Install and Configure MISP2 Server

Comments

Transcription

Install and Configure MISP2 Server
csc
Install and Configure
MISP2 Server
Short Guide, MISP2 version 1.3.50. Version 0.1
pmuhonen
3/14/2014
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Contents
1.
Purpose of this document ..................................................................................................................... 3
2.
Software version information ............................................................................................................... 3
3.
Before you begin ................................................................................................................................... 3
4.
Other requirements .............................................................................................................................. 3
5.
Other Information ................................................................................................................................. 3
6.
OS Installation ....................................................................................................................................... 5
7.
OS configuration ................................................................................................................................. 10
8.
Installing MISP2 software ................................................................................................................... 11
9.
Creating portal in MISP2 ..................................................................................................................... 15
10.
Adding new Producer...................................................................................................................... 25
2
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
1. Purpose of this document
This document gives the reader a simplified manual for MISP2 server software installation and configuration.
2. Software version information
Os version: Ubuntu 10.04 LTS is required, other versions are not currently supported
MISP2 version 1.3.50
3. Before you begin
We strongly advice you to make a short trip to MISP documentation
https://confluence.csc.fi/display/Palveluvayla/Dokumentit
4. Other requirements
Before you can add new Producer to your MISP2, you must have producer’s database network connection allowed
and your Consumer configured into Procucer database’s Security server. CSC provides a dummy test database
connection called BMI. If you want to test that connection, please send email to [email protected] .
5. Other Information
Screenshots are made in environment where DHCP in enabled. If you don’t want to use DHCP initially, you must
configure the IP-settings of your server manually during OS installation
In this example MISP2 server is configured with 1 network interface using NAT
Complete installation manuals are also available, for example, in Palveluväylä development environment’s web page
https://confluence.csc.fi/display/Palveluvayla/Dokumentit
3
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
4
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
6. OS Installation
5
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Type in server FQDN
6
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
7
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
8
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
9
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
7. OS configuration
After OS installation following steps should be taken in order to install MISP2 Server software
7.1 Os patching with commands
sudo apt-get update
sudo apt-get upgrade
7.2 Make server IP address configuration static in file /etc/network/interfaces
sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.10.10.7
netmask 255.255.255.0
gateway 10.10.10.1
(these IPs are for examples only, please remove this line)
7.3 Restart networking
sudo /etc/init.d/networking restart
7.4 You (may) want to remove dhcp-client software packages from your server
sudo apt-get remove dhcp3-client
7.5 Change X-road binary repository information
sudo nano /etc/apt/sources.list
add row
deb http://www.x-road.ee/misp2/.test/packages/ lucid main
10
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
8. Installing MISP2 software
sudo su apt-get update
apt-get install xtee-misp2-keyring
apt-get install python-software-properties
apt-get update
apt-get install openjdk-6-jdk
8.1. Postgres-installation
apt-get install postgresql-8.4
nano /etc/postgresql/8.4/main/pg_hba.conf
 change “local all postgres
ident” to “local all postgres
trust”
(nano /etc/postgresql/8.4/main/postgresql.conf
 remove comment from the beginning of “#listen_addresses = 'localhost'” and
change to listen_addresses = '*' ) obsolete
/etc/init.d/postgresql-8.4 restart
apt-get install xtee-misp2-postgresql
 accept given directory, port and all else except with database change “upgrade”
to “add”
 user exists: no, password: ”your password here”
 creating additional users: no
 load default classifiers: yes
 add apache sympse func: no
8.2. Apache installation
(sudo su -)
apt-get install tomcat6
apt-get install apache2 libapache2-mod-jk
apt-get install xtee-misp2-base
 choose defaults
 create certificate, update certificate
(optional) apt-get install tomcat6-admin
11
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
8.3. Oberon XForms asennus
(sudo su -)
apt-get install xtee-misp2-orbeon
 accept default installation path (Tomcat)
8.4. MISP2 web application
(sudo su -)
apt-get install xtee-misp2-application
 select “install”
 accept installation path (Tomcat)
 Application name, choose Default (misp2)
 Choose database address, port, name, username: all default
 Give a new password
 Enable support: Estonia ID card: false
 Enable support: Mobile ID: false
 SMTP host Address
 Server email-address
 new admin account creation
 username
 password
 nano /var/lib/tomcat6/webapps/misp2/WEB-INF/classes/config.cfg
 locale.default_contry_code = EN
 languages=FI,EN,EE
 auth.password = true
 change auth.IDCard=true to auth.IDCard = false
 change xrd.namespace=http://x-rd.net/xsd/xroad.xsd to
xrd.namespace=http://x-road.eu/xsd/x-road.xsd
 change producer.namespace_format = http://#producer.#country.xrd.net/producer to producer.namespace_format = http://#producer.xroad.eu/producer
 change to rows
o countries-en = Finland,Estonia
o countries-et = Finland,Eesti
o countries-ru = Finland,Estonia
o countryCodes = FI,EE
service tomcat6 restart
12
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
nano /etc/apache2/sites-enabled/ssl
add to
<Location "/*/admin/*">
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from aaa.bbb.ccc.ddd (Portal administrators admin IPs
