정보보호 (Security)

SOC 구축: TheHive, Cortex 및 MISP 설치

날으는물고기 2024. 7. 27. 00:04

IR using the Hive Project. - SANS Internet Storm Center

TheHive와 Cortex를 연동하여 SOC(Security Operations Center) 운영을 계획하신다면, 기본적으로 Elasticsearch를 포함한 몇 가지 주요 구성 요소가 필요합니다. TheHive와 Cortex는 특히 사건(response)을 관리하고, 위협을 분석하며, 자동화된 대응을 지원하기 위해 설계된 도구들입니다. Elasticsearch는 이러한 도구들이 데이터를 저장하고 검색하는 데 필수적인 역할을 합니다.

 

다음은 TheHive와 Cortex 연동 및 SOC 운영을 위한 기본적인 구성 요소들입니다.

  1. Elasticsearch: TheHive와 Cortex 모두 Elasticsearch를 데이터 저장소로 사용합니다. 이는 빠른 검색과 데이터 분석을 위해 필수적입니다.
    • 설치 및 설정
      # Elasticsearch 설치
      wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-linux-x86_64.tar.gz
      tar -xzf elasticsearch-7.10.2-linux-x86_64.tar.gz
      cd elasticsearch-7.10.2
      ./bin/elasticsearch
  2. TheHive: 사건(response)을 관리하고, 분석가들이 협업할 수 있도록 도와주는 도구입니다.
    • 설치 및 설정
      # TheHive 설치
      wget https://dl.bintray.com/thehive-project/binary/thehive-4.0.4-1.zip
      unzip thehive-4.0.4-1.zip -d /opt/thehive
      cd /opt/thehive
      ./bin/thehive
  3. Cortex: 분석 작업을 자동화하고 다양한 분석 도구와 연동할 수 있도록 도와줍니다.
    • 설치 및 설정
      # Cortex 설치
      wget https://dl.bintray.com/thehive-project/binary/cortex-3.0.1-1.zip
      unzip cortex-3.0.1-1.zip -d /opt/cortex
      cd /opt/cortex
      ./bin/cortex

연동 설정

  1. TheHive 설정 파일 수정 (/etc/thehive/application.conf)
    play.modules.enabled += connectors.cortex.CortexConnector
    cortex {
      "name" = "Cortex-Server"
      "url" = "http://localhost:9001"
      "key" = "CORTEX_API_KEY"
    }
  2. Cortex 설정 파일 수정 (/etc/cortex/application.conf)
    cortex {
      "datastore" {
        "elasticSearch" {
          "uri" = "http://localhost:9200"
          "cluster" = "cortex"
        }
      }
    }

SOC 운영 시 고려 사항

  1. 데이터 백업 및 복구: Elasticsearch의 데이터를 정기적으로 백업하여 데이터 손실을 방지합니다.
  2. 보안 설정: Elasticsearch, TheHive, Cortex 모두에 대해 접근 제어와 인증을 설정하여 보안을 강화합니다.
  3. 성능 모니터링: Elasticsearch의 성능을 모니터링하고, 필요에 따라 클러스터를 확장하여 성능을 유지합니다.

위의 구성 요소와 설정을 통해 TheHive와 Cortex를 연동한 SOC 운영이 가능합니다. 기본 설정을 완료한 후, 특정 환경에 맞게 추가적인 튜닝과 설정이 필요할 수 있습니다.

 

TheHive와 Cortex를 Docker Compose를 사용하여 설정하면 더욱 쉽게 환경을 구성할 수 있습니다. 아래는 Docker Compose를 사용하여 TheHive와 Cortex를 Elasticsearch와 함께 설정하는 방법입니다.

Docker Compose 설정 파일 (docker-compose.yml)

이 파일은 Elasticsearch, TheHive, Cortex의 컨테이너를 정의합니다.

version: '3.7'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    container_name: elasticsearch
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms512m -Xmx512m
    ports:
      - "9200:9200"
    networks:
      - thehive

  thehive:
    image: thehiveproject/thehive:4.0.4-1
    container_name: thehive
    depends_on:
      - elasticsearch
    environment:
      - config.file=/etc/thehive/application.conf
    volumes:
      - ./thehive/application.conf:/etc/thehive/application.conf
    ports:
      - "9000:9000"
    networks:
      - thehive

  cortex:
    image: thehiveproject/cortex:3.0.1-1
    container_name: cortex
    depends_on:
      - elasticsearch
    environment:
      - config.file=/etc/cortex/application.conf
    volumes:
      - ./cortex/application.conf:/etc/cortex/application.conf
    ports:
      - "9001:9001"
    networks:
      - thehive

networks:
  thehive:
    driver: bridge

TheHive 설정 파일 (thehive/application.conf)

thehive/application.conf 파일을 생성하여 TheHive의 설정을 정의합니다.

play.modules.enabled += connectors.cortex.CortexConnector
cortex {
  servers = [
    {
      name = "Cortex-Server"
      url = "http://cortex:9001"
      key = "CORTEX_API_KEY"
      # SSL verification can be disabled if you use self-signed certificates
      # SSL verification can be disabled if you use self-signed certificates
      # You should always verify certificates if you use SSL in production
      # You can disable SSL verification with the following option
      # insecure = true
    }
  ]
}

Cortex 설정 파일 (cortex/application.conf)

cortex/application.conf 파일을 생성하여 Cortex의 설정을 정의합니다.

cortex {
  datastore {
    elasticsearch {
      cluster = "cortex"
      hosts = ["http://elasticsearch:9200"]
    }
  }
}

Docker Compose 실행

모든 파일을 준비한 후, Docker Compose를 사용하여 서비스를 시작합니다.

docker-compose up -d

Docker Compose가 성공적으로 실행되면, 다음 주소에서 각 서비스에 접근할 수 있습니다.

  • TheHive: http://localhost:9000
  • Cortex: http://localhost:9001
  • Elasticsearch: http://localhost:9200

API 키 생성

Cortex의 API 키를 생성하여 TheHive의 설정 파일에 추가해야 합니다. 다음과 같은 명령을 사용하여 Cortex의 API 키를 생성합니다.

curl -XPOST -H "Content-Type: application/json" -u <cortex-username>:<cortex-password> http://localhost:9001/api/user/<user-id>/key -d '{"name": "TheHive API Key"}'

생성된 API 키를 thehive/application.conf 파일의 key 항목에 추가합니다.

 

이제 Docker Compose를 사용하여 TheHive와 Cortex를 성공적으로 설정 및 연동하였습니다. 이 구성은 SOC 운영에 필요한 기본적인 환경을 제공합니다. 추가적인 설정이나 튜닝은 필요에 따라 진행하시면 됩니다.

 

Kubernetes 환경에서 TheHive와 Cortex를 설정하는 방법을 안내드리겠습니다. Kubernetes는 컨테이너화된 애플리케이션의 배포, 확장 및 관리를 자동화하는 데 도움이 되는 오케스트레이션 도구입니다.

1. Kubernetes 클러스터 준비

먼저 Kubernetes 클러스터가 준비되어 있어야 합니다. 클라우드 제공자(GKE, EKS, AKS 등)나 Minikube와 같은 로컬 환경에서 Kubernetes 클러스터를 사용할 수 있습니다.

2. Elasticsearch 배포

Elasticsearch를 Kubernetes에 배포합니다. Elasticsearch Helm 차트를 사용할 수 있습니다.

helm repo add elastic https://helm.elastic.co
helm repo update
helm install elasticsearch elastic/elasticsearch

3. TheHive 배포

TheHive를 Kubernetes에 배포하기 위해 Deployment와 Service를 정의합니다.

thehive-deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: thehive
spec:
  replicas: 1
  selector:
    matchLabels:
      app: thehive
  template:
    metadata:
      labels:
        app: thehive
    spec:
      containers:
      - name: thehive
        image: thehiveproject/thehive:4.0.4-1
        ports:
        - containerPort: 9000
        volumeMounts:
        - name: thehive-config
          mountPath: /etc/thehive/application.conf
          subPath: application.conf
      volumes:
      - name: thehive-config
        configMap:
          name: thehive-config
---
apiVersion: v1
kind: Service
metadata:
  name: thehive
spec:
  ports:
  - port: 9000
    targetPort: 9000
  selector:
    app: thehive

thehive-configmap.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: thehive-config
data:
  application.conf: |
    play.modules.enabled += connectors.cortex.CortexConnector
    cortex {
      servers = [
        {
          name = "Cortex-Server"
          url = "http://cortex:9001"
          key = "CORTEX_API_KEY"
        }
      ]
    }
    db {
      elasticsearch {
        cluster = "thehive"
        hosts = ["http://elasticsearch:9200"]
      }
    }

4. Cortex 배포

Cortex를 Kubernetes에 배포하기 위해 Deployment와 Service를 정의합니다.

cortex-deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cortex
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cortex
  template:
    metadata:
      labels:
        app: cortex
    spec:
      containers:
      - name: cortex
        image: thehiveproject/cortex:3.0.1-1
        ports:
        - containerPort: 9001
        volumeMounts:
        - name: cortex-config
          mountPath: /etc/cortex/application.conf
          subPath: application.conf
      volumes:
      - name: cortex-config
        configMap:
          name: cortex-config
---
apiVersion: v1
kind: Service
metadata:
  name: cortex
spec:
  ports:
  - port: 9001
    targetPort: 9001
  selector:
    app: cortex

cortex-configmap.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: cortex-config
data:
  application.conf: |
    cortex {
      datastore {
        elasticsearch {
          cluster = "cortex"
          hosts = ["http://elasticsearch:9200"]
        }
      }
    }

5. 리소스 배포

각 리소스 파일을 Kubernetes 클러스터에 배포합니다.

kubectl apply -f thehive-configmap.yml
kubectl apply -f thehive-deployment.yml
kubectl apply -f cortex-configmap.yml
kubectl apply -f cortex-deployment.yml

6. 서비스 확인

Kubernetes 클러스터에 배포된 서비스들을 확인합니다.

kubectl get services

각 서비스가 올바르게 배포되었는지 확인하고, 필요하다면 LoadBalancer나 Ingress를 사용하여 외부에서 접근할 수 있도록 설정합니다.

7. API 키 생성

Cortex의 API 키를 생성하여 TheHive 설정 파일에 추가해야 합니다. 다음과 같은 명령을 사용하여 Cortex의 API 키를 생성합니다.

curl -XPOST -H "Content-Type: application/json" -u <cortex-username>:<cortex-password> http://<cortex-service-ip>:9001/api/user/<user-id>/key -d '{"name": "TheHive API Key"}'

생성된 API 키를 thehive-configmap.yml 파일의 key 항목에 추가합니다.

 

Kubernetes 환경에서 TheHive와 Cortex를 설정 및 연동하였습니다. 이를 통해 SOC 운영에 필요한 기본적인 환경이 구축되었습니다. SOC(Security Operations Center) 구축을 위해 오픈소스 도구인 TheHive, Cortex, MISP는 각각 경고 관리, 분석, 위협 정보 공유 기능을 제공합니다.

 

이 과정을 통해 TheHive, Cortex, MISP를 하나의 가상 머신에서 설치하고, 상호 연결하여 SOC 환경을 구축할 수 있습니다. 이 도구들을 통해 경고 관리, 분석, 위협 정보 공유를 효과적으로 수행할 수 있습니다. 추가적으로 SOC 운영을 위한 다른 도구 설치와 구성도 진행할 수 있습니다.

이하 상세 과정 기록 참고용

필수 패키지를 설치합니다.

apt update
apt upgrade -y
apt install wget gnupg2 apt-transport-https git ca-certificates curl jq software-properties-common lsb-release python3-pip iproute2 -y

TheHive 설치를 위해 자동 설치 스크립트를 사용합니다.

wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh
sudo -v
bash /tmp/install.sh

옵션 2를 선택하여 설치를 진행합니다.

설치가 완료되면 http://<서버 IP>:9000으로 접속하여 TheHive 로그인 페이지를 확인합니다.

