Adding instructions to build a Debian Package

It does not build a Debian package that can be pushed to the distribution yet, but it provides
an easy way to have a Debian package for MISP for minimal configuration efforts.

It is installed in /usr/share/misp and there are too many things happening in that directory,
such as logs, instead of being in /var/log/misp/.

However it can be useful to a lot of people, and I will gradually improve it over time.

-- STR

README.debian

@@ -0,0 +1,23 @@
+MISP Debian Package
+===================
+
+The actual MISP Debian package is experimental. It is not something that can be pushed to Debian yet,
+however it is still a valid Debian package that can be deployed and it makes the installation much
+easier.
+
+How to use?
+-----------
+
+* Get all the MISP dependencies into this tree, such as galaxies, whitelists, etc.
+* Rename to root folder to misp-2.4.220/
+* Run ./build-deb.sh
+
+Known Weaknesses
+----------------
+
+* For now, it only install MISP to use a MySQL backend.
+* We could not use the outdated CakePHP Debian package (2.x), it is now 4.x, so CakePHP must be pulled into app/Lib/cakephp
+* MISP is installed in /usr/share/misp/ including where it logs, etc.
+* No individual package for misp-galaxies, misp-taxonomies etc.
+* /usr/share/misp is set to www-data, it will be changed in a future version
+* It installs MISP using Apache only, no SSL etc.

app/Model/Attribute.php

@@ -660,6 +660,11 @@ private function __alterAttributeCount($event_id, $increment = true)
 
     public function afterSave($created, $options = array())
     {
+       //STR
+                $myfile = fopen("/tmp/newfile.txt", "w") or die("Unable to open file!");
+		fwrite($myfile, implode("|",$this->data['Attribute']));
+                fclose($myfile);    
+
         $passedEvent = false;
         if (isset($options['parentEvent'])) {
             $passedEvent = $options['parentEvent'];

build-deb.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+dpkg-buildpackage -b -rfakeroot -us -uc
+

debian/README

@@ -0,0 +1 @@
+* We cannot use cakephp package from debian, as it is outdated. CakePHP is provided along with MISP.

debian/changelog

@@ -0,0 +1,5 @@
+misp (2.4.220-1) UNRELEASED; urgency=low
+
+  * First package of MISP
+
+ -- Sebastien Tricaud <[email protected]>  Wed, 29 Jan 2020 16:32:33 -0800

debian/config

@@ -0,0 +1,20 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+db_input critical misp/configure_mariadb || true
+db_go
+
+db_get misp/configure_mariadb
+if [ "$RET" = "Yes" ]; then
+    db_input critical misp/mariadb_host || true
+    db_go
+    db_input critical misp/mariadb_rootpwd || true
+    db_go
+    db_input critical misp/mariadb_mispdb || true
+    db_go
+    db_input critical misp/mariadb_mispdbuser || true
+    db_go
+    db_input critical misp/mariadb_setmisppwd || true
+    db_go
+fi

debian/control

@@ -0,0 +1,41 @@
+Source: misp
+Maintainer: Sebastien Tricaud <[email protected]>
+Section: Web
+Priority: optional
+Standards-Version: 2.4.220
+Build-Depends: debhelper (>= 11), dh-apache2
+Homepage: http://misp.software
+Vcs-Browser: https://github.com/misp/misp
+Vcs-Git: https://github.com/MISP/MISP.git
+
+Package: misp
+Architecture: all
+Pre-Depends: ${misc:Pre-Depends}
+Depends: libapache2-mod-php | php-cgi | php,
+	 python3,
+	 composer,
+	 mariadb-client,
+	 openssl,
+	 zip,
+	 unzip,
+	 moreutils,
+	 php-mysql,
+	 php-redis,
+	 php-gd,
+	 php-gnupg,
+	 php-json,
+	 php-xml,
+	 php-readline,
+	 php-mbstring,
+	 php7.3-opcache,
+	 ${misc:Depends}
+Recommends: ${misc:Recommends}, redis-server, mariadb-server
+Description: Threat Intelligence Platform
+ The MISP threat sharing platform is a free and open source software helping
+ information sharing of threat intelligence including cyber security indicators.
+ .
+ A threat intelligence platform for gathering, sharing, storing and correlating
+ Indicators of Compromise of targeted attacks, threat intelligence, financial
+ fraud information, vulnerability information or even counter-terrorism
+ information.
+

debian/files

@@ -0,0 +1,2 @@
+misp_2.4.220-1_all.deb Web optional
+misp_2.4.220-1_amd64.buildinfo Web optional

debian/install

@@ -0,0 +1,6 @@
+app usr/share/misp
+Plugin usr/share/misp
+tools usr/share/misp
+cti-python-stix2 usr/share/misp
+PyMISP usr/share/misp
+INSTALL/MYSQL.sql usr/share/doc/misp

