UbuntuUbuntu Based

How To Install MISP on Ubuntu 24.04 LTS

r00t

Install MISP on Ubuntu 24.04

The cybersecurity landscape demands robust threat intelligence sharing platforms, and MISP stands as the industry standard for collaborative security information exchange. Installing MISP on Ubuntu 24.04 LTS provides organizations with a powerful foundation for threat analysis and intelligence sharing. This comprehensive guide walks you through multiple installation methods, ensuring you can deploy MISP successfully regardless of your infrastructure requirements.

What is MISP and Why Ubuntu 24.04 LTS?

MISP (Malware Information Sharing Platform) serves as an open-source threat intelligence platform designed for sharing, storing, and correlating Indicators of Compromise (IoCs) related to malware, cyber attacks, and other security incidents. The platform facilitates collaboration between security teams, enabling organizations to share threat intelligence in a structured and standardized format.

Ubuntu 24.04 LTS emerges as the recommended distribution for MISP 2.5 installations due to its long-term support, stability, and optimized package repositories. The MISP development team specifically recommends Ubuntu 24.04 for new deployments, providing dedicated installation scripts that streamline the setup process. This combination ensures maximum compatibility, security updates, and community support for your threat intelligence infrastructure.

MISP 2.5 introduces significant improvements over previous versions, including enhanced performance, better API functionality, and improved user interface elements. The platform’s architecture supports various data formats and provides extensive customization options for different organizational needs.

Prerequisites and System Requirements

Before beginning the MISP installation process, ensure your Ubuntu 24.04 LTS system meets the minimum hardware and software requirements. Your server should have at least 4GB of RAM, though 8GB or more is recommended for production environments handling substantial threat intelligence data.

The system requires approximately 20GB of free disk space for the base installation, with additional storage needed for threat intelligence data growth. A dual-core processor provides adequate performance for small to medium deployments, while larger organizations should consider quad-core or higher specifications.

Network connectivity plays a crucial role in MISP functionality. Ensure your system can access external repositories for package downloads and updates. The installation process requires internet connectivity to download dependencies, MISP source code, and security updates. Configure your firewall to allow HTTP (port 80) and HTTPS (port 443) traffic for web interface access.

Administrative privileges are essential throughout the installation process. You’ll need sudo access or root privileges to install packages, modify system configurations, and manage services. Before proceeding, update your Ubuntu system to ensure all packages are current:

sudo apt update && sudo apt upgrade -y

Consider implementing a backup strategy for existing systems before installation. While MISP installation typically doesn’t interfere with existing services, maintaining system backups provides security against unforeseen complications.

Installation Methods Overview

MISP deployment offers two primary approaches: native installation and Docker-based containerization. Native installation provides direct system integration, optimal performance, and easier customization options. This method installs MISP components directly onto the Ubuntu system, offering full control over configuration and optimization.

Docker deployment offers containerized isolation, simplified updates, and consistent environments across different systems. However, Docker installations may present additional complexity in production environments and require container orchestration knowledge.

The official MISP installation script for Ubuntu 24.04 represents the most straightforward approach for native deployments. This automated script handles dependency installation, database configuration, and initial setup procedures, significantly reducing manual configuration requirements.

For production environments, native installation generally provides better performance and easier maintenance. Docker installations work well for development, testing, or proof-of-concept deployments where isolation and rapid deployment are priorities.

Method 1: Native Installation Using Official Script

Downloading and Preparing the Installation Script

The official MISP installation script automates the complex process of setting up MISP on Ubuntu 24.04 LTS. Begin by downloading the latest installation script from the official MISP GitHub repository:

wget --no-cache -O /tmp/INSTALL.ubuntu2404.sh https://raw.githubusercontent.com/MISP/MISP/refs/heads/2.5/INSTALL/INSTALL.ubuntu2404.sh

Verify the script’s integrity by examining its contents before execution. The script includes comprehensive error checking and logging functionality to help diagnose installation issues. Make the script executable:

chmod +x /tmp/INSTALL.ubuntu2404.sh

The installation script accepts various environment variables for customization. Review the script header to understand available configuration options, including database passwords, domain names, and SSL certificate paths.