  • 기본 로그인 정보:
    • 아이디: admin@thehive.local
    • 비밀번호: secret

커뮤니티 라이선스를 사용하여 활성화합니다.

다음 명령어를 사용하여 Cortex 수동으로 설치합니다.

wget -qO- "https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cortex.gpg
wget -qO- https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg
echo 'deb https://deb.thehive-project.org release main' | tee -a /etc/apt/sources.list.d/thehive-project.list
apt update -y
apt install cortex -y

설정 파일을 수정합니다.

nano /etc/cortex/application.conf
play.http.secret.key="랜덤키"

Cortex 서비스를 활성화합니다.

systemctl enable --now cortex

Cortex가 포트 9001에서 정상적으로 실행되고 있는지 확인합니다.

ss -antpl | grep 9001

MISP 설치 스크립트 다운로드 및 실행합니다.

useradd -m 사용자명
passwd 사용자명
su - 사용자명
wget https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
chmod 755 INSTALL.sh
./INSTALL.sh -c -D

MISP 설치가 완료되면 https://<서버 IP>로 접속하여 초기 로그인 정보를 사용하여 로그인합니다.

  • 아이디: admin@admin.test
  • 비밀번호: admin

TheHive의 관리 메뉴에서 Cortex 서버를 추가합니다.

  • 서버 이름: cortex
  • 서버 URL: http://127.0.0.1:9001
  • API 키: Cortex 설치 시 생성한 API 키

TheHive의 관리 메뉴에서 MISP 서버를 추가합니다.

  • 서버 이름: misp
  • 서버 URL: https://<서버 IP>
  • API 키: MISP에서 생성한 API 키
  • 인증서 확인 옵션은 비활성화합니다.

TheHive 설치 로그

root@MISP01:~# wget -q -O /tmp/install.sh https://archives.strangebee.com/scripts/install.sh ; sudo -v ; bash /tmp/install.sh
2) Install TheHive
TheHive 설치가 완료되었습니다.
URL: http://<서버 IP>:9000
기본 로그인 정보:
아이디: admin@thehive.local
비밀번호: secret

Cortex 설치 로그

root@MISP01:~# wget -qO- "https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cortex.gpg
root@MISP01:~# wget -qO- https://raw.githubusercontent.com/TheHive-Project/Cortex/master/PGP-PUBLIC-KEY | gpg --dearmor -o /etc/apt/trusted.gpg.d/thehive.gpg
root@MISP01:~# echo 'deb https://deb.thehive-project.org release main' | tee -a /etc/apt/sources.list.d/thehive-project.list
deb https://deb.thehive-project.org release main
root@MISP01:~# apt update -y
Hit:1 https://apt.corretto.aws stable InRelease
Hit:2 https://artifacts.elastic.co/packages/7.x/apt stable InRelease                                                      
Get:3 https://deb.thehive-project.org release InRelease [2582 B]                                                          
Get:4 https://deb.thehive-project.org release/main amd64 Packages [1218 B]                                                
Hit:5 https://deb.strangebee.com thehive-5.2 InRelease                                                           
Hit:7 http://archive.ubuntu.com/ubuntu jammy InRelease                           
Get:8 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy-security InRelease [110 kB]         
Hit:6 https://apache.jfrog.io/artifactory/cassandra-deb 40x InRelease
Fetched 233 kB in 2s (133 kB/s)                        
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@MISP01:~# apt install cortex -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  alsa-topology-conf alsa-ucm-conf ca-certificates-java default-jre-headless libasound2 libasound2-data libavahi-client3
  libavahi-common-data libavahi-common3 libcups2 libgraphite2-3 libharfbuzz0b liblcms2-2 libnspr4 libnss3 libpcsclite1
  openjdk-11-jre-headless
Suggested packages:
  default-jre libasound2-plugins alsa-utils cups-common liblcms2-utils pcscd libnss-mdns fonts-dejavu-extra
  fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei | fonts-wqy-zenhei fonts-indic
The following NEW packages will be installed:
  alsa-topology-conf alsa-ucm-conf ca-certificates-java cortex default-jre-headless libasound2 libasound2-data
  libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libgraphite2-3 libharfbuzz0b liblcms2-2 libnspr4
  libnss3 libpcsclite1 openjdk-11-jre-headless
0 upgraded, 18 newly installed, 0 to remove and 0 not upgraded.
Need to get 150 MB of archives.
After this operation, 290 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 alsa-topology-conf all 1.2.5.1-2 [15.5 kB]
Get:2 https://deb.thehive-project.org release/main amd64 cortex all 3.1.8-1 [105 MB]
Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 libasound2-data all 1.2.6.1-1ubuntu1 [19.1 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 libasound2 amd64 1.2.6.1-1ubuntu1 [390 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 alsa-ucm-conf all 1.2.6.3-1ubuntu1.10 [43.4 kB]
Get:6 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libavahi-common-data amd64 0.8-5ubuntu5.2 [23.8 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libavahi-common3 amd64 0.8-5ubuntu5.2 [23.9 kB]
Get:8 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libavahi-client3 amd64 0.8-5ubuntu5.2 [28.0 kB]
Get:9 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libcups2 amd64 2.4.1op1-1ubuntu4.7 [264 kB]
Get:10 http://archive.ubuntu.com/ubuntu jammy/main amd64 liblcms2-2 amd64 2.12~rc1-2build2 [159 kB]
Get:11 http://archive.ubuntu.com/ubuntu jammy/main amd64 libnspr4 amd64 2:4.32-3build1 [119 kB]
Get:12 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libnss3 amd64 2:3.68.2-0ubuntu1.2 [1280 kB]
Get:13 http://archive.ubuntu.com/ubuntu jammy/main amd64 libgraphite2-3 amd64 1.3.14-1build2 [71.3 kB]
Get:14 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libharfbuzz0b amd64 2.7.4-1ubuntu3.1 [352 kB]
Get:15 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 libpcsclite1 amd64 1.9.5-3ubuntu1 [19.8 kB]
Get:16 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 openjdk-11-jre-headless amd64 11.0.21+9-0ubuntu1~22.04 [42.5 MB]
Get:17 http://archive.ubuntu.com/ubuntu jammy/main amd64 default-jre-headless amd64 2:1.11-72build2 [3042 B]              
Get:18 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates-java all 20190909ubuntu1.2 [12.1 kB]     
Fetched 150 MB in 23s (6544 kB/s)                                                                                         
Selecting previously unselected package alsa-topology-conf.
(Reading database ... 31131 files and directories currently installed.)
Preparing to unpack .../00-alsa-topology-conf_1.2.5.1-2_all.deb ...
Unpacking alsa-topology-conf (1.2.5.1-2) ...
Selecting previously unselected package libasound2-data.
Preparing to unpack .../01-libasound2-data_1.2.6.1-1ubuntu1_all.deb ...
Unpacking libasound2-data (1.2.6.1-1ubuntu1) ...
Selecting previously unselected package libasound2:amd64.
Preparing to unpack .../02-libasound2_1.2.6.1-1ubuntu1_amd64.deb ...
Unpacking libasound2:amd64 (1.2.6.1-1ubuntu1) ...
Selecting previously unselected package alsa-ucm-conf.
Preparing to unpack .../03-alsa-ucm-conf_1.2.6.3-1ubuntu1.10_all.deb ...
Unpacking alsa-ucm-conf (1.2.6.3-1ubuntu1.10) ...
Selecting previously unselected package libavahi-common-data:amd64.
Preparing to unpack .../04-libavahi-common-data_0.8-5ubuntu5.2_amd64.deb ...
Unpacking libavahi-common-data:amd64 (0.8-5ubuntu5.2) ...
Selecting previously unselected package libavahi-common3:amd64.
Preparing to unpack .../05-libavahi-common3_0.8-5ubuntu5.2_amd64.deb ...
Unpacking libavahi-common3:amd64 (0.8-5ubuntu5.2) ...
Selecting previously unselected package libavahi-client3:amd64.
Preparing to unpack .../06-libavahi-client3_0.8-5ubuntu5.2_amd64.deb ...
Unpacking libavahi-client3:amd64 (0.8-5ubuntu5.2) ...
Selecting previously unselected package libcups2:amd64.
Preparing to unpack .../07-libcups2_2.4.1op1-1ubuntu4.7_amd64.deb ...
Unpacking libcups2:amd64 (2.4.1op1-1ubuntu4.7) ...
Selecting previously unselected package liblcms2-2:amd64.
Preparing to unpack .../08-liblcms2-2_2.12~rc1-2build2_amd64.deb ...
Unpacking liblcms2-2:amd64 (2.12~rc1-2build2) ...
Selecting previously unselected package libnspr4:amd64.
Preparing to unpack .../09-libnspr4_2%3a4.32-3build1_amd64.deb ...
Unpacking libnspr4:amd64 (2:4.32-3build1) ...
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../10-libnss3_2%3a3.68.2-0ubuntu1.2_amd64.deb ...
Unpacking libnss3:amd64 (2:3.68.2-0ubuntu1.2) ...
Selecting previously unselected package libgraphite2-3:amd64.
Preparing to unpack .../11-libgraphite2-3_1.3.14-1build2_amd64.deb ...
Unpacking libgraphite2-3:amd64 (1.3.14-1build2) ...
Selecting previously unselected package libharfbuzz0b:amd64.
Preparing to unpack .../12-libharfbuzz0b_2.7.4-1ubuntu3.1_amd64.deb ...
Unpacking libharfbuzz0b:amd64 (2.7.4-1ubuntu3.1) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../13-libpcsclite1_1.9.5-3ubuntu1_amd64.deb ...
Unpacking libpcsclite1:amd64 (1.9.5-3ubuntu1) ...
Selecting previously unselected package openjdk-11-jre-headless:amd64.
Preparing to unpack .../14-openjdk-11-jre-headless_11.0.21+9-0ubuntu1~22.04_amd64.deb ...
Unpacking openjdk-11-jre-headless:amd64 (11.0.21+9-0ubuntu1~22.04) ...
Selecting previously unselected package default-jre-headless.
Preparing to unpack .../15-default-jre-headless_2%3a1.11-72build2_amd64.deb ...
Unpacking default-jre-headless (2:1.11-72build2) ...
Selecting previously unselected package ca-certificates-java.
Preparing to unpack .../16-ca-certificates-java_20190909ubuntu1.2_all.deb ...
Unpacking ca-certificates-java (20190909ubuntu1.2) ...
Selecting previously unselected package cortex.
Preparing to unpack .../17-cortex_3.1.8-1_all.deb ...
Unpacking cortex (3.1.8-1) ...
Setting up libgraphite2-3:amd64 (1.3.14-1build2) ...
Setting up liblcms2-2:amd64 (2.12~rc1-2build2) ...
Setting up libasound2-data (1.2.6.1-1ubuntu1) ...
Setting up libnspr4:amd64 (2:4.32-3build1) ...
Setting up libavahi-common-data:amd64 (0.8-5ubuntu5.2) ...
Setting up libpcsclite1:amd64 (1.9.5-3ubuntu1) ...
Setting up alsa-topology-conf (1.2.5.1-2) ...
Setting up libasound2:amd64 (1.2.6.1-1ubuntu1) ...
Setting up libharfbuzz0b:amd64 (2.7.4-1ubuntu3.1) ...
Setting up alsa-ucm-conf (1.2.6.3-1ubuntu1.10) ...
Setting up libavahi-common3:amd64 (0.8-5ubuntu5.2) ...
Setting up libnss3:amd64 (2:3.68.2-0ubuntu1.2) ...
Setting up ca-certificates-java (20190909ubuntu1.2) ...
head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Adding debian:GlobalSign_Root_E46.pem
Adding debian:AffirmTrust_Commercial.pem
Adding debian:Buypass_Class_2_Root_CA.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:QuoVadis_Root_CA_2.pem
Adding debian:QuoVadis_Root_CA_2_G3.pem
Adding debian:vTrus_ECC_Root_CA.pem
Adding debian:GlobalSign_Root_CA_-_R6.pem
Adding debian:UCA_Extended_Validation_Root.pem
Adding debian:HiPKI_Root_CA_-_G1.pem
Adding debian:DigiCert_Global_Root_G2.pem
Adding debian:Certigna.pem
Adding debian:Baltimore_CyberTrust_Root.pem
Adding debian:Comodo_AAA_Services_root.pem
Adding debian:Go_Daddy_Class_2_CA.pem
Adding debian:GTS_Root_R2.pem
Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem
Adding debian:Trustwave_Global_Certification_Authority.pem
Adding debian:ISRG_Root_X2.pem
Adding debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Adding debian:ssl-cert-snakeoil.pem
Adding debian:ePKI_Root_Certification_Authority.pem
Adding debian:Security_Communication_RootCA2.pem
Adding debian:Amazon_Root_CA_2.pem
Adding debian:SwissSign_Gold_CA_-_G2.pem
Adding debian:Certum_EC-384_CA.pem
Adding debian:USERTrust_ECC_Certification_Authority.pem
Adding debian:HARICA_TLS_ECC_Root_CA_2021.pem
Adding debian:D-TRUST_BR_Root_CA_1_2020.pem
Adding debian:DigiCert_Global_Root_G3.pem
Adding debian:Actalis_Authentication_Root_CA.pem
Adding debian:AC_RAIZ_FNMT-RCM.pem
Adding debian:DigiCert_Assured_ID_Root_CA.pem
Adding debian:QuoVadis_Root_CA_3.pem
Adding debian:XRamp_Global_CA_Root.pem
Adding debian:Certainly_Root_R1.pem
Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding debian:Atos_TrustedRoot_2011.pem
Adding debian:SSL.com_Root_Certification_Authority_ECC.pem
Adding debian:E-Tugra_Certification_Authority.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding debian:Security_Communication_RootCA3.pem
Adding debian:Amazon_Root_CA_3.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:TunTrust_Root_CA.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:AffirmTrust_Premium.pem
Adding debian:Telia_Root_CA_v2.pem
Adding debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
Adding debian:Hongkong_Post_Root_CA_3.pem
Adding debian:GlobalSign_Root_R46.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem
Adding debian:GTS_Root_R3.pem
Adding debian:certSIGN_ROOT_CA.pem
Adding debian:COMODO_ECC_Certification_Authority.pem
Adding debian:Certigna_Root_CA.pem
Adding debian:GTS_Root_R4.pem
Adding debian:emSign_Root_CA_-_C1.pem
Adding debian:COMODO_RSA_Certification_Authority.pem
Adding debian:e-Szigno_Root_CA_2017.pem
Adding debian:emSign_ECC_Root_CA_-_G3.pem
Adding debian:DigiCert_Assured_ID_Root_G3.pem
Adding debian:SZAFIR_ROOT_CA2.pem
Adding debian:DigiCert_TLS_ECC_P384_Root_G5.pem
Adding debian:GlobalSign_Root_CA.pem
Adding debian:Entrust_Root_Certification_Authority_-_G4.pem
Adding debian:DigiCert_Global_Root_CA.pem
Adding debian:UCA_Global_G2_Root.pem
Adding debian:emSign_ECC_Root_CA_-_C3.pem
Adding debian:Certum_Trusted_Network_CA.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem
Adding debian:DigiCert_TLS_RSA4096_Root_G5.pem
Adding debian:emSign_Root_CA_-_G1.pem
Adding debian:E-Tugra_Global_Root_CA_ECC_v3.pem
Adding debian:ACCVRAIZ1.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem
Adding debian:IdenTrust_Commercial_Root_CA_1.pem
Adding debian:Secure_Global_CA.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Adding debian:SwissSign_Silver_CA_-_G2.pem
Adding debian:GlobalSign_Root_CA_-_R3.pem
Adding debian:TWCA_Global_Root_CA.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:Certainly_Root_E1.pem
Adding debian:GLOBALTRUST_2020.pem
Adding debian:Starfield_Class_2_CA.pem
Adding debian:vTrus_Root_CA.pem
Adding debian:Entrust_Root_Certification_Authority.pem
Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Adding debian:AffirmTrust_Premium_ECC.pem
Adding debian:GTS_Root_R1.pem
Adding debian:HARICA_TLS_RSA_Root_CA_2021.pem
Adding debian:E-Tugra_Global_Root_CA_RSA_v3.pem
Adding debian:SSL.com_Root_Certification_Authority_RSA.pem
Adding debian:Certum_Trusted_Root_CA.pem
Adding debian:TeliaSonera_Root_CA_v1.pem
Adding debian:ISRG_Root_X1.pem
Adding debian:Hongkong_Post_Root_CA_1.pem
Adding debian:SecureTrust_CA.pem
Adding debian:D-TRUST_EV_Root_CA_1_2020.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem
Adding debian:QuoVadis_Root_CA_3_G3.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:Entrust_Root_Certification_Authority_-_G2.pem
Adding debian:certSIGN_Root_CA_G2.pem
Adding debian:Amazon_Root_CA_1.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:ANF_Secure_Server_Root_CA.pem
Adding debian:DigiCert_Assured_ID_Root_G2.pem
Adding debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Adding debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding debian:GDCA_TrustAUTH_R5_ROOT.pem
Adding debian:Izenpe.com.pem
Adding debian:AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:QuoVadis_Root_CA_1_G3.pem
Adding debian:Certum_Trusted_Network_CA_2.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:Security_Communication_Root_CA.pem
Adding debian:NAVER_Global_Root_Certification_Authority.pem
Adding debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Adding debian:DigiCert_Trusted_Root_G4.pem
Adding debian:T-TeleSec_GlobalRoot_Class_3.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:Security_Communication_ECC_RootCA1.pem
Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Adding debian:TWCA_Root_Certification_Authority.pem
done.
Setting up libavahi-client3:amd64 (0.8-5ubuntu5.2) ...
Setting up libcups2:amd64 (2.4.1op1-1ubuntu4.7) ...
Setting up default-jre-headless (2:1.11-72build2) ...
Setting up openjdk-11-jre-headless:amd64 (11.0.21+9-0ubuntu1~22.04) ...
update-alternatives: using /usr/lib/jvm/java-11-openjdk-amd64/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
Setting up cortex (3.1.8-1) ...
Creating system group: cortex
Creating system user: cortex in cortex with cortex daemon-user and shell /bin/false
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Processing triggers for ca-certificates (20230311ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done.
done.
root@MISP01:~# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
fx5hbiI2YM8MBNx6ZLmUmCnYJmw59lQPdKRNChskEjLmTD9hJhdyjQfYeaQjFD34

