How To Install MISP on Fedora 42
Installing MISP (Malware Information Sharing Platform) on Fedora 42 provides cybersecurity professionals with a powerful threat intelligence sharing platform. MISP enables organizations to collect, store, and share cybersecurity indicators efficiently. This comprehensive guide walks you through every step of deploying MISP on Fedora 42, from system preparation to final configuration.
Fedora 42 offers excellent compatibility for MISP deployment due to its cutting-edge package management system and robust security features. The distribution’s SELinux integration and regular security updates make it an ideal choice for hosting sensitive threat intelligence data. This installation process typically requires 2-3 hours for completion and results in a fully functional MISP instance ready for production use.
This tutorial covers all essential aspects including system prerequisites, dependency installation, database configuration, and security hardening. You’ll learn to configure Apache web server, set up proper SSL certificates, and implement security best practices. By following these detailed instructions, you’ll have a production-ready MISP installation capable of handling threat intelligence feeds and supporting your organization’s cybersecurity operations.
System Requirements and Prerequisites
Hardware Requirements for MISP on Fedora 42
MISP requires adequate system resources to handle threat intelligence processing effectively. The minimum hardware specifications include a dual-core CPU with 4GB RAM and 20GB storage space. However, production environments should consider 4-core processors with 8GB RAM and 50GB SSD storage for optimal performance.
Network connectivity plays a crucial role in MISP functionality. The system needs reliable internet access for downloading threat intelligence feeds and communicating with external MISP instances. Consider bandwidth requirements when planning for multiple concurrent users and automated feed synchronization.
For organizations handling large volumes of threat data, recommended specifications include 8-core processors, 16GB RAM, and 100GB+ storage with RAID configuration. These specifications ensure smooth operation during peak usage and accommodate future growth in data volume.
Software Prerequisites and Dependencies
Fedora 42 provides modern package repositories containing most MISP dependencies. Essential software components include MariaDB database server, Apache web server, PHP 8.2 with required extensions, and Redis for caching operations. Python development packages are necessary for installing MISP’s analytical modules and threat intelligence processing libraries.
The installation requires specific PHP extensions including mysql, mbstring, xml, gd, intl, bcmath, and redis. These extensions enable MISP’s core functionality for database operations, string manipulation, XML processing, and image handling. Additionally, GnuPG support is essential for cryptographic operations and secure data exchange.
Redis server provides caching capabilities that significantly improve MISP performance. The system also requires Git for downloading MISP source code and various compilation tools for building Python modules from source.
Administrative Access and Security Considerations
Root or sudo privileges are mandatory for system package installation and service configuration. The installation process modifies system configurations, creates new user accounts, and configures firewall rules requiring elevated permissions.
SELinux enforcement adds security layers but may require policy adjustments for web applications. Understanding SELinux contexts and policies helps prevent access issues during installation and operation. Network connectivity requirements include outbound HTTPS access for downloading packages and threat intelligence feeds.
Preparing the Fedora 42 System
Initial System Update and Package Management
Begin by updating your Fedora 42 system to ensure all packages are current. Execute the following command to refresh package repositories and install available updates:
sudo dnf update -yThis process downloads and installs the latest security patches and system updates. Next, install essential development tools and utilities required for MISP compilation:
sudo dnf groupinstall -y "Development Tools"
sudo dnf install -y git curl wget zip unzipThe Development Tools group provides gcc, make, and other compilation utilities necessary for building Python modules. These tools are essential for installing MISP’s dependencies from source code.
Enable the EPEL repository to access additional packages not included in standard Fedora repositories:
sudo dnf install -y epel-releaseUser Account and Permissions Setup
Create a dedicated user account for MISP operations to enhance security through privilege separation. This account will own MISP files and run associated processes:
sudo useradd -m -s /bin/bash misp
sudo usermod -aG apache mispThe misp user account provides isolation from system processes while maintaining necessary access to web server operations. Adding the user to the apache group enables proper file sharing between MISP and the web server.
Configure sudo access for the misp user to perform specific administrative tasks:
echo "misp ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart httpd" | sudo tee /etc/sudoers.d/mispFirewall and SELinux Configuration
Configure firewalld to allow HTTP and HTTPS traffic while maintaining security. Open the necessary ports for web access:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadThese commands permanently enable web traffic access while preserving firewall protection for other services. Verify the configuration by listing active firewall rules:
sudo firewall-cmd --list-allSELinux requires specific configurations for web applications. Set appropriate boolean values to allow web server operations:
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect_db 1Database Server Installation and Configuration
Install MariaDB server and client packages using DNF package manager:
sudo dnf install -y mariadb-server mariadbStart and enable the MariaDB service to ensure automatic startup after system reboots:
sudo systemctl start mariadb
sudo systemctl enable mariadbSecure the MariaDB installation by running the security script and following the prompts:
sudo mysql_secure_installationInstalling MISP Dependencies
Core System Dependencies Installation
Install essential system packages required for MISP operation. These packages provide fundamental functionality for web services, caching, and data processing:
sudo dnf install -y httpd mod_ssl redis python3 python3-pip python3-develApache HTTP server (httpd) serves as the web server platform for MISP. The mod_ssl module enables HTTPS encryption for secure communications. Redis provides high-performance caching capabilities that significantly improve MISP response times.
