commit c27ae4ec772956fffb9fc858f780e4c5a18fcb79 Author: Ventz Petkov Date: Tue Sep 27 02:49:04 2016 -0400 Initial commit of autobuild Docker MISP container. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..99c43da --- /dev/null +++ b/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2016, Harvard University IT Security - Ventz Petkov +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this +list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +3. Neither the name of the Harvard University nor the names of its +contributors may be used to endorse or promote products derived from this +software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..5d21bfb --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +Docker MISP Container +===================== +NOTE: Cannot autobuild on DockerHub due to size+time limit, and we +refuse to break this up into multiple images and chain them just to +get around the tiny resources that DockerHub provides! + +Github repo + build script here: +https://github.com/harvard-itsecurity/docker-misp + +# What is this? +This is an easy and highly customizable Docker container with MISP - +Malware Information Sharing Platform & Threat Sharing (http://www.misp-project.org) + +Our goal was to provide a way to setup + run MISP in less than a minute! + +We follow the official MISP installation steps everywhere possible, +while adding automation around tedious manual steps and configurations. + +We have done this without sacrificing options and the ability to +customize MISP for your unique environment! Some examples include: +auto changing the salt hash, auto initializing the database, auto generating GPG +keys, auto generating working + secure configs, and adding custom +passwords/domain names/email addresses/ssl certificates. + +# How to run it in 3 steps: + +## 1. Initialize Database + +``` +docker run -it --rm \ + -v /misp-db:/var/lib/mysql \ + harvarditsecurity/misp /init-db +``` + +## 2. Start the container +``` +docker run -it -d \ + -p 443:443 \ + -p 80:80 \ + -p 3306:3306 \ + -v /misp-db:/var/lib/mysql \ + harvarditsecurity/misp +``` + +## 3. Access Web URL +``` +Go to: https://localhost (or your "MISP_FQDN" setting) + +Login: admin@admin.test +Password: admin +``` + +And change the password! :) + +# What can you customize/pass during build? +You can customize the ```build.sh``` script to pass custom: + +* MYSQL_ROOT_PASSWORD +* MYSQL_MISP_PASSWORD +* POSTFIX_RELAY_HOST +* MISP_FQDN +* MISP_EMAIL + +See build.sh for an example on how to customize and build your own image with custom defaults. + +# How to use custom SSL Certificates: +During run-time, override ```/etc/ssl/private``` + +``` +docker run -it -d \ + -p 443:443 \ + -p 80:80 \ + -p 3306:3306 \ + -v /certs:/etc/ssl/private \ + -v /misp-db:/var/lib/mysql \ + harvarditsecurity/misp +``` + +And in your ```/certs``` dir, create private/public certs with file names: + +* misp.key +* misp.cert + +# Help/Questions/Comments: +For help or more info, feel free to contact Ventz Petkov: ventz_petkov@harvard.edu diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..23a7a5b --- /dev/null +++ b/build.sh @@ -0,0 +1,10 @@ +#!/bin/bash +docker rmi harvarditsecurity/misp +docker build \ + --rm=true --force-rm=true \ + --build-arg MYSQL_ROOT_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \ + --build-arg MYSQL_MISP_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \ + --build-arg POSTFIX_RELAY_HOST=localhost \ + --build-arg MISP_FQDN=localhost \ + --build-arg MISP_EMAIL=admin@localhost \ + -t harvarditsecurity/misp container \ diff --git a/container/Dockerfile b/container/Dockerfile new file mode 100644 index 0000000..27e050d --- /dev/null +++ b/container/Dockerfile @@ -0,0 +1,157 @@ +FROM ubuntu:16.04 +MAINTAINER Ventz Petkov + +# User supplied inputs +ARG MYSQL_ROOT_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a +ARG MYSQL_MISP_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a +ARG POSTFIX_RELAY_HOST=localhost +ARG MISP_FQDN=localhost +ARG MISP_EMAIL=admin@localhost + +# Dir you need to override to keep data on reboot/new container: +VOLUME /var/lib/mysql + +# Dir you might want to override in order to have custom ssl certs +# Need: "misp.key" and "misp.cert" +#VOLUME /etc/ssl/private + +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update && apt-get install -y supervisor cron logrotate syslog-ng-core postfix curl gcc git gnupg-agent make python openssl redis-server sudo vim zip wget mariadb-client