</Location>
service apache2 restart
8.5. Creating certificate to Security server
Log in to web interface of corresponding Secure server
1. On the Configuration menu, click Servers, then click Information system servers.
2. On the same page, click Generate new key.
Enter the security server's internal network interface IP address, check server’s domain
name and click Save. The security server will generate a key for the communication with
the IS server and the adapter server, and the respective self-signed certificate. The
security server's certificate fingerprint will also change. Press Save again.
3. Click Export certificate and save the file to disk.
4. Click Save to apply the changes.
5. Transport the exported certificate to the IS server and continue certifying the
organization as instructed
Moving certificate to MISP2-server: scp proxycert.tar.gz [email protected]:
In a MISP2-server SSH-console:
cd /etc/apache2/ssl/
tar -zxf /home/user/proxycert.tar.gz
keytool -import -keystore misp2truststore.jks -file cert.der (cert.der – the
security server's certificate)
type store password (new)
trust this certificate: Yes
13
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
8.6. Creating MISP2-certificate
Run the ./create_sslproxy_cert.sh script (the openssl configuration file misp2.cnf must be
located in the same directory).
Convert the private key and certificate to the PKCS12 format (java keytool cannot import any
other format):
openssl pkcs12 -export -in sslproxy.cert -inkey sslproxy.key -out misp2.p12
type password (new)
Create the key repository and import the PKCS12 file obtained:
keytool -importkeystore -srcstoretype PKCS12 -srckeystore misp2.p12 -destkeystore
misp2keystore.jks
type in password (new)
type in previous pkcs12-password
Set the following system parameters for the MISP2 web application:
javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword, javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword.
Add the following to the Tomcat configuration file /etc/default/tomcat6:
nano /etc/default/tomcat6
JAVA_OPTS="${JAVA_OPTS} Djavax.net.ssl.trustStore=/etc/apache2/ssl/misp2truststore.jks Djavax.net.ssl.trustStorePassword=<misp2truststore.jks password> Djavax.net.ssl.keyStore=/etc/apache2/ssl/misp2keystore.jks Djavax.net.ssl.keyStorePassword=<misp2keystore.jks password>"
(previous example is in one row, you can add it to the end of the file
Remember to replace passwords for example in <misp2keystore.jks password > to
a real one)
service tomcat6 restart
8.7. Adding MISP2 certificate to Security server
14
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
create file cert.pem in your local machine
at MISP2-server’s SSH-console type: cat /etc/apache2/ssl/sslproxy.cert
copy the output to a file cert.pem in your local machine and save it
Log in the web interface of the Security server and
Load the IS server certificate:
1. On the Configuration menu, click Servers, then click Information system servers.
2. Select an organization, from the Connection type drop-down list select HTTPS,
and then click Load.
3. Click Browse and load the IS server certificate from the disk. The file must be in
the PEM or DER -format and with the file name cert.pem or cert.pem
4. Click Save. On success, the certificate's fingerprint is displayed in the list of the
organization's certificates.
Click Save
9. Creating portal in MISP2
Log in to MISP2 admin portal https://ip/misp2/admin
15
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
16
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Sisene, change language by clicking “English”
17
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Add New
18
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Fill in information above, you must have your own Organization name, Organization code and Security
host IP available.
