Initial commit of autobuild Docker MISP container.

LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2016, Harvard University IT Security - Ventz Petkov <ventz_petkov@harvard.edu>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+ 
+1.  Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+3.  Neither the name of the Harvard University nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,85 @@
+Docker MISP Container
+=====================
+NOTE: Cannot autobuild on DockerHub due to size+time limit, and we
+refuse to break this up into multiple images and chain them just to
+get around the tiny resources that DockerHub provides!
+
+Github repo + build script here:
+https://github.com/harvard-itsecurity/docker-misp
+
+# What is this?
+This is an easy and highly customizable Docker container with MISP -
+Malware Information Sharing Platform & Threat Sharing (http://www.misp-project.org)
+
+Our goal was to provide a way to setup + run MISP in less than a minute!
+
+We follow the official MISP installation steps everywhere possible,
+while adding automation around tedious manual steps and configurations.
+
+We have done this without sacrificing options and the ability to
+customize MISP for your unique environment! Some examples include:
+auto changing the salt hash, auto initializing the database, auto generating GPG
+keys, auto generating working + secure configs, and adding custom
+passwords/domain names/email addresses/ssl certificates.
+
+# How to run it in 3 steps:
+
+## 1. Initialize Database
+
+```
+docker run -it --rm \
+    -v /misp-db:/var/lib/mysql \
+    harvarditsecurity/misp /init-db
+```
+
+## 2. Start the container
+```
+docker run -it -d \
+    -p 443:443 \
+    -p 80:80 \
+    -p 3306:3306 \
+    -v /misp-db:/var/lib/mysql \
+    harvarditsecurity/misp
+```
+
+## 3. Access Web URL
+```
+Go to: https://localhost (or your "MISP_FQDN" setting)
+
+Login: admin@admin.test
+Password: admin
+```
+
+And change the password! :)
+
+# What can you customize/pass during build?
+You can customize the ```build.sh``` script to pass custom:
+
+* MYSQL_ROOT_PASSWORD
+* MYSQL_MISP_PASSWORD
+* POSTFIX_RELAY_HOST
+* MISP_FQDN
+* MISP_EMAIL
+
+See build.sh for an example on how to customize and build your own image with custom defaults.
+
+# How to use custom SSL Certificates:
+During run-time, override ```/etc/ssl/private```
+
+```
+docker run -it -d \
+    -p 443:443 \
+    -p 80:80 \
+    -p 3306:3306 \
+    -v /certs:/etc/ssl/private \
+    -v /misp-db:/var/lib/mysql \
+    harvarditsecurity/misp
+```
+
+And in your ```/certs``` dir, create private/public certs with file names:
+
+* misp.key
+* misp.cert
+
+# Help/Questions/Comments:
+For help or more info, feel free to contact Ventz Petkov: ventz_petkov@harvard.edu

build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+docker rmi harvarditsecurity/misp
+docker build \
+    --rm=true --force-rm=true \
+    --build-arg MYSQL_ROOT_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \
+    --build-arg MYSQL_MISP_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a \
+    --build-arg POSTFIX_RELAY_HOST=localhost \
+    --build-arg MISP_FQDN=localhost \
+    --build-arg MISP_EMAIL=admin@localhost \
+    -t harvarditsecurity/misp container \

