2022-09-15 19:35:42 +02:00
|
|
|
ARG DOCKER_HUB_PROXY=""
|
|
|
|
|
2023-06-09 15:42:41 +02:00
|
|
|
FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as composer-build
|
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
2019-12-11 15:31:09 +01:00
|
|
|
ARG MISP_TAG
|
2023-06-12 10:41:19 +02:00
|
|
|
ARG MISP_COMMIT
|
2023-06-09 15:42:41 +02:00
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
|
|
|
ca-certificates \
|
|
|
|
php \
|
|
|
|
php-apcu \
|
|
|
|
php-curl \
|
|
|
|
php-xml \
|
|
|
|
php-intl \
|
|
|
|
php-bcmath \
|
|
|
|
php-mbstring \
|
|
|
|
php-mysql \
|
|
|
|
php-redis \
|
|
|
|
php-gd \
|
|
|
|
php-fpm \
|
|
|
|
php-zip \
|
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
2023-06-12 10:41:19 +02:00
|
|
|
|
|
|
|
WORKDIR /tmp
|
2023-06-02 14:44:23 +02:00
|
|
|
ADD https://raw.githubusercontent.com/MISP/MISP/${MISP_COMMIT:-${MISP_TAG}}/app/composer.json /tmp
|
2023-06-09 15:42:41 +02:00
|
|
|
COPY --from=composer:2.1.14 /usr/bin/composer /usr/bin/composer
|
|
|
|
RUN composer install
|
|
|
|
RUN composer require --with-all-dependencies \
|
2023-06-02 14:44:23 +02:00
|
|
|
supervisorphp/supervisor:^4.0 \
|
|
|
|
guzzlehttp/guzzle \
|
|
|
|
php-http/message \
|
|
|
|
php-http/message-factory \
|
|
|
|
lstrojny/fxmlrpc \
|
|
|
|
elasticsearch/elasticsearch:^8.7.0 \
|
|
|
|
jakub-onderka/openid-connect-php:1.0.0-rc1 \
|
|
|
|
aws/aws-sdk-php
|
2019-12-11 15:12:41 +01:00
|
|
|
|
2022-09-15 19:35:42 +02:00
|
|
|
FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build
|
2023-06-09 15:42:41 +02:00
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
2019-11-28 17:33:12 +01:00
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
|
|
|
gcc \
|
2023-04-13 16:02:02 +02:00
|
|
|
g++ \
|
2019-11-28 17:33:12 +01:00
|
|
|
make \
|
|
|
|
libfuzzy-dev \
|
|
|
|
ca-certificates \
|
|
|
|
php \
|
|
|
|
php-dev \
|
|
|
|
php-pear \
|
2021-04-14 14:02:31 +02:00
|
|
|
librdkafka-dev \
|
2023-04-13 16:02:02 +02:00
|
|
|
libsimdjson-dev \
|
2021-04-14 14:13:37 +02:00
|
|
|
git \
|
2019-11-28 17:33:12 +01:00
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
2023-06-02 14:44:23 +02:00
|
|
|
|
2023-06-09 15:42:41 +02:00
|
|
|
RUN pecl channel-update pecl.php.net
|
|
|
|
RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl install ssdeep && pecl install rdkafka && pecl install simdjson
|
|
|
|
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \
|
|
|
|
cd php-ext-brotli && phpize && ./configure && make && make install
|
2019-11-28 17:33:12 +01:00
|
|
|
|
2022-09-15 19:35:42 +02:00
|
|
|
FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as python-build
|
2023-06-09 15:42:41 +02:00
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
2019-11-28 16:46:43 +01:00
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
|
|
|
gcc \
|
|
|
|
git \
|
|
|
|
python3 \
|
|
|
|
python3-dev \
|
2021-02-16 23:37:51 +01:00
|
|
|
python3-pip \
|
2019-11-28 16:46:43 +01:00
|
|
|
python3-setuptools \
|
2023-06-02 14:44:23 +02:00
|
|
|
python3-venv \
|
2019-11-28 16:46:43 +01:00
|
|
|
python3-wheel \
|
|
|
|
libfuzzy-dev \
|
2021-10-19 19:24:59 +02:00
|
|
|
libffi-dev \
|
