Autor: CERT.br
Versão: 1.4 — 09 de agosto de 2021
Este tutorial cobre os passos básicos para instalação de uma instância MISP em sistemas Ubuntu 20.04 LTS, incluindo hardening do sistema operacional, configuração dos pacotes do sistema e a instalação do MISP.
O MISP funciona em outras distribuições de sistemas Linux ou BSD, porém os próprios autores da ferramenta recomendam que seja utilizado o sistema Ubuntu pelos seguintes motivos:
Caso for utilizar em outro sistema, é importante que a equipe de administração de sistemas esteja atenta a interpretar possíveis erros nos processos de atualização e personalize as configurações e versões do sistema para atender aos requisitos das dependências do MISP.
Quanto à configuração mínima para o servidor, ela vai depender do uso, do número de eventos, das correlações entre eventos e vários outros fatores. Mas, uma configuração mínima sugerida, que é suficiente para atender um uso inicial do MISP, é a seguinte:
Este tutorial é focado na instalação de um servidor MISP com um hardening básico e configurações de segurança, incluindo:
Além destes pontos cobertos ao longo do tutorial, seguem algumas considerações especiais sobre boas práticas de segurança que precisam ser consideradas ao implantar uma intância MISP de produção em sua organização.
Existem diversas imagens virtuais disponíveis na Internet com instâncias MISP prontas para utilizar. Porém, estas imagens devem ser utilizadas somente para testes e para aprender a tecnologia.
Ao colocar uma instância em produção há diversos problemas na utilização destas imagens prontas da Internet:
O objetivo do MISP é ser utilizado para conectar em instâncias de parceiros para compartilhar informações relacionadas com segurança. É imprescindível que a instância MISP implemente boas práticas no uso do certificado digital:
A instância MISP precisa ser mantida atualizada e potencialmente terá em seus eventos payloads maliciosos (malware, URLs de phishing e IoCs variados).
É imprescindível que:
O primeiro passo após o Ubuntu estar com sua instalação básica é levantar imediatamente um firewall para proteger a instalação e evitar ataques vindos da Internet, principalmente de força bruta de credenciais.
/root/rules.v4
com o
seguinte conteúdo:
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :IN-NEW - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP -A INPUT -m state --state INVALID -j DROP -A INPUT -d 224.0.0.0/32 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT -A INPUT -p udp -m state --state ESTABLISHED -j ACCEPT -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT -A INPUT -p icmp -m state --state NEW,ESTABLISHED -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state NEW -j IN-NEW -A INPUT -j LOG --log-prefix "IPT_INPUT: " --log-level 6 -A INPUT -j DROP -A FORWARD -j LOG --log-prefix "IPT_FORWARD: " --log-level 6 -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -j LOG --log-prefix "IPT_OUTPUT: " --log-level 6 -A OUTPUT -j DROP # liberar acesso SSH para a organização -A IN-NEW -s <SEU-IPv4-OU-REDE> -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT # liberar acesso ao MISP para a organização -A IN-NEW -s <SEU-IPv4-OU-REDE> -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j ACCEPT # liberar acesso ao MISP para parceiros -A IN-NEW -s <IPv4-MISP-PARCEIRO> -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 80,443 -j ACCEPT # IPs let's encrypt (opcional) -A IN-NEW -s 66.133.109.36/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN --dport 80 -j ACCEPT # IPs ssllabs (opcional) -A IN-NEW -s 64.41.200.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN --dport 443 -j ACCEPT COMMIT
/root/rules.v6
com o
seguinte conteúdo:
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m rt --rt-type 0 -j DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 141 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 142 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 148 -j ACCEPT -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 149 -j ACCEPT # liberar acesso SSH para a organização -A INPUT -s <SEU-IPv6-OU-REDE> -p tcp -m tcp --dport 22 -j ACCEPT # liberar acesso ao MISP para a organização -A INPUT -s <SEU-IPv6-OU-REDE> -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT # liberar acesso ao MISP para parceiros -A INPUT -s <IPv6-MISP-PARCEIRO> -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT # IPs let's encrypt (opcional) -A INPUT -s 2600:3000::/29 -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A INPUT -s 2600:1f00::/24 -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A INPUT -s 2a05:d000::/25 -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT # IPs ssllabs (opcional) -A INPUT -s 2600:C02:1020:4202::/64 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -j LOG --log-prefix "IPT_INPUT6: " --log-level 6 -A INPUT -j REJECT --reject-with icmp6-port-unreachable -A FORWARD -j REJECT --reject-with icmp6-port-unreachable -A OUTPUT -j ACCEPT COMMIT
# iptables-restore /root/rules.v4 # ip6tables-restore /root/rules.v6
# iptables -nL # ip6tables -nL
# apt-get update # apt-get install iptables-persistent -qy
/etc/iptables/
. Para isso
responda "YES"
nas duas
perguntas./etc/iptables/
.