MISP 설치 로그

root@MISP01:/tmp# useradd -m elblogdenegu
root@MISP01:/tmp# passwd elblogdenegu
New password: 
Retype new password: 
passwd: password updated successfully
root@MISP01:/tmp# sudo su - elblogdenegu
elblogdenegu@MISP01:~$ wget https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
--2024-02-04 18:34:49--  https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.110.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 161265 (157K) [text/plain]
Saving to: ‘INSTALL.sh’

INSTALL.sh                     100%[===================================================>] 157.49K  --.-KB/s    in 0.05s   

2024-02-04 18:34:49 (3.38 MB/s) - ‘INSTALL.sh’ saved [161265/161265]
elblogdenegu@MISP01:~$ chmod 755 INSTALL.sh 
elblogdenegu@MISP01:~$ ls -l
total 69
-rwxr-xr-x 1 elblogdenegu elblogdenegu 161265 Feb 04 18:34 INSTALL.sh
elblogdenegu@MISP01:~$ ./INSTALL.sh -c -D
......
 CMake.

  Update the VERSION argument <min> value or use a ...<max> suffix to tell
  CMake that the project does not need compatibility with older versions.


-- The C compiler identification is GNU 11.4.0
-- The CXX compiler identification is GNU 11.4.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake system name: Linux
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.2") 
pkg config path:
-- Checking for module 'caca'
--   Found caca, version 0.99.beta19
libcaca link library: -L/usr/lib/x86_64-linux-gnu;-lcaca
CMake system: Linux
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/gtcaca/build
[  4%] Building C object src/CMakeFiles/gtcaca.dir/main.c.o
[  9%] Building C object src/CMakeFiles/gtcaca.dir/iniparse.c.o
/tmp/gtcaca/src/iniparse.c: In function ‘_add_section_key_value’:
/tmp/gtcaca/src/iniparse.c:49:3: warning: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
   49 |   asprintf(&gkey, "%s.%s", section, key);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ 14%] Building C object src/CMakeFiles/gtcaca.dir/log.c.o
[ 19%] Building C object src/CMakeFiles/gtcaca.dir/application.c.o
[ 23%] Building C object src/CMakeFiles/gtcaca.dir/button.c.o
[ 28%] Building C object src/CMakeFiles/gtcaca.dir/label.c.o
[ 33%] Building C object src/CMakeFiles/gtcaca.dir/textlist.c.o
[ 38%] Building C object src/CMakeFiles/gtcaca.dir/theme.c.o
/tmp/gtcaca/src/theme.c: In function ‘gtcaca_theme_parse_ini’:
/tmp/gtcaca/src/theme.c:99:3: warning: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
   99 |   asprintf(&theme_fullpath, "%s/themes/%s", GTCACA_DATA_DIR, theme);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ 42%] Building C object src/CMakeFiles/gtcaca.dir/widget.c.o
[ 47%] Building C object src/CMakeFiles/gtcaca.dir/window.c.o
[ 52%] Linking C shared library libgtcaca.so
[ 52%] Built target gtcaca
[ 57%] Building C object tests/CMakeFiles/tcaca.dir/tcaca.c.o
[ 61%] Linking C executable tcaca
[ 61%] Built target tcaca
[ 66%] Building C object tests/CMakeFiles/simple.dir/simple.c.o
[ 71%] Linking C executable simple
[ 71%] Built target simple
[ 76%] Building C object tests/CMakeFiles/textlist.dir/textlist.c.o
[ 80%] Linking C executable textlist
[ 80%] Built target textlist
[ 85%] Building C object tests/CMakeFiles/2textlists2windows.dir/2textlists2windows.c.o
[ 90%] Linking C executable 2textlists2windows
[ 90%] Built target 2textlists2windows
[ 95%] Building C object tests/CMakeFiles/button.dir/button.c.o
[100%] Linking C executable button
[100%] Built target button
Consolidate compiler generated dependencies of target gtcaca
[ 52%] Built target gtcaca
Consolidate compiler generated dependencies of target tcaca
[ 61%] Built target tcaca
Consolidate compiler generated dependencies of target simple
[ 71%] Built target simple
Consolidate compiler generated dependencies of target textlist
[ 80%] Built target textlist
Consolidate compiler generated dependencies of target 2textlists2windows
[ 90%] Built target 2textlists2windows
Consolidate compiler generated dependencies of target button
[100%] Built target button
Install the project...
-- Install configuration: "Debug"
-- Installing: /usr/local/lib/pkgconfig/gtcaca.pc
-- Installing: /usr/local/lib/libgtcaca.so.1
-- Installing: /usr/local/lib/libgtcaca.so
-- Installing: /usr/local/include/gtcaca/application.h
-- Installing: /usr/local/include/gtcaca/button.h
-- Installing: /usr/local/include/gtcaca/iniparse.h
-- Installing: /usr/local/include/gtcaca/label.h
-- Installing: /usr/local/include/gtcaca/log.h
-- Installing: /usr/local/include/gtcaca/main.h
-- Installing: /usr/local/include/gtcaca/textlist.h
-- Installing: /usr/local/include/gtcaca/theme.h
-- Installing: /usr/local/include/gtcaca/utarray.h
-- Installing: /usr/local/include/gtcaca/utlist.h
-- Installing: /usr/local/include/gtcaca/widget.h
-- Installing: /usr/local/include/gtcaca/window.h
CMake Deprecation Warning at CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 2.8.12 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value or use a ...<max> suffix to tell
  CMake that the project does not need compatibility with older versions.


