61.0M\n     CGroup: \/system.slice\/misp-workers.service\n             \u251c\u250062555 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex';     VERBOSE=true  QUEUE='default'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResque\/tmp\/1667>\n             \u251c\u250062556 php .\/bin\/resque\n             \u251c\u250062573 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex';     VERBOSE=true  QUEUE='prio'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResque\/tmp\/1667593>\n             \u251c\u250062574 php .\/bin\/resque\n             \u251c\u250062589 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex';     VERBOSE=true  QUEUE='cache'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResque\/tmp\/166759>\n             \u251c\u250062590 php .\/bin\/resque\n             \u251c\u250062606 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex';     VERBOSE=true  QUEUE='email'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResque\/tmp\/166759>\n             \u251c\u250062607 php .\/bin\/resque\n             \u251c\u250062622 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex';     VERBOSE=true  QUEUE='update'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResque\/tmp\/16675>\n             \u251c\u250062623 php .\/bin\/resque\n             \u251c\u250062638 bash -c cd '\/var\/www\/MISP\/app\/Vendor\/kamisama\/php-resque-ex-scheduler';     VERBOSE=true  QUEUE='default'  PIDFILE='\/var\/www\/MISP\/app\/Plugin\/CakeResqu>\n             \u2514\u250062639 php .\/bin\/resque-scheduler.php\n\nNov 04 20:24:53 thehive.kifarunix-demo.com start.sh[62562]: Starting worker ... Done\nNov 04 20:24:53 thehive.kifarunix-demo.com start.sh[62578]: Creating workers\nNov 04 20:24:53 thehive.kifarunix-demo.com start.sh[62578]: Starting worker ... Done\nNov 04 20:24:53 thehive.kifarunix-demo.com start.sh[62594]: Creating workers\nNov 04 20:24:53 thehive.kifarunix-demo.com start.sh[62594]: Starting worker ... Done\nNov 04 20:24:54 thehive.kifarunix-demo.com start.sh[62611]: Creating workers\nNov 04 20:24:54 thehive.kifarunix-demo.com start.sh[62611]: Starting worker ... Done\nNov 04 20:24:54 thehive.kifarunix-demo.com start.sh[62627]: Creating the scheduler workers\nNov 04 20:24:54 thehive.kifarunix-demo.com start.sh[62627]: Starting scheduler worker ... Done\nNov 04 20:24:54 thehive.kifarunix-demo.com systemd[1]: Started MISP background workers.\n\n<\/code><\/pre>\n\n\n\n
Next;<\/p>\n\n\n\n
    \n
  • disable Linux Kernel\u2019s support for Transparent Huge Pages (THP),<\/li>\n\n\n\n
  • limit the number of incoming connections to 1024,<\/li>\n\n\n\n
  • Enable memory over-commit.<\/li>\n<\/ul>\n\n\n\n
    You can easily set a systemd service to sort the above;<\/p>\n\n\n\n
    sudo cat > \/etc\/systemd\/system\/thp-so-mo.service << 'EOL'\n[Unit]\nDescription=Disable Kernel Support for THP, Set Socket Max Conxs and Enable Memory Overcommit.\n\n[Service]\nType=simple\nExecStart=\/bin\/sh -c \"echo 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/enabled && \\\necho 'never' > \/sys\/kernel\/mm\/transparent_hugepage\/defrag && \\\necho 1024 > \/proc\/sys\/net\/core\/somaxconn && \\\nsysctl vm.overcommit_memory=1\"\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n
    Initialize MISP Configuration<\/h3>\n\n\n\n
    Initialize the user and fetch authentication key;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake userInit -q<\/code><\/pre>\n\n\n\n
    Sample out;<\/p>\n\n\n\n
    dLiRqsfiiNAIIza9U7zqnwKKZBf83kDBSd2BUdeA<\/code><\/pre>\n\n\n\n
    Enable database updates;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin runUpdates<\/code><\/pre>\n\n\n\n
    Define global time outs<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Session.autoRegenerate\" 0\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Session.timeout\" 600\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Session.cookieTimeout\" 3600<\/code><\/pre>\n\n\n\n
    Set default tmp directory;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.tmpdir\" \"\/var\/www\/MISP\/app\/tmp\"<\/code><\/pre>\n\n\n\n
    Enable GnuPG;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"GnuPG.email\" \"admin@kifarunix-demo.com\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"GnuPG.homedir\" \"\/var\/www\/MISP\/.gnupg\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"GnuPG.password\" \"42e9865a824b4e237c5146b0af888016de8\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"GnuPG.obscure_subject\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"GnuPG.binary\" \"$(which gpg)\"\n<\/code><\/pre>\n\n\n\n
    Update other MISP configurations;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.host_org_id\" 1\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.email\" \"admin@kifarunix-demo.com\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disable_emailing\" true --force\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.contact\" \"admin@kifarunix-demo.com\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disablerestalert\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.showCorrelationsOnIndex\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.default_event_tag_collection\" 0\n<\/code><\/pre>\n\n\n\n
    Tunning Cortex;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_services_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_services_url\" \"http:\/\/127.0.0.1\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_services_port\" 9000\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_timeout\" 120\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_authkey\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_ssl_verify_peer\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_ssl_verify_host\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Cortex_ssl_allow_self_signed\" true\n<\/code><\/pre>\n\n\n\n
    Update plugin settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Sightings_policy\" 0\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Sightings_anonymise\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Sightings_anonymise_as\" 1\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Sightings_range\" 365\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Sightings_sighting_db_enable\" false\n<\/code><\/pre>\n\n\n\n
