misp-docker/server/Dockerfile

168 lines
6.1 KiB
Docker
Raw Normal View History

2020-02-12 14:47:01 +01:00
FROM composer:1.9 as composer-build
2019-12-11 15:31:09 +01:00
ARG MISP_TAG
WORKDIR /tmp
2020-02-21 16:30:15 +01:00
ADD https://raw.githubusercontent.com/MISP/MISP/${MISP_TAG}/app/composer.json /tmp
RUN composer install --ignore-platform-reqs
2019-11-28 17:33:12 +01:00
FROM debian:buster-slim as php-build
RUN apt-get update; apt-get install -y --no-install-recommends \
gcc \
make \
libfuzzy-dev \
ca-certificates \
php \
php-dev \
php-pear \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
RUN cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep
FROM debian:buster-slim as python-build
RUN apt-get update; apt-get install -y --no-install-recommends \
gcc \
git \
python3 \
python3-dev \
python3-pip \
python3-setuptools \
python3-wheel \
libfuzzy-dev \
ca-certificates \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
2019-12-11 15:09:57 +01:00
RUN mkdir /wheels
WORKDIR /tmp
RUN git clone --depth 1 https://github.com/CybOXProject/mixbox.git; \
cd mixbox || exit; python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install python-maec
RUN git clone --depth 1 https://github.com/MAECProject/python-maec.git; \
2020-02-12 15:37:23 +01:00
cd python-maec || exit; python3 setup.py bdist_wheel -d /wheels
# install python-cybox
RUN git clone --depth 1 https://github.com/CybOXProject/python-cybox.git; \
cd python-cybox || exit; python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install python stix
RUN git clone --depth 1 https://github.com/STIXProject/python-stix.git; \
cd python-stix || exit; python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install STIX2.0 library to support STIX 2.0 export:
RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \
cd cti-python-stix2 || exit; python3 setup.py bdist_wheel -d /wheels; \
sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
# install PyMISP
RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \
2020-02-12 15:37:23 +01:00
cd PyMISP || exit; python3 setup.py bdist_wheel -d /wheels
# install pydeep
RUN git clone --depth 1 https://github.com/coolacid/pydeep.git; \
2020-02-12 15:37:23 +01:00
cd pydeep || exit; python3 setup.py bdist_wheel -d /wheels
# Grab other modules we need
RUN pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief
# Temp workaround for cryptography library
RUN pip3 wheel 'cryptography>=3.3.0,<3.4.0' --no-cache-dir -w /wheels/
# Remove extra packages due to incompatible requirements.txt files
WORKDIR /wheels
RUN rm Sphinx-1.5.5-py2.py3-none-any.whl \
Sphinx-1.3.6-py2.py3-none-any.whl \
tox-3.22.0-py2.py3-none-any.whl
2019-11-25 22:58:18 +01:00
FROM debian:buster-slim
ENV DEBIAN_FRONTEND noninteractive
2019-12-11 15:31:09 +01:00
ARG MISP_TAG
ARG PHP_VER
2019-11-25 22:58:18 +01:00
2019-11-26 01:23:59 +01:00
# OS Packages
2019-11-25 22:58:18 +01:00
RUN apt-get update; apt-get install -y --no-install-recommends \
2019-11-28 17:48:44 +01:00
# Requirements:
2020-02-25 02:14:47 +01:00
procps \
2019-11-25 22:58:18 +01:00
sudo \
2020-02-20 02:21:49 +01:00
nginx \
2019-11-25 22:58:18 +01:00
supervisor \
2019-11-28 17:33:12 +01:00
git \
cron \
2019-11-25 22:58:18 +01:00
openssl \
2019-11-26 18:06:19 +01:00
gpg-agent gpg \
2019-11-28 17:48:44 +01:00
ssdeep \
libfuzzy2 \
mariadb-client \
rsync \
2019-11-28 17:48:44 +01:00
# Python Requirements
2019-11-25 22:58:18 +01:00
python3 \
python3-setuptools \
python3-pip \
2019-11-28 17:48:44 +01:00
# PHP Requirements
2019-11-25 22:58:18 +01:00
php \
php-xml \
2021-02-17 01:00:52 +01:00
php-intl \
php-bcmath \
2019-11-25 22:58:18 +01:00
php-mbstring \
php-mysql \
php-redis \
php-gd \
2020-02-20 02:21:49 +01:00
php-fpm \
2020-09-11 02:35:10 +02:00
php-zip \
2019-11-28 17:48:44 +01:00
# Unsure we need these
zip unzip \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
2019-11-25 22:58:18 +01:00
# MISP code
# Download MISP using git in the /var/www/ directory.
2020-02-21 16:30:15 +01:00
RUN git clone --branch ${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP; \
# We build the MISP modules outside, so we don't need to grab those submodules
2020-02-12 15:37:23 +01:00
cd /var/www/MISP/app || exit; git submodule update --init --recursive .;
2019-11-25 22:58:18 +01:00
# Python Modules
2019-12-11 15:09:57 +01:00
COPY --from=python-build /wheels /wheels
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
2019-11-25 22:58:18 +01:00
2019-11-28 18:11:48 +01:00
# PHP
# Install ssdeep prebuild, latest composer, then install the app's PHP deps
2019-11-28 17:33:12 +01:00
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor
COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin
2020-02-19 15:38:41 +01:00
RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done \
2020-02-19 15:26:42 +01:00
;phpenmod redis \
2019-11-25 22:58:18 +01:00
# Enable CakeResque with php-gnupgp
;phpenmod gnupg \
2019-11-28 17:33:12 +01:00
# Enable ssdeep we build earlier
;phpenmod ssdeep \
2019-11-25 22:58:18 +01:00
# To use the scheduler worker for scheduled tasks, do the following:
;cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php
2020-02-20 02:21:49 +01:00
# nginx
RUN rm /etc/nginx/sites-enabled/*; mkdir /run/php /etc/nginx/certs
COPY files/etc/nginx/misp /etc/nginx/sites-available/misp
COPY files/etc/nginx/misp-secure /etc/nginx/sites-available/misp-secure
COPY files/etc/nginx/misp80 /etc/nginx/sites-available/misp80
COPY files/etc/nginx/misp80-noredir /etc/nginx/sites-available/misp80-noredir
2019-11-25 22:58:18 +01:00
# Make a copy of the file store, so we can sync from it
RUN cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist
2020-02-28 00:10:39 +01:00
# Make a copy of the configurations, so we can sync from it
RUN cp -R /var/www/MISP/app/Config /var/www/MISP/app/Config.dist
2019-11-25 22:58:18 +01:00
# Entrypoints
COPY files/etc/supervisor/supervisor.conf /etc/supervisor/conf.d/supervisord.conf
2020-02-24 19:31:37 +01:00
COPY files/entrypoint_fpm.sh /
2020-02-20 02:21:49 +01:00
COPY files/entrypoint_nginx.sh /
2019-11-25 22:58:18 +01:00
COPY files/entrypoint_cron.sh /
COPY files/entrypoint_workers.sh /
COPY files/entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
# Change Workdirectory
2019-11-26 01:23:59 +01:00
WORKDIR /var/www/MISP