Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/voxpupuli/puppet-misp

This module installs and configures MISP (Malware Information Sharing Platform)
https://github.com/voxpupuli/puppet-misp
centos-puppet-module hacktoberfest linux-puppet-module misp puppet
Last synced: 4 days ago
JSON representation
This module installs and configures MISP (Malware Information Sharing Platform)
Host: GitHub
URL: https://github.com/voxpupuli/puppet-misp
Owner: voxpupuli
License: apache-2.0
Created: 2017-03-30T09:38:02.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2024-09-17T07:32:48.000Z (5 months ago)
Last Synced: 2024-10-29T14:22:38.878Z (3 months ago)
Topics: centos-puppet-module, hacktoberfest, linux-puppet-module, misp, puppet
Language: HTML
Homepage: https://forge.puppet.com/puppet/misp
Size: 396 KB
Stars: 13
Watchers: 42
Forks: 13
Open Issues: 4
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project

README

        # MISP MODULE

[![Build Status](https://travis-ci.org/voxpupuli/puppet-misp.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-misp)

[![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-misp/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-misp)

[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/misp.svg)](https://forge.puppetlabs.com/puppet/misp)

[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/misp.svg)](https://forge.puppetlabs.com/puppet/misp)

[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/misp.svg)](https://forge.puppetlabs.com/puppet/misp)

[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/misp.svg)](https://forge.puppetlabs.com/puppet/misp)

#### Table of Contents

- [MISP MODULE](#misp-module)

      - [Table of Contents](#table-of-contents)

  - [Module Description](#module-description)

  - [Setup](#setup)

    - [What MISP affects](#what-misp-affects)

  - [Usage](#usage)

    - [Basic usage](#basic-usage)

    - [Another usage example](#another-usage-example)

  - [Parameters of the MIPS Class](#parameters-of-the-mips-class)

    - [MISP installation](#misp-installation)

    - [Database configuration](#database-configuration)

      - [Redis](#redis)

    - [MISP configuration](#misp-configuration)

      - [Site Configuration](#site-configuration)

      - [Security](#security)

      - [MISP](#misp)

      - [GPG](#gpg)

      - [SMIME](#smime)

      - [Proxy](#proxy)

      - [SecureAuth](#secureauth)

      - [Session](#session)

      - [Plugin](#plugin)

      - [ApacheShibbAuth](#apacheshibbauth)

    - [Services](#services)

    - [GnuPG](#gnupg)

This module installs and configures MISP (Malware Information Sharing Platform) on CentOS 7.

It has been tested on Puppet 3.8.7 and with MISP versions 2.4.50 and 2.4.51.

## Module Description

This module installs and configures MISP on CentOS 7. It installs all the needed dependencies, configures MISP and

starts the services. However it does not set up the database nor the GPG key, that is up to the administrator to do.

In addition it does not set up the web server on top of which MISP would run, meaning that Apache, Nginx or another

web server of your choice would be needed (nevertheless the module need to know to know the name of the service of the

web server (e.g. httpd)).

As mentioned before the database would need to be set up, the schema imported and then a user with rights to access the

'misp' database created. If GPG would be used, the GPG key would need to be created and placed in the configured

directory (by default '/var/www/MISP/').

The module follows the installation instructions that can be found [here](https://github.com/MISP/MISP/tree/2.4/INSTALL).

Also details about the database and GPG key creation and set up can be found there.

NOTE: the configuration and database files of MISP are used as templates on the module, therefore if the are major

changes on the version of MISP the template might cause troubles and need to be updated.

## Setup

### What MISP affects

The MISP module will not alter any OS files, all the configuration will happen in '/config_dir/' (by default

/install_dir/app/Config/') where the *core.php*, *bootstrap.php*, *database.php* and *config.php* files will be deployed

with the established values.

This module needs the following packages:

    * gcc: Needed for compiling Python modules

    * git: Needed for pulling the MISP code and other git repositories which MISP depends on

    * zip, redis, haveged and maria db

    * python-devel, python2-pip, python-lxml, python-dateutil, python-six,: Python related packages

    * rh-php56, rh-php56-php-fpm, rh-php56-php-devel, rh-php56-php-mysqlnd, rh-php56-php-mbstring, php-pecl-redis, php-pear: PHP 5.6 related packages

    * php-mbstring, php-pear-crypt-gpg: Python package required by Crypt_GPG

    * sclo-php56-php-pecl-redis: Redis related packages

    * libxslt-devel', 'zlib-devel

    * haveged

The services needed by MISP are:

    * rh-php56-php-fpm

    * haveged

    * redis: This package installs the redis server, therefore it would only be installed if the 'redis' parameter is

    set to true.

    * The 4 workers and the scheduler [CakeResque]

## Usage

### Basic usage

In order to use the module it would be enough to include the module:

```puppet

include misp,

```

Or the class:

```puppet

class{ misp:}

```

And the module will use all parameters with default values, these values are specified later on.