Em sistemas Unix
$ ssh-keygen -t ed25519 -q -f /path/da/chave/misp_ed25519 -C 'MISP'
$ ls -la /path/da/chave/misp_ed25519*
/root/.ssh/authorized_keys
do servidor MISP:
$ cat /path/da/chave/misp_ed25519.pub
Em sistemas Windows
putty.exe
) e PuTTY Key
Generator (puttygen.exe
)
em https://www.putty.org"Parameters" "Type of key to generate"
e
clicar em Ed25519
"Key comment"
- Digitar o nome do usuário"Key passphrase"
- Digitar uma senha para a chave
(senha forte)"Confirm passphrase"
- Confirmar a senha digitada"Save public key"
para salvar a chave pública"Save private key"
para salvar a chave
privada"Public key for pasting into OpenSSH
authorized_keys file"
para o arquivo
/root/.ssh/authorized_keys
do servidor MISPsshd
instalado, instalar com o comando:
# apt-get install openssh-server -qy
/etc/ssh/sshd_config
e alterar os seguintes valores:
PermitRootLogin prohibit-password PubkeyAuthentication yes PasswordAuthentication no
sshd
com o comando:
# service sshd restart
É importante manter o horário do servidor sincronizado com um servidor NTP, para isso siga os seguintes passos:
# timedatectl set-timezone UTC
/etc/systemd/timesyncd.conf
"NTP="
e "FallbackNTP="
e colocar os seguintes
valores:NTP=a.ntp.br FallbackNTP=b.ntp.br
timesyncd
:
# service systemd-timesyncd restart
# service systemd-timesyncd status systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-08-18 14:50:37 UTC; 6h ago Docs: man:systemd-timesyncd.service(8) Main PID: 31091 (systemd-timesyn) Status: "Synchronized to time server 200.160.0.8:123 (a.ntp.br)." Tasks: 2 (limit: 1107) CGroup: /system.slice/systemd-timesyncd.service └─31091 /lib/systemd/systemd-timesyncd Aug 18 14:50:37 servername systemd[1]: Starting Network Time Synchronization... Aug 18 14:50:37 servername systemd[1]: Started Network Time Synchronization. Aug 18 14:50:37 servername systemd-timesyncd[31091]: Synchronized to time server [2001:12ff::8]:123 (a.ntp.br). Aug 18 15:23:43 servername systemd-timesyncd[31091]: Synchronized to time server 200.160.0.8:123 (a.ntp.br).
# timedatectl Local time: Fri 2020-08-14 19:41:04 UTC Universal time: Fri 2020-08-14 19:41:04 UTC RTC time: Fri 2020-08-14 19:41:05 Time zone: UTC (UTC, +0000) <-- Indica que o servidor está em UTC System clock synchronized: yes NTP service: active RTC in local TZ: no
Um servidor recursivo local é útil para não depender de um serviço
de terceiros, que pode estar indisponível e/ou
comprometido. Adicionalmente diminui a latência nas consultas e é
capaz de validar DNSSEC. Será utilizado o
servidor unbound
para este fim.
unbound
com o comando:
# apt-get install unbound -qy
resolver
do sistema com os
comandos:
# systemctl disable systemd-resolved # systemctl stop systemd-resolved # rm /etc/resolv.conf
/etc/resolv.conf
com o seguinte conteúdo:
nameserver ::1 nameserver 127.0.0.1
unbound
com o comando:
# service unbound restart
unbound
está resolvendo
nomes e validando DNSSEC com as consultas:# dig www.dnssec-failed.org @127.0.0.1 ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> www.dnssec-failed.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6943 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.dnssec-failed.org. IN A ;; Query time: 502 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 10 02:08:51 UTC 2020 ;; MSG SIZE rcvd: 50RESULTADO sem validação de DNSSEC
# dig www.dnssec-failed.org @127.0.0.1 ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> www.dnssec-failed.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31136 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.dnssec-failed.org. IN A ;; ANSWER SECTION: www.dnssec-failed.org. 7200 IN A 68.87.109.242 www.dnssec-failed.org. 7200 IN A 69.252.193.191 ;; Query time: 180 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 10 02:09:50 UTC 2020 ;; MSG SIZE rcvd: 82
# apt-get update && apt-get dist-upgrade -yReinicie o servidor se necessário.
É fortemente recomendado manter o sistema operacional e suas aplicações sempre constantemente atualizados.