    Disable API_Required modules;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_cuckoo_submit_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_vmray_submit_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_circl_passivedns_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_circl_passivessl_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_domaintools_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_eupi_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_farsight_passivedns_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_passivetotal_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_passivetotal_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_virustotal_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_whois_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_shodan_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_geoip_asn_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_geoip_city_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_geoip_country_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_iprep_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_otx_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_vulndb_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_crowdstrike_falcon_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_onyphe_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_xforceexchange_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_vulners_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_macaddress_io_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_intel471_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_backscatter_io_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_hibp_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_greynoise_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_joesandbox_submit_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_virustotal_public_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_apiosintds_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_urlscan_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_securitytrails_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_apivoid_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_assemblyline_submit_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_assemblyline_query_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_ransomcoindb_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_lastline_query_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_sophoslabs_intelix_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_cytomic_orion_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_censys_enrich_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_trustar_enrich_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.Enrichment_recordedfuture_enabled false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.ElasticSearch_logging_enable false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting Plugin.S3_enable false\n<\/code><\/pre>\n\n\n\n
    CustomAuth Plugin;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.CustomAuth_disable_logout\" false<\/code><\/pre>\n\n\n\n
    RPZ Plugin settings<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_policy\" \"DROP\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_walled_garden\" \"127.0.0.1\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_serial\" \"\\$date00\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_refresh\" \"2h\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_retry\" \"30m\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_expiry\" \"30d\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_minimum_ttl\" \"1h\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_ttl\" \"1w\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_ns\" \"localhost.\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_ns_alt\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.RPZ_email\" \"root.localhost\"\n<\/code><\/pre>\n\n\n\n
    Kafka settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_brokers\" \"kafka:9092\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_rdkafka_config\" \"\/etc\/rdkafka.ini\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_include_attachments\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_event_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_event_notifications_topic\" \"misp_event\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_event_publish_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_event_publish_notifications_topic\" \"misp_event_publish\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_object_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_object_notifications_topic\" \"misp_object\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_object_reference_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_object_reference_notifications_topic\" \"misp_object_reference\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_attribute_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_attribute_notifications_topic\" \"misp_attribute\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_shadow_attribute_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_shadow_attribute_notifications_topic\" \"misp_shadow_attribute\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_tag_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_tag_notifications_topic\" \"misp_tag\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_sighting_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_sighting_notifications_topic\" \"misp_sighting\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_user_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_user_notifications_topic\" \"misp_user\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_organisation_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_organisation_notifications_topic\" \"misp_organisation\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_audit_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.Kafka_audit_notifications_topic\" \"misp_audit\"\n<\/code><\/pre>\n\n\n\n
