move ARG to the places where they first used, to allow for Docker layer re-use and speedup during build when making changes (ex: multiple deployments) - thanks @giedriusramas
After a clean install if you log into MISP and navigate to Administration -> Server Settings -> Diagnostics in the STIX and Cybox libraries section you will see the error CYBOX library version...Incorrect CyBox version installed, found 2.1.0.17 expecting 2.1.0.18.dev0. I reached out the the developers of MISP and they told me to run pip3 uninstall cybox to uninstall the pip managed version. To test it out I did I clean install and SSH'd into the container then ran the command and the error went away. Not sure where the best place to incorporate this is, but this was were I tested it and I successfully ran a clean build with it.
Added WORKDIR to line 34 to resolve the following errors:
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not in a git directory
Added lines 60 and 61 to resolve the following errors:
ERROR [mispevent.py:52 - <module>() ] Cannot import jsonschema
Traceback (most recent call last):
File "/var/www/MISP/PyMISP/pymisp/mispevent.py", line 50, in <module>
import jsonschema
ModuleNotFoundError: No module named 'jsonschema'
WARNING [__init__.py:46 - <module>() ] Unable to load pymisp properly: No module named 'requests'
Edited line 136 to resolve the following error:
/bin/sh: 1: cannot create /etc/php/7.0/mods-available/ssdeep.ini: Directory nonexistent
WARNING: Module ssdeep ini file doesn't exist under /etc/php/7.2/mods-available
WARNING: Module ssdeep ini file doesn't exist under /etc/php/7.2/mods-available
This commit includes an expose command in the Dockerfile for various
ports that the application uses - web server (80 and 443), mysql (3306),
and MISP ZeroMQ (50000).
Pass redis conf file to redis-server program in supervisord.conf and set the working directory to /var/lib/redis
Thanks to @jbarlow-mcafee for discovering this!
This commit changes the working directory used for the redis-server
process from /etc/redis, which the redis user does not have write access
to, to /var/lib/redis, which is writable by the redis user.
Previously, pyzmq and redis were pip installed using the default pip,
which was for Python 3. This resulted in the pyzmq and redis packages
not being found when the MISP server spawned the mispzmq script using
the default python, which is version 2. With this commit, pyzmq and
redis would be installed for both Python 2 (via pip2) and Python 3
(via pip3), which should allow the packages to be available to scripts
which use it from different Python versions.
Previously, the redis-server program was started from supervisord.conf
without a configuration file specifying the data directory to use. This
resulted in redis "not able to persist to disk" errors when the mispzmq
script performed some redis commands. The error was due to the default
redis data directory, /etc/redis, not being writable by the user that
the redis process runs as, redis.
This commit passes the /etc/redis/redis.conf configuration file to the
redis-server process at startup. The configuration file already sets the
data directory to a directory that the redis user has write access to,
/var/lib/redis.
Alexandre Dulaunoy
Ventz Petkov