MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1 from coolacid/master 

Merge new version
pull/1/head
Eduardo Balsa 2021-04-20 09:09:24 +02:00 committed by GitHub
parent dccadb0337 7d11153c59
commit 13575b1924
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env
View File

@ -1,3 +1,3 @@
MISP_TAG=v2.4.140 MISP_TAG=v2.4.141
MODULES_TAG=v2.4.136 MODULES_TAG=v2.4.141
PHP_VER=20180731 PHP_VER=20180731

1
README.md
View File

@ -64,6 +64,7 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs` - Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
- Certificate File: `cert.pem` - Certificate File: `cert.pem`
- Certificate Key File: `key.pem` - Certificate Key File: `key.pem`
- CA File for Cert Authentication (optional) `ca.pem`
- Directory volume mount and create configs: `/var/www/MISP/app/Config/` - Directory volume mount and create configs: `/var/www/MISP/app/Config/`

1
docker-compose.yml
View File

@ -50,6 +50,7 @@ services:
# Optional Settings # Optional Settings
# - "NOREDIR=true" # Do not redirect port 80 # - "NOREDIR=true" # Do not redirect port 80
# - "DISIPV6=true" # Disable IPV6 in nginx # - "DISIPV6=true" # Disable IPV6 in nginx
# - "CERTAUTH=optional" # Can be set to optional or on - Step 2 of https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth is still required
# - "SECURESSL=true" # Enable higher security SSL in nginx # - "SECURESSL=true" # Enable higher security SSL in nginx
# - "MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url # - "MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
misp-modules: misp-modules:

16
server/Dockerfile
View File

@ -13,9 +13,14 @@ FROM debian:buster-slim as php-build
php \ php \
php-dev \ php-dev \
php-pear \ php-pear \
librdkafka-dev \
git \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
RUN cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep RUN pecl channel-update pecl.php.net
RUN cp /usr/lib/x86_64-linux-gnu/libfuzzy.* /usr/lib; pecl install ssdeep && pecl install rdkafka
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && cd php-ext-brotli && phpize && ./configure && make && make install
FROM debian:buster-slim as python-build FROM debian:buster-slim as python-build
RUN apt-get update; apt-get install -y --no-install-recommends \ RUN apt-get update; apt-get install -y --no-install-recommends \
@ -112,6 +117,8 @@ ARG PHP_VER
php-gd \ php-gd \
php-fpm \ php-fpm \
php-zip \ php-zip \
librdkafka1 \
libbrotli1 \
# Unsure we need these # Unsure we need these
zip unzip \ zip unzip \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
@ -129,8 +136,15 @@ ARG PHP_VER
# PHP # PHP
# Install ssdeep prebuild, latest composer, then install the app's PHP deps # Install ssdeep prebuild, latest composer, then install the app's PHP deps
COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so COPY --from=php-build /usr/lib/php/${PHP_VER}/ssdeep.so /usr/lib/php/${PHP_VER}/ssdeep.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/rdkafka.so /usr/lib/php/${PHP_VER}/rdkafka.so
COPY --from=php-build /usr/lib/php/${PHP_VER}/brotli.so /usr/lib/php/${PHP_VER}/brotli.so
COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor COPY --from=composer-build /tmp/Vendor /var/www/MISP/app/Vendor
COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin COPY --from=composer-build /tmp/Plugin /var/www/MISP/app/Plugin
RUN for dir in /etc/php/*; do echo "extension=rdkafka.so" > "$dir/mods-available/rdkafka.ini"; done; phpenmod rdkafka
RUN for dir in /etc/php/*; do echo "extension=brotli.so" > "$dir/mods-available/brotli.ini"; done; phpenmod brotli
RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done \ RUN for dir in /etc/php/*; do echo "extension=ssdeep.so" > "$dir/mods-available/ssdeep.ini"; done \
;phpenmod redis \ ;phpenmod redis \
# Enable CakeResque with php-gnupgp # Enable CakeResque with php-gnupgp

11
server/files/entrypoint_nginx.sh
View File

@ -169,6 +169,17 @@ if [[ ! "$SECURESSL" == true && ! -f /etc/nginx/certs/dhparams.pem ]]; then
openssl dhparam -out /etc/nginx/certs/dhparams.pem 2048 openssl dhparam -out /etc/nginx/certs/dhparams.pem 2048
fi fi
if [[ $CERTAUTH = @(optional|on) ]]; then
echo "Configure NGINX | Enabling SSL Cert Authentication"
grep -qF "fastcgi_param SSL_CLIENT_I_DN \$ssl_client_i_dn;" /etc/nginx/snippets/fastcgi-php.conf || echo "fastcgi_param SSL_CLIENT_I_DN \$ssl_client_i_dn;" >> /etc/nginx/snippets/fastcgi-php.conf
grep -qF "fastcgi_param SSL_CLIENT_S_DN \$ssl_client_s_dn;" /etc/nginx/snippets/fastcgi-php.conf || echo "fastcgi_param SSL_CLIENT_S_DN \$ssl_client_s_dn;" >> /etc/nginx/snippets/fastcgi-php.conf
grep -qF 'ssl_client_certificate' /etc/nginx/sites-enabled/misp || sed -i '/ssl_prefer_server_ciphers/a \\ ssl_client_certificate /etc/nginx/certs/ca.pem;' /etc/nginx/sites-enabled/misp
grep -qF 'ssl_verify_client' /etc/nginx/sites-enabled/misp || sed -i "/ssl_prefer_server_ciphers/a \\ ssl_verify_client $CERTAUTH;" /etc/nginx/sites-enabled/misp
echo "Configure bootstrap | Enabling Cert Auth Plugin - Don't forget to configure it https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth (Step 2)"
sed -i "s/\/\/ CakePlugin::load('CertAuth');/CakePlugin::load('CertAuth');/" $MISP_APP_CONFIG_PATH/bootstrap.php
fi
if [[ "$DISIPV6" == true ]]; then if [[ "$DISIPV6" == true ]]; then
echo "Configure NGINX | Disabling IPv6" echo "Configure NGINX | Disabling IPv6"
sed -i "s/listen \[\:\:\]/\#listen \[\:\:\]/" /etc/nginx/sites-enabled/misp80 sed -i "s/listen \[\:\:\]/\#listen \[\:\:\]/" /etc/nginx/sites-enabled/misp80