MISP, or Malware Information Sharing Platform, is an open-source threat intelligence platform used for gathering, sharing, storing, and correlating Indicators of Compromise of targeted attacks, threat intelligence, and even financial fraud information. This guide will take you through the installation of MISP on Ubuntu 22.04.
Step 1: Update Your System
Before you start, ensure your system package database is updated:
sudo apt update
sudo apt upgrade
Step 2: Install Required Dependencies
MISP requires several software dependencies to run properly. You can install these using the command:
sudo apt install curl git libapache2-mod-php php php-cli php-dev php-json php-mysql php-redis php-xml php-mbstring php-gd php-opcache php-readline mysql-client redis-server unzip python3-pip python3-dev python3-redis python3-setuptools mariadb-server mariadb-client -y
Step 3: Download MISP
Clone the MISP repository from GitHub to your preferred location:
cd /var/www
sudo git clone https://github.com/MISP/MISP.git
Step 4: Set Up Database
Log into MariaDB (MySQL):
sudo mysql -u root -p
Then, create a database for MISP:
CREATE DATABASE misp;
GRANT USAGE ON *.* TO misp@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON misp.* TO misp@localhost;
FLUSH PRIVILEGES;
quit;
Replace ‘password’ with a strong password of your choice.
Step 5: Configure MISP
Navigate to the MISP directory and configure the installation:
cd /var/www/MISP
sudo cp -a INSTALL/apache.misp.ssl /etc/apache2/sites-available/misp.conf
sudo cp app/Config/bootstrap.default.php app/Config/bootstrap.php
sudo cp app/Config/database.default.php app/Config/database.php
sudo cp app/Config/core.default.php app/Config/core.php
sudo cp app/Config/config.default.php app/Config/config.php
Step 6: Install CakePHP
MISP uses the CakePHP framework. Install it and other components with the following commands:
sudo curl -s https://getcomposer.org/installer | php
sudo php composer.phar require kamisama/cake-resque:4.1.2
sudo php composer.phar config vendor-dir Vendor
sudo php composer.phar install
Step 7: Set Permissions and Enable Apache Mods
Finally, set the correct permissions, enable necessary Apache mods, and restart Apache:
sudo chown -R www-data:www-data /var/www/MISP
sudo chmod -R 750 /var/www/MISP
sudo chmod -R g+ws /var/www/MISP/app/tmp
sudo chmod -R g+ws /var/www/MISP/app/files
sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
sudo a2dismod status
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2dissite 000-default
sudo a2ensite misp
sudo systemctl restart apache2
Now, open your web browser and navigate to your server’s domain name or IP address to complete the MISP installation.
Please note: These are high-level instructions, and the specifics may vary depending on your server configuration. Be sure to consult the MISP installation documentation for more detailed instructions and troubleshooting.