Merged in @radder5's improvements on rng-tools, and misp-modules + README

README.md

@@ -22,6 +22,10 @@ auto changing the salt hash, auto initializing the database, auto generating GPG
 keys, auto generating working + secure configs, and adding custom
 passwords/domain names/email addresses/ssl certificates.
 
+The misp-modules extensions functionality has been included and can be
+accessed from http://[dockerhostip]:6666/modules.
+(thanks to @radder5)
+
 # How to run it in 3 steps:
 
 ## 1. Initialize Database
@@ -83,12 +87,17 @@ And in your ```/certs``` dir, create private/public certs with file names:
 
 # Security note in regards to key generation:
 We have added "rng-tools" in order to help with entropy generation,
-since users have mentioned that during the pgp generation, some systems
+since users have mentioned that during the pgp generation, some
-have a hard time creating enough "randomness". This in turn uses a pseudo-random
+systems have a hard time creating enough "randomness". This in turn
-generator, which is not 100% secure. If this is a concern for a
+uses a pseudo-random generator, which is not 100% secure. If this is a
-production environment, you can either 1.) take out the "rng-tools"
+concern for a production environment, you can either 1.) take out the
-part from the Dockerfile and re-build the container, or 2.) replace the keys with
+"rng-tools" part from the Dockerfile and re-build the container, or
-your own! For most users, this should not ever be an issue.
+2.) replace the keys with your own! For most users, this should not
+ever be an issue. The "rng-tools" is removed as part of the build
+process after it has been used.
+
+# Contributions:
+@radder5 - RNG Tools and MISP Modules
 
 # Help/Questions/Comments:
 For help or more info, feel free to contact Ventz Petkov: ventz_petkov@harvard.edu

container/Dockerfile

@@ -52,6 +52,14 @@ WORKDIR /var/www/MISP
 RUN sudo -u www-data -H git submodule init ; \
     sudo -u www-data -H git submodule update
 
+WORKDIR /usr/local/src
+RUN sudo -u www-data -H git clone https://github.com/MISP/misp-modules.git
+
+WORKDIR /usr/local/src/misp-modules
+RUN sudo pip3 install --upgrade pip ; \
+    sudo pip3 install -I -r REQUIREMENTS ;  \
+    sudo pip3 install -I .
+
 WORKDIR /var/www/MISP/app
 RUN mkdir /var/www/.composer && chown -R www-data:www-data /var/www/.composer ; \
     sudo -u www-data -H wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
@@ -106,6 +114,7 @@ RUN sed -i -e 's/db login/misp/g' /var/www/MISP/app/Config/database.php ; \
     sed -i -e "s/email@address.com/${MISP_EMAIL}/" /var/www/MISP/app/Config/config.php ; \
     sudo chown -R www-data:www-data /var/www/MISP/app/Config ; \
     sudo chmod -R 750 /var/www/MISP/app/Config ; \
+    sudo pip install --upgrade pip ; \
     sudo pip install pyzmq ; \
     sudo pip install redis ; \
     echo "#!/bin/bash" > /init-db ; \
@@ -145,12 +154,20 @@ RUN sed -i -e 's/db login/misp/g' /var/www/MISP/app/Config/database.php ; \
     echo "Name-Email: $MISP_EMAIL" >> /tmp/config_gpg ; \
     echo "Expire-Date: 0" >> /tmp/config_gpg ; \
     chmod 700 /tmp/config_gpg ; \
+    sudo rm -f /dev/random ; \
+    sudo mknod -m 0666 /dev/random c 1 9 ; \
+    sudo echo RNGDOPTIONS="--random-device /dev/urandom --rng-device /dev/urandom" | sudo tee /etc/default/rng-tools ; \
+    sudo echo HRNGDEVICE=/dev/urandom | sudo tee /etc/default/rng-tools ; \
+    sudo /etc/init.d/rng-tools restart ; \
+    sudo rngd -f -r /dev/urandom ; \
     chown www-data /tmp/config_gpg ; \
     sudo -u www-data sh -c "gpg --batch --homedir /var/www/MISP/.gnupg --gen-key /tmp/config_gpg" ; \
-    sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_EMAIL > /var/www/MISP/app/webroot/gpg.asc"
+    sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_EMAIL > /var/www/MISP/app/webroot/gpg.asc" ; \
+    sudo /etc/init.d/rng-tools stop ; \
+    sudo apt-get remove --purge -y rng-tools
 
-COPY supervisord.conf /etc/supervisor/conf.d/
 WORKDIR /var/www/MISP
+COPY supervisord.conf /etc/supervisor/conf.d/
 
 #>&2 echo "The default user = "admin@admin.test" | The default password = admin" ; \
 # To change it:

container/supervisord.conf

@@ -26,6 +26,11 @@ user=redis
 [program:apache2]
 command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
 
+[program:misp-modules]
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+user = www-data
+startsecs = 0
+
 [program:workers]
 command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
 user=www-data