MISP
/
misp-docker
mirror of https://github.com/MISP/misp-docker
2
0
Fork 0
Code Issues Releases Wiki Activity

Tidy things up before publishing (#11) 

Co-authored-by: Stefano Ortolani <ortolanis@vmware.com>
pull/1/head
Stefano Ortolani 2022-12-06 17:13:23 +00:00 committed by GitHub
parent 814379c22f
commit 25dd423617
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 142 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/FUNDING.yml vendored
View File

@ -1,12 +0,0 @@
# These are supported funding model platforms
github: [coolacid]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

2
.github/workflows/release-latest.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
docker compose --file build-docker-compose.yml --env-file template.env build
docker compose --env-file template.env build
# Tag the image with the commit SHA[0:7]
DOCKER_IMG_TAG=`echo "${{ github.sha }}" | cut -c 1-7`
docker tag ${{ secrets.DOCKER_USERNAME }}/misp-docker:core-latest ${{ secrets.DOCKER_USERNAME }}/misp-docker:core-$DOCKER_IMG_TAG

2
.github/workflows/test-build-latest.yml vendored
View File

@ -15,4 +15,4 @@ jobs:
- uses: actions/checkout@v3
- name: Build the Docker images
run: docker compose --file build-docker-compose.yml --env-file template.env build
run: docker compose --env-file template.env build

8
.gitignore vendored
View File

@ -1,7 +1,7 @@
/logs/
/files/
/ssl/
/configs/
/files/
/gnupg/
/logs/
/public/
.gnupg
/ssl/
.env

12
.travis.yml
View File

@ -1,12 +0,0 @@
language: minimal
env:
- DOCKER_COMPOSE_VERSION=1.25.3
before_install:
- curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` | sudo tee /usr/local/bin/docker-compose >/dev/null
- sudo chmod +x /usr/local/bin/docker-compose
script:
- docker-compose -f docker-compose.yml -f build-docker-compose.yml build