Python 3 with development headers and pip package manager are necessary for installing MISP’s analytical components. Install additional system libraries required for Python module compilation:
sudo dnf install -y libxml2-devel libxslt-devel zlib-devel libjpeg-develInstall GnuPG for cryptographic operations and secure key management:
sudo dnf install -y gnupg2 pinentryPHP and Web Server Components
Fedora 42 includes PHP 8.2 which is fully compatible with MISP requirements. Install PHP and essential extensions:
sudo dnf install -y php php-cli php-common php-mysqlnd php-xml php-mbstring
sudo dnf install -y php-gd php-intl php-bcmath php-zip php-json php-opcacheInstall additional PHP modules specific to MISP functionality:
sudo dnf install -y php-redis php-gnupg php-pecl-ssdeepConfigure PHP settings for MISP requirements by editing the main configuration file:
sudo nano /etc/php.iniModify these critical settings for optimal MISP performance:
max_execution_time = 300
memory_limit = 2048M
upload_max_filesize = 50M
post_max_size = 50MRedis Server Setup and Configuration
Start and enable Redis service for automatic startup:
sudo systemctl start redis
sudo systemctl enable redisConfigure Redis for MISP by editing the configuration file:
sudo nano /etc/redis/redis.confOptimize Redis settings for MISP workload:
maxmemory 256mb
maxmemory-policy allkeys-lru
save 900 1Python Libraries and STIX/CyBox Modules
Create a virtual environment for MISP Python dependencies to avoid conflicts with system packages:
sudo mkdir -p /var/www/MISP
cd /var/www/MISP
sudo python3 -m venv venvActivate the virtual environment and upgrade pip to the latest version:
sudo ./venv/bin/pip install --upgrade pip setuptools wheelInstall essential Python libraries for threat intelligence processing:
sudo ./venv/bin/pip install pymisp python-magic lief pydeep redisDownloading and Installing MISP Core
Cloning MISP from Official Repository
Download MISP source code from the official GitHub repository. Use Git to clone the latest stable version:
cd /var/www
sudo git clone https://github.com/MISP/MISP.git
cd MISP
sudo git checkout tags/$(git describe --tags --abbrev=0)Verify the downloaded code integrity by checking the repository status:
sudo git status
sudo git log --oneline -5Installing MISP Submodules and Dependencies
Initialize and update Git submodules required by MISP:
sudo git submodule update --init --recursiveInstall Python requirements using the virtual environment:
sudo ./venv/bin/pip install -r requirements.txtInstall additional Python modules for enhanced functionality:
cd app/files/scripts
sudo ../../../venv/bin/pip install -r requirements.txtFile Permissions and Ownership Configuration
Set appropriate ownership for MISP files and directories:
sudo chown -R apache:apache /var/www/MISPConfigure specific directory permissions for writable areas:
sudo chmod -R 750 /var/www/MISP
sudo chmod -R 770 /var/www/MISP/app/tmp
sudo chmod -R 770 /var/www/MISP/app/files
sudo chmod -R 770 /var/www/MISP/app/files/scripts/tmpSet executable permissions for MISP console utilities:
sudo chmod +x /var/www/MISP/app/Console/cakeDatabase Setup and Initial Configuration
Database Schema Creation and Import
Access MariaDB as root user and create the MISP database:
sudo mysql -u root -pExecute the following SQL commands to establish the database structure:
CREATE DATABASE misp;
CREATE USER 'misp'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON misp.* TO 'misp'@'localhost';
FLUSH PRIVILEGES;
EXIT;Import the MISP database schema:
sudo mysql -u misp -p misp < /var/www/MISP/INSTALL/MYSQL.sqlDatabase User Privileges and Security
Verify database creation and user permissions:
sudo mysql -u misp -p -e "SHOW DATABASES; USE misp; SHOW TABLES;"Initial MISP Configuration File Setup
Copy sample configuration files and customize for your environment:
cd /var/www/MISP/app/Config
sudo cp -a bootstrap.default.php bootstrap.php
sudo cp -a database.default.php database.php
sudo cp -a core.default.php core.php
sudo cp -a config.default.php config.phpEdit the database configuration file:
sudo nano database.phpWeb Server Configuration
Apache Virtual Host Configuration
Create a dedicated virtual host configuration for MISP:
sudo nano /etc/httpd/conf.d/misp.confConfigure the virtual host with appropriate security settings:
<VirtualHost *:80>
ServerName misp.yourdomain.com
DocumentRoot /var/www/MISP/app/webroot
<Directory /var/www/MISP/app/webroot>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/httpd/misp_error.log