mariadb-server apache2 apache2-doc apache2-utils libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev + + #echo "test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld" ; \ +RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf ; \ + postconf -e "relayhost = $POSTFIX_RELAY_HOST" ; \ + echo "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD" | debconf-set-selections ; \ + echo "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD" | debconf-set-selections ; \ + test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld ; \ + a2dismod status ; \ + a2enmod ssl rewrite ; \ + a2ensite 000-default ; \ + a2ensite default-ssl ; \ + mkdir -p /var/www/MISP /root/.config /root/.gitconfig ; \ + chown -R www-data:www-data /var/www/MISP /root/.config /root/.gitconfig; \ + sudo -u www-data -H git clone https://github.com/MISP/MISP.git /var/www/MISP ; \ + sudo -u www-data -H git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) ; \ + sudo -u www-data -H git config core.filemode false ; \ + echo + +WORKDIR /var/www/MISP/app/files/scripts +RUN sudo -u www-data -H git clone https://github.com/CybOXProject/python-cybox.git ; \ + sudo -u www-data -H git clone https://github.com/STIXProject/python-stix.git + +WORKDIR /var/www/MISP/app/files/scripts/python-cybox +RUN sudo -u www-data -H git checkout v2.1.0.12 ; \ + python setup.py install + +WORKDIR /var/www/MISP/app/files/scripts/python-stix +RUN sudo -u www-data -H git checkout v1.1.1.4 ; \ + python setup.py install + +WORKDIR /var/www/MISP +RUN sudo -u www-data -H git submodule init ; \ + sudo -u www-data -H git submodule update + +WORKDIR /var/www/MISP/app +RUN mkdir /var/www/.composer && chown -R www-data:www-data /var/www/.composer ; \ + sudo -u www-data -H wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \ + sudo -u www-data -H php composer.phar require kamisama/cake-resque:4.1.2 ; \ + sudo -u www-data -H php composer.phar config vendor-dir Vendor ; \ + sudo -u www-data -H php composer.phar install ; \ + phpenmod redis ; \ + sudo -u www-data -H cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \ + sudo chown -R www-data:www-data /var/www/MISP ; \ + sudo chmod -R 750 /var/www/MISP ; \ + sudo chmod -R g+ws /var/www/MISP/app/tmp ; \ + sudo chmod -R g+ws /var/www/MISP/app/files ; \ + sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp ; \ + openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/misp.key -out /etc/ssl/private/misp.crt -batch ; \ + echo "" > /etc/apache2/sites-available/000-default.conf ; \ + echo "ServerName $MISP_FQDN" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "Redirect permanent / https://$MISP_FQDN" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "LogLevel warn" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "ErrorLog /var/log/apache2/misp_error.log" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "CustomLog /var/log/apache2/misp_access.log combined" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "ServerSignature Off" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "" >> /etc/apache2/sites-available/000-default.conf ; \ + echo "" > /etc/apache2/sites-available/default-ssl.conf ; \ + echo "ServerAdmin $MISP_EMAIL" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "ServerName $MISP_FQDN" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "DocumentRoot /var/www/MISP/app/webroot" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "Options -Indexes" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "AllowOverride all" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "Order allow,deny" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "allow from all" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "SSLEngine On" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "SSLCertificateFile /etc/ssl/private/misp.crt" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "SSLCertificateKeyFile /etc/ssl/private/misp.key" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "#SSLCertificateChainFile /etc/ssl/private/misp-chain.crt" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "LogLevel warn" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "ErrorLog /var/log/apache2/misp_ssl_error.log" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "CustomLog /var/log/apache2/misp_ssl_access.log combined" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "ServerSignature Off" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "" >> /etc/apache2/sites-available/default-ssl.conf ; \ + echo "ServerName