68
README.md
View File

@ -1,13 +1,11 @@
# CoolAcid's MISP Docker images
# TAU's MISP Docker images
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/e9b0c08774a84b9e8e0454f3ac83651f)](https://app.codacy.com/manual/coolacid/docker-misp?utm_source=github.com&utm_medium=referral&utm_content=coolacid/docker-misp&utm_campaign=Badge_Grade_Dashboard)
[![CodeFactor](https://www.codefactor.io/repository/github/coolacid/docker-misp/badge/master)](https://www.codefactor.io/repository/github/coolacid/docker-misp/overview/master)
[![Build Status](https://travis-ci.org/coolacid/docker-misp.svg?branch=master)](https://travis-ci.org/coolacid/docker-misp)
[![Build Status](https://img.shields.io/github/workflow/status/ostefano/docker-misp/Build%20the%20Docker%20images%20and%20push%20them%20to%20Docker%20Hub)](https://hub.docker.com/repository/docker/ostefano/misp-docker)
[![Gitter chat](https://badges.gitter.im/gitterHQ/gitter.png)](https://gitter.im/MISP/Docker)
A (nearly) production ready Dockered MISP
A production ready Dockered MISP based on CoolAcid's MISP Docker image (https://github.com/coolacid/docker-misp).
This is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten.
Like CoolAcid's MISP docker image, this is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten.
- Components are split out where possible, currently this is only the MISP modules
- Over writable configuration files
@ -17,15 +15,30 @@ This is based on some of the work from the DSCO docker build, nearly all of the
- Images directly from docker hub, no build required
- Slimmed down images by using build stages and slim parent image, removes unnecessary files from images
## Docker Tags
Additionally, this fork features the following improvements:
[Docker hub](https://hub.docker.com/r/coolacid/misp-docker) builds the images automatically based on git tags. I try and tag using the following details
- ARM (Apple M1) support
- Fix and improve support for cron jobs
- Fix Supervisor handling of entrypoints
- Make schema update repeatable and completely offline
- Fix missing MISP modules dependencies
- New Background Job system, see https://github.com/MISP/MISP/blob/2.4/docs/background-jobs-migration-guide.md
- Automatic configuration of MISP modules (see `entrypoint_internal.sh`)
- Automatic configuration of sync servers (see `entrypoint_internal.sh`)
- Automatic configuration of organizations (see `entrypoint_internal.sh`)
- Autoamtic configuration of authentication keys (see `entrypoint_internal.sh`)
***v\[MISP Version]\[Our build version]***
As a result, this image is not for everybody and does not (and will not) fit every use case.
Nevertheless the underlying spirit of this fork is to allow "repeatable deployments", and all pull requests in this direction will be merged.
- MISP version is the MISP tag we're building
- Our build version is the iteration for our changes with the same MISP version
- Core and modules are split into \[core]-version and \[modules]-version respectively
## Versioning
GitHub builds the images automatically and pushes them to [Docker hub](https://hub.docker.com/r/ostefano/misp-docker). We do not use tags and versioning works as follows:
- MISP (and modules) version specified inside the `template.env` file
- Docker images are tagged based on the commit hash
- Core and modules are tagged as core-commit-sha1[0:7] and modules-commit-sha1[0:7] respectively
- The latest images have additional tags core-latest and modules-latest
## Getting Started
@ -33,10 +46,6 @@ This is based on some of the work from the DSCO docker build, nearly all of the
### Development/Test
- Grab the `docker-compose.yml` and `server-configs/email.php` files (Keep directory structure)
- A dry run will create sane default configurations
- `docker-compose up`
- Login to `https://localhost`
@ -47,7 +56,7 @@ This is based on some of the work from the DSCO docker build, nearly all of the
### Using the image for development
Pull the entire repository, you can build the images using `docker-compose -f docker-compose.yml -f build-docker-compose.yml build`
Pull the entire repository, you can build the images using `docker-compose build`
Once you have the docker container up you can access the container by running `docker-compose exec misp /bin/bash`.
This will provide you with a root shell. You can use `apt update` and then install any tools you wish to use.
@ -73,11 +82,10 @@ Updating the images should be as simple as `docker-compose pull` which, unless c
- Additional directory volume mounts:
- `/var/www/MISP/app/files`
- `/var/www/MISP/.gnupg`
- `/var/www/MISP/.smime`
### Building
If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose -f build-docker-compose.yml build`
If you are interested in building the project from scratch - `git clone` or download the entire repo and run `docker-compose build`
## Image file sizes
@ -91,3 +99,25 @@ If you are interested in building the project from scratch - `git clone` or down
- Modules (Saved: 640MB)
- Original: 1.36GB
- Pre-build modules: 750MB
### Configuration
The `docker-compose.yml` file further allows the following configuration settings:
```
"MYSQL_HOST=db"
"MYSQL_USER=misp"
"MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
"MYSQL_DATABASE=misp"
"NOREDIR=true" # Do not redirect port 80
"DISIPV6=true" # Disable IPV6 in nginx
"CERTAUTH=optional" # Can be set to optional or on - Step 2 of https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth is still required
"SECURESSL=true" # Enable higher security SSL in nginx
"MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
"WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
"NUM_WORKERS_DEFAULT=5" # To set the number of default workers
"NUM_WORKERS_PRIO=5" # To set the number of prio workers
"NUM_WORKERS_EMAIL=5" # To set the number of email workers
"NUM_WORKERS_UPDATE=1" # To set the number of update workers
"NUM_WORKERS_CACHE=5" # To set the number of cache workers
```

17
build-docker-compose.yml
View File

@ -1,17 +0,0 @@
version: '3'
services:
misp:
image: ostefano/misp-docker:core-latest
build:
context: server/.
args:
- MISP_TAG=${MISP_TAG}
- MISP_COMMIT=${MISP_COMMIT}
- PHP_VER=${PHP_VER}
misp-modules:
image: ostefano/misp-docker:modules-latest
build:
context: modules/.
args:
- MODULES_TAG=${MODULES_TAG}