Pre-Installation Configuration

Configure essential variables before running the installation script. The most critical settings include:

Database Configuration: Set secure passwords for the MySQL root user and MISP database user. Use strong, randomly generated passwords to enhance security:

export DBPASSWORD_ADMIN='your_secure_admin_password'
export DBPASSWORD_MISP='your_secure_misp_password'

Domain Configuration: Specify your MISP instance’s fully qualified domain name:

export FQDN='misp.yourdomain.com'

SSL Settings: Configure SSL certificate paths if using custom certificates. The script can generate self-signed certificates for testing environments or integrate with existing certificate infrastructure.

Ensure your system’s hostname matches your intended MISP domain name. This alignment prevents configuration conflicts and ensures proper certificate generation.

Running the Installation Script

Execute the installation script with appropriate privileges:

sudo bash /tmp/INSTALL.ubuntu2404.sh

The installation process typically takes 15-30 minutes, depending on your system’s performance and internet connectivity. Monitor the installation progress through the detailed output provided by the script.

The script performs several key operations:

System Package Updates: Updates the Ubuntu package repository and installs required system packages including Apache, MySQL, PHP, and Python components.

MISP Core Installation: Downloads the latest MISP source code from GitHub, configures file permissions, and sets up the application directory structure.

Database Setup: Creates the MISP database, configures user permissions, and initializes the database schema with default data.

Python Environment: Establishes a Python virtual environment and installs required Python modules for MISP’s background processing capabilities.

Web Server Configuration: Configures Apache virtual hosts, enables necessary modules, and sets up SSL certificates for secure communication.

Post-Installation Configuration

After successful script completion, access your MISP instance through a web browser using the configured domain name or server IP address. The default administrator credentials are typically:

  • Username: admin@admin.test
  • Password: admin

Immediate Security Steps: Change the default administrator password immediately after first login. Navigate to the user profile settings and establish a strong, unique password.

Organization Setup: Configure your organization’s details under Administration → Server Settings. Update the organization name, contact information, and basic configuration parameters.

Base URL Configuration: Ensure the MISP base URL matches your domain configuration. Incorrect base URL settings can cause authentication and notification issues.

Email Configuration: Set up SMTP settings for email notifications and user communications. Navigate to Server Settings → Email and configure your organization’s mail server details.

Component Verification and Testing

Verify all MISP components are functioning correctly:

Apache Status: Check Apache service status and configuration:

sudo systemctl status apache2
sudo apache2ctl configtest

Database Connectivity: Verify MySQL service and MISP database access:

sudo systemctl status mysql
sudo mysql -u misp -p misp_database -e "SHOW TABLES;"

Python Environment: Test the Python virtual environment and installed modules:

sudo -u www-data /var/www/MISP/venv/bin/python -c "import sys; print(sys.version)"

Background Workers: Ensure MISP background job processors are running:

sudo systemctl status misp-workers

Access the MISP diagnostic page at /servers/serverSettings/diagnostics to review system health and identify any configuration issues requiring attention.

Method 2: Docker-Based Installation

Docker Prerequisites

Docker installation on Ubuntu 24.04 requires several preparatory steps. Install Docker Engine and Docker Compose:

sudo apt update
sudo apt install docker.io docker-compose
sudo systemctl enable docker
sudo usermod -aG docker $USER

Log out and back in to activate group membership changes. Verify Docker functionality:

docker --version
docker-compose --version

MISP Docker Deployment

Clone the official MISP Docker repository:

git clone https://github.com/MISP/misp-docker.git
cd misp-docker

Configure environment variables by copying the template:

cp template.env .env

Edit the .env file to customize your deployment:

nano .env

Update critical settings including database passwords, MISP admin email, and domain configuration. Build the Docker containers:

docker-compose build

Start the MISP containers:

docker-compose up -d

Monitor container startup:

docker-compose logs -f

Access your containerized MISP instance at http://localhost or your configured domain name.

Initial Configuration and Setup

Upon first access, MISP requires several configuration steps to prepare for operational use. Log in using the default administrator credentials and immediately change the password to a secure alternative.

Organization Configuration: Navigate to Administration → Add Organisation to create your primary organization profile. Include accurate contact information, as this data appears in shared threat intelligence reports.

User Management: Create additional user accounts with appropriate role assignments. MISP supports various user roles including Org Admin, Sync User, and Read Only access levels.