Because of long FQDN string these screenshots have IPs instead of DNS names. Please REPLACE IPs with
real FQDN. Click Save portal configuration
19
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Add new manager
20
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Add new person as manager
21
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Now Ylermi Ylläpitäjä has got a user account FI123456
Click Exit
Log in MISP2 server SSH-console and type in commands
Psql -Umisp2 -hlocalhost misp2db
Type in user misp2 password
update person set password=’Lailailai, etc….’ where ssn=’FI123456’ ;
\q
(remember to replace password and ssn with some of your own that you created…)
22
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Log in using account crated earlier. Use path “https://IP/MISP2/”
23
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Change language again
24
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
10. Adding new Producer
Before you can add new producer you must have producer’s database network connection
allowed and you consumer configured in database’s Security server. CSC provides a dummy
database connection called BMI. If you want to test that connection, please send email to
[email protected] .
In the following it is assumed that connection is allowed.
Click All producers
25
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Refresh producers
Choose BMI and click Save complex producers
26
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click BMI
Click From security server
27
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Now follows a dirty hack, as of writing, proper WSDL was not available, so
Click “No Description”
28
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Paste following XML to text field and click Save
<?xml version="1.0" encoding="UTF-8"?>
<xhtml:html xmlns:xhtml="http://www.w3.org/1999/xhtml"
xmlns:xforms="http://www.w3.org/2002/xforms"
xmlns:events="http://www.w3.org/2001/xml-events"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xtee="http://x-tee.riik.ee/xsd/xtee.xsd"
xmlns:xrd="http://x-road.eu/xsd/x-road.xsd"
xmlns:bmi="http://bmi.x-road.eu/producer">
<xhtml:head>
<xhtml:title xml:lang="et">Suvaline sisend document/literal stiilis</xhtml:title>
<xhtml:title xml:lang="en">Random input document/literal style</xhtml:title>
<xforms:model>
29
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
<xforms:instance id="xrddlGetRandom.input">
<SOAP-ENV:Envelope>
<SOAP-ENV:Header>
<xrd:consumer/>
<xrd:producer>bmi</xrd:producer>
<xrd:userId>FI</xrd:userId>
<xrd:id/>
<xrd:service>bmi.xrddlGetRandom.v1</xrd:service>
<xrd:position/>
<xrd:issue/>
<xrd:authenticator/>
<xrd:userName/>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns5:xrddlGetRandom xmlns:ns5="http://bmi.x-road.eu/producer">
<request>
<in/>
</request>
</ns5:xrddlGetRandom>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</xforms:instance>
<xforms:instance id="xrddlGetRandom.output">
<dummy/>
</xforms:instance>
<xforms:bind nodeset="instance('xrddlGetRandom.input')/SOAP-ENV:Body">
<xforms:bind nodeset="bmi:xrddlGetRandom">
<xforms:bind nodeset="request">
<xforms:bind nodeset="in" type="xforms:string"/>
</xforms:bind>
</xforms:bind>
</xforms:bind>
<xforms:bind nodeset="instance('xrddlGetRandom.output')/SOAP-ENV:Body">
<xforms:bind nodeset="bmi:xrddlGetRandomResponse">
<xforms:bind nodeset="response" type="xforms:string"/>
</xforms:bind>
</xforms:bind>
<xforms:submission id="xrddlGetRandom.submission"
action="http://86.50.27.115:5555/xrddlGetRandom"
mediatype="application/soap+xml; charset=UTF-8; action="
encoding="UTF-8"
ref="instance('xrddlGetRandom.input')"
30
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
method="post"
replace="instance"
instance="xrddlGetRandom.output">
<xforms:setvalue ref="instance('temp')/relevant"
value="false()"
events:event="xforms-submit"/>
<xforms:setvalue ref="instance('xrddlGetRandom.input')/SOAP-ENV:Header/*:id"
value="digest(string(random()), 'SHA-1', 'hex')"
events:event="xforms-submit"/>
<xforms:toggle case="xrddlGetRandom.response" events:event="xforms-submit-done"/>
<xforms:setvalue ref="instance('temp')/relevant"
value="true()"
events:event="xforms-submit-done"/>
<xforms:setvalue ref="instance('temp')/relevant"
value="true()"
events:event="xforms-submit-error"/>
<xforms:message level="modal" events:event="xforms-submit-error">
<xforms:output xml:lang="et"
value="if (event('error-type') = 'submission-in-progress') then 'Üks päring juba käib!'
else if (event('error-type') = 'no-data') then 'Pole andmeid, mida saata!'
else if (event('error-type') =
'validation-error') then 'Valideerimise viga!'