46
docker-compose.yml
View File

@ -30,6 +30,12 @@ services:
misp:
image: ostefano/misp-docker:core-latest
build:
context: server/.
args:
- MISP_TAG=${MISP_TAG}
- MISP_COMMIT=${MISP_COMMIT}
- PHP_VER=${PHP_VER}
depends_on:
- redis
- db
@ -37,48 +43,30 @@ services:
- "80:80"
- "443:443"
volumes:
- "./configs/:/var/www/MISP/app/Config/:delegated"
- "./logs/:/var/www/MISP/app/tmp/logs/:delegated"
- "./files/:/var/www/MISP/app/files/:delegated"
- "./ssl/:/etc/nginx/certs/:delegated"
- "${PUBLIC_MOUNT_POINT}:/mnt/public/:delegated"
- "./configs/:/var/www/MISP/app/Config/"
- "./logs/:/var/www/MISP/app/tmp/logs/"
- "./files/:/var/www/MISP/app/files/"
- "./ssl/:/etc/nginx/certs/"
- "./gnupg/:/var/www/MISP/.gnupg/"
- "${PUBLIC_MOUNT_POINT}:/mnt/public/"
# - "./examples/custom-entrypoint.sh:/custom-entrypoint.sh" # Use the example custom-entrypoint.sh
- "./.gnupg/:/var/www/MISP/.gnupg/:delegated"
environment:
- "HOSTNAME=https://localhost"
- "REDIS_FQDN=redis"
- "INIT=true" # Initialze MISP, things includes, attempting to import SQL and the Files DIR
- "CRON_USER_ID=1" # The MISP user ID to run cron jobs as
# Synchronization Servers settings
- "SYNCSERVERS=1"
- "SYNCSERVERS=${SYNCSERVERS}"
- "SYNCSERVERS_1_NAME=${SYNCSERVERS_1_NAME}"
- "SYNCSERVERS_1_UUID=${SYNCSERVERS_1_UUID}"
- "SYNCSERVERS_1_KEY=${SYNCSERVERS_1_KEY}"
- |
SYNCSERVERS_1_DATA=
{
"url": "https://intel.thedfirreport.com/",
"url": "${SYNCSERVERS_1_URL}",
"pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}",
"pull": true
}
- "ORGANIZATIONS=${ORGANIZATIONS}"
# Database Configuration (And their defaults)
# - "MYSQL_HOST=db"
# - "MYSQL_USER=misp"
# - "MYSQL_PASSWORD=example" # NOTE: This should be AlphaNum with no Special Chars. Otherwise, edit config files after first run.
# - "MYSQL_DATABASE=misp"
# Optional Settings
# - "NOREDIR=true" # Do not redirect port 80
# - "DISIPV6=true" # Disable IPV6 in nginx
# - "CERTAUTH=optional" # Can be set to optional or on - Step 2 of https://github.com/MISP/MISP/tree/2.4/app/Plugin/CertAuth is still required
# - "SECURESSL=true" # Enable higher security SSL in nginx
# - "MISP_MODULES_FQDN=http://misp-modules" # Set the MISP Modules FQDN, used for Enrichment_services_url/Import_services_url/Export_services_url
# - "WORKERS=1" # Legacy variable controlling the number of parallel workers (use variables below instead)
# - "NUM_WORKERS_DEFAULT=5" # To set the number of default workers
# - "NUM_WORKERS_PRIO=5" # To set the number of prio workers
# - "NUM_WORKERS_EMAIL=5" # To set the number of email workers
# - "NUM_WORKERS_UPDATE=1" # To set the number of update workers
# - "NUM_WORKERS_CACHE=5" # To set the number of cache workers
# Custom Settings
- "ADMIN_EMAIL=${ADMIN_EMAIL}"
- "ADMIN_KEY=${ADMIN_KEY}"
@ -86,9 +74,15 @@ services:
- "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
- "NSX_ANALYSIS_API_TOKEN=${NSX_ANALYSIS_API_TOKEN}"
- "NSX_ANALYSIS_KEY=${NSX_ANALYSIS_KEY}"
- "ORGANIZATIONS=${ORGANIZATIONS}"
- "VIRUSTOTAL_KEY=${VIRUSTOTAL_KEY}"
misp-modules:
image: ostefano/misp-docker:modules-latest
build:
context: modules/.
args:
- MODULES_TAG=${MODULES_TAG}
- MODULES_COMMIT=${MODULES_COMMIT}
environment:
- "REDIS_BACKEND=redis"
depends_on:

17
modules/hooks/build
View File

@ -1,17 +0,0 @@
#!/bin/bash
# https://docs.docker.com/docker-cloud/builds/advanced/
# $IMAGE_NAME var is injected into the build so the tag is correct.
echo "[***] Build hook running"
export $(grep -v '^#' ../.env | xargs)
docker pull $DOCKER_REPO:modules-latest
docker build \
--build-arg MODULES_TAG=$MODULES_TAG \
--build-arg PHP_VER=$PHP_VER \
--build-arg BUILD_RFC3339=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
--build-arg COMMIT=$(git rev-parse --short HEAD) \
--build-arg VERSION=$(git describe --tags --always) \
-t $IMAGE_NAME .

4
modules/hooks/post_push
View File

@ -1,4 +0,0 @@
#!/bin/bash
docker tag $IMAGE_NAME $DOCKER_REPO:modules-latest
docker push $DOCKER_REPO:modules-latest

0
public/.keep
View File

4
server/Dockerfile
View File

@ -136,7 +136,9 @@ ARG PHP_VER
RUN git clone --branch ${MISP_TAG} --depth 1 https://github.com/MISP/MISP.git /var/www/MISP
RUN if [ ! -z ${MISP_COMMIT} ]; then cd /var/www/MISP && git checkout ${MISP_COMMIT}; fi; \
# We build the MISP modules outside, so we don't need to grab those submodules
cd /var/www/MISP/app || exit; git submodule update --init --recursive .;
cd /var/www/MISP/app || exit; git submodule update --init --recursive .; \
# Remove some old and broken links that pollute the log files
rm -rf /var/www/MISP/INSTALL/old
# Python Modules
COPY --from=python-build /wheels /wheels

20
server/files/entrypoint_internal.sh
View File

@ -78,7 +78,7 @@ apply_critical_fixes() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.external_baseurl" "${HOSTNAME}"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.host_org_id" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Action_services_enable" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_enable" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_hover_popover_only" false
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.csp_enforce" true
}
@ -214,6 +214,13 @@ get_server() {
-H "Content-type: application/json" ${HOSTNAME}/servers | jq -e -r ".[] | select(.Server[\"name\"] == \"${1}\") | .Server.id"
}
updateComponents() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateGalaxies
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateTaxonomies
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateWarningLists
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateNoticeLists
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateObjectTemplates "$CRON_USER_ID"
}
echo "Customize MISP | Configure email ..." && configure_email
@ -233,15 +240,14 @@ echo "Customize MISP | Configure plugins ..." && configure_plugins
# Create organizations (and silently fail if present already)
echo "Customize MISP | Creating organizations ..."
SPLITTED_ORGS=$(echo $ORGANIZATIONS | tr ',' '\n')
for ORG in $SPLITTED_ORGS
do
for ORG in $SPLITTED_ORGS; do
echo "Adding organization: $ORG"
add_organization $ORG true
done
# Create sync servers
for ID in $SYNCSERVERS; do
echo "Customize MISP | Creating sync servers ..."
SPLITTED_SYNCSERVERS=$(echo $SYNCSERVERS | tr ',' '\n')
for ID in $SPLITTED_SYNCSERVERS; do
NAME="SYNCSERVERS_${ID}_NAME"
UUID="SYNCSERVERS_${ID}_UUID"
DATA="SYNCSERVERS_${ID}_DATA"
@ -255,5 +261,7 @@ for ID in $SYNCSERVERS; do
fi
done
echo "Customize MISP | Updating components ..." && updateComponents
# Make the instance live
sudo -u www-data /var/www/MISP/app/Console/cake Admin live 1

