2016-09-27 08:49:04 +02:00
|
|
|
Docker MISP Container
|
|
|
|
=====================
|
|
|
|
NOTE: Cannot autobuild on DockerHub due to size+time limit, and we
|
|
|
|
refuse to break this up into multiple images and chain them just to
|
|
|
|
get around the tiny resources that DockerHub provides!
|
|
|
|
|
|
|
|
Github repo + build script here:
|
|
|
|
https://github.com/harvard-itsecurity/docker-misp
|
|
|
|
|
|
|
|
# What is this?
|
|
|
|
This is an easy and highly customizable Docker container with MISP -
|
|
|
|
Malware Information Sharing Platform & Threat Sharing (http://www.misp-project.org)
|
|
|
|
|
|
|
|
Our goal was to provide a way to setup + run MISP in less than a minute!
|
|
|
|
|
|
|
|
We follow the official MISP installation steps everywhere possible,
|
|
|
|
while adding automation around tedious manual steps and configurations.
|
|
|
|
|
|
|
|
We have done this without sacrificing options and the ability to
|
|
|
|
customize MISP for your unique environment! Some examples include:
|
|
|
|
auto changing the salt hash, auto initializing the database, auto generating GPG
|
|
|
|
keys, auto generating working + secure configs, and adding custom
|
|
|
|
passwords/domain names/email addresses/ssl certificates.
|
|
|
|
|
2017-02-13 21:24:45 +01:00
|
|
|
The misp-modules extensions functionality has been included and can be
|
|
|
|
accessed from http://[dockerhostip]:6666/modules.
|
2017-02-14 15:12:32 +01:00
|
|
|
(thanks to Conrad)
|
2017-02-13 21:24:45 +01:00
|
|
|
|
2016-09-27 08:49:04 +02:00
|
|
|
# How to run it in 3 steps:
|
|
|
|
|
|
|
|
## 1. Initialize Database
|
|
|
|
|
|
|
|
```
|
|
|
|
docker run -it --rm \
|
|
|
|
-v /misp-db:/var/lib/mysql \
|
|
|
|
harvarditsecurity/misp /init-db
|
|
|
|
```
|
|
|
|
|
|
|
|
## 2. Start the container
|
|
|
|
```
|
|
|
|
docker run -it -d \
|
|
|
|
-p 443:443 \
|
|
|
|
-p 80:80 \
|
|
|
|
-p 3306:3306 \
|
|
|
|
-v /misp-db:/var/lib/mysql \
|
|
|
|
harvarditsecurity/misp
|
|
|
|
```
|
|
|
|
|
|
|
|
## 3. Access Web URL
|
|
|
|
```
|
|
|
|
Go to: https://localhost (or your "MISP_FQDN" setting)
|
|
|
|
|
|
|
|
Login: admin@admin.test
|
|
|
|
Password: admin
|
|
|
|
```
|
|
|
|
|
|
|
|
And change the password! :)
|
|
|
|
|
|
|
|
# What can you customize/pass during build?
|
|
|
|
You can customize the ```build.sh``` script to pass custom:
|
|
|
|
|
|
|
|
* MYSQL_ROOT_PASSWORD
|
|
|
|
* MYSQL_MISP_PASSWORD
|
|
|
|
* POSTFIX_RELAY_HOST
|
|
|
|
* MISP_FQDN
|
|
|
|
* MISP_EMAIL
|
|
|
|
|
|
|
|
See build.sh for an example on how to customize and build your own image with custom defaults.
|
|
|
|
|
|
|
|
# How to use custom SSL Certificates:
|
|
|
|
During run-time, override ```/etc/ssl/private```
|
|
|
|
|
|
|
|
```
|
|
|
|
docker run -it -d \
|
|
|
|
-p 443:443 \
|
|
|
|
-p 80:80 \
|
|
|
|
-p 3306:3306 \
|
|
|
|
-v /certs:/etc/ssl/private \
|
|
|
|
-v /misp-db:/var/lib/mysql \
|
|
|
|
harvarditsecurity/misp
|
|
|
|
```
|
|
|
|
|
|
|
|
And in your ```/certs``` dir, create private/public certs with file names:
|
|
|
|
|
|
|
|
* misp.key
|
2017-09-25 15:26:37 +02:00
|
|
|
* misp.crt
|
2016-09-27 08:49:04 +02:00
|
|
|
|
2017-02-09 17:25:59 +01:00
|
|
|
# Security note in regards to key generation:
|
|
|
|
We have added "rng-tools" in order to help with entropy generation,
|
2017-02-13 21:24:45 +01:00
|
|
|
since users have mentioned that during the pgp generation, some
|
|
|
|
systems have a hard time creating enough "randomness". This in turn
|
|
|
|
uses a pseudo-random generator, which is not 100% secure. If this is a
|
|
|
|
concern for a production environment, you can either 1.) take out the
|
|
|
|
"rng-tools" part from the Dockerfile and re-build the container, or
|
|
|
|
2.) replace the keys with your own! For most users, this should not
|
|
|
|
ever be an issue. The "rng-tools" is removed as part of the build
|
|
|
|
process after it has been used.
|
|
|
|
|
|
|
|
# Contributions:
|
2017-02-14 15:12:32 +01:00
|
|
|
Conrad Crampton: conrad.crampton@secdata.com - @radder5 - RNG Tools and MISP Modules
|
2017-02-09 17:25:59 +01:00
|
|
|
|
2016-09-27 08:49:04 +02:00
|
|
|
# Help/Questions/Comments:
|
|
|
|
For help or more info, feel free to contact Ventz Petkov: ventz_petkov@harvard.edu
|