2019-11-28 16:46:43 +01:00
|
|
|
ca-certificates \
|
2023-05-12 16:27:33 +02:00
|
|
|
curl \
|
2019-11-28 16:46:43 +01:00
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
|
|
|
|
2019-12-11 15:09:57 +01:00
|
|
|
RUN mkdir /wheels
|
|
|
|
|
2019-11-28 16:46:43 +01:00
|
|
|
WORKDIR /tmp
|
2021-02-16 23:37:51 +01:00
|
|
|
|
2019-11-28 16:46:43 +01:00
|
|
|
RUN git clone --depth 1 https://github.com/CybOXProject/mixbox.git; \
|
2021-02-16 23:37:51 +01:00
|
|
|
cd mixbox || exit; python3 setup.py bdist_wheel -d /wheels; \
|
|
|
|
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python-maec
|
|
|
|
RUN git clone --depth 1 https://github.com/MAECProject/python-maec.git; \
|
2020-02-12 15:37:23 +01:00
|
|
|
cd python-maec || exit; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python-cybox
|
|
|
|
RUN git clone --depth 1 https://github.com/CybOXProject/python-cybox.git; \
|
2021-02-16 23:37:51 +01:00
|
|
|
cd python-cybox || exit; python3 setup.py bdist_wheel -d /wheels; \
|
|
|
|
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install python stix
|
|
|
|
RUN git clone --depth 1 https://github.com/STIXProject/python-stix.git; \
|
2021-02-16 23:37:51 +01:00
|
|
|
cd python-stix || exit; python3 setup.py bdist_wheel -d /wheels; \
|
|
|
|
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
|
2019-11-28 16:46:43 +01:00
|
|
|
|
|
|
|
# install STIX2.0 library to support STIX 2.0 export:
|
2022-01-05 18:25:27 +01:00
|
|
|
# Original Requirements has a bunch of non-required pacakges, force it to only grab wheels for deps from setup.py
|
2019-11-28 16:46:43 +01:00
|
|
|
RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \
|
2021-02-16 23:37:51 +01:00
|
|
|
cd cti-python-stix2 || exit; python3 setup.py bdist_wheel -d /wheels; \
|
2022-01-05 18:25:27 +01:00
|
|
|
echo "-e ." > requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
|
2019-11-28 16:46:43 +01:00
|
|
|
|
2023-06-02 14:44:23 +02:00
|
|
|
# Install the new build tool
|
|
|
|
RUN pip3 install build
|
|
|
|
|
2019-11-28 16:46:43 +01:00
|
|
|
# install PyMISP
|
|
|
|
RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \
|
2023-06-02 14:44:23 +02:00
|
|
|
cd PyMISP || exit; python3 -m build --wheel --outdir /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
2023-05-12 16:52:25 +02:00
|
|
|
# install pydeep2 (drop-in replacement for pydeep)
|
|
|
|
RUN git clone --depth 1 https://github.com/JakubOnderka/pydeep.git; \
|
2020-02-12 15:37:23 +01:00
|
|
|
cd pydeep || exit; python3 setup.py bdist_wheel -d /wheels
|
2019-11-28 16:46:43 +01:00
|
|
|
|
2023-06-09 15:42:41 +02:00
|
|
|
# Grab other modules we need
|
|
|
|
RUN pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief>=0.13.1
|
2021-02-16 23:37:51 +01:00
|
|
|
|
|
|
|
# Remove extra packages due to incompatible requirements.txt files
|
|
|
|
WORKDIR /wheels
|
2022-01-05 18:35:37 +01:00
|
|
|
RUN find . -name "Sphinx*" | tee /dev/stderr | grep -v "Sphinx-1.5.5" | xargs rm -f
|
2021-02-16 23:37:51 +01:00
|
|
|
|
|
|
|
|
2022-09-15 19:35:42 +02:00
|
|
|
FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
|
2023-05-16 16:26:20 +02:00
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
