Verifying the integrity of the permanent files included in the distribution kit protects against unauthorized modification by checking that the scripts and binary files have not been changed after unpacking the archive with Kaspersky Threat Feed App for MISP.
To verify the integrity of Kaspersky Threat Feed App for MISP files, run the following command from the %service_dir% directory:
./integrity_checker --signature-type kds-with-filename
If the command succeeds, the integrity_checker utility will display an output like the following example:
===============================================>
Summary( failed / skipped / succeeded ):
Manifests: 0 / 0 / 1
Files: 0 / 0 / 14
Directories: 0 / 0 / 0
Registries: 0 / 0 / 0
Registry values: 0 / 0 / 0
===============================================>
SUCCEEDED
We recommend to run the integrity_checker file right before starting the utility. To do this, in the cron task settings replace the */30 * * * * python %service_dir%/main.py --full_update_interval_h %update_interval% command with the following command:
*/30 * * * * if [ $(cd %service_dir% && ./integrity_checker --signature-type kds-with-filename | tail -1) = "SUCCEEDED" ]; then python %service_dir%/main.py --full_update_interval_h %update_interval%; else echo $(date +"%Y-%m-%d %H:%M:%S,%3N") " ERROR Integrity verification failed! Some of permanent files modified" >> %service_dir%/misp_converter.log; fi
Instead of python, specify the full path for the python 3 interpreter. For instance: /bin/python3.
The command above will verify thesignatures and integrity of all files except the settings.py, defs.py, and technics.py files, as these files are configuration files and may be modified.
If an error occurs during verification, this error will be shown in the %service_dir%/misp_converter.log file. In case of an error, the converter will not run.
For regular verification of the integrity of the integrity_checker file, we recommend to generate its hash sum after unpacking the archive. Alternatively, after unpacking the archive, copy the integrity_checker file to a read-only CD disk and periodically compare the hashes of the binary file in use with the hash of the copy.