localhost" >> /etc/apache2/apache2.conf ; \ + sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \ + sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \ + sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \ + sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php + +RUN sed -i -e 's/db login/misp/g' /var/www/MISP/app/Config/database.php ; \ + sed -i -e "s/db password/$MYSQL_MISP_PASSWORD/g" /var/www/MISP/app/Config/database.php ; \ + sed -i -E "s/'salt'(\s+)=>\s''/'salt' => '`openssl rand -base64 32 | tr \'/\' \'0\'`'/" /var/www/MISP/app/Config/config.php ; \ + sed -i -E "s/'baseurl'(\s+)=>\s''/'baseurl' => 'https:\/\/$MISP_FQDN'/" /var/www/MISP/app/Config/config.php ; \ + sed -i -e "s/email@address.com/$MISP_EMAIL/" /var/www/MISP/app/Config/config.php ; \ + sudo chown -R www-data:www-data /var/www/MISP/app/Config ; \ + sudo chmod -R 750 /var/www/MISP/app/Config ; \ + sudo pip install pyzmq ; \ + sudo pip install redis ; \ + echo "#!/bin/bash" > /init-db ; \ + echo "if [ ! -f /var/lib/mysql/.db_initialized ]; then" >> /init-db ; \ + echo "sudo -u mysql -H /usr/bin/mysql_install_db --user=mysql" >> /init-db ; \ + echo "chown -R mysql:mysql /var/lib/mysql" >> /init-db ; \ + echo "cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql' &" >> /init-db ; \ + echo "sleep 5" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.user WHERE User=''\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"FLUSH PRIVILEGES;\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"create database misp\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"grant usage on *.* to misp@localhost identified by '$MYSQL_MISP_PASSWORD'\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"grant all privileges on misp.* to misp@localhost\"" >> /init-db ; \ + echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"flush privileges;\"" >> /init-db ; \ + echo "sudo -u www-data -H sh -c \"mysql -u misp -p$MYSQL_MISP_PASSWORD misp < /var/www/MISP/INSTALL/MYSQL.sql\"" >> /init-db ; \ + echo "touch /var/lib/mysql/.db_initialized" >> /init-db ; \ + echo "chown -R mysql:mysql /var/lib/mysql" >> /init-db ; \ + echo "fi" >> /init-db ; \ + echo "rm -f /init-db" >> /init-db ; \ + chmod 755 /init-db ; \ + echo "#!/bin/bash" > /misp-bug-fix ; \ + echo "cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql' &" >> /misp-bug-fix ; \ + echo "sleep 5" >> /misp-bug-fix ; \ + echo "mysql -D misp -uroot -p$MYSQL_ROOT_PASSWORD -e \"delete from users where id = 1 limit 1;\"" >> /misp-bug-fix ; \ + echo "rm -f /misp-bug-fix" >> /misp-bug-fix ; \ + chmod 755 /misp-bug-fix ; \ + sudo -u www-data -H mkdir /var/www/MISP/.gnupg ; \ + chmod 700 /var/www/MISP/.gnupg ; \ + echo "Key-Type: 1" > /tmp/config_gpg ; \ + echo "Key-Length: 4096" >> /tmp/config_gpg ; \ + echo "Subkey-Type: 1" >> /tmp/config_gpg ; \ + echo "Subkey-Length: 4096" >> /tmp/config_gpg ; \ + echo "Name-Real: MISP" >> /tmp/config_gpg ; \ + echo "Name-Email: $MISP_EMAIL" >> /tmp/config_gpg ; \ + echo "Expire-Date: 0" >> /tmp/config_gpg ; \ + chmod 700 /tmp/config_gpg ; \ + chown www-data /tmp/config_gpg ; \ + sudo -u www-data sh -c "gpg --batch --homedir /var/www/MISP/.gnupg --gen-key /tmp/config_gpg" ; \ + sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_EMAIL > /var/www/MISP/app/webroot/gpg.asc" + +COPY supervisord.conf /etc/supervisor/conf.d/ +WORKDIR /var/www/MISP + +#>&2 echo "The default user = "admin@admin.test" | The default password = admin" ; \ +# To change it: +#echo "/var/www/MISP/app/Console/cake Password 'admin@admin.test' '@dmin1!'" >> /root/init-db ; \ + +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] diff --git a/container/supervisord.conf b/container/supervisord.conf new file mode 100644 index 0000000..01938f7 --- /dev/null +++ b/container/supervisord.conf @@ -0,0 +1,31 @@ +[supervisord] +nodaemon=true + +[program:cron] +command=/usr/sbin/cron -f + +[program:syslog-ng] +command=/usr/sbin/syslog-ng -F -p /var/run/syslog-ng.pid --no-caps + +[program:postfix] +process_name = master +directory = /etc/postfix +command=/usr/lib/postfix/sbin/master -c /etc/postfix -d + +[program:mysql] +process_name = mysqld_safe +directory = /var/lib/mysql +command=/usr/bin/mysqld_safe + +[program:redis-server] +process_name = redis-server +directory = /etc/redis +command=/usr/bin/redis-server +user=redis + +[program:apache2] +command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND" + +[program:workers] +command=/bin/bash /var/www/MISP/app/Console/worker/start.sh +user=www-data