|
|
|
ARG MISP_TAG
|
|
|
|
ARG MISP_COMMIT
|
|
|
|
ARG PHP_VER
|
2019-11-25 22:58:18 +01:00
|
|
|
RUN apt-get update; apt-get install -y --no-install-recommends \
|
2020-02-25 02:14:47 +01:00
|
|
|
procps \
|
2019-11-25 22:58:18 +01:00
|
|
|
sudo \
|
2020-02-20 02:21:49 +01:00
|
|
|
nginx \
|
2019-11-25 22:58:18 +01:00
|
|
|
supervisor \
|
2019-11-28 17:33:12 +01:00
|
|
|
git \
|
2019-11-26 22:18:52 +01:00
|
|
|
cron \
|
2019-11-25 22:58:18 +01:00
|
|
|
openssl \
|
2019-11-26 18:06:19 +01:00
|
|
|
gpg-agent gpg \
|
2019-11-28 17:48:44 +01:00
|
|
|
ssdeep \
|
|
|
|
libfuzzy2 \
|
|
|
|
mariadb-client \
|
2020-05-29 01:49:27 +02:00
|
|
|
rsync \
|
2019-11-28 17:48:44 +01:00
|
|
|
# Python Requirements
|
2019-11-25 22:58:18 +01:00
|
|
|
python3 \
|
|
|
|
python3-setuptools \
|
|
|
|
python3-pip \
|
2019-11-28 17:48:44 +01:00
|
|
|
# PHP Requirements
|
2019-11-25 22:58:18 +01:00
|
|
|
php \
|
2022-01-05 18:25:27 +01:00
|
|
|
php-apcu \
|
2021-03-15 16:49:11 +01:00
|
|
|
php-curl \
|
2019-11-25 22:58:18 +01:00
|
|
|
php-xml \
|
2021-02-17 01:00:52 +01:00
|
|
|
php-intl \
|
|
|
|
php-bcmath \
|
2019-11-25 22:58:18 +01:00
|
|
|
php-mbstring \
|
|
|
|
php-mysql \
|
|
|
|
php-redis \
|
|
|
|
php-gd \
|
2020-02-20 02:21:49 +01:00
|
|
|
php-fpm \
|
2020-09-11 02:35:10 +02:00
|
|
|
php-zip \
|
2021-04-14 14:06:54 +02:00
|
|
|
librdkafka1 \
|
2021-04-14 14:13:37 +02:00
|
|
|
libbrotli1 \
|
2023-04-13 16:02:02 +02:00
|
|
|
libsimdjson5 \
|
2019-11-28 17:48:44 +01:00
|
|
|
# Unsure we need these
|
|
|
|
zip unzip \
|
2022-11-04 18:22:12 +01:00
|
|
|
# Require for advanced an unattended configuration
|
|
|
|
curl jq \
|
2020-05-18 15:22:41 +02:00
|
|
|
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
2019-11-25 22:58:18 +01:00
|
|
|
|
|
|
|
# Download MISP using git in the /var/www/ directory.
|
2023-06-09 15:42:41 +02:00
|
|
|
RUN if [ ! -z ${MISP_COMMIT} ]; then \
|
2023-06-02 14:44:23 +02:00
|
|
|
git clone https://github.com/MISP/MISP.git /var/www/MISP && cd /var/www/MISP && git checkout ${MISP_COMMIT}; \
|
|
|
|
else git clone --branch ${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP; fi
|
2023-04-13 16:02:02 +02:00
|
|
|
RUN cd /var/www/MISP; git submodule update --init --recursive .; cd /var/www/MISP/app; \
|
2022-12-06 18:13:23 +01:00
|
|
|
# Remove some old and broken links that pollute the log files
|
|
|
|
rm -rf /var/www/MISP/INSTALL/old
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2023-05-16 16:26:20 +02:00
|
|
|
# Python Modules
|
2019-12-11 15:09:57 +01:00
|
|
|
COPY --from=python-build /wheels /wheels
|
2021-02-16 23:37:51 +01:00
|
|
|
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2023-06-12 10:41:19 +02:00
|
|
|
# PHP: install prebuilt libraries, then install the app's PHP deps
|
2019-11-28 17:33:12 +01:00
|
|
|
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
|
2021-04-14 14:02:31 +02:00
|
|
|
COPY --from=php-build /usr/lib/php/${PHP_VER}/rdkafka.so /usr/lib/php/${PHP_VER}/rdkafka.so
|
2021-04-14 14:11:16 +02:00
|
|
|
COPY --from=php-build /usr/lib/php/${PHP_VER}/brotli.so /usr/lib/php/${PHP_VER}/brotli.so
|
2023-04-13 16:02:02 +02:00
