diff --git a/web/Dockerfile b/web/Dockerfile index fe7afa4..9730811 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ apt-get install -y software-properties-common && \ apt-get install -y postfix && \ apt-get install -y mysql-client curl gcc git gnupg-agent \ - make openssl redis-server sudo vim zip locales wget iproute2 supervisor cron + make openssl redis-server sudo vim zip locales wget iproute2 supervisor cron RUN add-apt-repository ppa:deadsnakes/ppa RUN apt-get update && apt-get -y install python3.9 python3-pip @@ -20,9 +20,9 @@ RUN locale-gen en_US.UTF-8 ENV LANG en_US.UTF-8 RUN useradd misp && usermod -aG sudo misp - + # Install script -COPY INSTALL_NODB.sh . +COPY --chown=misp:misp INSTALL_NODB.sh* ./ RUN chmod +x INSTALL_NODB.sh RUN echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers @@ -65,7 +65,7 @@ RUN ( \ echo 'user = www-data'; \ echo 'startsecs = 0'; \ echo 'autorestart = false'; \ -) >> /etc/supervisor/conf.d/supervisord.conf + ) >> /etc/supervisor/conf.d/supervisord.conf # Add run script # Trigger to perform first boot operations diff --git a/web/INSTALL_NODB.sh b/web/INSTALL_NODB.sh index 3a65211..a90ff12 100755 --- a/web/INSTALL_NODB.sh +++ b/web/INSTALL_NODB.sh @@ -396,8 +396,7 @@ checkInstaller () { # Workaround: shasum is not available on RHEL, only checking sha512 if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]]; then INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) - /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/stevengoossensB/misp-docker/master/web/INSTALL_NODB.sh.sha512 - chsum=$(cat /tmp/INSTALL.sh.sha512) + chsum=$(cat INSTALL_NODB.sh.sha512) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "SHA512 matches" else @@ -413,9 +412,8 @@ checkInstaller () { # SHAsums to be computed, not the -- notatiation is for ease of use with rhash SHA_SUMS="--sha1 --sha256 --sha384 --sha512" for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do - /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/stevengoossensB/misp-docker/master/web/INSTALL_NODB.sh.sha${sum} INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) - chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ ) + chsum=$(cat INSTALL_NODB.sh.sha${sum} | cut -f1 -d\ ) if [[ "${chsum}" == "${INSTsum}" ]]; then echo "sha${sum} matches" @@ -540,6 +538,7 @@ ask_o () { clean () { rm /tmp/INSTALL.stat rm /tmp/INSTALL.sh.* + rm /tmp/INSTALL_NODB.sh.* } # Check if misp user is present and if run as root @@ -1017,7 +1016,7 @@ gitPullAllRCLOCAL () { # Main composer function composer () { sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer - ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install" + ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ; php composer.phar install --no-dev" } @@ -1335,15 +1334,6 @@ installCore () { sudo mkdir /var/www/.cache/ sudo chown ${WWW_USER}:${WWW_USER} /var/www/.cache - for dependency in CybOXProject/python-cybox STIXProject/python-stix MAECProject/python-maec CybOXProject/mixbox; do - false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git clone https://github.com/${dependency}.git ${PATH_TO_MISP_SCRIPTS}/${dependency##*/}; done - ${SUDO_WWW} git -C ${PATH_TO_MISP_SCRIPTS}/${dependency##*/} config core.filemode false - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP_SCRIPTS}/${dependency##*/} - done - - debug "Install python-stix2" - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/cti-python-stix2 - debug "Install PyMISP" ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install ${PATH_TO_MISP}/PyMISP @@ -1385,12 +1375,7 @@ installCore () { false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git -C ${PATH_TO_MISP} submodule update --progress --init --recursive; done ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U setuptools pip lief zmq redis python-magic plyara - for dependency in CybOXProject/python-cybox STIXProject/python-stix MAECProject/python-maec CybOXProject/mixbox; do - false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} git -C ${PATH_TO_MISP_SCRIPTS}/${dependency##*/} pull; done - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP_SCRIPTS}/${dependency##*/} - done - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/cti-python-stix2 ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U ${PATH_TO_MISP}/PyMISP false; while [[ $? -ne 0 ]]; do checkAptLock; ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U git+https://github.com/kbandla/pydeep.git; done fi @@ -1401,7 +1386,7 @@ installCake () { # Make composer cache happy # /!\ composer on Ubuntu when invoked with sudo -u doesn't set $HOME to /var/www but keeps it /home/misp \!