container/Dockerfile

@@ -0,0 +1,157 @@
+FROM ubuntu:16.04
+MAINTAINER Ventz Petkov <ventz_petkov@harvard.edu>
+
+# User supplied inputs
+ARG MYSQL_ROOT_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a
+ARG MYSQL_MISP_PASSWORD=ChangeThisDefaultPassworda9564ebc3289b7a14551baf8ad5ec60a
+ARG POSTFIX_RELAY_HOST=localhost
+ARG MISP_FQDN=localhost
+ARG MISP_EMAIL=admin@localhost
+
+# Dir you need to override to keep data on reboot/new container:
+VOLUME /var/lib/mysql
+
+# Dir you might want to override in order to have custom ssl certs
+# Need: "misp.key" and "misp.cert"
+#VOLUME /etc/ssl/private
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get install -y supervisor cron logrotate syslog-ng-core postfix curl gcc git gnupg-agent make python openssl redis-server sudo vim zip wget mariadb-client mariadb-server apache2 apache2-doc apache2-utils libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev
+
+    #echo "test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld" ; \
+RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf ; \
+    postconf -e "relayhost = $POSTFIX_RELAY_HOST" ; \
+    echo "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD" | debconf-set-selections ; \
+    echo "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD" | debconf-set-selections ; \
+    test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld ; \
+    a2dismod status ; \
+    a2enmod ssl rewrite ; \
+    a2ensite 000-default ; \
+    a2ensite default-ssl ; \
+    mkdir -p /var/www/MISP /root/.config /root/.gitconfig ; \
+    chown -R www-data:www-data /var/www/MISP /root/.config /root/.gitconfig; \
+    sudo -u www-data -H git clone https://github.com/MISP/MISP.git /var/www/MISP ; \
+    sudo -u www-data -H git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) ; \
+    sudo -u www-data -H git config core.filemode false ; \
+    echo
+
+WORKDIR /var/www/MISP/app/files/scripts
+RUN sudo -u www-data -H git clone https://github.com/CybOXProject/python-cybox.git ; \
+    sudo -u www-data -H git clone https://github.com/STIXProject/python-stix.git
+
+WORKDIR /var/www/MISP/app/files/scripts/python-cybox
+RUN sudo -u www-data -H git checkout v2.1.0.12 ; \
+    python setup.py install
+
+WORKDIR /var/www/MISP/app/files/scripts/python-stix
+RUN sudo -u www-data -H git checkout v1.1.1.4 ; \
+    python setup.py install
+
+WORKDIR /var/www/MISP
+RUN sudo -u www-data -H git submodule init ; \
+    sudo -u www-data -H git submodule update
+
+WORKDIR /var/www/MISP/app
+RUN mkdir /var/www/.composer && chown -R www-data:www-data /var/www/.composer ; \
+    sudo -u www-data -H wget https://getcomposer.org/download/1.2.1/composer.phar -O composer.phar ; \
+    sudo -u www-data -H php composer.phar require kamisama/cake-resque:4.1.2 ; \
+    sudo -u www-data -H php composer.phar config vendor-dir Vendor ; \
+    sudo -u www-data -H php composer.phar install ; \
+    phpenmod redis ; \
+    sudo -u www-data -H cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php ; \
+    sudo chown -R www-data:www-data /var/www/MISP ; \
+    sudo chmod -R 750 /var/www/MISP ; \
+    sudo chmod -R g+ws /var/www/MISP/app/tmp ; \
+    sudo chmod -R g+ws /var/www/MISP/app/files ; \
+    sudo chmod -R g+ws /var/www/MISP/app/files/scripts/tmp ; \
+    openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/misp.key -out /etc/ssl/private/misp.crt -batch ; \
+    echo "<VirtualHost *:80>" > /etc/apache2/sites-available/000-default.conf ; \
+    echo "ServerName $MISP_FQDN" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "Redirect permanent / https://$MISP_FQDN" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "LogLevel warn" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "ErrorLog /var/log/apache2/misp_error.log" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "CustomLog /var/log/apache2/misp_access.log combined" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "ServerSignature Off" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "</VirtualHost>" >> /etc/apache2/sites-available/000-default.conf ; \
+    echo "<VirtualHost *:443>" > /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "ServerAdmin $MISP_EMAIL" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "ServerName $MISP_FQDN" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "DocumentRoot /var/www/MISP/app/webroot" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "<Directory /var/www/MISP/app/webroot>" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "Options -Indexes" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "AllowOverride all" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "Order allow,deny" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "allow from all" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "</Directory>" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "SSLEngine On" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "SSLCertificateFile /etc/ssl/private/misp.crt" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "SSLCertificateKeyFile /etc/ssl/private/misp.key" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "#SSLCertificateChainFile /etc/ssl/private/misp-chain.crt" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "LogLevel warn" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "ErrorLog /var/log/apache2/misp_ssl_error.log" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "CustomLog /var/log/apache2/misp_ssl_access.log combined" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "ServerSignature Off" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "</VirtualHost>" >> /etc/apache2/sites-available/default-ssl.conf ; \