-- The C compiler identification is GNU 11.4.0
-- The CXX compiler identification is GNU 11.4.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake system name: Linux
-- Compile mode: Release
-- Lua support: disabled
-- Built-in Web Server: disabled
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.2") 
-- Looking for vsnprintf
-- Looking for vsnprintf - found
-- Looking for snprintf
-- Looking for snprintf - found
-- Checking for module 'libcjson'
--   No package 'libcjson' found
cJSON not found, json tests will not be enabled
CMake Warning at CMakeLists.txt:117 (find_package):
  By not providing "FindCIVETWEB.cmake" in CMAKE_MODULE_PATH this project has
  asked CMake to find a package configuration file provided by "CIVETWEB",
  but CMake did not find one.

  Could not find a package configuration file provided by "CIVETWEB" with any
  of the following names:

    CIVETWEBConfig.cmake
    civetweb-config.cmake

  Add the installation prefix of "CIVETWEB" to CMAKE_PREFIX_PATH or set
  "CIVETWEB_DIR" to a directory containing one of the above files.  If
  "CIVETWEB" provides a separate development package or SDK, be sure it has
  been installed.


CMake system: Linux
Discovered distribution type: debian
Version: 1.6
Version Major: 1
Version Minor: 6
Mandir: share/man
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/faup/build
[  1%] Building C object src/lib/CMakeFiles/faup_static.dir/miniz/miniz.c.o
[  3%] Building C object src/lib/CMakeFiles/faup_static.dir/miniz/miniz_zip.c.o
/tmp/faup/src/lib/miniz/miniz_zip.c:132:9: note: ‘#pragma message: Using fopen, ftello, fseeko, stat() etc. path for file I/O - this path may not support large files.’
  132 | #pragma message("Using fopen, ftello, fseeko, stat() etc. path for file I/O - this path may not support large files.")
      |         ^~~~~~~
[  5%] Building C object src/lib/CMakeFiles/faup_static.dir/miniz/miniz_tinfl.c.o
[  7%] Building C object src/lib/CMakeFiles/faup_static.dir/miniz/miniz_tdef.c.o
[  9%] Building C object src/lib/CMakeFiles/faup_static.dir/b64/cencode.c.o
[ 11%] Building C object src/lib/CMakeFiles/faup_static.dir/b64/cdecode.c.o
[ 13%] Building C object src/lib/CMakeFiles/faup_static.dir/hash/hash.c.o
[ 15%] Building C object src/lib/CMakeFiles/faup_static.dir/hash/htable.c.o
[ 16%] Building C object src/lib/CMakeFiles/faup_static.dir/datadir.c.o
[ 18%] Building C object src/lib/CMakeFiles/faup_static.dir/decode.c.o
[ 20%] Building C object src/lib/CMakeFiles/faup_static.dir/features.c.o
[ 22%] Building C object src/lib/CMakeFiles/faup_static.dir/faup.c.o
[ 24%] Building C object src/lib/CMakeFiles/faup_static.dir/options.c.o
[ 26%] Building C object src/lib/CMakeFiles/faup_static.dir/output.c.o
[ 28%] Building C object src/lib/CMakeFiles/faup_static.dir/portable.c.o
[ 30%] Building C object src/lib/CMakeFiles/faup_static.dir/snapshot.c.o
[ 32%] Building C object src/lib/CMakeFiles/faup_static.dir/snapshot-file.c.o
[ 33%] Building C object src/lib/CMakeFiles/faup_static.dir/tld.c.o
[ 35%] Building C object src/lib/CMakeFiles/faup_static.dir/tld-tree.c.o
[ 37%] Building C object src/lib/CMakeFiles/faup_static.dir/utils.c.o
[ 39%] Linking C static library libfaup_static.a
[ 39%] Built target faup_static
[ 41%] Building C object src/lib/CMakeFiles/faupl.dir/miniz/miniz.c.o
[ 43%] Building C object src/lib/CMakeFiles/faupl.dir/miniz/miniz_zip.c.o
/tmp/faup/src/lib/miniz/miniz_zip.c:132:9: note: ‘#pragma message: Using fopen, ftello, fseeko, stat() etc. path for file I/O - this path may not support large files.’
  132 | #pragma message("Using fopen, ftello, fseeko, stat() etc. path for file I/O - this path may not support large files.")
      |         ^~~~~~~
[ 45%] Building C object src/lib/CMakeFiles/faupl.dir/miniz/miniz_tinfl.c.o
[ 47%] Building C object src/lib/CMakeFiles/faupl.dir/miniz/miniz_tdef.c.o
[ 49%] Building C object src/lib/CMakeFiles/faupl.dir/b64/cencode.c.o
[ 50%] Building C object src/lib/CMakeFiles/faupl.dir/b64/cdecode.c.o
[ 52%] Building C object src/lib/CMakeFiles/faupl.dir/hash/hash.c.o
[ 54%] Building C object src/lib/CMakeFiles/faupl.dir/hash/htable.c.o
[ 56%] Building C object src/lib/CMakeFiles/faupl.dir/datadir.c.o
[ 58%] Building C object src/lib/CMakeFiles/faupl.dir/decode.c.o
[ 60%] Building C object src/lib/CMakeFiles/faupl.dir/features.c.o
[ 62%] Building C object src/lib/CMakeFiles/faupl.dir/faup.c.o
[ 64%] Building C object src/lib/CMakeFiles/faupl.dir/options.c.o
[ 66%] Building C object src/lib/CMakeFiles/faupl.dir/output.c.o
[ 67%] Building C object src/lib/CMakeFiles/faupl.dir/portable.c.o
[ 69%] Building C object src/lib/CMakeFiles/faupl.dir/snapshot.c.o
[ 71%] Building C object src/lib/CMakeFiles/faupl.dir/snapshot-file.c.o
[ 73%] Building C object src/lib/CMakeFiles/faupl.dir/tld.c.o
[ 75%] Building C object src/lib/CMakeFiles/faupl.dir/tld-tree.c.o
[ 77%] Building C object src/lib/CMakeFiles/faupl.dir/utils.c.o
[ 79%] Linking C shared library libfaupl.so
[ 79%] Built target faupl
[ 81%] Building C object src/tools/CMakeFiles/faup.dir/faup.c.o
In file included from /usr/include/signal.h:25,
                 from /tmp/faup/src/tools/faup.c:11:
/usr/include/features.h:194:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]
  194 | # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
      |   ^~~~~~~
[ 83%] Building C object src/tools/CMakeFiles/faup.dir/shell.c.o
[ 84%] Linking C executable faup
[ 84%] Built target faup
[ 86%] Building C object src/tests/CMakeFiles/issue36.dir/issue36.c.o
[ 88%] Linking C executable issue36
[ 88%] Built target issue36
[ 90%] Building C object src/tests/CMakeFiles/issue120.dir/issue120.c.o
[ 92%] Linking C executable issue120
[ 92%] Built target issue120
[ 94%] Building C object src/tests/CMakeFiles/snapshot.dir/snapshot.c.o
[ 96%] Linking C executable snapshot
[ 96%] Built target snapshot
[ 98%] Building C object src/tests/CMakeFiles/hashtable.dir/hashtable.c.o
[100%] Linking C executable hashtable
[100%] Built target hashtable
Consolidate compiler generated dependencies of target faup_static
[ 39%] Built target faup_static
Consolidate compiler generated dependencies of target faupl
[ 79%] Built target faupl
Consolidate compiler generated dependencies of target faup
[ 84%] Built target faup
Consolidate compiler generated dependencies of target issue36
[ 88%] Built target issue36
Consolidate compiler generated dependencies of target issue120
[ 92%] Built target issue120
Consolidate compiler generated dependencies of target snapshot
[ 96%] Built target snapshot
Consolidate compiler generated dependencies of target hashtable
[100%] Built target hashtable
Install the project...
-- Install configuration: "Debug"
-- Installing: /usr/local/lib/pkgconfig/faup.pc
-- Installing: /usr/local/include/faup/version.h
-- Installing: /usr/local/share/man/man1/faup.1
-- Installing: /usr/local/share/faup/mozilla.tlds
-- Installing: /usr/local/share/faup/README.txt
-- Installing: /usr/local/lib/libfaupl.so.1
-- Installing: /usr/local/lib/libfaupl.so
-- Installing: /usr/local/include/faup/compat.h
-- Installing: /usr/local/include/faup/datadir.h
-- Installing: /usr/local/include/faup/decode.h
-- Installing: /usr/local/include/faup/errors.h
-- Installing: /usr/local/include/faup/faup.h
-- Installing: /usr/local/include/faup/features.h
-- Installing: /usr/local/include/faup/handler.h
-- Installing: /usr/local/include/faup/options.h
-- Installing: /usr/local/include/faup/output.h
-- Installing: /usr/local/include/faup/portable.h
-- Installing: /usr/local/include/faup/return-codes.h
-- Installing: /usr/local/include/faup/scheme-codes.h
-- Installing: /usr/local/include/faup/snapshot.h
-- Installing: /usr/local/include/faup/snapshot-file.h
-- Installing: /usr/local/include/faup/tld.h
-- Installing: /usr/local/include/faup/tld-tree.h
-- Installing: /usr/local/include/faup/urllengths.h
-- Installing: /usr/local/include/faup/utils.h
-- Installing: /usr/local/include/faup/webserver.h
-- Installing: /usr/local/share/faup/modules_available/emulation_ie.lua
-- Installing: /usr/local/share/faup/modules_available/ipv4toint.lua
-- Installing: /usr/local/share/faup/modules_available/printcsv.lua
-- Installing: /usr/local/share/faup/modules_available/redis-url-threatintel.lua
-- Installing: /usr/local/share/faup/modules_available/writeall.lua
-- Installing: /usr/local/share/faup/modules_available/writeinput.lua
-- Installing: /usr/local/share/faup/modules_available/uppercase.lua
-- Installing: /usr/local/share/faup/modules_enabled
-- Installing: /usr/local/bin/faup
-- Set runtime path of "/usr/local/bin/faup" to ""
apt is maybe locked, waiting 3 seconds.
Collecting git+https://github.com/kbandla/pydeep.git
  Cloning https://github.com/kbandla/pydeep.git to /tmp/pip-req-build-65wqqg7s
  Running command git clone --filter=blob:none --quiet https://github.com/kbandla/pydeep.git /tmp/pip-req-build-65wqqg7s
  Resolved https://github.com/kbandla/pydeep.git to commit 010b444245bf66545119ce7dc561ee36a62dd5f5
  Preparing metadata (setup.py) ... done
Building wheels for collected packages: pydeep
  Building wheel for pydeep (setup.py) ... done
  Created wheel for pydeep: filename=pydeep-0.4-cp310-cp310-linux_x86_64.whl size=12196 sha256=57f452d98d49a954d626bcba0a3d2f697bad7050c422ad22fd6329c1e29bc87d
  Stored in directory: /tmp/pip-ephem-wheel-cache-2caxqh5r/wheels/09/48/d1/0aa73f65971f20d70caad445493e9c5b2392e2aa6c0d7d0400
Successfully built pydeep
Installing collected packages: pydeep
Successfully installed pydeep-0.4
Collecting lief
  Downloading lief-0.14.1-cp310-cp310-manylinux_2_28_x86_64.manylinux_2_27_x86_64.whl (2.7 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.7/2.7 MB 36.0 MB/s eta 0:00:00
Installing collected packages: lief
Successfully installed lief-0.14.1
Collecting zmq
  Downloading zmq-0.0.0.zip (2.2 kB)
  Preparing metadata (setup.py) ... done
Collecting redis
  Downloading redis-5.0.1-py3-none-any.whl (250 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 250.3/250.3 KB 5.9 MB/s eta 0:00:00
Collecting pyzmq
  Downloading pyzmq-25.1.2-cp310-cp310-manylinux_2_28_x86_64.whl (1.1 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.1/1.1 MB 9.3 MB/s eta 0:00:00
Collecting async-timeout>=4.0.2
  Downloading async_timeout-4.0.3-py3-none-any.whl (5.7 kB)
Building wheels for collected packages: zmq
  Building wheel for zmq (setup.py) ... done
  Created wheel for zmq: filename=zmq-0.0.0-py3-none-any.whl size=1275 sha256=4e97e8814d0f0b1df9c5342781beaccc0affb3d2531a0501293cdbce03c0a627
  Stored in directory: /var/www/.cache/pip/wheels/ab/c5/fe/d853f71843cae26c123d37a7a5934baac20fc66f35a913951d
Successfully built zmq
Installing collected packages: pyzmq, async-timeout, zmq, redis
Successfully installed async-timeout-4.0.3 pyzmq-25.1.2 redis-5.0.1 zmq-0.0.0
Collecting python-magic
  Downloading python_magic-0.4.27-py2.py3-none-any.whl (13 kB)
Installing collected packages: python-magic
Successfully installed python-magic-0.4.27
Collecting plyara
  Downloading plyara-2.1.1-py3-none-any.whl (23 kB)
Collecting ply>=3.11
  Downloading ply-3.11-py2.py3-none-any.whl (49 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 49.6/49.6 KB 5.2 MB/s eta 0:00:00
Installing collected packages: ply, plyara
Successfully installed ply-3.11 plyara-2.1.1
#############################  (28%)
Next step: Installing CakePHP
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 70 installs, 0 updates, 0 removals
  - Locking bacon/bacon-qr-code (2.0.8)
  - Locking beberlei/assert (v3.3.2)
  - Locking browscap/browscap-php (5.1.0)
  - Locking cakephp/debug_kit (2.2.9)
  - Locking composer/ca-bundle (1.4.0)
  - Locking composer/installers (v1.12.0)
  - Locking dasprid/enum (1.0.5)
  - Locking daverandom/exceptional-json (v1.0.4)
  - Locking doctrine/cache (1.13.0)
  - Locking doctrine/instantiator (1.5.0)
  - Locking geoip2/geoip2 (v2.13.0)
  - Locking guzzlehttp/guzzle (7.8.1)
  - Locking guzzlehttp/promises (2.0.2)
  - Locking guzzlehttp/psr7 (2.6.2)
  - Locking kamisama/cake-resque (4.1.2)
  - Locking kamisama/monolog-init (0.2.1)
  - Locking kamisama/php-resque-ex (1.3.0)
  - Locking kamisama/php-resque-ex-scheduler (1.2.3)
  - Locking kamisama/resque-status (0.0.2)
  - Locking maxmind-db/reader (v1.11.1)
  - Locking maxmind/web-service-common (v0.9.0)
  - Locking monolog/monolog (1.25.3)
  - Locking myclabs/deep-copy (1.11.1)
  - Locking paragonie/constant_time_encoding (v2.6.3)
  - Locking pear/console_commandline (v1.2.6)
  - Locking pear/crypt_gpg (v1.6.7)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phar-io/manifest (2.0.3)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.2)
  - Locking phpunit/php-code-coverage (7.0.15)
  - Locking phpunit/php-file-iterator (2.0.5)
  - Locking phpunit/php-text-template (1.2.1)
  - Locking phpunit/php-timer (2.1.3)
  - Locking phpunit/php-token-stream (4.0.4)
  - Locking phpunit/phpunit (8.5.36)
  - Locking psr/container (1.1.2)
  - Locking psr/http-client (1.0.3)
  - Locking psr/http-factory (1.0.2)
  - Locking psr/http-message (2.0)
  - Locking psr/log (1.1.4)
  - Locking psr/simple-cache (1.0.1)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking roave/doctrine-simplecache (2.5.0)
  - Locking sebastian/code-unit-reverse-lookup (1.0.2)
  - Locking sebastian/comparator (3.0.5)