/ sudo mkdir -p /var/www/.composer ; sudo chown ${WWW_USER}:${WWW_USER} /var/www/.composer - ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install" + ${SUDO_WWW} sh -c "cd ${PATH_TO_MISP}/app ;php composer.phar install --no-dev" # Enable CakeResque with php-redis sudo phpenmod redis @@ -2069,35 +2054,9 @@ installCoreRHEL () { sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U pip setuptools - cd $PATH_TO_MISP/app/files/scripts - $SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git - $SUDO_WWW git clone https://github.com/STIXProject/python-stix.git - $SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief - $SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git - # If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules UMASK=$(umask) umask 0022 - - cd $PATH_TO_MISP/app/files/scripts/python-cybox - $SUDO_WWW git config core.filemode false - $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install . - - cd $PATH_TO_MISP/app/files/scripts/python-stix - $SUDO_WWW git config core.filemode false - $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install . - - # install mixbox to accommodate the new STIX dependencies: - cd $PATH_TO_MISP/app/files/scripts/mixbox - $SUDO_WWW git config core.filemode false - $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install . - - # install STIX2.0 library to support STIX 2.0 export: - cd $PATH_TO_MISP/cti-python-stix2 - $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install . - - # install maec - $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U maec # install zmq $SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U zmq @@ -2184,7 +2143,7 @@ installCake_RHEL () #$SUDO_WWW $RUN_PHP -- php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" #$SUDO_WWW $RUN_PHP "php composer-setup.php" #$SUDO_WWW $RUN_PHP -- php -r "unlink('composer-setup.php');" - $SUDO_WWW $RUN_PHP "php composer.phar install" + $SUDO_WWW $RUN_PHP "php composer.phar install --no-dev" ## sudo yum install php-redis -y sudo scl enable rh-php72 'pecl channel-update pecl.php.net' @@ -2838,12 +2797,6 @@ installMISPonKali () { # Make git ignore filesystem permission differences for submodules ${SUDO_WWW} git submodule foreach --recursive git config core.filemode false - cd ${PATH_TO_MISP}/app/files/scripts - false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/python-cybox.git; done - false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/STIXProject/python-stix.git; done - false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/CybOXProject/mixbox.git; done - false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MAECProject/python-maec.git; done - sudo mkdir /var/www/.cache/ MISP_USER_HOME=$(sudo -Hiu $MISP_USER env | grep HOME |cut -f 2 -d=) @@ -2863,28 +2816,6 @@ installMISPonKali () { ##debug "Installing MISP dashboard" ##mispDashboard - debug "Installing python-cybox" - cd ${PATH_TO_MISP}/app/files/scripts/python-cybox - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . - - debug "Installing python-stix" - cd ${PATH_TO_MISP}/app/files/scripts/python-stix - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . - - debug "Install maec" - cd ${PATH_TO_MISP}/app/files/scripts/python-maec - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . - - # install STIX2.0 library to support STIX 2.0 export - debug "Installing cti-python-stix2" - # install STIX2.0 library to support STIX 2.0 export: - cd ${PATH_TO_MISP}/cti-python-stix2 - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . - - debug "Installing mixbox" - cd ${PATH_TO_MISP}/app/files/scripts/mixbox - ${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install . - # install PyMISP debug "Installing PyMISP" cd ${PATH_TO_MISP}/PyMISP diff --git a/web/INSTALL_NODB.sh.sha1 b/web/INSTALL_NODB.sh.sha1 index e731e16..83b7771 100644 --- a/web/INSTALL_NODB.sh.sha1 +++ b/web/INSTALL_NODB.sh.sha1 @@ -1 +1 @@ -a49d5521f405d20fc3dea76ee995e067d01c5c2c INSTALL_NODB.sh +79e122609f2fe35feaeadbb1c59bc7aac790a31b INSTALL_NODB.sh diff --git a/web/INSTALL_NODB.sh.sha256 b/web/INSTALL_NODB.sh.sha256 index 5d8ff86..468bacd 100644 --- a/web/INSTALL_NODB.sh.sha256 +++ b/web/INSTALL_NODB.sh.sha256 @@ -1 +1 @@ -8660be136c0127091888ef38a71eb551dba5fe4e0a2d4f53b5b9479a675da6b1 INSTALL_NODB.sh +fc624837cfba356c19d5db1b6a1f2249600c5573096ab5d8b8886b21fe89bbff INSTALL_NODB.sh diff --git a/web/INSTALL_NODB.sh.sha384 b/web/INSTALL_NODB.sh.sha384 index 6ed8525..cbaa083 100644 --- a/web/INSTALL_NODB.sh.sha384 +++ b/web/INSTALL_NODB.sh.sha384 @@ -1 +1 @@ -03b5185082c6d77184520214cf2c263fd46068109c8972ede393b6bd0d99a30e7552ee6e70de5c87f9aea5ba41cd5f9f INSTALL_NODB.sh +a542aa41ff5d31e40dc0cbbf72601feda622aacc8e6bbee327d362aa0528547db2c38090e3a74df7be2470e2609ad1f7 INSTALL_NODB.sh diff --git a/web/INSTALL_NODB.sh.sha512 b/web/INSTALL_NODB.sh.sha512 index 2f86fd1..47ac9d0 100644 --- a/web/INSTALL_NODB.sh.sha512 +++ b/web/INSTALL_NODB.sh.sha512 @@ -1 +1 @@ -92bb3778f344bb0673713e34a10cba99487d59c94e469c0a1b7de3a526169daef0d387b7bbff7a1bca49c67232ee1cfa2461e7d8caebb31554f3811e4350f111 INSTALL_NODB.sh +8ac0e4194ad2dc187bf06c89dac4bab972c517ac02e7d67f3ef6e87ce8039de550d34fad80429e011ff50650906b303c86367e58d6d61f1f910bfdabcd570309 INSTALL_NODB.sh