### Another usage example

```puppet

class {'misp':

    git_tag          => 'v2.4.67',

    email            => '[email protected]',

    contact          => '[email protected]',

    salt             => 'Rooraenietu8Eeyo '9999999999999999999999999999999999999999999999999999999999999999',

  }

```

## Parameters of the MIPS Class

The MISP class can take many parameters to change the configuration of MISP. However, they all have the default value

set to the recommended value so there is no need to change it. The parameters can be classified in the ones needed for

the installation of MISP itself, for the database, for the configuration and for the services. The parameters are the following:

### MISP installation

* `misp_git_repo` - Git url of MISP. By default "https://github.com/MISP/MISP.git".

* `misp_git_tag` - Version of MISP that will be installed. By default "v2.4.71".

* `install_dir` - Directory in which MISP will be installed. By default "/var/www/MISP/".

* `config_dir` - Directory in which the configuration of MISP should be located. By default "/var/www/MISP/app/Config/".

* `stix_git_repo`- Git url of the STIX module. By default "https://github.com/STIXProject/python-stix.git".

* `stix_git_tag`- Version of the STIX module. By default "v1.1.1.4".

* `cybox_git_repo`- Git url of the CyBox repository. By default "https://github.com/CybOXProject/python-cybox.git".

* `cybox_git_tag`- Version of the CyBox module. By default "v2.1.0.12".

* `timezone`- Timezone where the instance has been placed. By default "UTC".

* `default_user`- User as which to run the installation of MISP. By default apache.

* `default_group`- Group as which to run the installation of MISP. By default apache.

* `default_high_user`- In some cases root permissions are need in the installation, this user will be used in

those cases. By default root.

* `default_high_group`- In some cases root permissions are need in the installation, this group will be used in

those cases. By default apache.

* `uuid` - The MISP instance UUID. This UUID is used to identify this instance. By default set to 0.

* `manage_python` - Whether to manage python or not. Please note that python dev needs to be present in order to be able to install some of the MISP dependencies.

* `pymisp_rpm` - Boolean to indicate if pymisp should be installed or not (The RPM needs to be available for the machine). By default is set to false.

* `lief` - Boolean to indicate if lief should be installed or not (The RPM needs to be available for the machine). By default is set to false.

* `lief_package_name` - String containing the package name for lief.

### Database configuration

* `db_name` - Name of the database. By default "misp".

* `db_user` - Name of the user with rights on the database. By defeault "misp".

* `db_host` - Name of the host in which the database is located. By default "localhost".

* `db_port` - Port to connect to the database in the specified host. By default 3306.

* `db_password` - Password used to access the database. By default is empty.

This module does not install the MariaDB server. However, if that was needed it could be done, in your manifest, in a similar manner as the following puppet fragment:

```puppet

  $mysql_passwd = mysql_password('mispdb')

  class {'mariadb::server':

    root_password => 'mispdb',

    users                         => {

      'misp@localhost' => {

        ensure                   => 'present',

        max_connections_per_hour => '0',

        max_queries_per_hour     => '0',

        max_updates_per_hour     => '0',

        max_user_connections     => '0',

        password_hash            => $mysql_passwd,

        tls_options              => ['NONE'],

      },

    },

    grants => {

      'misp@localhost/misp.*' => {

        ensure     => 'present',

        options    => ['GRANT'],

        privileges => ['ALL'],

        table      => 'misp.*',

        user       => 'misp@localhost',

      },

      'misp@localhost/*.*' => {

        ensure     => 'present',

        options    => ['GRANT'],

        privileges => ['USAGE'],

        table      => '*.*',

        user       => 'misp@localhost',

        options    => "IDENTIFIED BY ${$mysql_passwd}",

      },

    },

    databases   => {

      'misp'  => {

        ensure  => 'present',

        charset => 'utf8',

      },

    },

  }

```

Note that it requires the edestecd-mariadb module.

#### Redis

* `redis_host` -    The host running the redis server to be used for generic MISP tasks such as caching. This is not to be confused by the redis server used by the background processing.. By default set to localhost ('127.0.01').

* `redis_port` -    The port used by the redis server to be used for generic MISP tasks such as caching. This is not to be confused by the redis server used by the background processing.. By default set to 6379.

* `redis_database` - The database on the redis server to be used for generic MISP tasks. If you run more than one MISP instance, please make sure to use a different database on each instance.. By default set to 13.

### MISP configuration

#### Site Configuration

* `debug` - Debug mode for the full instance. By default set to 0 (false).

* `site_admin_debug` - The debug level of the instance for site admins. This feature allows site admins to run debug mode on a live instance

without exposing it to other users. The most verbose option of debug and site_admin_debug is used for site admins.

By default false.

These two parameters are recommended to be set to 0 and false respectively. However, if needed they can be set to tru to find

errors with names/tables in the database. In this case it would be better to just set to true 'site_admin_debug' instead of

the whole instance.

#### Security

* `security_level` = 'medium'

* `salt` - The salt used for the hashed passwords. Keep in mind, this will invalidate all passwords in the database.

By default set to "Rooraenietu8Eeyo /var/www/MISP/app/webroot/gpg.asc

```