├── .dockerignore ├── Dockerfile ├── README.md ├── docker-compose.yml └── run.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Dockerfile to build a MISP (https://github.com/MISP/MISP) container 3 | # 4 | # Original docker file by eg5846 (https://github.com/eg5846) 5 | # 6 | # 2016/03/03 - First release 7 | # 2017/06/02 - Updated 8 | # 2018/04/04 - Added objects templates 9 | # 10 | 11 | # We are based on Ubuntu:latest 12 | FROM ubuntu:xenial 13 | MAINTAINER Xavier Mertens 14 | 15 | # Install core components 16 | ENV DEBIAN_FRONTEND noninteractive 17 | RUN apt-get update && apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean 18 | RUN apt-get install -y software-properties-common 19 | RUN apt-get install -y postfix 20 | RUN apt-get install -y mysql-client curl gcc git gnupg-agent make python openssl redis-server sudo vim zip locales 21 | 22 | RUN locale-gen en_US.UTF-8 23 | ENV LANG en_US.UTF-8 24 | RUN add-apt-repository -y ppa:ondrej/php && apt-get update 25 | 26 | # Apache 27 | RUN apt-get install -y apache2 apache2-doc apache2-utils 28 | RUN a2dismod status 29 | RUN a2dissite 000-default 30 | 31 | # PHP 7.2 32 | RUN apt-get install -y libapache2-mod-php php7.2 php7.2-cli php-crypt-gpg php7.2-dev php7.2-json php7.2-mysql php7.2-opcache php7.2-readline php7.2-redis php7.2-xml 33 | RUN apt-get install -y php-pear pkg-config libbson-1.0 libmongoc-1.0-0 php-xml php-dev 34 | 35 | # Fix php.ini with recommended settings 36 | RUN sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/php/7.2/apache2/php.ini 37 | RUN sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.2/apache2/php.ini 38 | RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/php/7.2/apache2/php.ini 39 | RUN sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/php/7.2/apache2/php.ini 40 | 41 | RUN apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools 42 | RUN apt-get install -y cron logrotate supervisor syslog-ng-core 43 | RUN apt-get clean 44 | 45 | WORKDIR /var/www 46 | RUN chown www-data:www-data /var/www 47 | USER www-data 48 | RUN git clone https://github.com/MISP/MISP.git 49 | WORKDIR /var/www/MISP 50 | RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) 51 | RUN git config core.filemode false 52 | 53 | WORKDIR /var/www/MISP/app/files/scripts 54 | RUN git clone https://github.com/CybOXProject/python-cybox.git 55 | RUN git clone https://github.com/STIXProject/python-stix.git 56 | 57 | WORKDIR /var/www/MISP/app/files/scripts/python-cybox 58 | RUN git checkout v2.1.0.12 59 | USER root 60 | RUN python setup.py install 61 | 62 | USER www-data 63 | WORKDIR /var/www/MISP/app/files/scripts/python-stix 64 | RUN git checkout v1.1.1.4 65 | USER root 66 | RUN python setup.py install 67 | 68 | USER www-data 69 | WORKDIR /var/www/MISP 70 | RUN git submodule init 71 | RUN git submodule update 72 | WORKDIR /var/www/MISP/app 73 | RUN php composer.phar config vendor-dir Vendor 74 | RUN php composer.phar install --ignore-platform-reqs 75 | USER root 76 | RUN phpenmod redis 77 | USER www-data 78 | RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php 79 | 80 | # Fix permissions 81 | USER root 82 | RUN chown -R www-data:www-data /var/www/MISP 83 | RUN chmod -R 750 /var/www/MISP 84 | RUN chmod -R g+ws /var/www/MISP/app/tmp 85 | RUN chmod -R g+ws /var/www/MISP/app/files 86 | RUN chmod -R g+ws /var/www/MISP/app/files/scripts/tmp 87 | 88 | RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp 89 | 90 | # Preconfigure setting for packages 91 | RUN echo "postfix postfix/main_mailer_type string Local only" | debconf-set-selections 92 | RUN echo "postfix postfix/mailname string