2020-01-28 18:54:36 +01:00
|
|
|
ARG MISP_TAG=2.4.120
|
2019-12-11 15:31:09 +01:00
|
|
|
ARG PHP_VER=20180731
|
|
|
|
|
2019-12-11 15:12:41 +01:00
|
|
|
FROM composer as composer-build
|
2019-12-11 15:31:09 +01:00
|
|
|
ARG MISP_TAG
|
2019-12-11 15:12:41 +01:00
|
|
|
WORKDIR /tmp
|
2019-12-11 15:31:09 +01:00
|
|
|
ADD https://raw.githubusercontent.com/MISP/MISP/v${MISP_TAG}/app/composer.json /tmp
|
2019-12-11 15:12:41 +01:00
|
|
|
RUN composer install --ignore-platform-reqs
|
|
|
|
|
2019-11-28 17:33:12 +01:00
|
|
|
FROM debian:buster-slim as php-build
|
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
|
|
|
gcc \
|
|
|
|
make \
|
|
|
|
libfuzzy-dev \
|
|
|
|
ca-certificates \
|
|
|
|
php \
|
|
|
|
php-dev \
|
|
|
|
php-pear \
|
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
|
|
RUN cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep
|
|
|
|
|
2019-11-28 16:46:43 +01:00
|
|
|
FROM debian:buster-slim as python-build
|
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
|
|
|
gcc \
|
|
|
|
git \
|
|
|
|
python3 \
|
|
|
|
python3-dev \
|
|
|
|
python3-setuptools \
|
|
|
|
python3-wheel \
|
|
|
|
libfuzzy-dev \
|
|
|
|
ca-certificates \
|
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
|
|
|
|
2019-12-11 15:09:57 +01:00
|
|
|
RUN mkdir /wheels
|
|
|
|
|
2019-11-28 16:46:43 +01:00
|
|
|
WORKDIR /tmp
|
|
|
|
RUN git clone --depth 1 https://github.com/CybOXProject/mixbox.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd mixbox; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python-maec
|
|
|
|
RUN git clone --depth 1 https://github.com/MAECProject/python-maec.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd python-maec; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python-cybox
|
|
|
|
RUN git clone --depth 1 https://github.com/CybOXProject/python-cybox.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd python-cybox; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python stix
|
|
|
|
RUN git clone --depth 1 https://github.com/STIXProject/python-stix.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd python-stix; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install STIX2.0 library to support STIX 2.0 export:
|
|
|
|
RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd cti-python-stix2; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install PyMISP
|
|
|
|
RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd PyMISP; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install pydeep