O pacote cron-apt
, que será instalado
na Seção 2.5.2 ajuda nesta tarefa, pois envia
um e-mail para o administrador do sistema sempre que uma atualização
estiver disponível.
O cron-apt
precisa de um MTA
instalado. Caso o servidor já possua um, prossiga para
a Seção 2.5.2.
Caso não tenha nenhum MTA instalado, instale o MTA da sua preferência ou o Postfix conforme instruções da Seção 2.5.1.
# apt-get install postfix mailutils -qy
"Internet Site"
na janela "Postfix Configuration"
/etc/postfix/main.cf
se a diretiva
mynetworks
contém apenas endereços
localhost
. O arquivo deve ser parecido com
este:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = <FQDN> alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, <FQDN>, localhost.<domínio>, , localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all
/etc/aliases
e
adicionar a seguinte linha:
root: <E-MAIL-PARA-RECEBER-ALERTAS-DESSE-SERVIDOR>
# newaliases
# date | mail -s "Teste de envio do `hostname`" root
O cron-apt
é um serviço que enviará um
e-mail ao administrador do servidor sempre que houver uma
atualização de pacotes disponível.
cron-apt
com o comando:
# apt-get install cron-apt -qy
cron-apt
para enviar e-mail
ao administrador do servidor editando o
arquivo /etc/cron-apt/config
e adicionando
o seguinte conteúdo:
MAILTO="root" MAILON="upgrade" OPTIONS="-o Acquire::http::Dl-Limit=125" ### EOF
cron
com o comando:
# service cron restart
Essa seção aborda a instalação, configuração e hardening do MariaDB, Apache, PHP e outras dependências do MISP.
mariadb
com o seguinte
comando:
# apt-get install mariadb-client mariadb-server -qy
mariadb
rodando o comando
mysql_secure_installation
:root
,
pressione <enter>
pois ainda não
existe senha.
# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on...Pressione
<enter>
para alterar a senha
do root
e, em seguida, digite a senha
em "New password"
e confirme
em "Re-enter new password"
.root
sugerimos rodar o seguinte
comando:# openssl rand -base64 15
Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success!Para as demais opções, apenas pressione
<enter>
:By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB
mariadb
está rodando com o comando:# systemctl status mariadb ● mariadb.service - MariaDB 10.1.44 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-08-10 13:01:46 UTC; 9min ago Docs: man:mysqld(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 27147 (mysqld) Status: "Taking your SQL requests now..." Tasks: 27 (limit: 1107) CGroup: /system.slice/mariadb.service └─27147 /usr/sbin/mysqld Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: information_schema Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: mysql Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: performance_schema Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: Phase 6/7: Checking and upgrading tables Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: Processing databases Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: information_schema Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: performance_schema Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: Phase 7/7: Running 'FLUSH PRIVILEGES' Aug 10 13:01:46 servername /etc/mysql/debian-start[27184]: OK Aug 10 13:01:47 servername /etc/mysql/debian-start[27246]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables
apache
com o comando:
# apt-get install apache2 apache2-doc apache2-utils -qy
/etc/apache2/sites-available/000-default.conf
,
descomentar a linha "ServerName"
e
preencher com seu FQDN.apache
com o comando:
# service apache2 reload
certbot
(opcional caso sua organização tenha um certificado
próprio)certbot
com o comando:
# apt-get install certbot python3-certbot-apache -qy
# certbot certonly --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):Concordar com os termos de serviço pressionando a tecla A:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel:Escolher se quer ou não compartilhar seu e-mail com a EFF pressionando Y ou N:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:Verificar se seu FQDN aparece na opção 1.
"c"
e
pressionar <enter>
. Conferir no
arquivo /etc/apache2/sites-available/000-default.conf
se a diretiva ServerName
está descomentada e
com o seu FQDN.
Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: <seu FQDN> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Obtaining a new certificate Performing the following challenges: http-01 challenge for <seu FQDN> Enabled Apache rewrite module Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/<seu FQDN>/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/<seu FQDN>/privkey.pem Your cert will expire on 2021-10-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
# certbot renew --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/<seu FQDN>.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not due for renewal, but simulating renewal for dry run Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for <seu FQDN> Enabled Apache rewrite module Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/<seu FQDN>/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/<seu FQDN>/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
php
e os módulos utilizados pelo MISP com o comando:
# apt-get install libapache2-mod-php7.4 php7.4 php7.4-cli php7.4-dev \ php7.4-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline \ php7.4-mbstring php7.4-zip php7.4-redis php7.4-gnupg php7.4-intl php7.4-bcmath \ php7.4-gd -qy
php
editando o arquivo
/etc/php/7.4/apache2/php.ini
:/etc/php/7.4/apache2/php.ini
e
colocar os seguintes valores:upload_max_filesize = 50M post_max_size = 50M max_execution_time = 300 memory_limit = 2048M session.sid_length = 32 session.use_strict_mode = 1Ou executar os comandos a seguir:
# sed -i 's/^\(upload_max_filesize\) = .*$/\1 = 50M/g' /etc/php/7.4/apache2/php.ini # sed -i 's/^\(post_max_size\) = .*$/\1 = 50M/g' /etc/php/7.4/apache2/php.ini # sed -i 's/^\(max_execution_time\) = .*$/\1 = 300/g' /etc/php/7.4/apache2/php.ini # sed -i 's/^\(memory_limit\) = .*$/\1 = 2048M/g' /etc/php/7.4/apache2/php.ini # sed -i 's/^\(session\.sid_length\) = .*$/\1 = 32/g' /etc/php/7.4/apache2/php.ini # sed -i 's/^\(session\.use_strict_mode\) = .*$/\1 = 1/g' /etc/php/7.4/apache2/php.iniVerificar também se as diretivas
expose_php
e display_errors
estão desligadas:expose_php=Off display_errors=OffApós realizar as alterações, recarregar o
apache
com o comando:
# service apache2 reload
/var/www/html/phpinfo.php
com o
seguinte conteúdo:
<?php phpinfo() ?>
http://<seu FQDN>/phpinfo.php
e verificar se o php está funcionando.phpinfo.php
com o comando:
# rm /var/www/html/phpinfo.php
# apt-get install curl gcc git gpg-agent make python python3 openssl \ redis-server sudo vim zip unzip python3.8-venv libfuzzy-dev sqlite3 moreutils \ python3-dev python3-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -qy
Essa seção aborda a instalação do MISP, criação do banco de dados e configuração do site.
# export PATH_TO_MISP=/var/www/MISP # export WWW_USER=www-data # export SUDO_WWW='sudo -H -u www-data' # export CAKE="/var/www/MISP/app/Console/cake"
# env
# mkdir ${PATH_TO_MISP} # chown $WWW_USER:$WWW_USER ${PATH_TO_MISP}
# cd ${PATH_TO_MISP} # ${SUDO_WWW} git clone https://github.com/MISP/MISP.git ${PATH_TO_MISP} # ${SUDO_WWW} git submodule update --init --recursive # ${SUDO_WWW} git submodule foreach --recursive git config core.filemode false # ${SUDO_WWW} git config core.filemode false
virtualenv
do python
:
# ${SUDO_WWW} python3 -m venv ${PATH_TO_MISP}/venv
cache
do pip
:# mkdir /var/www/.cache/ # chown $WWW_USER:$WWW_USER /var/www/.cache
# cd ${PATH_TO_MISP}/app/files/scripts # ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git # ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git # ${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git # ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git # ${SUDO_WWW} git clone https://github.com/MISP/cti-python-stix2 # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install wheel # cd ${PATH_TO_MISP}/app/files/scripts/mixbox # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . # cd ${PATH_TO_MISP}/app/files/scripts/python-cybox # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . # cd ${PATH_TO_MISP}/app/files/scripts/python-stix # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . # cd $PATH_TO_MISP/app/files/scripts/python-maec # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . # cd ${PATH_TO_MISP}/app/files/scripts/cti-python-stix2 # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# cd ${PATH_TO_MISP}/PyMISP # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install .
# ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install git+https://github.com/kbandla/pydeep.git # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install lief # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install zmq redis # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install python-magic # ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install plyara
# cd ${PATH_TO_MISP}/app # mkdir /var/www/.composer ; sudo chown $WWW_USER:$WWW_USER /var/www/.composer # ${SUDO_WWW} php composer.phar install
# phpenmod redis # phpenmod gnupg
# ${SUDO_WWW} cp -fa ${PATH_TO_MISP}/INSTALL/setup/config.php ${PATH_TO_MISP}/app/Plugin/CakeResque/Config/config.php
mariadb
como root
:
# mysql -u root -p
CREATE DATABASE misp; CREATE USER 'misp_user'@'localhost' IDENTIFIED BY '<MISP_USER-PASSWORD>'; GRANT USAGE ON *.* to misp_user@localhost; GRANT ALL PRIVILEGES on misp.* to 'misp_user'@'localhost'; FLUSH PRIVILEGES; exit
Sugestão para a senha do misp_user
:
# openssl rand -base64 15
# mysql -u misp_user misp -p < ${PATH_TO_MISP}/INSTALL/MYSQL.sql
# chown -R ${WWW_USER}:${WWW_USER} ${PATH_TO_MISP} # chmod -R 750 ${PATH_TO_MISP} # chmod -R g+ws ${PATH_TO_MISP}/app/tmp # chmod -R g+ws ${PATH_TO_MISP}/app/files # chmod -R g+ws $PATH_TO_MISP/app/files/scripts/tmp
Essas configurações garantem nota A+ no teste de TLS no Qualys SSL Labs (https://www.ssllabs.com/ssltest/) e um hardening mínimo no Apache removendo os detalhes excessivos de sua assinatura.
/etc/apache2/sites-available/misp-ssl.conf
com o seguinte conteúdo:<VirtualHost *:80> ServerName <seu FQDN> Redirect permanent / https://<seu FQDN> LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off </VirtualHost> <VirtualHost *:443> ServerAdmin admin@<seu FQDN> ServerName <seu FQDN> DocumentRoot /var/www/MISP/app/webroot <Directory /var/www/MISP/app/webroot> Options -Indexes AllowOverride all Order allow,deny allow from all </Directory> SSLEngine On SSLCertificateFile /etc/letsencrypt/live/<seu FQDN>/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/<seu FQDN>/privkey.pem LogLevel warn ErrorLog /var/log/apache2/misp.local_error.log CustomLog /var/log/apache2/misp.local_access.log combined ServerSignature Off Header always set Strict-Transport-Security "max-age=63072000" </VirtualHost> ServerTokens Prod SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
# apache2ctl configtest
status
do apache
com o comando:
# a2dismod status
rewrite
e headers
:
# a2enmod ssl # a2enmod rewrite # a2enmod headers
apache
e habilitar o site do MISP:
# a2dissite 000-default # a2ensite misp-ssl
apache
com o comando:
# systemctl restart apache2
# cp ${PATH_TO_MISP}/INSTALL/misp.logrotate /etc/logrotate.d/misp # chmod 0640 /etc/logrotate.d/misp
Essa seção aborda as configurações iniciais do MISP.
# ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/bootstrap.default.php ${PATH_TO_MISP}/app/Config/bootstrap.php # ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/database.default.php ${PATH_TO_MISP}/app/Config/database.php # ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/core.default.php ${PATH_TO_MISP}/app/Config/core.php # ${SUDO_WWW} cp -a ${PATH_TO_MISP}/app/Config/config.default.php ${PATH_TO_MISP}/app/Config/config.php
database.php
e configurar as
linhas referentes às credenciais de acesso ao banco de dados do
MISP.# ${SUDO_WWW} vi $PATH_TO_MISP/app/Config/database.php
'login' => 'db login',Substituir pelo usuário criado para acessar o banco de dados do misp:
'login' => 'misp_user',
'password' => 'db password',Substituir pela senha do usuário
misp_user
'password' => '<MISP_USER-PASSWORD>',
database
e verificar se aponta para o banco de dados 'misp'
:
'database' => 'misp',
config.php
para configurar o novo
salt
.
IMPORTANTE
Altere o salt
antes de fazer o
primeiro login no MISP.
Caso você esqueça de fazer este passo, será necessário remover o
usuário admin@admin.test
do banco de dados e logar
novamente no sistema com as credenciais default
(usuario: admin@admin.test
senha: admin
).
O salt
deve ser uma string de pelo menos
32 bits.
