MISP is a great threat intelligence platform, for users/organizations of all sizes. One of the major advantages that it has going for it, is the rapid pace at which it is developing. Every single release is packed with more updates and new features that are creating and impressive tool.
I’ve used MISP on and off now for the last two years and have followed the progress with great interest so much so that I setup my own instances that I play around with. During the install process I ran into a few issues so I thought that I would create a quick writeup on how to work past those issues.
The developers have done a great job of providing a script that takes care of the install for us. Even when using the script, it used to get stuck on the creation of the GPG key (used to send emails such as when new events are created).
This is what I did during the install:
Note #1: I ran my install on Ubuntu 20.04 so YMMV
Note #2: MISP does not like to be installed by root so run the installation as another user that has
sudo permission (we will be asked to create a MISP user in the install script)
As always before installing anything on Linux it is best practice to upgrade the existing packages
apt-get upgrade -y
The Need to Replenish Entropy
When the script is trying to create the GPG, it needs to generate the private and public key pair. This use the entropy available to generate the random values. The entropy values which prior to installation were around 3000 dropped to around 200 in my case during this period. This cause the installer to get stuck as there as not enough entropy to generate the key pairs.
During my install once I had identified this as the issue, I had a terminal window open monitoring the entropy value using the command
Option 1: Using rng-tools
rng-tools is a utility related to the random number generation in kernel. It consists of a daemon that feeds random numbers in the entropy pool. This is used to increase the entropy available allowing for
/dev/random to be faster.
Installation is straight forward and can be done by:
apt-get install rng-tools
Then we can start the daemon
rngd -r /dev/urandom
Option 2: Generate entropy by running commands
Another way to increase the entropy is by running commands, for example:
yes "fkjdhajfhasjkdfhdajhfjkasd" > /dev/null
This repeatedly outputs the string “fkjdhajfhasjkdfhdajhfjkasd” to the null device. This also helps increase entropy.
Note: I did not run this during my install, I went with Option 1
Continuation of MISP Installation
From there, we can download the installation script:
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
The developers recommend that we run the script without any parameters to get the installation options:
This return the different types of installations options that are present, this include
- -c which will install only MISP core
- -M which installs MISP modules
- -A installs all
- -u for an unintended install
I went with installing all, so my installation command was
bash /tmp/INSTALL.sh -A | tee log.txt
I appended the command
tee log.txt so that everything I was seeing on the screen was also dumped into a log file. This is particularly useful since the are various passwords that are generated.
Once the install has completed we will see the URL of the MISP instance in the console. We can navigate to that
This is the page we when we navigate to the URL that was specified during install. The default credentials are provided by the installer, they are
These are also available in the documentation in the quick start guide.
This is the install process done, another issue I noticed during the install was that even though I used the
-A command to install everything (including modules) my instance did not have MISP modules installed. I will create a separate blog post on how to do that.