CustomLog /var/log/httpd/misp_access.log combined
ServerSignature Off
</VirtualHost>Enable necessary Apache modules for MISP functionality:
sudo systemctl enable httpd
sudo systemctl start httpdPHP-FPM Integration and Optimization
Configure PHP-FPM for better performance and security:
sudo nano /etc/php-fpm.d/misp.confStart and enable PHP-FPM service:
sudo systemctl start php-fpm
sudo systemctl enable php-fpmSSL Certificate Implementation
Generate a self-signed SSL certificate for testing purposes:
sudo openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-keyout /etc/ssl/private/misp.key \
-out /etc/ssl/certs/misp.crtMISP Application Configuration
Core MISP Settings Configuration
Initialize MISP configuration through the command-line interface:
cd /var/www/MISP/app/Console
sudo ./cake Admin setSetting "MISP.baseurl" "https://misp.yourdomain.com"
sudo ./cake Admin setSetting "MISP.live" trueConfigure email settings for notifications and user management:
sudo ./cake Admin setSetting "MISP.email" "admin@yourdomain.com"
sudo ./cake Admin setSetting "MISP.contact" "admin@yourdomain.com"Security and Authentication Settings
Configure password policies and security levels:
sudo ./cake Admin setSetting "Security.password_policy_length" "12"
sudo ./cake Admin setSetting "Security.password_policy_complexity" "/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{12,}$/"Performance and Optimization Settings
Enable background job processing for improved performance:
sudo ./cake Admin setSetting "SimpleBackgroundJobs.enabled" true
sudo ./cake Admin setSetting "SimpleBackgroundJobs.max_job_history_ttl" "86400"Configure Redis cache integration:
sudo ./cake Admin setSetting "MISP.redis_host" "127.0.0.1"
sudo ./cake Admin setSetting "MISP.redis_port" "6379"
sudo ./cake Admin setSetting "MISP.redis_database" "13"Create the default admin user account:
sudo ./cake User initSecurity Hardening and Best Practices
System-Level Security Measures
Implement SELinux policies specific to MISP operations:
sudo setsebool -P httpd_can_network_connect_db 1
sudo setsebool -P httpd_execmem 1
sudo semanage fcontext -a -t httpd_exec_t "/var/www/MISP/app/Console/cake"
sudo restorecon -Rv /var/www/MISPConfigure file system permissions for enhanced security:
sudo chmod -R o-rwx /var/www/MISP
sudo chmod -R g-w /var/www/MISP
sudo chmod -R g+w /var/www/MISP/app/tmp
sudo chmod -R g+w /var/www/MISP/app/filesMISP-Specific Security Configuration
Generate GPG keys for cryptographic operations:
sudo su - apache
gpg --gen-keyConfigure MISP to use the generated keys:
sudo ./cake Admin setSetting "GnuPG.email" "admin@yourdomain.com"
sudo ./cake Admin setSetting "GnuPG.homedir" "/var/www/MISP/.gnupg"Network Security and Monitoring
Configure advanced firewall rules for granular access control:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="https" accept'
sudo firewall-cmd --reloadTesting and Verification
Functional Testing Procedures
Verify web interface accessibility by opening a browser and navigating to your MISP instance. Test database connectivity through the MISP diagnostics interface accessible at Administration > Server Settings & Maintenance > Diagnostics.
Check background services status using the built-in diagnostics tools:
cd /var/www/MISP/app/Console
sudo ./cake Admin runUpdates
sudo ./cake Server testPerformance and Integration Testing
Test API endpoint functionality using curl commands:
curl -H "Authorization: YOUR_API_KEY" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
https://misp.yourdomain.com/eventsTroubleshooting Common Issues
Installation and Dependency Issues
Common package conflicts may arise during PHP extension installation. Resolve conflicts by updating package repositories:
sudo dnf clean all
sudo dnf makecache
sudo dnf updateDatabase connection issues typically result from incorrect credentials or service status. Verify MariaDB service status:
sudo systemctl status mariadb
sudo mysql -u misp -p -e "SELECT 1;"Configuration and Runtime Problems
Web server configuration issues may prevent proper MISP access. Check Apache error logs:
sudo tail -f /var/log/httpd/error_logPHP service startup problems often relate to memory limits or extension conflicts. Review PHP-FPM logs:
sudo tail -f /var/log/php-fpm/error.logCongratulations! You have successfully installed MISP. Thanks for using this tutorial for installing MISP cyber security indicators and threats cyber security on Fedora 42 Linux systems. For additional help or useful information, we recommend you check the official MISP website.