+    echo "ServerName localhost" >> /etc/apache2/apache2.conf ; \
+    sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php ; \
+    sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php ; \
+    sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php ; \
+    sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
+
+RUN sed -i -e 's/db login/misp/g' /var/www/MISP/app/Config/database.php ; \
+    sed -i -e "s/db password/$MYSQL_MISP_PASSWORD/g" /var/www/MISP/app/Config/database.php ; \
+    sed -i -E "s/'salt'(\s+)=>\s''/'salt' => '`openssl rand -base64 32 | tr \'/\' \'0\'`'/" /var/www/MISP/app/Config/config.php ; \
+    sed -i -E "s/'baseurl'(\s+)=>\s''/'baseurl' => 'https:\/\/$MISP_FQDN'/" /var/www/MISP/app/Config/config.php ; \
+    sed -i -e "s/email@address.com/$MISP_EMAIL/" /var/www/MISP/app/Config/config.php ; \
+    sudo chown -R www-data:www-data /var/www/MISP/app/Config ; \
+    sudo chmod -R 750 /var/www/MISP/app/Config ; \
+    sudo pip install pyzmq ; \
+    sudo pip install redis ; \
+    echo "#!/bin/bash" > /init-db ; \
+    echo "if [ ! -f /var/lib/mysql/.db_initialized ]; then" >> /init-db ; \
+    echo "sudo -u mysql -H /usr/bin/mysql_install_db --user=mysql" >> /init-db ; \
+    echo "chown -R mysql:mysql /var/lib/mysql" >> /init-db ; \
+    echo "cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql' &" >> /init-db ; \
+    echo "sleep 5" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.user WHERE User=''\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"FLUSH PRIVILEGES;\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"create database misp\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"grant usage on *.* to misp@localhost identified by '$MYSQL_MISP_PASSWORD'\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"grant all privileges on misp.* to misp@localhost\"" >> /init-db ; \
+    echo "mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"flush privileges;\"" >> /init-db ; \
+    echo "sudo -u www-data -H sh -c \"mysql -u misp -p$MYSQL_MISP_PASSWORD misp < /var/www/MISP/INSTALL/MYSQL.sql\"" >> /init-db ; \
+    echo "touch /var/lib/mysql/.db_initialized" >> /init-db ; \
+    echo "chown -R mysql:mysql /var/lib/mysql" >> /init-db ; \
+    echo "fi" >> /init-db ; \
+    echo "rm -f /init-db" >> /init-db ; \
+    chmod 755 /init-db ; \
+    echo "#!/bin/bash" > /misp-bug-fix ; \
+    echo "cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql' &" >> /misp-bug-fix ; \
+    echo "sleep 5" >> /misp-bug-fix ; \
+    echo "mysql -D misp -uroot -p$MYSQL_ROOT_PASSWORD -e \"delete from users where id = 1 limit 1;\"" >> /misp-bug-fix ; \
+    echo "rm -f /misp-bug-fix" >> /misp-bug-fix ; \
+    chmod 755 /misp-bug-fix ; \
+    sudo -u www-data -H mkdir /var/www/MISP/.gnupg ; \
+    chmod 700 /var/www/MISP/.gnupg ; \
+    echo "Key-Type: 1" > /tmp/config_gpg ; \
+    echo "Key-Length: 4096" >> /tmp/config_gpg ; \
+    echo "Subkey-Type: 1" >> /tmp/config_gpg ; \
+    echo "Subkey-Length: 4096" >> /tmp/config_gpg ; \
+    echo "Name-Real: MISP" >> /tmp/config_gpg ; \
+    echo "Name-Email: $MISP_EMAIL" >> /tmp/config_gpg ; \
+    echo "Expire-Date: 0" >> /tmp/config_gpg ; \
+    chmod 700 /tmp/config_gpg ; \
+    chown www-data /tmp/config_gpg ; \
+    sudo -u www-data sh -c "gpg --batch --homedir /var/www/MISP/.gnupg --gen-key /tmp/config_gpg" ; \
+    sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor $MISP_EMAIL > /var/www/MISP/app/webroot/gpg.asc"
+
+COPY supervisord.conf /etc/supervisor/conf.d/
+WORKDIR /var/www/MISP
+
+#>&2 echo "The default user = "admin@admin.test" | The default password = admin" ; \
+# To change it:
+#echo "/var/www/MISP/app/Console/cake Password 'admin@admin.test' '@dmin1!'" >> /root/init-db ; \
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

container/supervisord.conf

@@ -0,0 +1,31 @@
+[supervisord]
+nodaemon=true
+
+[program:cron]
+command=/usr/sbin/cron -f
+
+[program:syslog-ng]
+command=/usr/sbin/syslog-ng -F -p /var/run/syslog-ng.pid --no-caps
+
+[program:postfix]
+process_name = master
+directory = /etc/postfix
+command=/usr/lib/postfix/sbin/master -c /etc/postfix -d
+
+[program:mysql]
+process_name = mysqld_safe
+directory = /var/lib/mysql
+command=/usr/bin/mysqld_safe
+
+[program:redis-server]
+process_name = redis-server
+directory = /etc/redis
+command=/usr/bin/redis-server
+user=redis
+
+[program:apache2]
+command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
+
+[program:workers]
+command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+user=www-data