Uma sugestão para a criação da string para
o salt
é utilizar o comando:
# openssl rand -base64 24Editar o arquivo
config.php
:
# ${SUDO_WWW} vi $PATH_TO_MISP/app/Config/config.phpLocalizar a seguinte linha:
'salt' => '',Colocar a nova string do
salt
(gerada
acima) no lugar do campo vazio:'salt' => '<NOVA STRING DE SALT>',
# chown -R $WWW_USER:$WWW_USER ${PATH_TO_MISP}/app/Config # chmod -R 750 ${PATH_TO_MISP}/app/Config
# chmod +x $PATH_TO_MISP/app/Console/worker/start.sh
misp-workers
editando o arquivo
/etc/systemd/system/misp-workers.service
:
[Unit] Description=MISP background workers After=network.target [Service] Type=forking User=www-data Group=www-data ExecStart=/var/www/MISP/app/Console/worker/start.sh Restart=always RestartSec=10 [Install] WantedBy=multi-user.target
# systemctl daemon-reload # systemctl enable --now misp-workers
# ${SUDO_WWW} -- ${CAKE} userInit -q # ${SUDO_WWW} -- ${CAKE} Admin runUpdates
virtualenv
:
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Session.timeout" 600 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
# ${SUDO_WWW} -- ${CAKE} Baseurl https://<seu FQDN> # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.external_baseurl" https://<seu FQDN>
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.email" "<seu_email>" # ${SUDO_WWW} -- ${CAKE} Admin setSetting --force "MISP.disable_emailing" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.contact" "<seu_email>" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.default_event_tag_collection" 0
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.disable_browser_cache" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.check_sec_fetch_site_header" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.csp_enforce" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.advanced_authkeys" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.do_not_log_authkeys" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.username_in_response_header" true
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.log_client_ip" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.log_auth" true
# ${SUDO_WWW} -- ${CAKE} Admin updateGalaxies # ${SUDO_WWW} -- ${CAKE} Admin updateTaxonomies # ${SUDO_WWW} -- ${CAKE} Admin updateWarningLists # ${SUDO_WWW} -- ${CAKE} Admin updateNoticeLists # ${SUDO_WWW} -- ${CAKE} Admin updateObjectTemplates "1"
# ${SUDO_WWW} -- ${CAKE} Admin setSetting --force "MISP.footermidleft" "" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.footermidright" "Operated by <SUA_ORG>" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.welcome_text_top" "<SUA_ORG>" # ${SUDO_WWW} -- ${CAKE} Admin setSetting --force "MISP.welcome_text_bottom" ""
redis
:
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.redis_host" "127.0.0.1" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.redis_port" 6379 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.redis_database" 13 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.redis_password" ""
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.language" "eng" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.proposals_block_attributes" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.ssdeep_correlation_threshold" 40 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.extended_alert_subject" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.default_event_threat_level" 4 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.disableUserSelfManagement" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.block_event_alert" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\"" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert_age" "" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert_by_date" "" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.incoming_tags_disabled_by_default" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email." # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.attachments_dir" "$PATH_TO_MISP/app/files" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.download_attachments_on_load" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.title_text" "MISP" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.terms_download" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.showorgalternate" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.password_policy_length" 12 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/' # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Security.self_registration_message" "If you would like to send us a registration request, please fill out the form below. Make sure you fill out as much information as possible in order to ease the task of the administrators."
# ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120 # ${SUDO_WWW} -- ${CAKE} Admin setSetting --force "Plugin.Cortex_authkey" "" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Sightings_policy" 0 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Sightings_anonymise" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Sightings_range" 365 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Sightings_sighting_db_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.CustomAuth_disable_logout" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_policy" "DROP" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_serial" "\$date00" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_refresh" "2h" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_retry" "30m" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_expiry" "30d" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost." # ${SUDO_WWW} -- ${CAKE} Admin setSetting --force "Plugin.RPZ_ns_alt" "" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_brokers" "kafka:9092" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_rdkafka_config" "/etc/rdkafka.ini" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_include_attachments" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_notifications_topic" "misp_event" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_publish_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_event_publish_notifications_topic" "misp_event_publish" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_notifications_topic" "misp_object" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_reference_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_object_reference_notifications_topic" "misp_object_reference" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_attribute_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_attribute_notifications_topic" "misp_attribute" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_shadow_attribute_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_shadow_attribute_notifications_topic" "misp_shadow_attribute" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_tag_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_tag_notifications_topic" "misp_tag" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_sighting_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_sighting_notifications_topic" "misp_sighting" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_user_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_user_notifications_topic" "misp_user" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_organisation_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_organisation_notifications_topic" "misp_organisation" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_audit_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.Kafka_audit_notifications_topic" "misp_audit" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_host" "127.0.0.1" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_port" 50000 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_host" "localhost" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_port" 6379 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_database" 1 # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_redis_namespace" "mispq" # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_event_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_object_reference_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_attribute_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_sighting_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_user_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_organisation_notifications_enable" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_include_attachments" false # ${SUDO_WWW} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
# ${SUDO_WWW} -- ${CAKE} Live 1
$Date: 2022/03/16 19:17:47 $