How to install Malware Information Sharing Platform on Ubuntu Server 18.04

July 18, 2020 by No Comments

If you’re looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.

Cybersecurity and secure nerwork concept. Data protection, gdrp. Glowing futuristic backround with lock on digital integrated circuit.

Image: Getty Images/iStockphoto

Malware Information Sharing Platform (MISP) is a tool for the collection, storing, distributing, and sharing of cybersecurity indicators and threats. MISP was specifically designed to be used for security incident analysis so that security pros can share structured information.

With MISP you are better prepared to correlate the indicators of compromise from targeted attacks. 

I’m going to walk you through the installation of the MISP core, using an automated script, on Ubuntu Server 18.04.

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

What you’ll need

How to update/upgrade Ubuntu

The first thing you’ll want to do is update and upgrade your instance of Ubuntu. Although MISP will attempt to do this during the running of the script, it can’t handle every situation it comes across. For one thing, the MISP installer will fail if you have even a single unsigned repository on your system. So if you know you use an unsigned repository, you’ll want to temporarily move the apt source file.

For instance, if you have an unsigned source file, named source.list, in your sources.list.d directory, move it with the command:

sudo mv /etc/apt/sources.list.d/source.list ~/

After the installation of MISP, you can move that file back.

To update and upgrade your Ubuntu Server instance, issue the following commands:

sudo apt-get update
sudo apt-get upgrade -y

If the kernel is upgraded, you’ll need to make sure to reboot the server, so the changes will take effect.

How to install MISP

With that out of the way, it’s time to install MISP. First, clone the MISP project from it’s GitHub page with the command:

git clone https://github.com/da667/AutoMISP.git

Change into the newly-created directory with the command:

cd AutoMISP

Give the installer script the proper permissions with the command:

chmod +x auto-MISP-ubuntu.sh

Now you can run the script with the command:

sudo ./auto-MISP-ubuntu.sh

The installation will take some time (roughly five or 10 minutes, depending the speed of your network connection and hardware), so return to some other admin tasks until it completes. 

When the installation completes, point a web browser to https://SERVER_IP/users/login (where SERVER_IP is the IP address of the hosting server). When presented with the login page, use the credentials admin@admin.test (username) and admin (password) (Figure A). 

Figure A

misp-login.jpg

Logging in to MISP for the first time.

If you get an error that users/login cannot be found on the server, it means you’re trying to log in with Firefox. For some reason MISP has problems with Firefox, so log in with a different browser. 

Once you successfully log in, you’ll be prompted to change the password (Figure B). 

Figure B

misp-change.jpg

Changing the default MISP password. 

After you’ve changed the password, you’re ready to start using MISP. You can start adding events, managing dashboards, and so much more. 

Also see

Leave a Comment

Your email address will not be published. Required fields are marked *