  - Locking sebastian/diff (3.0.4)
  - Locking sebastian/environment (4.2.4)
  - Locking sebastian/exporter (3.1.5)
  - Locking sebastian/global-state (3.0.3)
  - Locking sebastian/object-enumerator (3.0.4)
  - Locking sebastian/object-reflector (1.1.2)
  - Locking sebastian/recursion-context (3.0.1)
  - Locking sebastian/resource-operations (2.0.2)
  - Locking sebastian/type (1.1.4)
  - Locking sebastian/version (2.0.1)
  - Locking spomky-labs/otphp (v10.0.3)
  - Locking symfony/console (v5.4.35)
  - Locking symfony/deprecation-contracts (v2.5.2)
  - Locking symfony/filesystem (v5.4.35)
  - Locking symfony/polyfill-ctype (v1.29.0)
  - Locking symfony/polyfill-intl-grapheme (v1.29.0)
  - Locking symfony/polyfill-intl-normalizer (v1.29.0)
  - Locking symfony/polyfill-mbstring (v1.29.0)
  - Locking symfony/polyfill-php73 (v1.29.0)
  - Locking symfony/polyfill-php80 (v1.29.0)
  - Locking symfony/service-contracts (v2.5.2)
  - Locking symfony/string (v5.4.35)
  - Locking thecodingmachine/safe (v1.3.3)
  - Locking theseer/tokenizer (1.2.2)
Writing lock file
Installing dependencies from lock file
Package operations: 45 installs, 0 updates, 0 removals
  - Downloading composer/installers (v1.12.0)
  - Downloading dasprid/enum (1.0.5)
  - Downloading bacon/bacon-qr-code (2.0.8)
  - Downloading symfony/polyfill-php80 (v1.29.0)
  - Downloading symfony/polyfill-mbstring (v1.29.0)
  - Downloading symfony/polyfill-ctype (v1.29.0)
  - Downloading symfony/filesystem (v5.4.35)
  - Downloading symfony/polyfill-intl-normalizer (v1.29.0)
  - Downloading symfony/polyfill-intl-grapheme (v1.29.0)
  - Downloading symfony/string (v5.4.35)
  - Downloading symfony/deprecation-contracts (v2.5.2)
  - Downloading psr/container (1.1.2)
  - Downloading symfony/service-contracts (v2.5.2)
  - Downloading symfony/polyfill-php73 (v1.29.0)
  - Downloading symfony/console (v5.4.35)
  - Downloading psr/simple-cache (1.0.1)
  - Downloading doctrine/cache (1.13.0)
  - Downloading roave/doctrine-simplecache (2.5.0)
  - Downloading psr/log (1.1.4)
  - Downloading monolog/monolog (1.25.3)
  - Downloading psr/http-message (2.0)
  - Downloading psr/http-client (1.0.3)
  - Downloading ralouphie/getallheaders (3.0.3)
  - Downloading psr/http-factory (1.0.2)
  - Downloading guzzlehttp/psr7 (2.6.2)
  - Downloading guzzlehttp/promises (2.0.2)
  - Downloading guzzlehttp/guzzle (7.8.1)
  - Downloading daverandom/exceptional-json (v1.0.4)
  - Downloading browscap/browscap-php (5.1.0)
  - Downloading composer/ca-bundle (1.4.0)
  - Downloading maxmind/web-service-common (v0.9.0)
  - Downloading maxmind-db/reader (v1.11.1)
  - Downloading geoip2/geoip2 (v2.13.0)
  - Downloading kamisama/resque-status (0.0.2)
  - Downloading kamisama/monolog-init (0.2.1)
  - Downloading kamisama/php-resque-ex (1.3.0)
  - Downloading kamisama/php-resque-ex-scheduler (1.2.3)
  - Downloading kamisama/cake-resque (4.1.2)
  - Downloading pear/pear_exception (v1.0.2)
  - Downloading pear/console_commandline (v1.2.6)
  - Downloading pear/crypt_gpg (v1.6.7)
  - Downloading thecodingmachine/safe (v1.3.3)
  - Downloading paragonie/constant_time_encoding (v2.6.3)
  - Downloading beberlei/assert (v3.3.2)
  - Downloading spomky-labs/otphp (v10.0.3)
  - Installing composer/installers (v1.12.0): Extracting archive
  - Installing dasprid/enum (1.0.5): Extracting archive
  - Installing bacon/bacon-qr-code (2.0.8): Extracting archive
  - Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
  - Installing symfony/filesystem (v5.4.35): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
  - Installing symfony/string (v5.4.35): Extracting archive
  - Installing symfony/deprecation-contracts (v2.5.2): Extracting archive
  - Installing psr/container (1.1.2): Extracting archive
  - Installing symfony/service-contracts (v2.5.2): Extracting archive
  - Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
  - Installing symfony/console (v5.4.35): Extracting archive
  - Installing psr/simple-cache (1.0.1): Extracting archive
  - Installing doctrine/cache (1.13.0): Extracting archive
  - Installing roave/doctrine-simplecache (2.5.0): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing monolog/monolog (1.25.3): Extracting archive
  - Installing psr/http-message (2.0): Extracting archive
  - Installing psr/http-client (1.0.3): Extracting archive
  - Installing ralouphie/getallheaders (3.0.3): Extracting archive
  - Installing psr/http-factory (1.0.2): Extracting archive
  - Installing guzzlehttp/psr7 (2.6.2): Extracting archive
  - Installing guzzlehttp/promises (2.0.2): Extracting archive
  - Installing guzzlehttp/guzzle (7.8.1): Extracting archive
  - Installing daverandom/exceptional-json (v1.0.4): Extracting archive
  - Installing browscap/browscap-php (5.1.0): Extracting archive
  - Installing composer/ca-bundle (1.4.0): Extracting archive
  - Installing maxmind/web-service-common (v0.9.0): Extracting archive
  - Installing maxmind-db/reader (v1.11.1): Extracting archive
  - Installing geoip2/geoip2 (v2.13.0): Extracting archive
  - Installing kamisama/resque-status (0.0.2): Extracting archive
  - Installing kamisama/monolog-init (0.2.1): Extracting archive
  - Installing kamisama/php-resque-ex (1.3.0): Extracting archive
  - Installing kamisama/php-resque-ex-scheduler (1.2.3): Extracting archive
  - Installing kamisama/cake-resque (4.1.2): Extracting archive
  - Installing pear/pear_exception (v1.0.2): Extracting archive
  - Installing pear/console_commandline (v1.2.6): Extracting archive
  - Installing pear/crypt_gpg (v1.6.7): Extracting archive
  - Installing thecodingmachine/safe (v1.3.3): Extracting archive
  - Installing paragonie/constant_time_encoding (v2.6.3): Extracting archive
  - Installing beberlei/assert (v3.3.2): Extracting archive
  - Installing spomky-labs/otphp (v10.0.3): Extracting archive
39 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package kamisama/php-resque-ex is abandoned, you should avoid using it. No replacement was suggested.
Package kamisama/php-resque-ex-scheduler is abandoned, you should avoid using it. No replacement was suggested.
Package kamisama/resque-status is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
#################################  (32%)
Next step: Setting permissions
#####################################  (36%)
Next step: Start mysql
Next step: Setting up database
#########################################  (40%)
Next step: Generating Apache config, if this hangs, make sure you have enough entropy (install: haveged or wait)
...+....+...........+.......+...+...+...........+...+...+....+........+.+..+.......+...+..+......+....+.....+......+..........+.........+........+...+....+......+..+..........+..+...+.............+.....+.+...+...+........+....+..+...+.......+.....+................+..+...+.........+....+.....+....+..+......+.......+..+....+..+...+.+......+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...+.........+......+...+.+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+.....+...+..........+.........+.....+......+.......+...+..+..........+...+.....+......+...+.+..+.........+..........+......+............+...+..+.....................+......................+..............+.+..+.+..............+...+...+.+.....+.+.....+.............+..+.......+...........+.+...+......+............+..+.......+......+............+..+...............+.................................+.......+....................+..........+..................+...............+......+.........+........+...............+...+.........+......+.+.....+.+..............+...+............+.............+......+.....+.......+..+.+......+.....+....+..............+.......+.........+...........+.+.................+...+..........+...+...........+.............+..+....+.........+...........+....+..+.........+.........+.+..............+.......+.....+...............+...+.+..+....+...+..+.........+....+...+..+.+..+....+...................................+...+............+....+.....+.......+..+.......+.........+......+...+...+........+.+..............+.......+..+.+.....+.........+......+.+..........................+.......+..+......+...+....+.....................+.....+.......+....................+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...............+......+...+..+......+...+.+...+..................+..+...+....+...+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...............+..+....+..+..................................+...........+....+.....+...............+.+.....+...........................+.+.....+.+...+...........+....+..+.+..+.+....................+....+...+...............+.....+...........................+...............+...+...+....+..+..........+.....................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Module status disabled.
To activate the new configuration, you need to run:
  systemctl restart apache2
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2
Enabling module rewrite.
To activate the new configuration, you need to run:
  systemctl restart apache2
Enabling module headers.
To activate the new configuration, you need to run:
  systemctl restart apache2
Site 000-default disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
Site default-ssl disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
Enabling site misp-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
#############################################  (44%)
#################################################  (48%)
Next step: Generating MISP config files
<?php
  class DATABASE_CONFIG {
          public $default = array(
                  'datasource' => 'Database/Mysql',
                  //'datasource' => 'Database/Postgres',
                  'persistent' => false,
                  'host' => 'localhost',
                  'login' => 'misp',
                  'port' => 3306, // MySQL & MariaDB
                  //'port' => 5432, // PostgreSQL
                  'password' => '19404224d0dd0c71acce1058a3834f5c3763a8a06301796e7af3eba9394bac43',
                  'database' => 'misp',
                  'prefix' => '',
                  'encoding' => 'utf8',
          );
  }
#####################################################  (52%)
gpg: directory '/var/www/MISP/.gnupg' created
gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created
gpg: Generating a default key
gpg: /var/www/MISP/.gnupg/trustdb.gpg: trustdb created
gpg: key 83EC13CD4C31A16C marked as ultimately trusted
gpg: directory '/var/www/MISP/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/var/www/MISP/.gnupg/openpgp-revocs.d/419D046ED49F6A5043A9032A83EC13CD4C31A16C.rev'
gpg: done
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGXXJ38BDAC8hC7Oi+OwlZozQhI77ZCnsYmF4nfzqu28vV4gcPQIN4ZCUSxT
EYz6IcJo4NVl2GqJFB8SdwY1s+Ynhj525mvE2QBWt7UBUKCLU7K7NfYMzxJNMR6V
1e9BoCRGQkINae5aH2NphkvrVd77jDjvVzUkAh2U4YaBRa0E8mZRz9RVDBKNAnVR
oom65tp9DUeRcNhfDle7R3ugsCer05cfmsKzJgXWw4OnAAqiZtfpX58ItOZ3kbKh
ylJmHRGJztsiqoVhaOaoNHIReUdaqVGv8YMAecAUtMVysP55HFU9jcyVHJPxjpaS
IWmgIeJGaBHXI1YYue/cXVtpAhPu5vUB4sm1yEo2ZkJzi/blnlT7SmQ4zbXAdmtU
jdgpxE7R7wCcF49zKldKh3vU1Lw2vhbay69Qdt1Z0lsjAQfEesryjwY4qsRV8VoM
v8Nbzp548NlH18uzcGvL1dA4PGAjHHxKUjBIK0f2nZG1N/XwtlncbS7aoOD/ROcc
MDnmLSz1JuQnwCMAEQEAAbReQXV0b2dlbmVyYXRlZCBLZXkgKFdBUk5JTkc6IE1J
U1AgQXV0b0dlbmVyYXRlZCBLZXkgY29uc2lkZXIgdGhpcyBLZXkgVk9JRCEpIDxh
ZG1pbkBhZG1pbi50ZXN0PokBzgQTAQoAOBYhBEGdBG7Un2pQQ6kDKoPsE81MMaFs
BQJl1yd/AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEIPsE81MMaFs4/sL
/RaZslSUz4+KQuCS9oMYQKrO1wWCQiSqrEQlhAcTFEOn+eK3NiAKRsHyLD91GIIl
6pmS2sHvDPygwPrOR73wZuxIo1/MRzVRZr95ztc2KXsxbVZsqFzkioApTBLviAui
t0TNYXWMU0FsN1aXp4cEs4chRq5Cayudj0pfRh5dz8Hv87LgN9FxqkJBz9pqGnHz
5TQvhjV7KJ/C1F45JJIfxKn6swbCWqucWzt+0AK8yHRZBHstYS8cNoZu2RkwErbB
BCaMMGF5nPkWsoo5RrtfmgA5yc2h4HB/Vcm2YAgLs33Nq14xY7teWdJJoBAi2bpk
G/uEqxyRfZPGENeOYIsBGEYE3MiqXpUV2KRrM3Hhuam5bLiiC66W2UhcjPsGgeAL
qLQFUuECRWJXrARrB4Cp8ROKoth2Lbp0kb5fdgAbk5a3vif+uSfAqDIuYTUsZEg1
2kob9Zun601HgxJWL6L7MZ/FQH+vn2Y0bGEglWjCKm9u0xvQ7/Fn23Ht7jUZEKol
eLkBjQRl1yd/AQwAuvQRYb46B8nayxDWxV46N6KERQitsyVvlXGNluX/FnccQxVJ
yVU0ZJ9XQywRw3cv2I+84NRjtexg5xDT/d5ozF2bAW4sMe0FD1aOEKQXyJdBjrRu
6Bu6zJRxcqOKHYLhO4HEnW+YEpZmeFPQ9gPqP9zSdBbbnMDZWYIMzM/z/HpbF4oN
jMGqrtgqC4BKoUoBKEshEsQLtfosbxl9C95hYRICkUzp+VyJqHNf1rcsVKEOpw8s
0SmPt5agLOgRT6I7MwqdM1fhNRkUMBbnu9WhEN2KZpca2P+nPoyFzoXw6JLiD3Pf
/CPxV/4LIs6k/Pp7HTrFB6gaWgJfaAvmaHF+UhUfsOdthdXnXAuxOOlshpBQFetJ
m7oB/ZLBWIWFsm/35G7mCjgvV5p6jPnkrZ/UdnIET6ovvg4ltsr461X+uijD65TT
4dfBFJqvb7hHk0Q0hYRHqyZe2/4S/Ggpkwh5Vro8MY1QoGj9krY1XhcfsIPJkmk5
aLZo6p4P2B5yKjbVABEBAAGJAbYEGAEKACAWIQRBnQRu1J9qUEOpAyqD7BPNTDGh
bAUCZdcnfwIbDAAKCRCD7BPNTDGhbLtODAC3Fym3+S6xoByzS36zqehwIkIo0Q11
UxrUhnm9Tk7o3iw/FmMUqWg5bQRJr2BE70utQddqYDvqKG6VN+pA8NW63dkKx/P7
aWgC39RWGW7gVgndujWTQMjHMWqUMhIMsMFvVd8DbwIxaldqYBpRHAB8mYmwKa4n
067+x/P+iuUXUolVLPH9ZUxyI3GrG5cT5RmXrjzK8YmxUsdgp+a51Ly0n8+qgGcK
S5nVemJxdSimFMenHrzq0jkbtY0vGiV0J8FA39gdbx6mwHK17ZGgueUiu4aocYk2
l5yQT8cVmaxOlgflnysOJg2eAbC4MwCOPI2ThwgfaYhlXIDH3jDfV/B/ttfpm5Bg
Kny6VG+DxgYgGW1nyj+MBXVnFaV61NYwxey3EUFZCnrtJ/muOPiKg9hQ/q1xhauM
AY/svWD3+zfHOqoGch3PrUgA3o4lK0t6FDFrAoP+vQz15zTy1KEWuQrunu9hBpoT
xvkpAnnj9jOnnOqIvrP9IUdC2xl3REgc0cs=
=IJoB
-----END PGP PUBLIC KEY BLOCK-----
#########################################################  (56%)
Next step: Setting up background workers
#!/bin/sh -e
exit 0
[Unit]
Description=MISP background workers
After=network.target

