diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e46cd99..0000000 --- a/Dockerfile +++ /dev/null @@ -1,187 +0,0 @@ -# -# Dockerfile to build a MISP (https://github.com/MISP/MISP) container -# -# Original docker file by eg5846 (https://github.com/eg5846) -# -# 2016/03/03 - First release -# 2017/06/02 - Updated -# 2018/04/04 - Added objects templates -# - -# We are based on Ubuntu:latest -FROM ubuntu:xenial -MAINTAINER Xavier Mertens - -# Install core components -ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update && apt-get dist-upgrade -y && apt-get autoremove -y && apt-get clean -RUN apt-get install -y software-properties-common -RUN apt-get install -y postfix -RUN apt-get install -y mysql-client curl gcc git gnupg-agent make python openssl redis-server sudo vim zip locales - -RUN locale-gen en_US.UTF-8 -ENV LANG en_US.UTF-8 -RUN add-apt-repository -y ppa:ondrej/php && apt-get update - -# Apache -RUN apt-get install -y apache2 apache2-doc apache2-utils -RUN a2dismod status -RUN a2dissite 000-default - -# PHP 7.2 -RUN apt-get install -y libapache2-mod-php php7.2 php7.2-cli php-crypt-gpg php7.2-dev php7.2-json php7.2-mysql php7.2-opcache php7.2-readline php7.2-redis php7.2-xml -RUN apt-get install -y php-pear pkg-config libbson-1.0 libmongoc-1.0-0 php-xml php-dev - -# Fix php.ini with recommended settings -RUN sed -i "s/max_execution_time = 30/max_execution_time = 300/" /etc/php/7.2/apache2/php.ini -RUN sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.2/apache2/php.ini -RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/" /etc/php/7.2/apache2/php.ini -RUN sed -i "s/post_max_size = 8M/post_max_size = 50M/" /etc/php/7.2/apache2/php.ini - -RUN apt-get install -y python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev python-setuptools -RUN apt-get install -y cron logrotate supervisor syslog-ng-core -RUN apt-get clean - -WORKDIR /var/www -RUN chown www-data:www-data /var/www -USER www-data -RUN git clone https://github.com/MISP/MISP.git -WORKDIR /var/www/MISP -RUN git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`) -RUN git config core.filemode false - -WORKDIR /var/www/MISP/app/files/scripts -RUN git clone https://github.com/CybOXProject/python-cybox.git -RUN git clone https://github.com/STIXProject/python-stix.git - -WORKDIR /var/www/MISP/app/files/scripts/python-cybox -RUN git checkout v2.1.0.12 -USER root -RUN python setup.py install - -USER www-data -WORKDIR /var/www/MISP/app/files/scripts/python-stix -RUN git checkout v1.1.1.4 -USER root -RUN python setup.py install - -USER www-data -WORKDIR /var/www/MISP -RUN git submodule init -RUN git submodule update -WORKDIR /var/www/MISP/app -RUN php composer.phar config vendor-dir Vendor -RUN php composer.phar install --ignore-platform-reqs -USER root -RUN phpenmod redis -USER www-data -RUN cp -fa /var/www/MISP/INSTALL/setup/config.php /var/www/MISP/app/Plugin/CakeResque/Config/config.php - -# Fix permissions -USER root -RUN chown -R www-data:www-data /var/www/MISP -RUN chmod -R 750 /var/www/MISP -RUN chmod -R g+ws /var/www/MISP/app/tmp -RUN chmod -R g+ws /var/www/MISP/app/files -RUN chmod -R g+ws /var/www/MISP/app/files/scripts/tmp - -RUN cp /var/www/MISP/INSTALL/misp.logrotate /etc/logrotate.d/misp - -# Preconfigure setting for packages -RUN echo "postfix postfix/main_mailer_type string Local only" | debconf-set-selections -RUN echo "postfix postfix/mailname string localhost.localdomain" | debconf-set-selections - -# Redis Setup -RUN sed -i 's/^\(daemonize\s*\)yes\s*$/\1no/g' /etc/redis/redis.conf - -# Install PEAR packages -RUN pear install Crypt_GPG >>/tmp/install.log -RUN pear install Net_GeoIP >>/tmp/install.log - -# Apache Setup -RUN cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf -RUN a2dissite 000-default -RUN a2ensite misp -RUN a2enmod rewrite -RUN a2enmod headers - -# MISP base configuration -RUN sudo -u www-data cp -a /var/www/MISP/app/Config/bootstrap.default.php /var/www/MISP/app/Config/bootstrap.php -RUN sudo -u www-data cp -a /var/www/MISP/app/Config/database.default.php /var/www/MISP/app/Config/database.php -RUN sudo -u www-data cp -a /var/www/MISP/app/Config/core.default.php /var/www/MISP/app/Config/core.php -RUN sudo -u www-data cp -a /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php -RUN chown -R www-data:www-data /var/www/MISP/app/Config -RUN chmod -R 750 /var/www/MISP/app/Config - -# Replace the default salt -RUN sed -i -E "s/'salt'\s=>\s'(\S+)'/'salt' => '`openssl rand -base64 32|tr "/" "-"`'/" /var/www/MISP/app/Config/config.php - -# Enable workers at boot time -RUN chmod a+x /var/www/MISP/app/Console/worker/start.sh -RUN echo "sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh" >>/etc/rc.local - -# Install templates & stuff -WORKDIR /var/www/MISP/app/files -RUN rm -rf misp-objects && git clone https://github.com/MISP/misp-objects.git -RUN rm -rf misp-galaxy && git clone https://github.com/MISP/misp-galaxy.git -RUN rm -rf warninglists && git clone https://github.com/MISP/misp-warninglists.git ./warninglists -RUN rm -rf taxonomies && git clone https://github.com/MISP/misp-taxonomies.git ./taxonomies -RUN chown -R www-data:www-data misp-objects misp-galaxy warninglists taxonomies - -# Install MISP Modules -WORKDIR /opt -RUN apt-get install -y python3 python3-pip libjpeg-dev -RUN git clone https://github.com/MISP/misp-modules.git -WORKDIR /opt/misp-modules -RUN pip3 install --upgrade --ignore-installed urllib3 -RUN pip3 install --upgrade --ignore-installed requests -RUN pip3 install -I -r REQUIREMENTS -RUN pip3 install -I . -RUN echo "sudo -u www-data misp-modules -s &" >>/etc/rc.local - -# Supervisord Setup -RUN echo '[supervisord]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'nodaemon = true' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '[program:postfix]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'process_name = master' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'directory = /etc/postfix' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'command = /usr/sbin/postfix -c /etc/postfix start' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '[program:redis-server]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'command=redis-server /etc/redis/redis.conf' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '[program:apache2]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -D FOREGROUND"' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '[program:resque]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'command=/bin/bash /var/www/MISP/app/Console/worker/start.sh' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'user = www-data' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo '[program:misp-modules]' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'command=/bin/bash -c "cd /opt/misp-modules/bin && /usr/bin/python3 misp-modules.py"' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'user = root' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'startsecs = 0' >> /etc/supervisor/conf.d/supervisord.conf -RUN echo 'autorestart = false' >> /etc/supervisor/conf.d/supervisord.conf - -# Modify syslog configuration -RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf - -# Add run script -ADD run.sh /run.sh -RUN chmod 0755 /run.sh - -# Trigger to perform first boot operations -RUN touch /.firstboot.tmp - -# Make a backup of /var/www/MISP to restore it to the local moint point at first boot -WORKDIR /var/www/MISP -RUN tar czpf /root/MISP.tgz . - -VOLUME /var/www/MISP -EXPOSE 80 -ENTRYPOINT ["/run.sh"] diff --git a/run.sh b/run.sh deleted file mode 100755 index 93e780f..0000000 --- a/run.sh +++ /dev/null @@ -1,160 +0,0 @@ -#!