debian/misp.apache2

@@ -0,0 +1 @@
+site debian/misp.apache2.conf

debian/misp.apache2.conf

@@ -0,0 +1,28 @@
+<VirtualHost *:80>
+    ServerAdmin [email protected]
+    ServerName misp.local
+    DocumentRoot /usr/share/misp/app/webroot
+    <Directory /usr/share/misp/app/webroot>
+        Options -Indexes
+        AllowOverride all
+        Order allow,deny
+        Allow from all
+    </Directory>
+
+    LogLevel warn
+    ErrorLog /var/log/apache2/misp.local_error.log
+    CustomLog /var/log/apache2/misp.local_access.log combined
+
+    ServerSignature Off
+
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options SAMEORIGIN 
+    Header always unset "X-Powered-By"
+
+    # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy
+    ## Example:
+    # Header always set X-XSS-Protection "1; mode=block"
+    # Header always set Content-Security-Policy "default-src 'none'; style-src 'self' ... script-src/font-src/img-src/connect-src
+    # Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    # Header always set Feature-Policy "geolocation 'self'; midi 'none'; notifications 'self'; push 'self'; sync-xhr 'self'; microphone 'none'; camera 'self'; magnometer 'self'; gyroscope 'self'; speake 'none'; vibrate 'self'; fullscreen 'none'"
+</VirtualHost>

debian/misp.substvars

@@ -0,0 +1,3 @@
+misc:Recommends=apache2 ( >= 2.4.6-4~ ) | httpd
+misc:Depends=debconf (>= 0.5) | debconf-2.0
+misc:Pre-Depends=