75
server/files/entrypoint_nginx.sh
View File

@ -34,27 +34,26 @@ init_misp_config(){
sed -i "s/db\s*login/$MYSQL_USER/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/db\s*password/$MYSQL_PASSWORD/" $MISP_APP_CONFIG_PATH/database.php
sed -i "s/'database' => 'misp'/'database' => '$MYSQL_DATABASE'/" $MISP_APP_CONFIG_PATH/database.php
echo "Configure sane defaults"
/var/www/MISP/app/Console/cake Admin setSetting "MISP.redis_host" "$REDIS_FQDN"
/var/www/MISP/app/Console/cake Admin setSetting "MISP.baseurl" "$HOSTNAME"
/var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" $(which python3)
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "$REDIS_FQDN"
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" true
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_url" "$MISP_MODULES_FQDN"
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_url" "$MISP_MODULES_FQDN"
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_url" "$MISP_MODULES_FQDN"
/var/www/MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_enable" false
}
init_misp_defaults(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "Configure sane defaults"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.baseurl" "$HOSTNAME"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.python_bin" $(which python3)
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_redis_host" "$REDIS_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.ZeroMQ_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Enrichment_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_enable" true
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Export_services_url" "$MISP_MODULES_FQDN"
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Cortex_services_enable" false
}
init_misp_workers(){
# Note that we are doing this after enforcing permissions, so we need to use the www-data user for this
echo "Configuring background workers"
@ -145,13 +144,21 @@ echo "Configure MISP | Initialize misp base config..." && init_misp_config
echo "Configure MISP | Sync app files..." && sync_files
echo "Configure MISP | Enforce permissions ..."
echo "... chown -R www-data:www-data /var/www/MISP ..." && find /var/www/MISP -not -user www-data -exec chown www-data:www-data {} +
echo "... chmod -R 0750 /var/www/MISP ..." && find /var/www/MISP -perm 550 -type f -exec chmod 0550 {} + && find /var/www/MISP -perm 770 -type d -exec chmod 0770 {} +
echo "... chmod -R g+ws /var/www/MISP/app/tmp ..." && chmod -R g+ws /var/www/MISP/app/tmp
echo "... chmod -R g+ws /var/www/MISP/app/files ..." && chmod -R g+ws /var/www/MISP/app/files
echo "... chmod -R g+ws /var/www/MISP/app/files/scripts/tmp ..." && chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
# The spirit of the upstrem dockerization is to keep user and group aligned in terms of permissions
echo "... chown -R www-data:www-data /var/www/MISP ..." && find /var/www/MISP \( ! -user www-data -or ! -group www-data \) -exec chown www-data:www-data {} +
# Files are also executable and read only, because we have some rogue scripts like 'cake' and we can not do a full inventory
echo "... chmod -R 0550 files /var/www/MISP ..." && find /var/www/MISP -not -perm 550 -type f -exec chmod 0550 {} +
# Directories are also writable, because there seems to be a requirement to add new files every once in a while
echo "... chmod -R 0770 directories /var/www/MISP ..." && find /var/www/MISP -not -perm 770 -type d -exec chmod 0770 {} +
# We make 'files' and 'tmp' (logs) directories and files user and group writable (we removed the SGID bit)
echo "... chmod -R u+w,g+w /var/www/MISP/app/tmp ..." && chmod -R u+w,g+w /var/www/MISP/app/tmp
echo "... chmod -R u+w,g+w /var/www/MISP/app/files ..." && chmod -R u+w,g+w /var/www/MISP/app/files
# We also make other special files writable (should be 660)
echo "... chmod 600 /var/www/MISP/app/Config/config.php /var/www/MISP/app/Config/database.php /var/www/MISP/app/Config/email.php ... " && chmod 600 /var/www/MISP/app/Config/config.php /var/www/MISP/app/Config/database.php /var/www/MISP/app/Config/email.php
# Configuring defaults now
echo "Configure MISP | Setting defaults ..." && init_misp_defaults
# Workers are set to NOT auto start so we have time to enforce permissions on the cache first
echo "Configure MISP | Starting workers ..." && init_misp_workers
@ -219,26 +226,6 @@ if [[ "$WARNING53" == true ]]; then
fi
if [[ -x /entrypoint_internal.sh ]]; then
## Re-exporting might not be necessary after all?
# export ADMIN_EMAIL=${ADMIN_EMAIL}
# export ADMIN_ORG=${ADMIN_ORG}
# export ADMIN_KEY=${ADMIN_KEY}
# export GPG_PASSPHRASE=${GPG_PASSPHRASE}
# export HOSTNAME=${HOSTNAME}
# export NSX_ANALYSIS_API_TOKEN=${NSX_ANALYSIS_API_TOKEN}
# export NSX_ANALYSIS_KEY=${NSX_ANALYSIS_KEY}
# export VIRUSTOTAL_KEY=${VIRUSTOTAL_KEY}
# export SYNCSERVERS=${SYNCSERVERS}
# for ID in $SYNCSERVERS; do
# NAME="SYNCSERVERS_${ID}_NAME"
# UUID="SYNCSERVERS_${ID}_UUID"
# DATA="SYNCSERVERS_${ID}_DATA"
# KEY="SYNCSERVERS_${ID}_KEY"
# export ${NAME}="${!NAME}"
# export ${UUID}="${!UUID}"
# export ${DATA}="${!DATA}"
# export ${KEY}="${!KEY}"
# done
export MYSQLCMD=${MYSQLCMD}
nginx -g 'daemon off;' & master_pid=$!
/entrypoint_internal.sh