[Service]
Type=forking
User=www-data
Group=www-data
ExecStart=/var/www/MISP/app/Console/worker/start.sh
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
Created symlink /etc/systemd/system/multi-user.target.wants/misp-workers.service → /etc/systemd/system/misp-workers.service.
#############################################################  (60%)
Next step: Running core Cake commands to set sane defaults for MISP
Warning: This method is deprecated. Next time please use `cake user init`.
TkzZLXZVODobFibjD1a6xSmw2RaONv2rpxAiobfm
Executing all updates to bring the database up to date with the current version.
Executing 62..................Done
Executing 63..................Done
Executing 64..................Done
Executing 65..................Done
Executing 66..................Done
Executing 67..................Done
Executing 68..................Done
Executing 69..................Done
Executing 70..................Done
Executing 71..................Done
Executing 72..................Done
Executing 73..................Done
Executing 74..................Done
Executing 75..................Done
Executing 76..................Done
Executing 77..................Done
Executing 78..................Done
Executing 79..................Done
Executing 80..................Done
Executing 81..................Done
Executing 82..................Done
Executing 83..................Done
Executing 84..................Done
Executing 85..................Done
Executing 86..................Done
Executing 87..................Done
Executing 88..................Done
Executing 89..................Done
Executing 90..................Done
Executing 91..................Done
Executing 92..................Done
Executing 93..................Done
Executing 94..................Done
Executing 95..................Done
Executing 96..................Done
Executing 97..................Done
Executing 98..................Done
Executing 99..................Done
Executing 100.................Done
Executing 101.................Done
Executing 102.................Done
Executing 103.................Done
Executing 104.................Done
Executing 105.................Done
Executing 106.................Done
Executing 107.................Done
Executing 108.................Done
Executing 109.................Done
Executing 110.................Done
Executing 111.................Done
Executing 112.................Done
Executing 113.................Done
Executing 114.................Done
Executing 115.................Done
Executing 116.................Done
Executing 117.................Done
Executing 118.................Done
Executing 119.................Done
Executing 120.................Done
All updates completed.
Setting "MISP.python_bin" changed to "/var/www/MISP/venv/bin/python"
Setting "Session.autoRegenerate" changed to false
Setting "Session.timeout" changed to 600
Setting "Session.cookieTimeout" changed to 3600
Setting "MISP.tmpdir" changed to "/var/www/MISP/app/tmp"
Setting "GnuPG.email" changed to "admin@admin.test"
Setting "GnuPG.homedir" changed to "/var/www/MISP/.gnupg"
Setting "GnuPG.password" changed to "5bcd0ef89a99345dd42433084115781d460df59d71d1e41374d74ae9a9541951"
Setting "GnuPG.obscure_subject" changed to true
Setting "GnuPG.key_fetching_disabled" changed to false
Setting "GnuPG.binary" changed to "/usr/bin/gpg"
Setting "LinOTPAuth.enabled" changed to false
Setting "LinOTPAuth.baseUrl" changed to "https://<your-linotp-baseUrl>"
Setting "LinOTPAuth.realm" changed to "lino"
Setting "LinOTPAuth.verifyssl" changed to true
Setting "LinOTPAuth.mixedauth" changed to false
Setting "MISP.host_org_id" changed to 1
Setting "MISP.email" changed to "info@admin.test"
Setting "MISP.disable_emailing" changed to true
Setting "MISP.contact" changed to "info@admin.test"
Setting "MISP.disablerestalert" changed to true
Setting "MISP.showCorrelationsOnIndex" changed to true
Setting "MISP.default_event_tag_collection" changed to 0
Setting "Plugin.Cortex_services_enable" changed to false
Setting "Plugin.Cortex_services_url" changed to "http://127.0.0.1"
Setting "Plugin.Cortex_services_port" changed to 9000
Setting "Plugin.Cortex_timeout" changed to 120
Setting "Plugin.Cortex_authkey" changed to "false"
Setting "Plugin.Cortex_ssl_verify_peer" changed to false
Setting "Plugin.Cortex_ssl_verify_host" changed to false
Setting "Plugin.Cortex_ssl_allow_self_signed" changed to true
Setting "Plugin.Sightings_policy" changed to 0
Setting "Plugin.Sightings_anonymise" changed to false
Setting "Plugin.Sightings_anonymise_as" changed to 1
Setting "Plugin.Sightings_range" changed to 365
Setting "Plugin.Sightings_sighting_db_enable" changed to false
Setting "Plugin.ElasticSearch_logging_enable" changed to false
Setting "Plugin.S3_enable" changed to false
Setting "Plugin.CustomAuth_disable_logout" changed to false
Error: Setting "Plugin.RPZ_policy" change rejected.
Provided value DROP is not a number.
Setting "Plugin.RPZ_walled_garden" changed to "127.0.0.1"
Setting "Plugin.RPZ_serial" changed to "$date00"
Setting "Plugin.RPZ_refresh" changed to "2h"
Setting "Plugin.RPZ_retry" changed to "30m"
Setting "Plugin.RPZ_expiry" changed to "30d"
Setting "Plugin.RPZ_minimum_ttl" changed to "1h"
Setting "Plugin.RPZ_ttl" changed to "1w"
Setting "Plugin.RPZ_ns" changed to "localhost."
Setting "Plugin.RPZ_ns_alt" changed to "false"
Setting "Plugin.RPZ_email" changed to "root.localhost"
Setting "Plugin.Kafka_enable" changed to false
Setting "Plugin.Kafka_brokers" changed to "kafka:9092"
Setting "Plugin.Kafka_rdkafka_config" changed to "/etc/rdkafka.ini"
Setting "Plugin.Kafka_include_attachments" changed to false
Setting "Plugin.Kafka_event_notifications_enable" changed to false
Setting "Plugin.Kafka_event_notifications_topic" changed to "misp_event"
Setting "Plugin.Kafka_event_publish_notifications_enable" changed to false
Setting "Plugin.Kafka_event_publish_notifications_topic" changed to "misp_event_publish"
Setting "Plugin.Kafka_object_notifications_enable" changed to false
Setting "Plugin.Kafka_object_notifications_topic" changed to "misp_object"
Setting "Plugin.Kafka_object_reference_notifications_enable" changed to false
Setting "Plugin.Kafka_object_reference_notifications_topic" changed to "misp_object_reference"
Setting "Plugin.Kafka_attribute_notifications_enable" changed to false
Setting "Plugin.Kafka_attribute_notifications_topic" changed to "misp_attribute"
Setting "Plugin.Kafka_shadow_attribute_notifications_enable" changed to false
Setting "Plugin.Kafka_shadow_attribute_notifications_topic" changed to "misp_shadow_attribute"
Setting "Plugin.Kafka_tag_notifications_enable" changed to false
Setting "Plugin.Kafka_tag_notifications_topic" changed to "misp_tag"
Setting "Plugin.Kafka_sighting_notifications_enable" changed to false
Setting "Plugin.Kafka_sighting_notifications_topic" changed to "misp_sighting"
Setting "Plugin.Kafka_user_notifications_enable" changed to false
Setting "Plugin.Kafka_user_notifications_topic" changed to "misp_user"
Setting "Plugin.Kafka_organisation_notifications_enable" changed to false
Setting "Plugin.Kafka_organisation_notifications_topic" changed to "misp_organisation"
Setting "Plugin.Kafka_audit_notifications_enable" changed to false
Setting "Plugin.Kafka_audit_notifications_topic" changed to "misp_audit"
Setting "Plugin.ZeroMQ_enable" changed to false
Setting "Plugin.ZeroMQ_host" changed to "127.0.0.1"
Setting "Plugin.ZeroMQ_port" changed to 50000
Setting "Plugin.ZeroMQ_redis_host" changed to "localhost"
Setting "Plugin.ZeroMQ_redis_port" changed to 6379
Setting "Plugin.ZeroMQ_redis_database" changed to "1"
Setting "Plugin.ZeroMQ_redis_namespace" changed to "mispq"
Setting "Plugin.ZeroMQ_event_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_object_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_object_reference_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_attribute_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_sighting_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_user_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_organisation_notifications_enable" changed to false
Setting "Plugin.ZeroMQ_include_attachments" changed to false
Setting "Plugin.ZeroMQ_tag_notifications_enable" changed to false
Setting "MISP.language" changed to "eng"
Setting "MISP.proposals_block_attributes" changed to false
Setting "MISP.redis_host" changed to "127.0.0.1"
Setting "MISP.redis_port" changed to 6379
Setting "MISP.redis_database" changed to 13
Setting "MISP.redis_password" changed to ""
Setting "MISP.ssdeep_correlation_threshold" changed to 40
Setting "MISP.extended_alert_subject" changed to false
Setting "MISP.default_event_threat_level" changed to "4"
Setting "MISP.newUserText" changed to "Dear new MISP user,\n\nWe would hereby like to welcome you to the $org MISP community.\n\n Use the credentials below to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nPassword: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team"
Setting "MISP.passwordResetText" changed to "Dear MISP user,\n\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at $misp, where you will be prompted to manually change your password to something of your own choice.\n\nUsername: $username\nYour temporary password: $password\n\nIf you have any questions, don't hesitate to contact us at: $contact.\n\nBest regards,\nYour $org MISP support team"
Setting "MISP.enableEventBlocklisting" changed to true
Setting "MISP.enableOrgBlocklisting" changed to true
Setting "MISP.log_client_ip" changed to true
Setting "MISP.log_auth" changed to false
Setting "MISP.log_user_ips" changed to true
Setting "MISP.log_user_ips_authkeys" changed to true
Setting "MISP.disableUserSelfManagement" changed to false
Setting "MISP.disable_user_login_change" changed to false
Setting "MISP.disable_user_password_change" changed to false
Setting "MISP.disable_user_add" changed to false
Setting "MISP.block_event_alert" changed to false
Setting "MISP.block_event_alert_tag" changed to "no-alerts="true""
Setting "MISP.block_old_event_alert" changed to false
Error: Setting "MISP.block_old_event_alert_age" change rejected.
Provided value  is not a number.
Error: Setting "MISP.block_old_event_alert_by_date" change rejected.
Provided value  is not a number.
Setting "MISP.event_alert_republish_ban" changed to false
Setting "MISP.event_alert_republish_ban_threshold" changed to 5
Setting "MISP.event_alert_republish_ban_refresh_on_retry" changed to false
Setting "MISP.incoming_tags_disabled_by_default" changed to false
Setting "MISP.maintenance_message" changed to "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at $email."
Setting "MISP.footermidleft" changed to "This is an initial install"
Setting "MISP.footermidright" changed to "Please configure and harden accordingly"
Setting "MISP.welcome_text_top" changed to "Initial Install, please configure"
Setting "MISP.welcome_text_bottom" changed to "Welcome to MISP on ubuntu, change this message in MISP Settings"
Setting "MISP.attachments_dir" changed to "/var/www/MISP/app/files"
Setting "MISP.download_attachments_on_load" changed to true
Setting "MISP.event_alert_metadata_only" changed to false
Setting "MISP.title_text" changed to "MISP"
Setting "MISP.terms_download" changed to false
Setting "MISP.showorgalternate" changed to false
Setting "MISP.event_view_filter_fields" changed to "id, uuid, value, comment, type, category, Tag.name"
Setting "debug" changed to 0
Setting "Security.auth_enforced" changed to false
Setting "Security.log_each_individual_auth_fail" changed to false
Setting "Security.rest_client_baseurl" changed to ""
Setting "Security.advanced_authkeys" changed to false
Setting "Security.password_policy_length" changed to 12
Setting "Security.password_policy_complexity" changed to "/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/"
Error: Method name must be a string
#0 /var/www/MISP/app/Console/Command/AdminShell.php(548): Server->serverSettingsEditValue()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/Shell.php(459): AdminShell->setSetting()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(222): Shell->runCommand()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#4 /var/www/MISP/app/Console/cake.php(45): ShellDispatcher::run()
#5 {main}
Setting "Security.disable_browser_cache" changed to true
Setting "Security.check_sec_fetch_site_header" changed to true
Setting "Security.csp_enforce" changed to true
Setting "Security.advanced_authkeys" changed to true
Setting "Security.do_not_log_authkeys" changed to true
Setting "Security.username_in_response_header" changed to true
Warning: This method is deprecated. Next time please use `cake admin live [0|1]`.
#################################################################  (64%)