/bin/bash -# -# MISP docker startup script -# Xavier Mertens -# -# 2017/05/17 - Created -# 2017/05/31 - Fixed small errors -# - -set -e - -if [ -r /.firstboot.tmp ]; then - echo "Container started for the fist time. Setup might time a few minutes. Please wait..." - echo "(Details are logged in /tmp/install.log)" - export DEBIAN_FRONTEND=noninteractive - - # If the user uses a mount point restore our files - if [ ! -d /var/www/MISP/app ]; then - echo "Restoring MISP files..." - cd /var/www/MISP - tar xzpf /root/MISP.tgz - rm /root/MISP.tgz - fi - - echo "Configuring postfix" - if [ -z "$POSTFIX_RELAY_HOST" ]; then - echo "POSTFIX_RELAY_HOST is not set, please configure Postfix manually later..." - else - postconf -e "relayhost = $POSTFIX_RELAY" - fi - - # Fix timezone (adapt to your local zone) - if [ -z "$TIMEZONE" ]; then - echo "TIMEZONE is not set, please configure the local time zone manually later..." - else - echo "$TIMEZONE" > /etc/timezone - dpkg-reconfigure -f noninteractive tzdata >>/tmp/install.log - fi - - echo "Creating MySQL database" - - # Check MYSQL_HOST - if [ -z "$MYSQL_HOST" ]; then - echo "MYSQL_HOST is not set. Aborting." - exit 1 - fi - - # Set MYSQL_ROOT_PASSWORD - if [ -z "$MYSQL_ROOT_PASSWORD" ]; then - echo "MYSQL_ROOT_PASSWORD is not set, use default value 'root'" - MYSQL_ROOT_PASSWORD=root - else - echo "MYSQL_ROOT_PASSWORD is set to '$MYSQL_ROOT_PASSWORD'" - fi - - # Set MYSQL_MISP_PASSWORD - if [ -z "$MYSQL_MISP_PASSWORD" ]; then - echo "MYSQL_MISP_PASSWORD is not set, use default value 'misp'" - MYSQL_MISP_PASSWORD=misp - else - echo "MYSQL_MISP_PASSWORD is set to '$MYSQL_MISP_PASSWORD'" - fi - - ret=`echo 'SHOW DATABASES;' | mysql -u root --password="$MYSQL_ROOT_PASSWORD" -h $MYSQL_HOST -P 3306 # 2>&1` - - if [ $? -eq 0 ]; then - echo "Connected to database successfully!" - found=0 - for db in $ret; do - if [ "$db" == "misp" ]; then - found=1 - fi - done - if [ $found -eq 1 ]; then - echo "Database misp found" - else - echo "Database misp not found, creating now one ..." - cat > /tmp/create_misp_database.sql <<-EOSQL -create database misp; -grant usage on *.* to misp identified by "$MYSQL_MISP_PASSWORD"; -grant all privileges on misp.* to misp; -EOSQL - ret=`mysql -u root --password="$MYSQL_ROOT_PASSWORD" -h $MYSQL_HOST -P 3306 2>&1 < /tmp/create_misp_database.sql` - if [ $? -eq 0 ]; then - echo "Created database misp successfully!" - - echo "Importing /var/www/MISP/INSTALL/MYSQL.sql ..." - ret=`mysql -u misp --password="$MYSQL_MISP_PASSWORD" misp -h $MYSQL_HOST -P 3306 2>&1 < /var/www/MISP/INSTALL/MYSQL.sql` - if [ $? -eq 0 ]; then - echo "Imported /var/www/MISP/INSTALL/MYSQL.sql successfully" - else - echo "ERROR: Importing /var/www/MISP/INSTALL/MYSQL.sql failed:" - echo $ret - fi - # service mysql stop >/dev/null 2>&1 - else - echo "ERROR: Creating database misp failed:" - echo $ret - fi - fi - else - echo "ERROR: Connecting to database failed:" - echo $ret - fi - - # MISP configuration - echo "Creating MISP configuration files" - cd /var/www/MISP/app/Config - cp -a database.default.php database.php - sed -i "s/localhost/$MYSQL_HOST/" database.php - sed -i "s/db\s*login/misp/" database.php - sed -i "s/8889/3306/" database.php - sed -i "s/db\s*password/$MYSQL_MISP_PASSWORD/" database.php - - # Fix the base url - if [ -z "$MISP_BASEURL" ]; then - echo "No base URL defined, don't forget to define it manually!" - else - echo "Fixing the MISP base URL ($MISP_BASEURL) ..." - sed -i "s/'baseurl' => '',/'baseurl' => '$MISP_BASEURL',/" /var/www/MISP/app/Config/config.php - fi - - # Generate the admin user PGP key - echo "Creating admin GnuPG key" - if [ -z "$MISP_ADMIN_EMAIL" -o -z "$MISP_ADMIN_PASSPHRASE" ]; then - echo "No admin details provided, don't forget to generate the PGP key manually!" - else - echo "Generating admin PGP key ... (please be patient, we need some entropy)" - cat >/tmp/gpg.tmp <>/tmp/install.log - rm -f /tmp/gpg.tmp - fi - - # Display tips - cat <<__WELCOME__ -Congratulations! -Your MISP docker has been successfully booted for the first time. -Don't forget: -- Reconfigure postfix to match your environment -- Change the MISP admin email address to $MISP_ADMIN_EMAIL - -__WELCOME__ - rm -f /.firstboot.tmp -fi - -# Start supervisord -echo "Starting supervisord" -cd / -exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf - \ No newline at end of file