juju4.misp
MISP Ansible Role
This Ansible role sets up MISP, which stands for Malware Information Sharing Platform & Threat Sharing.
- Website: http://www.misp-project.org/
- GitHub: https://github.com/MISP/MISP
Alternatives
- Docker: https://blog.rootshell.be/2016/03/03/running-misp-in-a-docker-container/
- RPM: https://github.com/amuehlem/MISP-RPM
- Docker: https://github.com/xme/misp-docker
- Ansible Role: https://github.com/MISP/MISP/pull/1413
- Ansible Role: https://github.com/MISP/MISP/pull/1495
Requirements & Dependencies
Ansible
This role works with the following Ansible versions:
- 2.0
- 2.2
- 2.3
- 2.4
- 2.5
Operating Systems
Tested on:
- Ubuntu 20.04
- Ubuntu 22.04
- CentOS 8-Stream
Example Playbook
To use this role, include it in your playbook like this:
- hosts: all
roles:
- juju4.MISP
Default admin credentials are: admin@admin.test / admin
Variables
No specific variables are needed right now.
Continuous Integration
This role has basic testing with Travis (for GitHub). More advanced testing is done with Kitchen, which includes a Vagrantfile (test/vagrant). The default Kitchen configuration (.kitchen.yml) uses LXD, while (.kitchen.vagrant.yml) uses Vagrant/VirtualBox.
To test, ensure all necessary roles are available, then run:
$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.MISP
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify
or
$ cd /path/to/roles/juju4.MISP/test/vagrant
$ vagrant up
$ vagrant ssh
The role includes a Packer configuration for creating images for VirtualBox, VMware, DigitalOcean, LXC, and others. When building, it’s better to do this outside the roles directory. Here's how you can build:
$ cd /path/to/packer-build
$ cp -Rd /path/to/juju4.MISP/packer .
## Update packer-*.json with your absolute path to the Ansible role.
## You can add role dependencies in setup-roles.sh.
$ cd packer
$ packer build packer-*.json
$ packer build -only=virtualbox-iso packer-*.json
## To enable extra logging:
$ PACKER_LOG_PATH="packerlog.txt" PACKER_LOG=1 packer build packer-*.json
## For DigitalOcean build, export your TOKEN in the environment.
$ export DO_TOKEN=xxx
$ packer build -only=digitalocean packer-*.json
## For Azure:
$ . ~/.azure/credentials
$ packer build azure-packer-centos7.json
$ packer build -var-file=variables.json azure-packer-centos7.json
Troubleshooting & Known Issues
For Troubleshooting:
$ tail /var/log/apache2/misp.*
$ tail /var/www/MISP/app/tmp/logs/*.log
$ cd /var/www/MISP/app/Console && ./cake CakeResque.CakeResque tail
Known Bugs:
- In
/var/www/MISP/app/tmp/logs/error.log:- Error: [MissingTableException] Table logs for model Log was not found in datasource default.
- Check if the MISP database exists in MySQL and is populated.
- The
curl_tests.shscript in MISP runs only once; repeat tests will fail. - Using privileged Docker with a host MySQL may cause:
mysqld[29176]: /usr/sbin/mysqld: error while loading shared libraries: libaio.so.1: Permission denied - Docker and Redis may have issues that require editing the systemd config on Xenial (check task 'docker redis workaround ???').
- CI may occasionally fail due to deadlocks during database transactions.
- Ubuntu 22.04 may not be compatible due to PHP version issues.
- If multiple PHP versions are installed, you may see database connection errors.
FAQ
- Role dependencies like geerlinguy.{mysql,nginx,apache} are not required but can improve setup flexibility.
- For GPG issues, refer to: GPG Troubleshooting.
- The role serves MISP via HTTP. Other roles can manage SSL certificates, like Let's Encrypt.
- LIEF build may take time (30–60 minutes) on CentOS 7; disable if not needed.
- Refer to the following for RedHat Selinux:
TODO
- The role does not manage upgrades yet (work in progress between minor releases).
- Monitoring is needed unless using ServerSpec.
- Hardening Apache & Nginx is handled in separate roles (
harden-webserver).
License
This project is licensed under the BSD 2-clause license.
MISP - Malware Information Sharing Platform & Threat Sharing
ansible-galaxy install juju4.misp