localhost.localdomain" | debconf-set-selections 93 | 94 | # Redis Setup 95 | RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf 96 | 97 | # Install PEAR packages 98 | RUN pear install Crypt_GPG >>/tmp/install.log 99 | RUN pear install Net_GeoIP >>/tmp/install.log 100 | 101 | # Apache Setup 102 | RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf 103 | RUN a2dissite 000-default 104 | RUN a2ensite misp 105 | RUN a2enmod rewrite 106 | RUN a2enmod headers 107 | 108 | # MISP base configuration 109 | RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php 110 | RUN sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php 111 | RUN sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php 112 | RUN sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php 113 | RUN chown -R www-data:www-data /var/www/MISP/app/Config 114 | RUN chmod -R 750 /var/www/MISP/app/Config 115 | 116 | # Replace the default salt 117 | RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php 118 | 119 | # Enable workers at boot time 120 | RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh 121 | RUN echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local 122 | 123 | # Install templates & stuff 124 | WORKDIR /var/www/MISP/app/files 125 | RUN git clone https://github.com/MISP/misp-objects.git 126 | RUN git clone https://github.com/MISP/misp-galaxy.git 127 | RUN git clone https://github.com/MISP/misp-warninglists.git ./warninglists 128 | RUN git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies 129 | RUN chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies 130 | 131 | # Install MISP Modules 132 | WORKDIR /opt 133 | RUN apt-get install -y python3 python3-pip libjpeg-dev 134 | RUN git clone https://github.com/MISP/misp-modules.git 135 | WORKDIR /opt/misp-modules 136 | RUN pip3 install --upgrade --ignore-installed urllib3 137 | RUN pip3 install --upgrade --ignore-installed requests 138 | RUN pip3 install -I -r REQUIREMENTS 139 | RUN pip3 install -I . 140 | RUN echo "sudo -u www-data misp-modules -s &" >>/etc/rc.local 141 | 142 | # Supervisord Setup 143 | RUN echo '[supervisord]' >> /etc/supervisor/conf.d/supervisord.conf 144 | RUN echo 'nodaemon = true' >> /etc/supervisor/conf.d/supervisord.conf 145 | RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf 146 | RUN echo '[program:postfix]' >> /etc/supervisor/conf.d/supervisord.conf 147 | RUN echo 'process_name = master' >> /etc/supervisor/conf.d/supervisord.conf 148 | RUN echo 'directory = /etc/postfix' >> /etc/supervisor/conf.d/supervisord.conf 149 | RUN echo 'command = /usr/sbin/postfix -c /etc/postfix start' >> /etc/supervisor/conf.d/supervisord.conf 150 | RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf 151 | RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf 152 | RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf 153 | RUN echo '[program:redis-server]' >> /etc/supervisor/conf.d/supervisord.conf 154 | RUN echo 'command=redis-server /etc/redis/redis.conf' >> /etc/supervisor/conf.d/supervisord.conf 155 | RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf 156 | RUN echo '[program:apache2]' >> /etc/supervisor/conf.d/supervisord.conf 157 | RUN echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"' >> /etc/supervisor/conf.d/supervisord.conf 158 | RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf 159 | RUN echo '[program:resque]' >> /etc/supervisor/conf.d/supervisord.conf 160 | RUN echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh' >> /etc/supervisor/conf.d/supervisord.conf 161 | RUN echo 'user = www-data' >> /etc/supervisor/conf.d/supervisord.conf 162 | RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf 163 | RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf 164 | RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf 165 | RUN echo '[program:misp-modules]' >> /etc/supervisor/conf.d/supervisord.conf 166 | RUN echo 'command=/bin/bash -c "cd /opt/misp-modules/bin && /usr/bin/python3 misp-modules.py"' >> /etc/supervisor/conf.d/supervisord.conf 167 | RUN echo 'user = root' >> /etc/supervisor/conf.d/supervisord.conf 168 | RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf 169 | RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf 170 | 171 | # Modify syslog configuration 172 | RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf 173 | 174 | # Add run script 175 | ADD run.sh /run.sh 176 | RUN chmod 0755 /run.sh 177 | 178 | # Trigger to perform first boot operations 179 | RUN touch /.firstboot.tmp 180 | 181 | # Make a backup of /var/www/MISP to restore it to the local moint point at first boot 182 | WORKDIR /var/www/MISP 183 | RUN tar czpf /root/MISP.tgz . 184 | 185 | VOLUME /var/www/MISP 186 | EXPOSE 80 187 | ENTRYPOINT ["/run.sh"] 188 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | MISP Docker 2 | =========== 3 | This project has been integrated into the official MISP repository: 4 | https://github.com/MISP/misp-docker 5 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | networks: 4 | misp-network: 5 | driver: bridge 6 | 7 | services: 8 | misp-web: 9 | build: . 10 | depends_on: 11 | - misp-db 12 | container_name: misp-web 13 | hostname: misp 14 | image: misp:latest 15 | restart: always 16 | networks: 17 | - misp-network 18 | links: 19 | - misp-db 20 | expose: 21 | - 80 22 | volumes: 23 | - /dev/urandom:/dev/random 24 | - /data/misp:/var/www/MISP 25 | environment: 26 | - MYSQL_ROOT_PASSWORD=xxxxxxxx 27 | - MYSQL_MISP_PASSWORD=xxxxxxxx 28 | - MYSQL_HOST=misp-db 29 | - MISP_ADMIN_EMAIL=admin@admin.test 30 | - MISP_ADMIN_PASSPHRASE=xxxxxxxxx 31 | - MISP_BASEURL=http:\/\/misp\.test 32 | - POSTFIX_RELAY_HOST=relay.fqdn 33 | - TIMEZONE=Europe/Brussels 34 | 35 | misp-db: 36 | container_name: misp-db 37 | hostname: mysql 38 | image: mysql/mysql-server:latest 39 | restart: always 40 | networks: 41 | - misp-network 42 | volumes: 43 | - /data/tmp/mysql:/var/lib/mysql 44 | environment: 45 | - MYSQL_ROOT_PASSWORD=xxxxxxxx -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # MISP docker startup script 4 | # Xavier Mertens 5 | # 6 | # 2017/05/17 - Created 7 | # 2017/05/31 - Fixed small errors 8 | # 9 | 10 | set -e 11 | 12 | if [ -r /.firstboot.tmp ]; then 13 | echo "Container started for the fist time. Setup might time a few minutes. Please wait..." 14 | echo "(Details are logged in /tmp/install.log)" 15 | export DEBIAN_FRONTEND=noninteractive 16 | 17 | # If the user uses a mount point restore our files 18 | if [ ! -d /var/www/MISP/app ]; then 19 | echo "Restoring MISP files..." 20 | cd /var/www/MISP 21 | tar xzpf /root/MISP.tgz 22 | rm /root/MISP.tgz 23 | fi 24 | 25 | echo "Configuring postfix" 26 | if [ -z "$POSTFIX_RELAY_HOST" ]; then 27 | echo "POSTFIX_RELAY_HOST is not set, please configure Postfix manually later..." 28 | else 29 | postconf -e "relayhost = $POSTFIX_RELAY" 30 | fi 31 | 32 | # Fix timezone (adapt to your local zone) 33 | if [ -z "$TIMEZONE" ]; then 34 | echo "TIMEZONE is not set, please configure the local time zone manually later..." 35 | else 36 | echo "$TIMEZONE" > /etc/timezone 37 | dpkg-reconfigure -f noninteractive tzdata >>/tmp/install.log 38 | fi 39 | 40 | echo "Creating MySQL database" 41 | 42 | # Check MYSQL_HOST 43 | if [ -z "$MYSQL_HOST" ]; then 44 | echo "MYSQL_HOST is not set. Aborting." 