17
server/hooks/build
View File

@ -1,17 +0,0 @@
#!/bin/bash
# https://docs.docker.com/docker-cloud/builds/advanced/
# $IMAGE_NAME var is injected into the build so the tag is correct.
echo "[***] Build hook running"
export $(grep -v '^#' ../.env | xargs)
docker pull $DOCKER_REPO:core-latest
docker build \
--build-arg MISP_TAG=$MISP_TAG \
--build-arg PHP_VER=$PHP_VER \
--build-arg BUILD_RFC3339=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
--build-arg COMMIT=$(git rev-parse --short HEAD) \
--build-arg VERSION=$(git describe --tags --always) \
-t $IMAGE_NAME .

4
server/hooks/post_push
View File

@ -1,4 +0,0 @@
#!/bin/bash
docker tag $IMAGE_NAME $DOCKER_REPO:core-latest
docker push $DOCKER_REPO:core-latest

21
template.env
View File

@ -6,21 +6,38 @@ PHP_VER=20190902
# MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3
# default to MISP's default (admin@admin.test)
ADMIN_EMAIL=
# default to MISP's default (Org1)
ADMIN_ORG=
# default to an automatically generated one (password is 'admin')
ADMIN_KEY=
# default to 'passphrase'
GPG_PASSPHRASE=
# optional and used by some misp-modules
NSX_ANALYSIS_API_TOKEN=
NSX_ANALYSIS_KEY=
VIRUSTOTAL_KEY=
# optional and used by the mail sub-system
SMARTHOST_ADDRESS=
SMARTHOST_PORT=
SMARTHOST_USER=
SMARTHOST_PASSWORD=
SMARTHOST_ALIASES=
# comma separated list of organizations to create (e.g ORGANIZATIONS="ORG1, ORG2, ORG3")
# comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
SYNCSERVERS=
# name, remote organization uuid, and key of each syncserver
# note: if you have more than one, you need to update docker-compose.yml
SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY=
# comma separated list of organizations to create (e.g. ORGANIZATIONS="ORG1, ORG2, ORG3")
ORGANIZATIONS=
# Host folder containing the files generated by external tools
# host folder containing public files generated by external tools
PUBLIC_MOUNT_POINT=./public