|
|
|
COPY --from=php-build /usr/lib/php/${PHP_VER}/simdjson.so /usr/lib/php/${PHP_VER}/simdjson.so
|
2021-04-14 14:02:31 +02:00
|
|
|
|
2023-06-02 14:44:23 +02:00
|
|
|
# Do an early chown to limit image size
|
|
|
|
COPY --from=composer-build --chown=www-data:www-data /tmp/Vendor /var/www/MISP/app/Vendor
|
|
|
|
COPY --from=composer-build --chown=www-data:www-data /tmp/Plugin /var/www/MISP/app/Plugin
|
|
|
|
|
2023-05-15 13:13:25 +02:00
|
|
|
RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done; phpenmod ssdeep
|
2021-04-14 14:04:17 +02:00
|
|
|
RUN for dir in /etc/php/*; do echo "extension=rdkafka.so" > "$dir/mods-available/rdkafka.ini"; done; phpenmod rdkafka
|
2021-04-14 14:11:16 +02:00
|
|
|
RUN for dir in /etc/php/*; do echo "extension=brotli.so" > "$dir/mods-available/brotli.ini"; done; phpenmod brotli
|
2023-04-13 16:02:02 +02:00
|
|
|
RUN for dir in /etc/php/*; do echo "extension=simdjson.so" > "$dir/mods-available/simdjson.ini"; done; phpenmod simdjson
|
|
|
|
RUN phpenmod redis
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2023-05-16 16:26:20 +02:00
|
|
|
# nginx
|
2020-05-29 02:23:33 +02:00
|
|
|
RUN rm /etc/nginx/sites-enabled/*; mkdir /run/php /etc/nginx/certs
|
2020-05-29 01:33:54 +02:00
|
|
|
COPY files/etc/nginx/misp /etc/nginx/sites-available/misp
|
2020-02-27 21:28:21 +01:00
|
|
|
COPY files/etc/nginx/misp80 /etc/nginx/sites-available/misp80
|
2019-11-25 22:58:18 +01:00
|
|
|
|
2023-06-02 14:44:23 +02:00
|
|
|
# Make a copy of the file and configuration stores, so we can sync from it
|
|
|
|
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist; \
|
|
|
|
cp -R /var/www/MISP/app/Config /var/www/MISP/app/Config.dist;
|
|
|
|
|
|
|
|
# The spirit of the upstrem dockerization is to make:
|
|
|
|
# 1) User and group aligned in terms of permissions
|
|
|
|
# 2) Files executable and read only, because of some rogue scripts like 'cake'
|
|
|
|
# 3) Directories writable, because sometimes MISP add new new files
|
|
|
|
RUN find /var/www/MISP \( ! -user www-data -or ! -group www-data \) -exec chown www-data:www-data '{}' +; \
|
|
|
|
find /var/www/MISP -not -perm 550 -type f -exec chmod 0550 '{}' +; \
|
|
|
|
find /var/www/MISP -not -perm 770 -type d -exec chmod 0770 '{}' +;
|
2023-04-13 16:02:02 +02:00
|
|
|
|
2023-05-16 16:26:20 +02:00
|
|
|
# Entrypoints
|
2022-09-03 13:59:35 +02:00
|
|
|
COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/10-supervisor.conf
|
|
|
|
COPY files/etc/supervisor/workers.conf /etc/supervisor/conf.d/50-workers.conf
|
2023-04-13 16:02:02 +02:00
|
|
|
COPY files/var/www/html/index.php /var/www/html/index.php
|
|
|
|
COPY files/configure_misp.sh /
|
2023-05-09 16:11:07 +02:00
|
|
|
COPY files/rest_client.sh /
|
2020-02-24 19:31:37 +01:00
|
|
|
COPY files/entrypoint_fpm.sh /
|
2020-02-20 02:21:49 +01:00
|
|
|
COPY files/entrypoint_nginx.sh /
|
2019-11-25 22:58:18 +01:00
|
|
|
COPY files/entrypoint_cron.sh /
|
|
|
|
COPY files/entrypoint.sh /
|
|
|
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
|
|
|
|
2023-05-16 16:26:20 +02:00
|
|
|
# Change Workdirectory
|
2019-11-26 01:23:59 +01:00
|
|
|
WORKDIR /var/www/MISP
|