45 | exit 1 46 | fi 47 | 48 | # Set MYSQL_ROOT_PASSWORD 49 | if [ -z "$MYSQL_ROOT_PASSWORD" ]; then 50 | echo "MYSQL_ROOT_PASSWORD is not set, use default value 'root'" 51 | MYSQL_ROOT_PASSWORD=root 52 | else 53 | echo "MYSQL_ROOT_PASSWORD is set to '$MYSQL_ROOT_PASSWORD'" 54 | fi 55 | 56 | # Set MYSQL_MISP_PASSWORD 57 | if [ -z "$MYSQL_MISP_PASSWORD" ]; then 58 | echo "MYSQL_MISP_PASSWORD is not set, use default value 'misp'" 59 | MYSQL_MISP_PASSWORD=misp 60 | else 61 | echo "MYSQL_MISP_PASSWORD is set to '$MYSQL_MISP_PASSWORD'" 62 | fi 63 | 64 | ret=`echo 'SHOW DATABASES;' | mysql -u root --password="$MYSQL_ROOT_PASSWORD" -h $MYSQL_HOST -P 3306 # 2>&1` 65 | 66 | if [ $? -eq 0 ]; then 67 | echo "Connected to database successfully!" 68 | found=0 69 | for db in $ret; do 70 | if [ "$db" == "misp" ]; then 71 | found=1 72 | fi 73 | done 74 | if [ $found -eq 1 ]; then 75 | echo "Database misp found" 76 | else 77 | echo "Database misp not found, creating now one ..." 78 | cat > /tmp/create_misp_database.sql <<-EOSQL 79 | create database misp; 80 | grant usage on *.* to misp identified by "$MYSQL_MISP_PASSWORD"; 81 | grant all privileges on misp.* to misp; 82 | EOSQL 83 | ret=`mysql -u root --password="$MYSQL_ROOT_PASSWORD" -h $MYSQL_HOST -P 3306 2>&1 < /tmp/create_misp_database.sql` 84 | if [ $? -eq 0 ]; then 85 | echo "Created database misp successfully!" 86 | 87 | echo "Importing /var/www/MISP/INSTALL/MYSQL.sql ..." 88 | ret=`mysql -u misp --password="$MYSQL_MISP_PASSWORD" misp -h $MYSQL_HOST -P 3306 2>&1 < /var/www/MISP/INSTALL/MYSQL.sql` 89 | if [ $? -eq 0 ]; then 90 | echo "Imported /var/www/MISP/INSTALL/MYSQL.sql successfully" 91 | else 92 | echo "ERROR: Importing /var/www/MISP/INSTALL/MYSQL.sql failed:" 93 | echo $ret 94 | fi 95 | # service mysql stop >/dev/null 2>&1 96 | else 97 | echo "ERROR: Creating database misp failed:" 98 | echo $ret 99 | fi 100 | fi 101 | else 102 | echo "ERROR: Connecting to database failed:" 103 | echo $ret 104 | fi 105 | 106 | # MISP configuration 107 | echo "Creating MISP configuration files" 108 | cd /var/www/MISP/app/Config 109 | cp -a database.default.php database.php 110 | sed -i "s/localhost/$MYSQL_HOST/" database.php 111 | sed -i "s/db\s*login/misp/" database.php 112 | sed -i "s/8889/3306/" database.php 113 | sed -i "s/db\s*password/$MYSQL_MISP_PASSWORD/" database.php 114 | 115 | # Fix the base url 116 | if [ -z "$MISP_BASEURL" ]; then 117 | echo "No base URL defined, don't forget to define it manually!" 118 | else 119 | echo "Fixing the MISP base URL ($MISP_BASEURL) ..." 120 | sed -i "s/'baseurl' => '',/'baseurl' => '$MISP_BASEURL',/" /var/www/MISP/app/Config/config.php 121 | fi 122 | 123 | # Generate the admin user PGP key 124 | echo "Creating admin GnuPG key" 125 | if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then 126 | echo "No admin details provided, don't forget to generate the PGP key manually!" 127 | else 128 | echo "Generating admin PGP key ... (please be patient, we need some entropy)" 129 | cat >/tmp/gpg.tmp <>/tmp/install.log 141 | rm -f /tmp/gpg.tmp 142 | fi 143 | 144 | # Display tips 145 | cat <<__WELCOME__ 146 | Congratulations! 147 | Your MISP docker has been successfully booted for the first time. 148 | Don't forget: 149 | - Reconfigure postfix to match your environment 150 | - Change the MISP admin email address to $MISP_ADMIN_EMAIL 151 | 152 | __WELCOME__ 153 | rm -f /.firstboot.tmp 154 | fi 155 | 156 | # Start supervisord 157 | echo "Starting supervisord" 158 | cd / 159 | exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf 160 | --------------------------------------------------------------------------------