|
|
|
|
RUN git clone --depth 1 https://github.com/coolacid/pydeep.git; \
|
2019-12-11 15:09:57 +01:00
|
|
|
cd pydeep; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
2019-11-25 22:58:18 +01:00
|
|
|
FROM debian:buster-slim
|
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
2019-12-11 15:31:09 +01:00
|
|
|
ARG MISP_TAG
|
|
|
|
ARG PHP_VER
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2019-11-26 01:23:59 +01:00
|
|
|
# OS Packages
|
2019-11-25 22:58:18 +01:00
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
2019-11-28 17:48:44 +01:00
|
|
|
# Requirements:
|
2019-11-25 22:58:18 +01:00
|
|
|
sudo \
|
|
|
|
apache2 \
|
|
|
|
supervisor \
|
2019-11-28 17:33:12 +01:00
|
|
|
git \
|
2019-11-26 22:18:52 +01:00
|
|
|
cron \
|
2019-11-25 22:58:18 +01:00
|
|
|
openssl \
|
2019-11-26 18:06:19 +01:00
|
|
|
gpg-agent gpg \
|
2019-11-28 17:48:44 +01:00
|
|
|
ssdeep \
|
|
|
|
libfuzzy2 \
|
|
|
|
mariadb-client \
|
|
|
|
# Python Requirements
|
2019-11-25 22:58:18 +01:00
|
|
|
python3 \
|
|
|
|
python3-setuptools \
|
|
|
|
python3-pip \
|
2019-11-28 17:48:44 +01:00
|
|
|
# PHP Requirements
|
2019-11-25 22:58:18 +01:00
|
|
|
php \
|
|
|
|
php-xml \
|
|
|
|
php-mbstring \
|
|
|
|
php-mysql \
|
|
|
|
php-redis \
|
|
|
|
php-gd \
|
2019-11-28 17:48:44 +01:00
|
|
|
# Unsure we need these
|
|
|
|
zip unzip \
|
2019-11-25 22:58:18 +01:00
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
|
|
# MISP code
|
|
|
|
# Download MISP using git in the /var/www/ directory.
|
2019-11-28 16:46:43 +01:00
|
|
|
RUN git clone --branch v${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP; \
|
2019-12-11 15:47:04 +01:00
|
|
|
# We build the MISP modules outside, so we don't need to grab those submodules
|
2019-11-28 16:46:43 +01:00
|
|
|
cd /var/www/MISP/app; git submodule update --init --recursive .;
|
2019-11-25 22:58:18 +01:00
|
|
|
|
|
|
|
# Python Modules
|
2019-12-11 15:09:57 +01:00
|
|
|
COPY --from=python-build /wheels /wheels
|
2019-11-28 18:28:02 +01:00
|
|
|
RUN pip3 install --no-cache-dir /wheels/*.whl plyara pyzmq redis python-magic lief && rm -rf /wheels
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2019-11-28 18:11:48 +01:00
|
|
|
# PHP
|
|
|
|
# Install ssdeep prebuild, latest composer, then install the app's PHP deps
|
2019-11-28 17:33:12 +01:00
|
|
|
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
|
2019-12-11 15:12:41 +01:00
|
|
|
COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor
|
|
|
|
COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin
|
|
|
|
RUN phpenmod redis \
|
2019-11-25 22:58:18 +01:00
|
|
|
# Enable CakeResque with php-gnupgp
|
|
|
|
;phpenmod gnupg \
|
2019-11-28 17:33:12 +01:00
|
|
|
# Enable ssdeep we build earlier
|
|
|
|
;phpenmod ssdeep \
|
2019-11-25 22:58:18 +01:00
|
|
|
# To use the scheduler worker for scheduled tasks, do the following:
|
|
|
|
;cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
|
|
|
|
|
2019-11-28 18:11:48 +01:00
|
|
|
# Apache
|
2019-11-25 22:58:18 +01:00
|
|
|
# add HTTP MISP Config
|
|
|
|
RUN rm /etc/apache2/sites-enabled/*;
|
|
|
|
COPY files/etc/apache2/sites-enabled/misp.conf /etc/apache2/sites-enabled/
|
|
|
|
COPY files/etc/apache2/sites-enabled/misp-ssl.conf /etc/apache2/sites-enabled/
|
|
|
|
COPY files/etc/apache2/ports.conf /etc/apache2/ports.conf
|
|
|
|
RUN set -eu \
|
|
|
|
;chmod 640 /etc/apache2/ports.conf \
|
|
|
|
;chown root.root /etc/apache2/ports.conf \
|
|
|
|
;chmod 640 /etc/apache2/sites-available/* \
|
|
|
|
;chown root.root /etc/apache2/sites-available/* \
|
|
|
|
# Configure Apache
|
|
|
|
;a2dismod status \
|
|
|
|
;a2enmod ssl \
|
|
|
|
;a2enmod rewrite \
|
|
|
|
;a2enmod headers
|
|
|
|
|
|
|
|
# Make a copy of the file store, so we can sync from it
|
|
|
|
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist
|
|
|
|
|
|
|
|
# Entrypoints
|
|
|
|
COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/supervisord.conf
|
|
|
|
COPY files/entrypoint_apache.sh /
|
|
|
|
COPY files/entrypoint_cron.sh /
|
|
|
|
COPY files/entrypoint_workers.sh /
|
|
|
|
COPY files/entrypoint.sh /
|
|
|
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
|
|
|
|
|
|
|
# Change Workdirectory
|
2019-11-26 01:23:59 +01:00
|
|
|
WORKDIR /var/www/MISP
|