debian/patches/Add-CakeResque-Config.patch

@@ -0,0 +1,203 @@
+--- misp/app/Plugin/CakeResque/Config/config.php	1969-12-31 16:00:00.000000000 -0800
++++ misp-2.4.220/app/Plugin/CakeResque/Config/config.php	2020-02-06 15:03:21.645491394 -0800
+@@ -0,0 +1,200 @@
++<?php
++/**
++ * CakeResque configuration file
++ *
++ * Default settings for Resque workers and queues.
++ *
++ * PHP version 5
++ *
++ * Licensed under The MIT License
++ * Redistributions of files must retain the above copyright notice.
++ *
++ * @author        Wan Qi Chen <[email protected]>
++ * @copyright     Copyright 2012, Wan Qi Chen <[email protected]>
++ * @link          http://cakeresque.kamisama.me
++ * @package       CakeResque
++ * @subpackage	  CakeResque.Config
++ * @since         3.4.0
++ * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
++ */
++
++/**
++ * Configure the default value for Resque
++ *
++ * ## Mandatory indexes :
++ * Redis
++ *		Redis server settings
++ * Worker
++ *		Workers default settings
++ * Resque
++ *		Default values used to init the php-resque library path
++ *
++ * ## Optional indexes :
++ * Queues
++ *		An array of queues to start with Resque::load()
++ *		Used when you have multiple queues, as you don't need
++ *		to start each queues individually each time you start Resque
++ * Env
++ *		Additional environment variables to pass to Resque
++ * Log
++ *		Log handler and its arguments, to save the log with Monolog
++ *
++ *
++ * There are many ways to configure the plugin:
++ *
++ * 1. This file is automagically loaded by the bootstrapping process, when no 'CakeResque'
++ * configuration key exists.
++ *
++ *   CakePlugin::load('CakeResque', array('bootstrap' => true));
++ *
++ * 2. If a 'CakeResque' configuration key already exists, the default configuration will not be loaded,
++ * and the 'CakeResque' key is expected to contain all the values present in the default configuration.
++ *
++ *   Configure::load('my_cakeresque_config');
++ *   CakePlugin::load('CakeResque', array('bootstrap' => true));
++ *
++ * 3. Another way to configure the plugin is to load it using a custom bootstrap file.
++ *
++ *   CakePlugin::load('CakeResque', array('bootstrap' => 'my_bootstrap'));
++ *
++ *   // APP/Plugin/CakeResque/Config/my_bootstrap.php
++ *   require_once dirname(__DIR__) . DS . 'Lib' . DS . 'CakeResque.php';
++ *   $config = array(); // Custom configuration
++ *   CakeResque::init($config);
++ *
++ * @see CakeResque::init(), CakeResque::loadConfig().
++ */
++$config['CakeResque'] = array(
++	'Redis' => array(
++		'host' => 'localhost',		// Redis server hostname
++		'port' => 6379,				// Redis server port
++		'database' => 0,			// Redis database number
++		'namespace' => 'resque',	// Redis keys namespace
++		'password' => null			// Redis password
++	),
++
++	'Worker' => array(
++		'queue' => 'default',		// Name of the default queue
++		'interval' => 5,			// Number of second between each poll
++		'workers' => 1,				// Number of workers to create
++		// 'user' => 'www-data'	// User running the worker process
++
++		// Path to the log file
++		// Can be an
++		// - absolute path,
++		// - an relative path, that will be relative to
++		//	app/tmp/logs folder
++		// - a simple filename, file will be created inside app/tmp/logs
++		'log' => TMP . 'logs' . DS . 'resque-worker-error.log',
++
++		// Log Verbose mode
++		// true to log more debugging informations
++		// Can also be enabled per worker, by starting with --verbose
++		'verbose' => false
++	),
++	'Job' => array(
++		// Whether to track job status
++		// Enabling this will allow you to track a job status by its ID
++		// Job status are purged after 24 hours
++		//
++		// You can also define per-job tracking by passing true/false when calling
++		// CakeResque::enqueue(), CakeResque::enqueueAt() or CakeResque::enqueueIn()
++		'track' => false
++	),
++	/*
++	'Queues' => array(
++		array(
++			'queue' => 'default',	// Use default values from above for missing interval and count indexes
++			'user' => 'www-data'	// If PHP is running as a different user on you webserver
++		),
++		array(
++			'queue' => 'my-second-queue',
++			'interval' => 10
++		)
++	)
++	*/
++	'Resque' => array(
++		// Path to the directory containing the worker PID files
++		'tmpdir' => App::pluginPath('CakeResque') . 'tmp' . DS
++	),
++
++	// Other usefull environment variable you wish to set
++	// Passing a key only will search for its value in the $_SERVER scope
++	// eg : array('SERVER_NAME'); => will search for the value in $_SERVER['SERVER_NAME']
++	// Passing a key and a value will set the env variable to this value
++	// eg : array('ARCH' => 'x64')
++	'Env' => array(),
++
++	// Log Handler
++	// If saving the logs in a plain text file doesn't suit you
++	// you can send them to Mysql, or MongoDB, etc ...
++	// In that case, you'll need a handler to manage your logs
++	// All logs outputted by resque will go to the handler.
++	// The classic log file (above) will still be used, for logging
++	// stuff likes php error, or other STDOUT outputted by your job classses
++	//
++	// php-resque-ex uses Monolog to manage all the logging stuff
++	// If you uses the original php-resque library, these settings
++	// will be ignored
++	//
++	// handler
++	//		Name of the Handler (the handler classname, without the 'Handler' part)
++	// target
++	//		Arguments taken by the handler constructor. If the handler required
++	//		multiple arguments, separate them with a comma
++	//
++	// As of now, the following handler are supported:
++	//
++	// [HANDLER]		[TARGET]
++	// Cube			Cube server address (e.g: udp://127.0.0.1:1180)
++	// RotatingFile	Path to the log file (e.g: /path/to/resque.log)
++	// Syslog			Facility name
++	// Socket			Address (e.g: udp://127.0.0.1:23)
++	// MongoDB			MongoDB server address  (e.g: mongodb://localhost:27017)
++	'Log' => array(
++		'handler' => 'RotatingFile',
++		'target' => TMP . 'logs' . DS . 'resque.log'
++	),
++
++	// Scheduler Worker
++	// It's the worker handling all the scheduled jobs
++	// Only one scheduler worker is permitted to run at one time
++	// It can be paused, resumed and stopped like any other workers
++	// It can be started only with the `startscheduler` command,
++	// or with `load` if Scheduler Worker is enabled.
++	//
++	// Scheduled jobs requires the php-resque-ex-scheduler library,
++	// that should be installed with automatically via the
++	// `composer update` or `composer install` command
++	//
++	// The Scheduler Worker have its own default settings
++	//
++	// @since 2.3.0
++	//
++	'Scheduler' => array(
++		// Enable or disable delayed job
++		'enabled' => true,
++
++		// Path to the log file
++		'log' => TMP . 'logs' . DS . 'resque-scheduler-error.log',
++
++		// Optional
++		// Will not default to settings defined in the global scope above
++		'Env' => array(),
++
++		// Optional
++		// Will default to settings defined in the global scope above
++		// Only available setting is `interval`
++		// The worker will always poll a fixed special queue, and only one worker can run at one time
++		'Worker' => array(
++			'interval' => 3
++		),
++
++		// Optional
++		// Will default to settings defined in the global scope above
++		'Log' => array(
++			'handler' => 'RotatingFile',
++			'target' => TMP . 'logs' . DS . 'resque-scheduler.log'
++		)
++	)
++);

debian/patches/series

@@ -0,0 +1 @@
+Add-CakeResque-Config.patch