#####################################################################  (68%)
#########################################################################  (72%)
Next step: Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates
Galaxies updated
Successfully updated 149 taxonomies.
87 warninglists updated, 0 fails
Notice lists updated
User with ID: 1337 not found
Successfully updated 338 object templates.
#############################################################################  (76%)
#################################################################################  (80%)
#####################################################################################  (84%)
#######################################################################################  (86%)
url = ""
key = "TkzZLXZVODobFibjD1a6xSmw2RaONv2rpxAiobfm"
Entering 'pymisp/data/misp-objects'
From https://github.com/MISP/misp-objects
 * branch            main       -> FETCH_HEAD
Updating 3ac5099..3d12add
Fast-forward
 relationships/definition.json | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)
Entering 'pymisp/tools/pdf_fonts'
fatal: couldn't find remote ref main
fatal: run_command returned non-zero status for pymisp/tools/pdf_fonts
.
Obtaining file:///var/www/MISP/PyMISP
  Installing build dependencies ... done
  Checking if build backend supports build_editable ... done
  Getting requirements to build editable ... done
  Preparing editable metadata (pyproject.toml) ... done
WARNING: pymisp 2.4.185 does not provide the extra 'neo'
Requirement already satisfied: python-dateutil<3.0.0,>=2.8.2 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (2.8.2)
Requirement already satisfied: requests<3.0.0,>=2.31.0 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (2.31.0)
Requirement already satisfied: publicsuffixlist<0.11.0.0,>=0.10.0.20231214 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (0.10.0.20240214)
Requirement already satisfied: deprecated<2.0.0,>=1.2.14 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (1.2.14)
Collecting beautifulsoup4<5.0.0,>=4.12.3
  Downloading beautifulsoup4-4.12.3-py3-none-any.whl (147 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 147.9/147.9 KB 4.5 MB/s eta 0:00:00
Requirement already satisfied: python-magic<0.5.0,>=0.4.27 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (0.4.27)
Collecting pydeep2<0.6.0,>=0.5.1
  Downloading pydeep2-0.5.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (22 kB)
Requirement already satisfied: lief<0.15.0,>=0.14.1 in /var/www/MISP/venv/lib/python3.10/site-packages (from pymisp==2.4.185) (0.14.1)
Collecting reportlab<5.0.0,>=4.1.0
  Downloading reportlab-4.1.0-py3-none-any.whl (1.9 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.9/1.9 MB 11.2 MB/s eta 0:00:00
Collecting validators<0.23.0,>=0.22.0
  Downloading validators-0.22.0-py3-none-any.whl (26 kB)
Collecting soupsieve>1.2
  Downloading soupsieve-2.5-py3-none-any.whl (36 kB)
Requirement already satisfied: wrapt<2,>=1.10 in /var/www/MISP/venv/lib/python3.10/site-packages (from deprecated<2.0.0,>=1.2.14->pymisp==2.4.185) (1.16.0)
Requirement already satisfied: six>=1.5 in /var/www/MISP/venv/lib/python3.10/site-packages (from python-dateutil<3.0.0,>=2.8.2->pymisp==2.4.185) (1.16.0)
Collecting pillow>=9.0.0
  Downloading pillow-10.2.0-cp310-cp310-manylinux_2_28_x86_64.whl (4.5 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.5/4.5 MB 23.6 MB/s eta 0:00:00
Collecting chardet
  Downloading chardet-5.2.0-py3-none-any.whl (199 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 199.4/199.4 KB 45.8 MB/s eta 0:00:00
Requirement already satisfied: certifi>=2017.4.17 in /var/www/MISP/venv/lib/python3.10/site-packages (from requests<3.0.0,>=2.31.0->pymisp==2.4.185) (2024.2.2)
Requirement already satisfied: charset-normalizer<4,>=2 in /var/www/MISP/venv/lib/python3.10/site-packages (from requests<3.0.0,>=2.31.0->pymisp==2.4.185) (3.3.2)
Requirement already satisfied: urllib3<3,>=1.21.1 in /var/www/MISP/venv/lib/python3.10/site-packages (from requests<3.0.0,>=2.31.0->pymisp==2.4.185) (2.2.1)
Requirement already satisfied: idna<4,>=2.5 in /var/www/MISP/venv/lib/python3.10/site-packages (from requests<3.0.0,>=2.31.0->pymisp==2.4.185) (3.6)
Building wheels for collected packages: pymisp
  Building editable for pymisp (pyproject.toml) ... done
  Created wheel for pymisp: filename=pymisp-2.4.185-py3-none-any.whl size=5435 sha256=e8ad976c911d31f51855fe05615ea283f4cb2a8e5d64634543cd652c6a42ce6e
  Stored in directory: /tmp/pip-ephem-wheel-cache-rc0l18ln/wheels/69/10/38/769d13d11252fbc2ec682fd999cd3023c839231d77ad8fcae3
Successfully built pymisp
Installing collected packages: pydeep2, validators, soupsieve, pillow, chardet, reportlab, pymisp, beautifulsoup4
  Attempting uninstall: pymisp
    Found existing installation: pymisp 2.4.185
    Uninstalling pymisp-2.4.185:
      Successfully uninstalled pymisp-2.4.185
Successfully installed beautifulsoup4-4.12.3 chardet-5.2.0 pillow-10.2.0 pydeep2-0.5.1 pymisp-2.4.185 reportlab-4.1.0 soupsieve-2.5 validators-0.22.0
tests/viper-test-files exists:  False
The test files are missing, pulling it.
Cloning into 'tests/viper-test-files'...
remote: Enumerating objects: 110, done.
remote: Total 110 (delta 0), reused 0 (delta 0), pack-reused 110
Receiving objects: 100% (110/110), 15.18 MiB | 12.01 MiB/s, done.
Resolving deltas: 100% (24/24), done.
E
======================================================================
ERROR: setUpClass (__main__.TestComprehensive)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/var/www/MISP/PyMISP/tests/testlive_comprehensive.py", line 76, in setUpClass
    cls.admin_misp_connector = PyMISP(url, key, verifycert, debug=False)
  File "/var/www/MISP/PyMISP/pymisp/api.py", line 172, in __init__
    raise NoURL('Please provide the URL of your MISP instance.')
pymisp.exceptions.NoURL: Please provide the URL of your MISP instance.