    ZeroMQ settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_host\" \"127.0.0.1\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_port\" 50000\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_redis_host\" \"localhost\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_redis_port\" 6379\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_redis_database\" 1\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_redis_namespace\" \"mispq\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_event_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_object_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_object_reference_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_attribute_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_sighting_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_user_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_organisation_notifications_enable\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_include_attachments\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Plugin.ZeroMQ_tag_notifications_enable\" false\n<\/code><\/pre>\n\n\n\n
    Set default language and disable proposal attributes block;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.language\" \"eng\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.proposals_block_attributes\" false<\/code><\/pre>\n\n\n\n
    Set Redis settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.redis_host\" \"127.0.0.1\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.redis_port\" 6379\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.redis_database\" 13\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.redis_password\" \"\"<\/code><\/pre>\n\n\n\n
    Set MISP default settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.ssdeep_correlation_threshold\" 40\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.extended_alert_subject\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.default_event_threat_level\" 4\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.newUserText\" \"Dear new MISP user,\\\\n\\\\nWe would hereby like to welcome you to the \\$org MISP community.\\\\n\\\\n Use the credentials below to log into MISP at \\$misp, where you will be prompted to manually change your password to something of your own choice.\\\\n\\\\nUsername: \\$username\\\\nPassword: \\$password\\\\n\\\\nIf you have any questions, don't hesitate to contact us at: \\$contact.\\\\n\\\\nBest regards,\\\\nYour \\$org MISP support team\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.passwordResetText\" \"Dear MISP user,\\\\n\\\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \\$misp, where you will be prompted to manually change your password to something of your own choice.\\\\n\\\\nUsername: \\$username\\\\nYour temporary password: \\$password\\\\n\\\\nIf you have any questions, don't hesitate to contact us at: \\$contact.\\\\n\\\\nBest regards,\\\\nYour \\$org MISP support team\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.enableEventBlocklisting\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.enableOrgBlocklisting\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.log_client_ip\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.log_auth\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.log_user_ips\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.log_user_ips_authkeys\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disableUserSelfManagement\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disable_user_login_change\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disable_user_password_change\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.disable_user_add\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.block_event_alert\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.block_event_alert_tag\" \"no-alerts=\\\"true\\\"\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.block_old_event_alert\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.block_old_event_alert_age\" \"\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.block_old_event_alert_by_date\" \"\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.event_alert_republish_ban\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.event_alert_republish_ban_threshold\" 5\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.event_alert_republish_ban_refresh_on_retry\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.incoming_tags_disabled_by_default\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.maintenance_message\" \"Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at admin@kifarunix-demo.com.\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.footermidleft\" \"This is an initial install\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.footermidright\" \"Please configure and harden accordingly\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.welcome_text_top\" \"Initial Install, please configure\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.welcome_text_bottom\" \"Welcome to Kifarunix-demo MISP\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.attachments_dir\" \"\/var\/www\/MISP\/app\/files\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.download_attachments_on_load\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.event_alert_metadata_only\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.title_text\" \"MISP\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.terms_download\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.showorgalternate\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"MISP.event_view_filter_fields\" \"id, uuid, value, comment, type, category, Tag.name\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"debug\" 0\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.auth_enforced\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.log_each_individual_auth_fail\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.rest_client_baseurl\" \"\"\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.advanced_authkeys\" false\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.password_policy_length\" 12\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.password_policy_complexity\" '\/^((?=.*\\d)|(?=.*\\W+))(?![\\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}\/'\n<\/code><\/pre>\n\n\n\n