else if (event('error-type') = 'parse-error') then 'Viga
vastuse töötlemisel!'
else if (event('error-type') = 'resource-error') then 'Päringu vastus ei ole XML!'
else if (event('error-type') = 'target-error') then 'Sihtkoha viga!'
else 'Sisemine viga!'"/>
<xforms:output xml:lang="en"
value="if (event('error-type') = 'submission-in-progress') then 'Submission already
started!'
else if (event('error-type') = 'no-data') then 'No data to submit!'
else if (event('errortype') = 'validation-error') then 'Validation error!'
else if (event('error-type') = 'parse-error') then
'Error parsing response!'
else if (event('error-type') = 'resource-error') then 'Response is not XML!'
else if (event('error-type') = 'target-error') then 'Target error!'
else 'Internal error!'"/>
</xforms:message>
</xforms:submission>
<xforms:instance id="temp">
<temp>
<relevant xsi:type="boolean">true</relevant>
</temp>
</xforms:instance>
<xforms:dispatch targetid="xrddlGetRandom.request"
name="xforms-select"
events:event="xforms-ready"/>
</xforms:model>
</xhtml:head>
<xhtml:body>
31
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
<xhtml:h1 xml:lang="et">Suvaline sisend document/literal stiilis</xhtml:h1>
<xhtml:h1 xml:lang="en">Random input document/literal style</xhtml:h1>
<xforms:group class="help" xml:lang="et">Suvalisele sisendile tuleb ka suvaline
vastus.</xforms:group>
<xforms:group class="help" xml:lang="en">Random input needs a random output.</xforms:group>
<xforms:switch>
<xforms:case id="xrddlGetRandom.request">
<xforms:group ref="instance('xrddlGetRandom.input')/SOAP-ENV:Body">
<xforms:group ref="bmi:xrddlGetRandom">
<xforms:group ref="request">
<xforms:input ref="in">
<xforms:label xml:lang="et">Random input</xforms:label>
<xforms:label xml:lang="en">Random input</xforms:label>
</xforms:input>
</xforms:group>
</xforms:group>
</xforms:group>
<xforms:group class="actions">
<xforms:submit submission="xrddlGetRandom.submission">
<xforms:label xml:lang="et">Esita päring</xforms:label>
<xforms:label xml:lang="en">Submit</xforms:label>
</xforms:submit>
</xforms:group>
</xforms:case>
<xforms:case id="xrddlGetRandom.response">
<xforms:group ref="instance('xrddlGetRandom.output')/SOAP-ENV:Header"
class="serviceid">
<xforms:output ref="xrd:id">
<xforms:label xml:lang="et">Päringu id</xforms:label>
<xforms:label xml:lang="en">Query id</xforms:label>
</xforms:output>
</xforms:group>
<xforms:group ref="instance('xrddlGetRandom.output')/SOAP-ENV:Body">
<xforms:group ref="bmi:xrddlGetRandomResponse">
<xforms:output ref="response">
<xforms:label xml:lang="et">Random response</xforms:label>
<xforms:label xml:lang="en">Random response</xforms:label>
</xforms:output>
</xforms:group>
</xforms:group>
<xforms:group ref="instance('xrddlGetRandom.output')/SOAPENV:Body/xrddlGetRandomResponse[not(response/*)]"
32
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
class="info">
<xhtml:span xml:lang="et">Andmeid ei tulnud.</xhtml:span>
<xhtml:span xml:lang="en">Service returned no data.</xhtml:span>
</xforms:group>
<xforms:group ref="instance('xrddlGetRandom.output')/SOAP-ENV:Body/SOAP-ENV:Fault"
class="fault">
<xforms:output ref="faultstring"/>
</xforms:group>
<xforms:group class="actions">
<xforms:trigger>
<xforms:label xml:lang="et">Uuesti</xforms:label>
<xforms:label xml:lang="en">Again</xforms:label>
<xforms:toggle events:event="DOMActivate" case="xrddlGetRandom.request"/>
</xforms:trigger>
</xforms:group>
</xforms:case>
</xforms:switch>
</xhtml:body>
</xhtml:html>
33
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click Back
34
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Click “Play” button
35
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Type in random input, Press submit
36
Palveluväylä Developmet Environment
MISP2 server installation and configuration
14.3.2014
_____________________________________________________________________________________
Service should give you a “random” output
37