----------------------------------------------------------------------
Ran 0 tests in 0.001s

FAILED (errors=1)
#########################################################################################  (88%)
---------------------------------------------------------------------------------------------------------------------------
Admin (root) DB Password: 86fd33eb74c4a85c4680e3cd49533b9707ef5e29f57683ba1f41c6fa0bc0b77b
User  (misp) DB Password: 19404224d0dd0c71acce1058a3834f5c3763a8a06301796e7af3eba9394bac43
Authkey: TkzZLXZVODobFibjD1a6xSmw2RaONv2rpxAiobfm
---------------------------------------------------------------------------------------------------------------------------
MISP Installed, access here: 

User: admin@admin.test
Password: admin
---------------------------------------------------------------------------------------------------------------------------
The following files were created and need either protection or removal (shred on the CLI)
/home/misp/mysql.txt
Contents:
cat: /home/misp/mysql.txt: Permission denied
/home/misp/MISP-authkey.txt
Contents:
cat: /home/misp/MISP-authkey.txt: Permission denied
---------------------------------------------------------------------------------------------------------------------------
The LOCAL system credentials:
User: misp
Password: a5002fbabea35af785450df000a5287a22fc556d29f4b46036a09c5fac37c828 # Or the password you used of your custom user
---------------------------------------------------------------------------------------------------------------------------
GnuPG Passphrase is: 5bcd0ef89a99345dd42433084115781d460df59d71d1e41374d74ae9a9541951
---------------------------------------------------------------------------------------------------------------------------
To enable outgoing mails via postfix set a permissive SMTP server for the domains you want to contact:

sudo postconf -e 'relayhost = example.com'
sudo postfix reload
---------------------------------------------------------------------------------------------------------------------------
Enjoy using MISP. For any issues see here: https://github.com/MISP/MISP/issues
---------------------------------------------------------------------------------------------------------------------------
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

TheHive와 Cortex/MISP 통합 로그

설정 완료 후:
root@MISP01:~# ss -antpl | grep 9001
LISTEN 0      100                     *:9001             *:*    users:(("java",pid=9464,fd=214))
설정 완료 후:
root@MISP01:~# ss -antpl | grep 443
LISTEN 0      100                     *:443             *:*    users:(("java",pid=9464,fd=214))

Cortex를 PostgreSQL로 구성하고 MISP와 연동하는 방법

1. PostgreSQL 설치 및 설정

PostgreSQL 설치

# Ubuntu 기준 PostgreSQL 설치
sudo apt update
sudo apt install postgresql postgresql-contrib

PostgreSQL 설정

# PostgreSQL 서비스 시작
sudo systemctl start postgresql
sudo systemctl enable postgresql

# PostgreSQL에 접속하여 사용자와 데이터베이스 생성
sudo -i -u postgres
psql

PostgreSQL 콘솔에서 다음 명령을 실행합니다.

CREATE USER cortex WITH ENCRYPTED PASSWORD 'password';
CREATE DATABASE cortexdb OWNER cortex;
\q

2. Cortex 설정

Cortex 설정 파일을 PostgreSQL 데이터베이스를 사용하도록 수정합니다.

Cortex 설정 파일 (/etc/cortex/application.conf)

cortex {
  datastore {
    postgresql {
      driver = "org.postgresql.Driver"
      url = "jdbc:postgresql://localhost:5432/cortexdb"
      user = "cortex"
      password = "password"
    }
  }
}

3. Docker를 이용한 Cortex 배포

Cortex를 Docker를 통해 배포할 수 있습니다. docker-compose.yml 파일을 작성합니다.

docker-compose.yml

version: '3'

services:
  cortex:
    image: thehiveproject/cortex:latest
    container_name: cortex
    ports:
      - "9001:9001"
    environment:
      - config.file=/etc/cortex/application.conf
    volumes:
      - ./cortex/application.conf:/etc/cortex/application.conf

4. MISP 설치 및 설정

MISP는 사이버 위협 인텔리전스 플랫폼으로, Cortex와의 연동을 위해 설정이 필요합니다.

git clone https://github.com/MISP/MISP-dockerized
cd MISP-dockerized
docker-compose up -d

5. MISP와 Cortex 연동

MISP와 Cortex를 연동하려면 Cortex 설정 파일에 MISP 정보를 추가해야 합니다.

Cortex 설정 파일 (/etc/cortex/application.conf)

cortex {
  ...
  misp {
    servers = [
      {
        name = "MISP-Server"
        url = "http://<MISP 서버 IP>:<포트>"
        auth {
          key = "<MISP API 키>"
        }
      }
    ]
  }
}

6. Cortex와 MISP 연동 테스트

연동이 완료되었으면, Cortex와 MISP 간의 통신이 정상적으로 이루어지는지 테스트합니다. Cortex 웹 인터페이스에 접속하여 MISP와의 연동 상태를 확인합니다. MISP에서 이벤트를 생성하고 Cortex에서 해당 이벤트를 조회하여 분석이 제대로 이루어지는지 확인합니다.

 

위 단계들을 따라가면 Cortex를 PostgreSQL과 연동하고, MISP와 통합하여 사이버 위협 인텔리전스를 효과적으로 관리할 수 있습니다.

Cortex-Analyzers란 무엇인가?

Cortex-Analyzers는 Cortex 플랫폼에서 사용되는 분석 도구 모음입니다. Cortex는 보안 운영 센터(SOC), 컴퓨터 보안 사고 대응 팀(CSIRT), 보안 연구자들이 위협 인텔리전스와 디지털 포렌식 작업을 자동화하고 간소화할 수 있도록 설계된 도구입니다. Cortex-Analyzers는 다양한 형식의 관찰 가능한 데이터(예: IP 주소, 도메인, URL, 파일 해시 등)를 분석하는 데 사용됩니다.

  1. 다양한 분석 도구
    • Cortex-Analyzers에는 다양한 오픈 소스 및 상용 분석 도구들이 포함되어 있습니다. 이들 도구는 파일 분석, URL 검사, 악성 코드 탐지, IP 평판 조사 등 여러 가지 보안 관련 작업을 수행합니다.
  2. 자동화된 분석
    • 수동으로 데이터를 분석하는 대신, 분석 도구를 통해 자동화된 방식으로 데이터를 빠르고 정확하게 분석할 수 있습니다. 이는 보안 팀의 효율성을 크게 향상시킵니다.
  3. 확장 가능성
    • 새로운 분석 도구를 쉽게 추가할 수 있으며, 필요에 따라 기존 도구를 사용자 정의할 수 있습니다.

설치 및 설정

  1. Cortex 설치
    • Cortex는 Docker를 통해 쉽게 설치할 수 있습니다. Docker Compose 파일을 사용하여 설치합니다.
    version: '3'
    services:
      cortex:
        image: thehiveproject/cortex:3.1.0-1
        container_name: cortex
        ports:
          - "9001:9001"
        volumes:
          - ./cortex/application.conf:/etc/cortex/application.conf
  2. Cortex-Analyzers 클론
    • GitHub에서 Cortex-Analyzers 리포지토리를 클론합니다.
    git clone https://github.com/TheHive-Project/Cortex-Analyzers.git
    cd Cortex-Analyzers
  3. 필요한 패키지 설치
    • 각 분석 도구에 필요한 패키지를 설치합니다.
    for I in analyzers/*/requirements.txt; do sudo -H pip3 install -U -r $I || true; done
    for I in responders/*/requirements.txt; do sudo -H pip3 install -U -r $I || true; done
  4. Cortex 설정 파일 수정
    • application.conf 파일을 수정하여 설치된 분석 도구를 사용할 수 있도록 설정합니다.
    analyzers {
      path = /path/to/Cortex-Analyzers/analyzers
      default {
        timeout = 300
        tlp = 2
        pap = 2
      }
    }

사용 방법

  1. 웹 인터페이스 접근
    • Cortex 웹 인터페이스에 접속합니다. 기본적으로 http://localhost:9001에서 접근할 수 있습니다.
  2. 분석 요청 생성
    • 분석 요청을 생성하여 관찰 가능한 데이터를 입력합니다. 예를 들어, 의심스러운 IP 주소나 파일 해시를 입력할 수 있습니다.
  3. 분석 도구 선택
    • 분석할 도구를 선택하고, 분석 요청을 제출합니다. Cortex는 선택한 도구를 사용하여 자동으로 데이터를 분석하고 결과를 반환합니다.
  4. 결과 확인
    • 분석이 완료되면 결과를 확인합니다. 결과는 분석 도구에 따라 다르며, 자세한 보고서가 제공됩니다.

주요 분석 도구 예시

  1. ANY.RUN
    • 클라우드 기반의 악성코드 샌드박스 서비스로, 파일이나 URL을 제출하여 동적 분석을 수행하고 보고서를 제공합니다.
  2. CyberChef
    • 다양한 인코딩 및 디코딩 작업을 수행할 수 있는 웹 애플리케이션입니다. Base64, CharCode, Hex 문자열을 입력으로 받아 다양한 사이버 작업을 수행합니다.
  3. MalwareBazaar
    • 악성코드 샘플을 공유하는 프로젝트로, IP, 도메인, URL, 해시 등의 데이터를 쿼리할 수 있습니다.
  4. OpenCTI
    • 사이버 위협 인텔리전스 관리 플랫폼으로, 다양한 유형의 관찰 가능한 데이터를 쿼리할 수 있습니다.

Cortex-Analyzers를 설치하고 사용하는 방법을 이해하고, 다양한 보안 분석 작업을 자동화할 수 있습니다. 추가적인 설정이나 사용법은 공식 문서를 참고하세요.

728x90