    MISP Security settings;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.disable_browser_cache\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.check_sec_fetch_site_header\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.csp_enforce\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.advanced_authkeys\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.do_not_log_authkeys\" true\nsudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin setSetting \"Security.username_in_response_header\" true<\/code><\/pre>\n\n\n\n
    Enable MISP user login;<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Live 1<\/code><\/pre>\n\n\n\n
    Update MISP Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates<\/p>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin updateGalaxies<\/code><\/pre>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin updateTaxonomies<\/code><\/pre>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin updateWarningLists<\/code><\/pre>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin updateNoticeLists<\/code><\/pre>\n\n\n\n
    sudo -Hu www-data \/var\/www\/MISP\/app\/Console\/cake Admin updateObjectTemplates \"1337\"<\/code><\/pre>\n\n\n\n
    Configure Apache Web Server for MISP<\/h3>\n\n\n\n
    MISP ships with sample Apache HTTP\/HTTPS configuration file under \/var\/www\/MISP\/INSTALL\/apache.24.misp.ssl<\/code><\/strong>.<\/p>\n\n\n\n
    Copy this file to Apache Sites available directory;<\/p>\n\n\n\n
    sudo cp \/var\/www\/MISP\/INSTALL\/apache.24.misp.ssl \/etc\/apache2\/sites-available\/misp.conf<\/code><\/pre>\n\n\n\n
    Sample contents;<\/p>\n\n\n\n
    sudo cat \/etc\/apache2\/sites-available\/misp.conf<\/code><\/pre>\n\n\n\n
    <VirtualHost *:80>\n    ServerAdmin serveradmin@misp.local\n    ServerName misp.local\n\n    # In theory not needed, left for debug purposes\n    # LogLevel warn\n    # ErrorLog \/var\/log\/apache2\/misp.local_p80_error.log\n    # CustomLog \/var\/log\/apache2\/misp.local_p80_access.log combined\n\n    Header always unset \"X-Powered-By\"\n\n    RewriteEngine On\n    RewriteCond %{HTTPS}  !=on\n    RewriteRule ^\/?(.*) https:\/\/%{SERVER_NAME}\/$1 [R,L]\n\n    ServerSignature Off\n<\/VirtualHost>\n\n<VirtualHost *:443>\n    ServerAdmin serveradmin@misp.local\n    ServerName misp.local\n    DocumentRoot \/var\/www\/MISP\/app\/webroot\n    <Directory \/var\/www\/MISP\/app\/webroot>\n        Options -Indexes\n        AllowOverride all\n        Require all granted\n    <\/Directory>\n\n    SSLEngine On\n    \n# StrongCiphers4All! \\o\/\n# This proposal adds strong cipher suites based on the Mozilla recommendations. \n# mozilla config generator: https:\/\/ssl-config.mozilla.org\/#server=apache&version=2.4.29&config=intermediate&openssl=1.1.1&guideline=5.6\n# intermediate configuration\nSSLProtocol \t\t    All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\nSSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384\nSSLHonorCipherOrder     off\nSSLSessionTickets       off\n\n# enable HTTP\/2, if available\nProtocols h2 http\/1.1\n\n    SSLCertificateFile \/etc\/ssl\/private\/misp.local.crt\n    SSLCertificateKeyFile \/etc\/ssl\/private\/misp.local.key\n#    SSLCertificateChainFile \/etc\/ssl\/private\/misp-chain.crt\n\n    LogLevel warn\n    ErrorLog \/var\/log\/apache2\/misp.local_error.log\n    CustomLog \/var\/log\/apache2\/misp.local_access.log combined\n\n    ServerSignature Off\n\n    Header always set Strict-Transport-Security \"max-age=31536000; includeSubdomains;\"\n    Header always set X-Content-Type-Options nosniff\n    Header always set X-Frame-Options SAMEORIGIN \n    Header always unset \"X-Powered-By\"\n\n    # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy\n    ## Example:\n    # Header always set X-XSS-Protection \"1; mode=block\"\n    # Header always set Content-Security-Policy \"default-src 'none'; style-src 'self' ... script-src\/font-src\/img-src\/connect-src\n    # Header always set Referrer-Policy \"strict-origin-when-cross-origin\"\n    # Header always set Feature-Policy \"geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'\"\n<\/VirtualHost>\n\n# strongciphers4All! \\o\/\nSSLUseStapling On\nSSLStaplingCache \"shmcb:logs\/ssl_stapling(32768)\"\n<\/code><\/pre>\n\n\n\n
    For me, there are only a few lines I will update;<\/p>\n\n\n\n
        ServerAdmin serveradmin@misp.local<\/strong>\n    ServerName misp.local<\/strong><\/code><\/pre>\n\n\n\n
       <\/strong> ServerAdmin serveradmin@kifarunix-demo.com\n    <\/strong>ServerName misp.kifarunix-demo.com<\/strong><\/code><\/pre>\n\n\n\n
    Next, install the SSL\/TLS certificates accordingly.<\/p>\n\n\n\n
    We are using self-signed SSL\/TLS certs in this demo.<\/p>\n\n\n\n
    sudo openssl req -newkey rsa:4096 -days 365 -nodes -x509 -subj \"\/CN=*.kifarunix-demo.com\" \\\n-keyout \/etc\/ssl\/private\/misp.local.key -out \/etc\/ssl\/private\/misp.local.crt<\/code><\/pre>\n\n\n\n
    Enable required modules;<\/p>\n\n\n\n
    sudo a2enmod status ssl rewrite headers<\/code><\/pre>\n\n\n\n
    Disable default Apache sites and enable MISP site;<\/p>\n\n\n\n
    sudo a2dissite 000-default.conf<\/code><\/pre>\n\n\n\n
    sudo a2ensite misp.conf<\/code><\/pre>\n\n\n\n
    Check Apache config errors;<\/p>\n\n\n\n
    sudo apache2ctl -t<\/code><\/pre>\n\n\n\n
    Ensure the output is Syntax OK<\/code><\/strong>.<\/p>\n\n\n\n
    Restart Apache;<\/p>\n\n\n\n
    sudo systemctl restart apache2<\/code><\/pre>\n\n\n\n
    Open Apache ports on firewall to allow external access;<\/p>\n\n\n\n
    ufw allow \"Apache Full\"<\/code><\/pre>\n\n\n\n
    Login to MISP User Interface<\/h3>\n\n\n\n
    At this point, you can now login to MISP, using the address you defined before. e.g https:\/\/misp.kifarunix-demo.com<\/p>\n\n\n\n
    \"Install<\/figure><\/a><\/div>\n\n\n\n
    Default credentials;<\/p>\n\n\n\n