API Key Generation: Generate API keys for programmatic access and external integrations. Navigate to Global Actions → My Profile → Auth Keys to create new authentication tokens.

Server Settings Review: Examine critical server settings under Administration → Server Settings. Key parameters include:

  • MISP.baseurl: Your MISP instance’s public URL
  • MISP.email: Administrative contact email
  • MISP.contact: Organization contact information
  • Security.password_policy_length: Minimum password requirements

Feed Configuration: Configure threat intelligence feeds to begin populating your MISP instance with relevant threat data. Navigate to Sync Actions → List Feeds to add public and private feed sources.

Security Hardening and Best Practices

Implement comprehensive security measures to protect your MISP installation:

SSL Certificate Implementation: Replace self-signed certificates with valid SSL certificates from a trusted Certificate Authority. Configure Apache to redirect HTTP traffic to HTTPS:

sudo a2enmod rewrite ssl

Firewall Configuration: Implement restrictive firewall rules allowing only necessary traffic:

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

Database Security: Secure MySQL installation and remove default accounts:

sudo mysql_secure_installation

Regular Updates: Establish procedures for regular MISP and system updates. MISP provides update mechanisms through its web interface and command-line tools.

Backup Strategy: Implement comprehensive backup procedures covering the MISP database, configuration files, and uploaded attachments. Regular backups ensure rapid recovery from system failures or security incidents.

Access Control: Implement strong authentication mechanisms and consider integrating with existing identity management systems for centralized user management.

Troubleshooting Common Issues

Installation Script Failures: If the installation script encounters errors, check the log files in /tmp/ for detailed error messages. Common issues include insufficient disk space, network connectivity problems, or conflicting software packages.

Database Connection Problems: Verify MySQL service status and user permissions. Reset database passwords if necessary:

sudo mysql -u root -p
ALTER USER 'misp'@'localhost' IDENTIFIED BY 'new_password';
FLUSH PRIVILEGES;

Apache Configuration Issues: Test Apache configuration syntax and review error logs:

sudo apache2ctl configtest
sudo tail -f /var/log/apache2/error.log

Python Dependency Conflicts: Recreate the Python virtual environment if module conflicts occur:

sudo rm -rf /var/www/MISP/venv
sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
sudo -u www-data /var/www/MISP/venv/bin/pip install -r /var/www/MISP/requirements.txt

Permission Problems: Ensure proper file ownership and permissions:

sudo chown -R www-data:www-data /var/www/MISP
sudo chmod -R 755 /var/www/MISP

Performance Optimization: For large deployments, consider MySQL tuning, PHP memory limits, and Apache worker configurations to optimize performance.

Upgrading from MISP 2.4 to 2.5

Organizations running MISP 2.4 on Ubuntu systems can upgrade to version 2.5 using the official upgrade script. This process requires Ubuntu 24.04 LTS as the base operating system.

Pre-Upgrade Preparation: Create comprehensive backups of your existing MISP installation:

sudo mysqldump -u root -p misp > misp_backup_$(date +%Y%m%d).sql
sudo tar -czf misp_files_backup_$(date +%Y%m%d).tar.gz /var/www/MISP

Distribution Upgrade: If running an older Ubuntu version, upgrade to 24.04 LTS first:

sudo do-release-upgrade

Upgrade Script Execution: Download and run the official upgrade script:

wget --no-cache -O /tmp/UPGRADE.ubuntu2404.sh https://raw.githubusercontent.com/MISP/MISP/refs/heads/2.5/INSTALL/UPGRADE.ubuntu2404.sh
sudo bash /tmp/UPGRADE.ubuntu2404.sh

Post-Upgrade Verification: After successful upgrade completion, verify all components function correctly. Test user authentication, database connectivity, and background worker processes.

Data Migration Validation: Confirm all existing events, attributes, and user accounts transferred successfully to MISP 2.5. Review any migration warnings or errors in the upgrade logs.

The upgrade process typically maintains existing data while updating the underlying application code and database schema to support new MISP 2.5 features.

Congratulations! You have successfully installed MISP. Thanks for using this tutorial for installing MISP threats sharing on Ubuntu 24.04 LTS systems. For additional help or useful information, we recommend you check the official MISP website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button